last executing test programs: 8.467796133s ago: executing program 2 (id=2535): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x77, 0x29, 0x4, 0x20, 0x424, 0x9901, 0xc257, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x43, 0x0, 0x2, 0x31, 0x7d, 0x55, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000400)={0x44, &(0x7f0000000200)=ANY=[@ANYBLOB="401504"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000780)={0x84, &(0x7f0000000300)={0x0, 0x16, 0x4, "94c161ee"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000002c0)={0x1c, &(0x7f0000000a00)={0x0, 0xf, 0x4, "f1345115"}, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000680)={0x2c, &(0x7f0000000340)={0x20, 0x3, 0x4, "a13b1f21"}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000ac0)={0x1c, &(0x7f00000009c0)={0x0, 0x15, 0x4, "c70b9810"}, 0x0, 0x0}) 5.202247274s ago: executing program 1 (id=2559): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={0x0}, 0x1, 0x0, 0x0, 0x50}, 0x0) 5.090592867s ago: executing program 1 (id=2560): r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1b96, 0xe, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x80, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000400)={0x2c, &(0x7f0000000280)={0x40, 0x0, 0x7, {0x7, 0x0, "5a7da32917"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000d00)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000c40)={0x20, 0x1, 0x8, "50965ed9335cde15"}, 0x0}) 4.326205823s ago: executing program 4 (id=2569): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_usb_connect(0x1, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a82300000904000002ca744d00090503034d00ff99090805", @ANYRES32], &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) close_range(r0, 0xffffffffffffffff, 0x0) 3.94068873s ago: executing program 2 (id=2570): openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[], 0x30}}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000016000/0x18000)=nil, &(0x7f0000000300)=[@text32={0x20, 0x0}], 0x1, 0x4e, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3.632167553s ago: executing program 2 (id=2571): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00003, 0x8) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) r3 = dup(r2) r4 = syz_io_uring_setup(0x10e, &(0x7f00000000c0)={0x0, 0xecb0}, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x5, r3, 0x0, 0x0, 0x0, 0x80000}) io_uring_enter(r4, 0x47f5, 0x0, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) r7 = socket$kcm(0x29, 0x5, 0x0) r8 = syz_io_uring_setup(0x10c, &(0x7f0000000380)={0x0, 0x5885, 0x10, 0x0, 0x2c1}, &(0x7f0000000040)=0x0, &(0x7f0000000240)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r9, r10, &(0x7f00000002c0)=@IORING_OP_SEND={0x1a, 0x40, 0x0, r7, 0x0, 0x0, 0x5c, 0x10}) io_uring_enter(r8, 0x3516, 0x701f, 0x0, 0x0, 0x0) 2.846095845s ago: executing program 1 (id=2573): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000002800)=ANY=[], 0x200c}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) 2.644311465s ago: executing program 1 (id=2575): syz_usb_connect$hid(0x3, 0x0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="04040affffff468c0d7af86fbe59"], 0xd) 2.527881206s ago: executing program 4 (id=2576): r0 = syz_clone(0x1a2400, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_procfs(r0, &(0x7f0000000100)='pagemap\x00') pread64(r1, &(0x7f0000000200)=""/102400, 0x19020, 0x1000000000) 2.470508074s ago: executing program 2 (id=2577): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, 0x0, 0x0) bind$bt_l2cap(r0, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe) connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000b40)=ANY=[], 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x4000) sendmmsg(r0, &(0x7f0000000280), 0x1, 0x800) 2.301240702s ago: executing program 0 (id=2579): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), r0) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000010c0)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_SET_SEC_PARAMS(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x44, r1, 0x1, 0x70bd2a, 0x25dfdbfe, {}, [@NL802154_ATTR_SEC_OUT_KEY_ID={0x28, 0x2b, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x1c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x2}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa2}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x2}]}, @NL802154_KEY_ID_ATTR_MODE={0x8}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}]}, 0x44}, 0x1, 0x0, 0x0, 0x4040001}, 0x810) 2.136844567s ago: executing program 4 (id=2580): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x3, 0x3, @loopback}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x20004000, &(0x7f0000000180)={0xa, 0x4e20, 0x5, @empty}, 0x1c) 2.038168311s ago: executing program 0 (id=2581): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) listen(r0, 0x2) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08061cdc030ec080000000000001000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08120800030006010000bdad446b9bbc7a46e3988285dcdf12f2130809d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff000000000000000000", 0x89}], 0x1}, 0x0) 2.030848327s ago: executing program 3 (id=2582): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$kcm(0xa, 0x1, 0x106) setsockopt$sock_int(r1, 0x1, 0x7, 0x0, 0x0) sendmsg$kcm(r1, 0x0, 0x20000001) r2 = socket$tipc(0x1e, 0x5, 0x0) r3 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r3, 0x0, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000140)={0x42, 0xf5, 0x1}, 0x10) sendmsg$tipc(r2, &(0x7f0000000400)={&(0x7f0000000140)=@nameseq={0x1e, 0x1, 0x2, {0x42, 0x0, 0x4}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4000884}, 0x8084) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) write(r5, &(0x7f0000000140), 0x0) vmsplice(r5, &(0x7f0000000440)=[{&(0x7f00000000c0)='7', 0x1}], 0x1, 0x100000000000000) close(r4) ioctl$sock_SIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f0000000040)) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x1c}}, 0x0) getsockopt$SO_TIMESTAMP(r6, 0x1, 0x3f, &(0x7f0000000300), &(0x7f0000000380)=0x4) syz_emit_ethernet(0x10f, &(0x7f0000000480)={@remote, @broadcast, @void, {@ipv4={0x800, @icmp={{0xb, 0x4, 0x3, 0x3, 0x101, 0x66, 0x0, 0x2, 0x1, 0x0, @private=0xa010102, @dev={0xac, 0x14, 0x14, 0x2a}, {[@noop, @timestamp={0x44, 0x14, 0x59, 0x0, 0x5, [0x5, 0x1, 0x0, 0x4]}]}}, @echo={0x8, 0x0, 0x0, 0x401, 0x6b, "fa8bd2c5730008a0a125896733541e16105e019c3eab7d49494a63752101ec31b3b941f792edb1635eb37150ada26c3003f541a0ac4bff3beb8207149a2956570527ee3be2ab6f96a9b9740a23b21386203902ebad3792250e61eea99a9b4ac883fe525be5ffb5b8bfa09a0cf014f8d6bf0852a7b24444f1a5e74f9d387ac8af38dce9b1b298faeda52dc7535e6871f6fc27d7e8f4ac92276d884208a2e02090695ce025d84ab6d14f148f872096ebf5e42e2328eaed407a798c1df5e83baa4fa14a94aeed41de3f033fa19d1f"}}}}}, &(0x7f0000000080)={0x0, 0x1, [0xf1a, 0x6db, 0x82f, 0x715]}) r7 = socket$alg(0x26, 0x5, 0x0) bind$alg(r7, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni-avx2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r8 = accept4(r7, 0x0, 0x0, 0x800) sendmmsg$alg(r8, &(0x7f00000063c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x7f05}, @assoc={0x18, 0x117, 0x4, 0x7}, @iv={0x70, 0x117, 0x2, 0x56, "18683452325bb46b65f94e30334b735b1a84f414c59517ff643dc7e10b41331860163e1bc8a98014de29d1b932777c8739a9e61e997dc0792eb1e34f60703d49b9a14b7509ac241be3202ed4e1fbb4cd664b6c2b9f93"}, @iv={0x108, 0x117, 0x2, 0xf1, "78b5984a759df731539ee819bdf531be2c8ec4434db513ebbe7ae91f72ea4d669f53a50b8ef825cbeb871eb95af48cf1b9d3ffd9badc433941322e32eff27da31fe2af9b56e1c2dbc828625609394eb1a9b3be832e40bedfe5f14f55cd464c8f79bade43f247a57d6a8e66340bf5824ba409492a0d3b00ec0bead3d539b53c075d38b925751e990dd7d8fe0e6383c074593f5818901080f41d69573e61ae75c63054d9ed66bea997fd0be0ffc5d03975ed9952399ee80b36d60f8a8807ed0e66693b372bfaa75c9644611122a548fc3cb4573f63eae4f55c53e28753428e411603a4bd73ad23f1569c8c00ebb0449ca63f"}], 0x1c0, 0x14}], 0x1, 0x800) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a09000000000000000000020000000900020073797a310000000008000440000000000900010073797a30000000000800034000000005"], 0x64}, 0x1, 0x0, 0x0, 0x890}, 0x0) bind$alg(r5, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'blake2s-224-x86\x00'}, 0x58) 1.990807407s ago: executing program 1 (id=2583): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000001740)={0x0, 0x0, &(0x7f0000001700)={&(0x7f0000001400)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x28}, 0x1, 0x0, 0x0, 0x4884}, 0x0) 1.85039889s ago: executing program 1 (id=2584): socket$nl_netfilter(0x10, 0x3, 0xc) socket(0x11, 0x4, 0x9) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000038c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da97e22f4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ad0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bff3b89c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c2ed01faa7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497dad64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6fba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd2310801570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb414c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a000000000000000000000000000000000000000000000000000000a0cc2b89ce1525748ce167cbabb881f060599a6a59f645edca1d5c24b2f6b8c997a8f3e1b7679984a566d98d4d31198ee4c5ea7be0d99cf89bba4a6fd0bec12e7792bec3c5038e13b1982f80cdecd07f8908a983a7c9fb81c2ba7f7e87c991f30e50d1b3bbe4cf2a2f5d4571b6568ada51bc121c9139d2a8e0638c84"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x8, &(0x7f0000000100)=ANY=[@ANYBLOB], 0x0, 0x5}, 0x94) ppoll(&(0x7f0000000500)=[{}], 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000240)={0x1f, 0xffff, 0x2}, 0x6) recvmmsg(r0, &(0x7f0000000600), 0x204083acb88ff8b, 0x2, 0x0) 1.846269905s ago: executing program 3 (id=2585): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000004000000040000000a"], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000580), &(0x7f00000004c0), 0x1000, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000480)="5c00000012006bab9a3fe3d86e17aa0b046b876c1d0048380019001931a0e69ee517d34460bc06000000a701251e6182949a3651f60a84c9f4d4938037e70e4509c51c268811000000000000000000002571cd53b9851b30599980bc", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 1.7861756s ago: executing program 0 (id=2586): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000000c0)={'aio_aio12_8\x00', [0x2004f29, 0x9, 0x10001, 0x4, 0x0, 0x2, 0x8, 0x7, 0xa, 0x10000100, 0x2, 0x1, 0x1001, 0x9, 0x8, 0x101, 0x0, 0x1a44d, 0x18003, 0x40000003, 0x2, 0xcaa7, 0x0, 0x8, 0xb, 0xe69, 0x3c, 0x8, 0x6, 0x0, 0xfffffff8]}) 1.678513435s ago: executing program 3 (id=2587): mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x1000007, 0x2172, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc) r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0) write$sysctl(r0, &(0x7f0000000580)='1\x00', 0x2) write$sysctl(r0, &(0x7f00000000c0)='2\x00', 0x2) 1.624667109s ago: executing program 0 (id=2588): syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f0000000300)=ANY=[], &(0x7f0000000280)='GPL\x00', 0xa, 0xb9, &(0x7f0000000140)=""/185, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) ioctl$USBDEVFS_DISCONNECT_CLAIM(r3, 0x8108551b, &(0x7f0000000000)={0x0, 0x0, "ec9fe44d4dbe56a60274fcffffffffffffff14e315eeb406bfdd73835e57efa94b1a0275781c647aa7e3470c6028643b17832b10b386a6f73791011c26a9aa141f406e312295ee620a9a46577b9249b738fe7750bec83bf6ed5b67213fa7d6c0823fd154ed29ede1ff379742c3f0b46caa357d70ee438f901d7645c3f87e4b21482b76f2ad8eaac090272081f98fd2e3e5a63e008104df635e731a5bfcd942f4529517454618de595cd179445b4bdbf698b9986356f0ebf7d25a57774ef474f86a3ad24ae9f0bf94b99e6b87de5f79d383d05bb32701daed400785a49788f08caecc9e0c48a3740bbe6e1c1fd4f6cfdfe756bc00d08e36655c00"}) ioctl$USBDEVFS_SUBMITURB(r3, 0x8038550a, &(0x7f0000000200)=@urb_type_bulk={0x3, {0x1, 0x1}, 0x7f, 0xc1, &(0x7f00000001c0)='F', 0x1, 0x1, 0x7f, 0xfffffffe, 0x28, 0x1, 0x0}) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@ipv4_newrule={0x24, 0x20, 0x301, 0x0, 0x0, {0x2, 0x0, 0x10, 0x4, 0x44, 0x0, 0x0, 0x1}, [@FRA_SRC={0x8, 0x2, @multicast2}]}, 0x24}, 0x1, 0x0, 0x0, 0x40001}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x28}, 0x1, 0x0, 0x0, 0xc884}, 0x0) gettid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) r5 = accept4$unix(0xffffffffffffffff, &(0x7f0000000200), 0x0, 0x80000) connect$unix(r5, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) pipe(0x0) 1.458360093s ago: executing program 3 (id=2589): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000000)=0x285c, 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) writev(r1, &(0x7f0000000040)=[{&(0x7f0000000140)="8659a60a8bbe495903e9c1c2c7e6300b882901b0a88193c8791061775787193614492a5f3010dd379e7d3a90579350c10954f0bcef95644fe2da21ebf20da7a2c8ee662bddd35196e824b4c9bd93ad5c848b6f9c9f7ab3b366f1cfe2a70cbeacf73e0191d4ccfcbde4d09ff663307e38c4cc430f018785f36d0312a71ccc8570c43d9f43ec1131dd106edca69f249af2f9dd723935e38b8b5d028b403ad3bbcab594d91a86333530bac71134801dbb4dffd7bbae1c06285e5efe18a2b9b2496fdc494763d846328befa9140e98c2d975472e3cc13c7b3f", 0xd7}], 0x1) 1.330090632s ago: executing program 2 (id=2590): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="1800"/15], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x28, 0x3e, 0x107, 0xfffffffe, 0x0, {0x4, 0x7c}, [@nested={0x4, 0x142}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x909'}]}, @typed={0x4, 0x7}]}, 0x28}, 0x1, 0x0, 0x0, 0x404c001}, 0xc000) 1.299434846s ago: executing program 3 (id=2591): sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x9, 0x17, 0x8, 0x40, 0x42, 0x1}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000580), 0x1000, r0}, 0x38) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000440)={r0, &(0x7f0000000600)="f38cde", 0x0}, 0x20) 499.844717ms ago: executing program 0 (id=2592): r0 = openat$sequencer(0xffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$SNDCTL_TMR_SELECT(r0, 0x40045408) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) sendmsg$DEVLINK_CMD_SB_GET(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000004c0)={0x0}, 0x1, 0x0, 0x0, 0x480c2}, 0x0) r1 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x1, @empty, 0xfffffffc}, 0x1c) listen(r1, 0xb) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r3 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r2, &(0x7f0000000100)={@val={0x8, 0x800}, @val={0x3, 0x0, 0x4, 0x1000, 0x14}, @ipv4=@tcp={{0x5, 0x4, 0x2, 0x3, 0x28, 0x65, 0x0, 0x52, 0x6, 0x0, @private=0xa010102, @broadcast}, {{0x4e23, 0x4e20, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10, 0x10, 0x0, 0x1}}}}, 0x36) 499.109757ms ago: executing program 2 (id=2593): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000772904202404019957c2010203010902240001000010000904430002317d55000905020200020a0000090582020002"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) 363.363304ms ago: executing program 4 (id=2594): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000001740)={0x0, 0x0, &(0x7f0000001700)={&(0x7f0000001400)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x28}, 0x1, 0x0, 0x0, 0x4884}, 0x0) 362.512399ms ago: executing program 3 (id=2595): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_usb_connect(0x2, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x701, 0xf7, 0x48, 0xbe, 0x8, 0x15f4, 0x15, 0x6f2b, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x9, 0x2, 0x20, 0xb, [{{0x9, 0x4, 0xc6, 0xa9, 0x0, 0x9b, 0x7d, 0xd1, 0x3}}]}}]}}, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0}) 229.810746ms ago: executing program 4 (id=2596): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYBLOB="140000001000010000000003000000000000000a40000000060a0b0400000000000000000200000014000480100001800a00010072656469720000000900010073797a30000000000900020073797a32"], 0x68}}, 0x0) 870.659µs ago: executing program 0 (id=2597): r0 = openat$adsp1(0xffffffffffffff9c, 0x0, 0xa0201, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000180)=0x6f) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84242, 0x0) r4 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42) ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f0000001ac0)={r3, 0x4000, {0x0, 0x0, 0x0, 0x2ead, 0x7fff, 0x0, 0x0, 0x0, 0x4, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e77a68e174ff10000000000000010e200"}}) socket(0x11, 0x1, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x40080) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) socket$netlink(0x10, 0x3, 0x14) r5 = dup(0xffffffffffffffff) setsockopt$packet_buf(r5, 0x107, 0x16, 0x0, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x1a9d42, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mlock2(&(0x7f000000e000/0x1000)=nil, 0x1000, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, 0xffffffffffffffff, 0x0) 0s ago: executing program 4 (id=2598): r0 = syz_open_dev$ndb(&(0x7f0000000080), 0x0, 0x2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x2) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) ioctl$NBD_DO_IT(r0, 0xab03) ioctl$NBD_CLEAR_SOCK(r0, 0xab04) kernel console output (not intermixed with test programs): rom netdevsim0 (while UP) [ 176.225336][ T6014] em28xx 3-1:0.0: unknown em28xx chip ID (0) [ 176.495988][ T7333] netlink: 28 bytes leftover after parsing attributes in process `syz.4.458'. [ 176.512212][ T7333] netlink: 28 bytes leftover after parsing attributes in process `syz.4.458'. [ 176.550834][ T7333] batman_adv: batadv0: Adding interface: dummy0 [ 176.584867][ T7333] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 176.647951][ T6014] em28xx 3-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 176.648194][ T7333] batman_adv: batadv0: Interface activated: dummy0 [ 176.686909][ T6014] em28xx 3-1:0.0: board has no eeprom [ 176.781140][ T7334] batadv0: mtu less than device minimum [ 176.803650][ T7334] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 176.815737][ T7334] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 176.827205][ T7334] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 176.838604][ T7334] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 176.850005][ T7334] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 176.861501][ T7334] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 176.872824][ T7334] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 176.884425][ T7334] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 176.895821][ T7334] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 177.508468][ T7339] netlink: 'syz.4.460': attribute type 8 has an invalid length. [ 177.817373][ T7296] em28xx 3-1:0.0: reading from i2c device at 0x138 failed (error=-5) [ 177.873141][ T6014] em28xx 3-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 177.962460][ T6014] em28xx 3-1:0.0: dvb set to bulk mode. [ 177.982771][ T980] em28xx 3-1:0.0: Binding DVB extension [ 178.162489][ T6014] usb 3-1: USB disconnect, device number 3 [ 178.170597][ T980] em28xx 3-1:0.0: Registering input extension [ 178.294564][ T6014] em28xx 3-1:0.0: Disconnecting em28xx [ 178.364879][ T6014] em28xx 3-1:0.0: Closing input extension [ 178.596365][ T6014] em28xx 3-1:0.0: Freeing device [ 179.540848][ T7376] netlink: 172 bytes leftover after parsing attributes in process `syz.4.471'. [ 179.571276][ T7376] netlink: 208 bytes leftover after parsing attributes in process `syz.4.471'. [ 179.591482][ T7376] syzkaller0: entered promiscuous mode [ 179.599266][ T7376] syzkaller0: entered allmulticast mode [ 180.191169][ T7391] tipc: Enabled bearer , priority 0 [ 180.234866][ T7391] syzkaller0: entered promiscuous mode [ 180.243624][ T7391] syzkaller0: entered allmulticast mode [ 180.271789][ T7391] tipc: Resetting bearer [ 180.280597][ T7390] tipc: Resetting bearer [ 180.316011][ T7390] tipc: Disabling bearer [ 181.020932][ T7413] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in; [ 181.020932][ T7413] program syz.2.483 not setting count and/or reply_len properly [ 182.088883][ T7426] netlink: 172 bytes leftover after parsing attributes in process `syz.1.487'. [ 182.173474][ T7427] netlink: 208 bytes leftover after parsing attributes in process `syz.1.487'. [ 182.232794][ T7426] syzkaller0: entered promiscuous mode [ 182.253220][ T7426] syzkaller0: entered allmulticast mode [ 183.134360][ T5937] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 183.413686][ T5937] usb 3-1: Using ep0 maxpacket: 16 [ 183.443060][ T5937] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 183.477497][ T5937] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 183.567129][ T5937] usb 3-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 183.632658][ T5937] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 183.676904][ T5937] usb 3-1: Product: syz [ 183.681136][ T5937] usb 3-1: Manufacturer: syz [ 183.737540][ T5937] usb 3-1: SerialNumber: syz [ 183.956692][ T5937] usb 3-1: config 0 descriptor?? [ 183.977968][ T7462] netlink: 4 bytes leftover after parsing attributes in process `syz.0.500'. [ 183.994465][ T7462] hsr_slave_0: left promiscuous mode [ 184.002974][ T7462] hsr_slave_1: left promiscuous mode [ 184.032803][ T7464] netlink: 'syz.0.500': attribute type 39 has an invalid length. [ 185.206496][ T7478] netlink: 360 bytes leftover after parsing attributes in process `syz.0.504'. [ 186.019101][ T7485] netlink: 'syz.4.507': attribute type 12 has an invalid length. [ 186.104204][ T5961] usb 3-1: USB disconnect, device number 4 [ 187.715483][ T7509] netlink: 172 bytes leftover after parsing attributes in process `syz.4.516'. [ 187.783647][ T7509] netlink: 208 bytes leftover after parsing attributes in process `syz.4.516'. [ 188.760480][ T7531] ±ÿ: renamed from batadv_slave_1 (while UP) [ 189.680916][ T7545] netlink: 'syz.0.531': attribute type 2 has an invalid length. [ 191.323920][ T6014] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 191.543152][ T6014] usb 1-1: Using ep0 maxpacket: 16 [ 191.555293][ T6014] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 191.566340][ T6014] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 191.577149][ T6014] usb 1-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 191.594477][ T6014] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 191.636270][ T6014] usb 1-1: config 0 descriptor?? [ 191.833471][ T7588] netlink: 'syz.3.542': attribute type 2 has an invalid length. [ 193.027023][ T7599] syz_tun: entered promiscuous mode [ 193.064616][ T7599] syz_tun: left promiscuous mode [ 193.212091][ T7601] netlink: 28 bytes leftover after parsing attributes in process `syz.4.547'. [ 193.232669][ T7601] netlink: 28 bytes leftover after parsing attributes in process `syz.4.547'. [ 193.880733][ T6014] usbhid 1-1:0.0: can't add hid device: -71 [ 193.897652][ T6014] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 193.943672][ T6014] usb 1-1: USB disconnect, device number 2 [ 194.101627][ T7624] netlink: 'syz.4.554': attribute type 2 has an invalid length. [ 194.368469][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.376089][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.319931][ T7650] netlink: 40 bytes leftover after parsing attributes in process `syz.3.564'. [ 196.486657][ T7666] netlink: 9 bytes leftover after parsing attributes in process `syz.2.566'. [ 196.632877][ T7666] 0·: renamed from hsr0 (while UP) [ 196.716775][ T7666] 0·: entered allmulticast mode [ 196.728012][ T7666] hsr_slave_0: entered allmulticast mode [ 196.915418][ T7666] hsr_slave_1: entered allmulticast mode [ 196.945095][ T7666] net_ratelimit: 31 callbacks suppressed [ 196.945115][ T7666] A link change request failed with some changes committed already. Interface 70· may have been left with an inconsistent configuration, please check. [ 199.337294][ T7718] netlink: zone id is out of range [ 199.360107][ T7718] netlink: zone id is out of range [ 199.399060][ T7718] netlink: zone id is out of range [ 199.425075][ T7718] netlink: zone id is out of range [ 199.452090][ T7719] netlink: del zone limit has 4 unknown bytes [ 199.458374][ T7718] netlink: zone id is out of range [ 199.463968][ T7718] netlink: zone id is out of range [ 199.474436][ T7718] netlink: zone id is out of range [ 199.500893][ T7718] netlink: zone id is out of range [ 200.006234][ T7727] tipc: Enabled bearer , priority 0 [ 200.038727][ T7725] tipc: Disabling bearer [ 200.248330][ T7739] netlink: 4 bytes leftover after parsing attributes in process `syz.1.589'. [ 200.257385][ T7739] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 200.265461][ T7739] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 200.274406][ T7739] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 200.291637][ T7739] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 200.941674][ T7749] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 201.205990][ T7749] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 201.297421][ T7749] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 201.632057][ T7749] netdevsim netdevsim4  (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 202.148172][ T7749] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 202.233146][ T7749] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 202.324873][ T7749] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 202.435498][ T7749] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 202.871488][ T7776] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in; [ 202.871488][ T7776] program syz.4.603 not setting count and/or reply_len properly [ 203.222424][ T7788] netlink: 'syz.2.608': attribute type 2 has an invalid length. [ 203.582510][ T7801] netlink: 68 bytes leftover after parsing attributes in process `syz.3.612'. [ 204.292658][ T7811] netlink: 172 bytes leftover after parsing attributes in process `syz.1.616'. [ 204.309279][ T7811] netlink: 208 bytes leftover after parsing attributes in process `syz.1.616'. [ 204.321486][ T7811] tipc: Enabled bearer , priority 0 [ 204.333181][ T7811] tipc: Resetting bearer [ 204.358397][ T7810] tipc: Disabling bearer [ 206.203423][ T7842] netlink: 68 bytes leftover after parsing attributes in process `syz.3.626'. [ 207.082571][ T7870] tipc: Enabled bearer , priority 0 [ 207.093616][ T7870] syzkaller0: entered promiscuous mode [ 207.099352][ T7870] syzkaller0: entered allmulticast mode [ 207.114546][ T7870] tipc: Resetting bearer [ 207.141143][ T7875] ip6erspan0: entered promiscuous mode [ 207.150735][ T7868] tipc: Resetting bearer [ 207.189287][ T7868] tipc: Disabling bearer [ 208.138300][ T7901] netlink: 12 bytes leftover after parsing attributes in process `syz.1.649'. [ 208.194738][ T7901] netlink: 36 bytes leftover after parsing attributes in process `syz.1.649'. [ 208.247842][ T7901] bridge0: port 3(vlan2) entered blocking state [ 208.256446][ T7901] bridge0: port 3(vlan2) entered disabled state [ 208.289185][ T7901] vlan2: entered allmulticast mode [ 208.297283][ T7901] bridge0: entered allmulticast mode [ 208.310920][ T7901] vlan2: left allmulticast mode [ 208.318181][ T7901] bridge0: left allmulticast mode [ 208.337716][ T7904] warning: `syz.3.650' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 208.594133][ T7919] netlink: 68 bytes leftover after parsing attributes in process `syz.1.656'. [ 210.894594][ T7950] netlink: 360 bytes leftover after parsing attributes in process `syz.1.668'. [ 211.079941][ T9] IPVS: starting estimator thread 0... [ 211.125729][ T7957] ieee802154 phy0 wpan0: encryption failed: -22 [ 211.193602][ T7958] IPVS: using max 25 ests per chain, 60000 per kthread [ 211.407966][ T7974] netlink: 180 bytes leftover after parsing attributes in process `syz.1.673'. [ 212.236372][ T7996] netlink: 4 bytes leftover after parsing attributes in process `syz.4.680'. [ 212.472075][ T8002] netlink: 4 bytes leftover after parsing attributes in process `syz.3.682'. [ 212.707867][ T8004] netlink: 360 bytes leftover after parsing attributes in process `syz.0.683'. [ 213.161106][ T8031] ieee802154 phy0 wpan0: encryption failed: -22 [ 213.420810][ T8034] netlink: 'syz.4.692': attribute type 1 has an invalid length. [ 213.446100][ T8034] netlink: 244 bytes leftover after parsing attributes in process `syz.4.692'. [ 213.671139][ T8052] syzkaller0: entered promiscuous mode [ 213.676819][ T8052] syzkaller0: entered allmulticast mode [ 214.577459][ T8069] syz.2.699 uses obsolete (PF_INET,SOCK_PACKET) [ 215.012649][ T8079] netlink: 8 bytes leftover after parsing attributes in process `syz.1.701'. [ 215.782422][ T8059] netlink: 180 bytes leftover after parsing attributes in process `syz.4.697'. [ 215.799226][ T8065] netlink: 28 bytes leftover after parsing attributes in process `syz.3.698'. [ 215.810158][ T8065] netlink: 28 bytes leftover after parsing attributes in process `syz.3.698'. [ 216.927855][ T5849] Bluetooth: hci4: command 0x0406 tx timeout [ 216.934385][ T5855] Bluetooth: hci1: command 0x0406 tx timeout [ 216.940439][ T5855] Bluetooth: hci3: command 0x0406 tx timeout [ 216.942128][ T5843] Bluetooth: hci0: command 0x0406 tx timeout [ 216.946534][ T5849] Bluetooth: hci2: command 0x0406 tx timeout [ 217.121488][ T8086] syzkaller0: entered promiscuous mode [ 217.131064][ T8086] syzkaller0: entered allmulticast mode [ 217.812983][ T8127] syzkaller0: entered promiscuous mode [ 217.819526][ T8127] syzkaller0: entered allmulticast mode [ 219.916014][ T8142] netlink: 28 bytes leftover after parsing attributes in process `syz.3.716'. [ 219.929010][ T8142] netlink: 28 bytes leftover after parsing attributes in process `syz.3.716'. [ 219.938722][ T8140] netlink: 180 bytes leftover after parsing attributes in process `syz.0.715'. [ 220.212897][ T8148] netlink: 24 bytes leftover after parsing attributes in process `syz.1.718'. [ 220.770937][ T8167] netlink: 'syz.2.726': attribute type 10 has an invalid length. [ 220.796579][ T8167] team0: Device ipvlan1 failed to register rx_handler [ 220.991346][ T8179] netlink: 28 bytes leftover after parsing attributes in process `syz.1.729'. [ 221.858569][ T8199] netlink: 4 bytes leftover after parsing attributes in process `syz.2.738'. [ 222.602293][ T8224] tipc: Enabling of bearer rejected, failed to enable media [ 223.208442][ T8250] tipc: Enabled bearer , priority 0 [ 223.244288][ T8244] syzkaller0: entered promiscuous mode [ 223.280867][ T8244] syzkaller0: entered allmulticast mode [ 223.385224][ T8243] tipc: Resetting bearer [ 223.417275][ T8243] tipc: Disabling bearer [ 223.639342][ T8267] netlink: 28 bytes leftover after parsing attributes in process `syz.3.760'. [ 225.846787][ T8293] tipc: Enabled bearer , priority 0 [ 225.858850][ T8295] netlink: 4 bytes leftover after parsing attributes in process `syz.2.770'. [ 225.934155][ T8293] tipc: Resetting bearer [ 226.053940][ T8292] tipc: Disabling bearer [ 226.205333][ T8300] tipc: Enabled bearer , priority 0 [ 226.230281][ T8300] syzkaller0: entered promiscuous mode [ 226.259491][ T8300] syzkaller0: entered allmulticast mode [ 226.393490][ T8299] tipc: Resetting bearer [ 226.545339][ T8299] tipc: Disabling bearer [ 227.090844][ T8336] netlink: 28 bytes leftover after parsing attributes in process `syz.2.780'. [ 227.385488][ T8345] mmap: syz.0.786 (8345) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 227.824411][ T8356] fuse: Bad value for 'fd' [ 228.043478][ T8348] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 228.050201][ T8348] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 228.176184][ T8348] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 228.187694][ T8348] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 228.197264][ T8348] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 228.223312][ T8348] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 228.242645][ T8348] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 228.249402][ T8348] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 228.261599][ T8348] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 228.282621][ T8348] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 228.440519][ T8361] Bluetooth: MGMT ver 1.23 [ 229.412603][ T8383] tipc: Enabled bearer , priority 0 [ 229.450522][ T8383] syzkaller0: entered promiscuous mode [ 229.483240][ T8383] syzkaller0: entered allmulticast mode [ 229.611878][ T8382] tipc: Resetting bearer [ 229.661342][ T8382] tipc: Disabling bearer [ 229.814141][ T5841] Bluetooth: hci0: command 0x0406 tx timeout [ 230.200973][ T8418] netlink: 28 bytes leftover after parsing attributes in process `syz.2.806'. [ 230.347483][ T5841] Bluetooth: hci1: command 0x0406 tx timeout [ 230.353670][ T5841] Bluetooth: hci2: command 0x0406 tx timeout [ 230.359901][ T5854] Bluetooth: hci3: command 0x0406 tx timeout [ 230.359927][ T5841] Bluetooth: hci4: command 0x0406 tx timeout [ 231.884850][ T5841] Bluetooth: hci0: command 0x0406 tx timeout [ 232.227869][ T8466] netlink: 248 bytes leftover after parsing attributes in process `syz.2.815'. [ 232.363990][ T8470] tipc: Enabled bearer , priority 0 [ 232.382896][ T8470] syzkaller0: entered promiscuous mode [ 232.401257][ T8470] syzkaller0: entered allmulticast mode [ 232.443403][ T5157] Bluetooth: hci3: command 0x0406 tx timeout [ 232.443448][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 232.449594][ T5157] Bluetooth: hci1: command 0x0406 tx timeout [ 232.462862][ T5841] Bluetooth: hci4: command 0x0406 tx timeout [ 232.475781][ T8468] tipc: Resetting bearer [ 232.495195][ T8468] tipc: Disabling bearer [ 233.721805][ T8511] tipc: Enabled bearer , priority 0 [ 233.732125][ T8511] syzkaller0: entered promiscuous mode [ 233.755571][ T8511] syzkaller0: entered allmulticast mode [ 233.915788][ T8511] tipc: Resetting bearer [ 233.953412][ T8510] tipc: Resetting bearer [ 234.025343][ T8510] tipc: Disabling bearer [ 234.523341][ T5841] Bluetooth: hci3: command 0x0406 tx timeout [ 235.537976][ T980] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 235.829215][ T980] usb 1-1: Using ep0 maxpacket: 16 [ 235.975014][ T980] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 236.094973][ T980] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 236.213956][ T980] usb 1-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 236.262214][ T980] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 236.324807][ T8574] netlink: 28 bytes leftover after parsing attributes in process `syz.1.837'. [ 236.347838][ T980] usb 1-1: Product: syz [ 236.412158][ T8574] netlink: 28 bytes leftover after parsing attributes in process `syz.1.837'. [ 236.414707][ T980] usb 1-1: Manufacturer: syz [ 236.453091][ T980] usb 1-1: SerialNumber: syz [ 236.474518][ T980] usb 1-1: config 0 descriptor?? [ 237.076712][ T8583] netlink: 4 bytes leftover after parsing attributes in process `syz.1.840'. [ 237.152912][ T8583] dummy0: entered promiscuous mode [ 237.187937][ T8583] macvtap1: entered promiscuous mode [ 237.210545][ T8583] macvtap1: entered allmulticast mode [ 237.234395][ T8583] dummy0: entered allmulticast mode [ 238.083866][ T8615] tipc: Enabled bearer , priority 0 [ 238.087261][ T5956] usb 1-1: USB disconnect, device number 3 [ 238.203628][ T8613] tipc: Disabling bearer [ 238.215533][ T8620] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in; [ 238.215533][ T8620] program syz.1.849 not setting count and/or reply_len properly [ 241.905661][ T8704] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 241.912123][ T8704] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 241.921218][ T8704] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 241.935483][ T8704] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 241.942304][ T8704] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 243.574465][ T8746] ieee802154 phy0 wpan0: encryption failed: -22 [ 243.883204][ T5841] Bluetooth: hci0: command 0x0406 tx timeout [ 243.980820][ T5841] Bluetooth: hci3: command 0x0406 tx timeout [ 243.987427][ T5841] Bluetooth: hci4: command 0x0406 tx timeout [ 243.994080][ T5157] Bluetooth: hci1: command 0x0406 tx timeout [ 243.994109][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 244.246888][ T8762] tipc: Enabled bearer , priority 0 [ 244.605049][ T8752] tipc: Disabling bearer [ 246.858982][ T8846] netlink: 8 bytes leftover after parsing attributes in process `syz.3.907'. [ 246.895417][ T8840] syzkaller0: entered promiscuous mode [ 246.912591][ T8840] syzkaller0: entered allmulticast mode [ 246.922002][ T8846] netlink: 4 bytes leftover after parsing attributes in process `syz.3.907'. [ 247.458853][ T8857] netlink: 44 bytes leftover after parsing attributes in process `syz.0.910'. [ 248.305346][ T8885] net_ratelimit: 12 callbacks suppressed [ 248.305367][ T8885] netlink: zone id is out of range [ 248.320338][ T8863] fuse: Unknown parameter 'grou00000000000000000000' [ 248.320470][ T8885] netlink: zone id is out of range [ 248.356051][ T8885] netlink: zone id is out of range [ 248.371357][ T8885] netlink: zone id is out of range [ 248.401317][ T8885] netlink: zone id is out of range [ 248.476829][ T8885] netlink: zone id is out of range [ 248.505616][ T8886] netlink: del zone limit has 4 unknown bytes [ 248.517605][ T8885] netlink: zone id is out of range [ 248.797376][ T8885] netlink: set zone limit has 4 unknown bytes [ 249.532145][ T8922] netlink: 44 bytes leftover after parsing attributes in process `syz.2.925'. [ 250.543954][ T8949] netlink: 360 bytes leftover after parsing attributes in process `syz.4.930'. [ 251.115231][ T8958] netlink: zone id is out of range [ 251.372750][ T8966] netlink: 28 bytes leftover after parsing attributes in process `syz.1.934'. [ 251.411131][ T8966] netlink: 28 bytes leftover after parsing attributes in process `syz.1.934'. [ 251.433201][ T8967] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in; [ 251.433201][ T8967] program syz.2.936 not setting count and/or reply_len properly [ 251.875883][ T8985] netlink: 44 bytes leftover after parsing attributes in process `syz.4.939'. [ 252.822325][ T9005] ieee802154 phy0 wpan0: encryption failed: -22 [ 253.411289][ T9013] netlink: 28 bytes leftover after parsing attributes in process `syz.3.948'. [ 253.445078][ T9013] netlink: 28 bytes leftover after parsing attributes in process `syz.3.948'. [ 253.800340][ T9018] syzkaller0: entered promiscuous mode [ 253.835699][ T9018] syzkaller0: entered allmulticast mode [ 253.987477][ T9020] syz.3.951 (9020) used greatest stack depth: 17992 bytes left [ 254.313702][ T9034] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in; [ 254.313702][ T9034] program syz.4.956 not setting count and/or reply_len properly [ 254.427628][ T9041] ieee802154 phy0 wpan0: encryption failed: -22 [ 254.639604][ T9048] netlink: 28 bytes leftover after parsing attributes in process `syz.1.961'. [ 254.650251][ T9048] netlink: 28 bytes leftover after parsing attributes in process `syz.1.961'. [ 255.630598][ T9075] netlink: 8 bytes leftover after parsing attributes in process `syz.3.970'. [ 255.764908][ T9072] syzkaller0: entered promiscuous mode [ 255.770631][ T9075] netlink: 4 bytes leftover after parsing attributes in process `syz.3.970'. [ 255.781010][ T9072] syzkaller0: entered allmulticast mode [ 255.810338][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.821707][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.942509][ T9100] netlink: 44 bytes leftover after parsing attributes in process `syz.3.979'. [ 257.281179][ T9108] netlink: 1 bytes leftover after parsing attributes in process `syz.2.982'. [ 257.515782][ T9108] tipc: Cannot configure node identity twice [ 257.749966][ T9119] netlink: 12 bytes leftover after parsing attributes in process `syz.3.985'. [ 258.850725][ T9136] netlink: 8 bytes leftover after parsing attributes in process `syz.2.990'. [ 260.200490][ T9169] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1001'. [ 260.400564][ T9175] syzkaller0: entered promiscuous mode [ 260.419872][ T9175] syzkaller0: entered allmulticast mode [ 261.138721][ T9190] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1006'. [ 262.344871][ T9219] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1014'. [ 262.458918][ T9221] Illegal XDP return value 70 on prog (id 140) dev syz_tun, expect packet loss! [ 262.578554][ T9225] syzkaller0: entered promiscuous mode [ 262.584449][ T9225] syzkaller0: entered allmulticast mode [ 263.178488][ T9241] netlink: 360 bytes leftover after parsing attributes in process `syz.3.1023'. [ 263.977694][ T9253] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1027'. [ 264.418346][ T9256] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1028'. [ 264.872332][ T9274] netlink: 360 bytes leftover after parsing attributes in process `syz.0.1035'. [ 265.999470][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880590c1800: rx timeout, send abort [ 266.009559][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff8880590c1800: 0x40000: (3) A timeout occurred and this is the connection abort to close the session. [ 266.025887][ T9298] net_ratelimit: 17 callbacks suppressed [ 266.025901][ T9298] netlink: zone id is out of range [ 266.041916][ T9298] netlink: zone id is out of range [ 266.137913][ T9298] netlink: zone id is out of range [ 266.159028][ T9299] netlink: del zone limit has 4 unknown bytes [ 266.301451][ T9298] netlink: set zone limit has 4 unknown bytes [ 266.996691][ T9309] netlink: 360 bytes leftover after parsing attributes in process `syz.3.1046'. [ 268.055552][ T9329] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1054'. [ 268.129607][ T9329] team0: Port device team_slave_0 removed [ 268.148629][ T9332] netlink: zone id is out of range [ 268.154525][ T9332] netlink: zone id is out of range [ 268.159830][ T9332] netlink: zone id is out of range [ 268.209038][ T9334] netlink: del zone limit has 4 unknown bytes [ 268.302055][ T9332] netlink: set zone limit has 4 unknown bytes [ 268.328849][ T9339] tipc: Enabled bearer , priority 0 [ 268.340313][ T9339] tipc: Resetting bearer [ 268.370677][ T9337] tipc: Disabling bearer [ 269.690590][ T9366] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1064'. [ 269.749750][ T9366] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1064'. [ 269.824060][ T9368] batman_adv: batadv0: Adding interface: dummy0 [ 269.830495][ T9368] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 269.855786][ C1] vkms_vblank_simulate: vblank timer overrun [ 269.900546][ T9368] batman_adv: batadv0: Interface activated: dummy0 [ 270.683726][ T9382] syzkaller1: entered promiscuous mode [ 270.689340][ T9382] syzkaller1: entered allmulticast mode [ 270.760436][ T9389] tipc: Enabled bearer , priority 0 [ 270.771870][ T9384] syzkaller0: entered promiscuous mode [ 270.778240][ T9384] syzkaller0: entered allmulticast mode [ 270.788661][ T9386] tipc: Resetting bearer [ 270.814175][ T9385] tipc: Disabling bearer [ 271.098908][ T9397] net_ratelimit: 20 callbacks suppressed [ 271.098929][ T9397] netlink: zone id is out of range [ 271.133378][ T9397] netlink: zone id is out of range [ 271.140988][ T9397] netlink: zone id is out of range [ 271.186851][ T9397] netlink: zone id is out of range [ 271.614908][ T9397] netlink: set zone limit has 4 unknown bytes [ 273.553725][ T9428] syzkaller1: entered promiscuous mode [ 273.559269][ T9428] syzkaller1: entered allmulticast mode [ 274.471420][ T9444] tipc: Enabled bearer , priority 0 [ 274.508484][ T9444] tipc: Resetting bearer [ 274.557511][ T9443] tipc: Disabling bearer [ 276.363957][ T9466] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1098'. [ 276.744497][ T9477] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1103'. [ 276.833134][ T9477] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1103'. [ 277.014441][ T9483] syzkaller0: entered promiscuous mode [ 277.043586][ T9483] syzkaller0: entered allmulticast mode [ 277.531070][ T9507] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1113'. [ 278.623409][ T9525] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1120'. [ 278.712736][ T9525] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1120'. [ 280.714464][ T9564] syzkaller0: entered promiscuous mode [ 280.720141][ T9564] syzkaller0: entered allmulticast mode [ 280.816593][ T9569] netlink: 360 bytes leftover after parsing attributes in process `syz.2.1137'. [ 281.136018][ T9585] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1140'. [ 281.265272][ T9584] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1141'. [ 282.748331][ T9607] netlink: 360 bytes leftover after parsing attributes in process `syz.1.1149'. [ 282.768564][ T9606] syzkaller0: entered promiscuous mode [ 282.788792][ T9606] syzkaller0: entered allmulticast mode [ 282.972844][ T9613] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in; [ 282.972844][ T9613] program syz.0.1150 not setting count and/or reply_len properly [ 283.006309][ T9613] kernel profiling enabled (shift: 6) [ 283.157589][ T9619] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1153'. [ 284.171504][ T9639] netlink: 360 bytes leftover after parsing attributes in process `syz.1.1162'. [ 284.338651][ T9629] fuse: Bad value for 'fd' [ 284.700882][ T9658] batadv_slave_1: entered promiscuous mode [ 284.741053][ T9658] batadv_slave_1: left promiscuous mode [ 284.796539][ T9664] netlink: 'syz.0.1173': attribute type 3 has an invalid length. [ 284.807856][ T9664] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1173'. [ 285.062699][ T9674] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in; [ 285.062699][ T9674] program syz.0.1175 not setting count and/or reply_len properly [ 285.162781][ T9676] netlink: 360 bytes leftover after parsing attributes in process `syz.1.1176'. [ 285.850735][ T9686] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1182'. [ 285.866182][ T9691] syzkaller1: entered promiscuous mode [ 285.871733][ T9691] syzkaller1: entered allmulticast mode [ 285.920856][ T9694] netlink: 'syz.1.1184': attribute type 3 has an invalid length. [ 285.956987][ T9694] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1184'. [ 287.664860][ T9726] netlink: 'syz.1.1197': attribute type 3 has an invalid length. [ 287.674356][ T9726] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1197'. [ 287.732541][ T9725] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1196'. [ 288.244852][ T9730] batman_adv: batadv0: Interface deactivated: dummy0 [ 288.299881][ T9730] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 288.316357][ T9730] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 288.386865][ T9730] netdevsim netdevsim0 : unset [1, 0] type 2 family 0 port 6081 - 0 [ 288.405781][ T9730] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 288.419207][ T9730] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 288.437048][ T9730] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 288.460416][ T9730] mac80211_hwsim hwsim6 wlan0: left allmulticast mode [ 289.084489][ T9749] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in; [ 289.084489][ T9749] program syz.0.1204 not setting count and/or reply_len properly [ 291.195741][ T9779] netlink: 360 bytes leftover after parsing attributes in process `syz.3.1217'. [ 291.564179][ T980] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 291.940353][ T980] usb 1-1: device descriptor read/64, error -71 [ 292.233122][ T980] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 292.393211][ T980] usb 1-1: device descriptor read/64, error -71 [ 292.514408][ T9803] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in; [ 292.514408][ T9803] program syz.1.1224 not setting count and/or reply_len properly [ 292.532680][ T980] usb usb1-port1: attempt power cycle [ 292.953066][ T980] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 293.077321][ T980] usb 1-1: device descriptor read/8, error -71 [ 293.343152][ T980] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 293.415221][ T980] usb 1-1: device descriptor read/8, error -71 [ 293.543388][ T980] usb usb1-port1: unable to enumerate USB device [ 294.407250][ T9818] netlink: 360 bytes leftover after parsing attributes in process `syz.3.1230'. [ 295.703198][ T5914] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 295.843224][ T5914] usb 1-1: device descriptor read/64, error -71 [ 295.850532][ T9849] syzkaller0: entered promiscuous mode [ 295.864334][ T9849] syzkaller0: entered allmulticast mode [ 296.153095][ T5914] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 296.327736][ T5914] usb 1-1: device descriptor read/64, error -71 [ 296.337199][ T9688] Set syz1 is full, maxelem 65536 reached [ 296.456369][ T5914] usb usb1-port1: attempt power cycle [ 296.678634][ T9851] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1243'. [ 296.833937][ T5914] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 296.903398][ T5914] usb 1-1: device descriptor read/8, error -71 [ 296.992463][ T9859] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in; [ 296.992463][ T9859] program syz.2.1245 not setting count and/or reply_len properly [ 297.293086][ T5914] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 297.347972][ T5914] usb 1-1: device descriptor read/8, error -71 [ 297.567542][ T9873] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1251'. [ 297.578288][ T9873] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1251'. [ 297.627403][ T9873] team0: Port device team_slave_0 removed [ 297.643444][ T5914] usb usb1-port1: unable to enumerate USB device [ 297.991555][ T9878] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1253'. [ 298.578888][ T9892] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1257'. [ 298.735236][ T9892] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1257'. [ 299.336114][ T9909] syzkaller0: entered promiscuous mode [ 299.367400][ T9909] syzkaller0: entered allmulticast mode [ 299.843123][ T5914] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 299.993231][ T5914] usb 4-1: device descriptor read/64, error -71 [ 300.243334][ T5914] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 300.473104][ T5914] usb 4-1: device descriptor read/64, error -71 [ 300.540948][ T9930] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in; [ 300.540948][ T9930] program syz.4.1271 not setting count and/or reply_len properly [ 300.726166][ T9939] netlink: zone id is out of range [ 300.732017][ T9939] netlink: zone id is out of range [ 300.737715][ T5914] usb usb4-port1: attempt power cycle [ 300.741231][ T9939] netlink: zone id is out of range [ 300.751865][ T9939] netlink: zone id is out of range [ 300.917982][ T9939] netlink: set zone limit has 4 unknown bytes [ 301.156065][ T9941] netlink: del zone limit has 4 unknown bytes [ 301.243232][ T5914] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 301.328747][ T5914] usb 4-1: device descriptor read/8, error -71 [ 301.713176][ T5914] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 301.765546][ T5914] usb 4-1: device descriptor read/8, error -71 [ 301.883515][ T5914] usb usb4-port1: unable to enumerate USB device [ 302.796803][ T9965] ieee802154 phy0 wpan0: encryption failed: -22 [ 303.489211][ T9984] netlink: zone id is out of range [ 303.507229][ T9984] netlink: zone id is out of range [ 303.539306][ T9984] netlink: zone id is out of range [ 303.593965][ T9984] netlink: zone id is out of range [ 303.804946][ T9994] tipc: Enabling of bearer rejected, failed to enable media [ 303.830949][ T9986] netlink: del zone limit has 4 unknown bytes [ 303.845219][ T9984] netlink: set zone limit has 4 unknown bytes [ 303.848408][ T9994] syzkaller0: entered promiscuous mode [ 303.868224][ T9994] syzkaller0: entered allmulticast mode [ 304.050220][ T9998] netlink: 284 bytes leftover after parsing attributes in process `syz.2.1294'. [ 304.285878][T10002] ieee802154 phy0 wpan0: encryption failed: -22 [ 304.312671][T10004] syzkaller0: entered promiscuous mode [ 304.328886][T10004] syzkaller0: entered allmulticast mode [ 304.889818][T10025] netlink: zone id is out of range [ 304.903846][T10025] netlink: zone id is out of range [ 304.923206][T10025] netlink: zone id is out of range [ 304.941005][T10025] netlink: zone id is out of range [ 305.333773][T10033] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1308'. [ 305.671548][T10037] ieee802154 phy0 wpan0: encryption failed: -22 [ 305.914133][T10043] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1312'. [ 305.965170][T10043] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1312'. [ 306.059074][T10043] team0: Port device team_slave_0 removed [ 306.517604][T10058] netlink: 'syz.0.1318': attribute type 1 has an invalid length. [ 306.670153][T10060] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1319'. [ 307.065383][T10064] syzkaller0: entered promiscuous mode [ 307.077933][T10064] syzkaller0: entered allmulticast mode [ 307.603151][T10070] ieee802154 phy0 wpan0: encryption failed: -22 [ 308.128235][T10078] netlink: 596 bytes leftover after parsing attributes in process `syz.4.1326'. [ 308.231415][T10087] netlink: 'syz.3.1330': attribute type 1 has an invalid length. [ 308.502388][T10098] ieee802154 phy0 wpan0: encryption failed: -22 [ 308.522322][T10101] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1337'. [ 309.673362][T10122] netlink: 'syz.1.1344': attribute type 1 has an invalid length. [ 309.680854][T10121] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1343'. [ 310.182328][T10133] ieee802154 phy0 wpan0: encryption failed: -22 [ 310.397501][T10138] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1351'. [ 310.407085][T10138] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1351'. [ 310.632144][T10151] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1357'. [ 310.743247][T10149] syzkaller0: entered promiscuous mode [ 310.748888][T10149] syzkaller0: entered allmulticast mode [ 311.015458][T10165] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1360'. [ 311.430358][T10178] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1365'. [ 311.447546][T10178] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1365'. [ 311.558275][T10180] ieee802154 phy0 wpan0: encryption failed: -22 [ 312.061330][T10191] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1370'. [ 312.709557][T10207] RDS: rds_bind could not find a transport for ::ffff:172.30.1.2, load rds_tcp or rds_rdma? [ 312.741232][T10207] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1377'. [ 312.923917][T10214] ieee802154 phy0 wpan0: encryption failed: -22 [ 312.957669][T10207] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 312.972011][T10207] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 312.988171][T10207] bond0 (unregistering): Released all slaves [ 313.053651][T10215] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1379'. [ 313.473796][T10233] tipc: Enabling of bearer rejected, failed to enable media [ 313.500090][T10233] syzkaller0: entered promiscuous mode [ 313.517189][T10233] syzkaller0: entered allmulticast mode [ 313.680526][T10243] ieee802154 phy0 wpan0: encryption failed: -22 [ 314.612716][T10279] ieee802154 phy0 wpan0: encryption failed: -22 [ 314.849868][T10283] tipc: Enabling of bearer rejected, failed to enable media [ 314.893190][T10283] syzkaller0: entered promiscuous mode [ 314.912524][T10283] syzkaller0: entered allmulticast mode [ 315.360985][T10291] __nla_validate_parse: 5 callbacks suppressed [ 315.361006][T10291] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1410'. [ 316.024853][T10302] net_ratelimit: 2 callbacks suppressed [ 316.024875][T10302] netlink: zone id is out of range [ 316.083123][T10302] netlink: zone id is out of range [ 316.088368][T10302] netlink: zone id is out of range [ 316.092138][T10305] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.139026][T10307] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1418'. [ 316.156728][T10302] netlink: zone id is out of range [ 316.205919][T10308] netlink: del zone limit has 4 unknown bytes [ 316.255576][T10302] netlink: set zone limit has 4 unknown bytes [ 316.333302][T10311] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1418'. [ 316.456663][T10313] tipc: Enabled bearer , priority 0 [ 316.464361][T10313] syzkaller0: entered promiscuous mode [ 316.476890][T10313] syzkaller0: entered allmulticast mode [ 316.610647][T10323] tipc: Resetting bearer [ 316.682125][T10312] tipc: Resetting bearer [ 316.755304][T10312] tipc: Disabling bearer [ 317.268326][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.275132][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.820028][T10350] ieee802154 phy0 wpan0: encryption failed: -22 [ 318.127869][T10355] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1432'. [ 318.419331][T10370] tipc: Enabling of bearer rejected, failed to enable media [ 318.452916][T10370] syzkaller0: entered promiscuous mode [ 318.461557][T10370] syzkaller0: entered allmulticast mode [ 318.968303][T10388] ieee802154 phy0 wpan0: encryption failed: -22 [ 319.171528][T10395] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1445'. [ 319.186472][T10400] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1448'. [ 319.196812][T10400] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1448'. [ 319.769459][T10420] syzkaller1: entered promiscuous mode [ 319.783782][T10420] syzkaller1: entered allmulticast mode [ 320.076765][T10429] ieee802154 phy0 wpan0: encryption failed: -22 [ 320.335601][T10441] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1459'. [ 320.344798][T10441] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1459'. [ 320.363454][T10440] netlink: 360 bytes leftover after parsing attributes in process `syz.1.1461'. [ 320.444655][T10435] netlink: zone id is out of range [ 320.469894][T10435] netlink: zone id is out of range [ 320.487071][T10435] netlink: zone id is out of range [ 320.512849][T10435] netlink: zone id is out of range [ 321.141772][T10464] syzkaller1: entered promiscuous mode [ 321.170363][T10464] syzkaller1: entered allmulticast mode [ 321.432817][T10472] ieee802154 phy0 wpan0: encryption failed: -22 [ 321.760383][T10487] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1474'. [ 321.769694][T10487] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1474'. [ 321.835627][T10489] net_ratelimit: 2 callbacks suppressed [ 321.835648][T10489] netlink: zone id is out of range [ 321.862890][T10489] netlink: zone id is out of range [ 321.878010][T10489] netlink: zone id is out of range [ 321.892423][T10489] netlink: zone id is out of range [ 321.984238][T10494] netlink: del zone limit has 4 unknown bytes [ 322.082221][T10489] netlink: set zone limit has 4 unknown bytes [ 322.641268][T10498] tipc: Enabling of bearer rejected, failed to enable media [ 322.767390][T10499] syzkaller0: entered promiscuous mode [ 322.788131][T10499] syzkaller0: entered allmulticast mode [ 322.833177][T10510] syzkaller1: entered promiscuous mode [ 322.839298][T10510] syzkaller1: entered allmulticast mode [ 323.001575][T10522] tipc: Enabling of bearer rejected, failed to enable media [ 323.008923][T10527] ieee802154 phy0 wpan0: encryption failed: -22 [ 323.011953][T10522] syzkaller0: entered promiscuous mode [ 323.023162][T10522] syzkaller0: entered allmulticast mode [ 323.856530][T10545] netlink: zone id is out of range [ 323.883733][T10545] netlink: zone id is out of range [ 323.889229][T10545] netlink: zone id is out of range [ 323.939228][T10545] netlink: zone id is out of range [ 324.661203][T10564] ieee802154 phy0 wpan0: encryption failed: -22 [ 325.201553][T10572] syzkaller1: entered promiscuous mode [ 325.210828][T10572] syzkaller1: entered allmulticast mode [ 325.308440][T10574] tipc: Enabling of bearer rejected, failed to enable media [ 325.332794][T10574] syzkaller0: entered promiscuous mode [ 325.373181][T10574] syzkaller0: entered allmulticast mode [ 325.490403][T10582] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1498'. [ 325.655590][T10588] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1501'. [ 325.729854][T10591] netlink: 360 bytes leftover after parsing attributes in process `syz.4.1503'. [ 325.962171][T10596] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1505'. [ 326.005265][T10597] ieee802154 phy0 wpan0: encryption failed: -22 [ 326.215014][T10608] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1506'. [ 326.247254][T10609] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1507'. [ 326.506464][T10613] syzkaller0: entered promiscuous mode [ 326.512077][T10613] syzkaller0: entered allmulticast mode [ 326.768827][T10617] syzkaller1: entered promiscuous mode [ 326.802571][T10617] syzkaller1: entered allmulticast mode [ 327.168399][T10628] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1514'. [ 327.221724][T10630] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1513'. [ 327.559547][T10634] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1516'. [ 327.588932][T10635] netlink: 360 bytes leftover after parsing attributes in process `syz.2.1515'. [ 328.613960][T10664] tipc: Enabling of bearer rejected, failed to enable media [ 329.172222][T10665] syzkaller0: entered promiscuous mode [ 329.180293][T10665] syzkaller0: entered allmulticast mode [ 329.259574][T10677] batman_adv: batadv0: Interface deactivated: dummy0 [ 329.267444][T10677] batman_adv: batadv0: Removing interface: dummy0 [ 329.564522][T10692] syzkaller1: entered promiscuous mode [ 329.604860][T10692] syzkaller1: entered allmulticast mode [ 329.963260][ T980] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 330.136119][ T980] usb 5-1: Using ep0 maxpacket: 16 [ 330.153407][ T980] usb 5-1: no configurations [ 330.315268][ T980] usb 5-1: can't read configurations, error -22 [ 330.493547][ T980] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 330.814529][ T980] usb 5-1: Using ep0 maxpacket: 16 [ 330.855103][T10723] __nla_validate_parse: 6 callbacks suppressed [ 330.855117][T10723] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1541'. [ 330.896362][T10723] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1541'. [ 330.900559][ T980] usb 5-1: no configurations [ 330.945999][ T980] usb 5-1: can't read configurations, error -22 [ 330.974886][ T980] usb usb5-port1: attempt power cycle [ 331.185736][T10729] syzkaller0: entered promiscuous mode [ 331.201819][T10729] syzkaller0: entered allmulticast mode [ 331.386112][ T980] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 331.442115][ T980] usb 5-1: Using ep0 maxpacket: 16 [ 331.471562][ T980] usb 5-1: no configurations [ 331.482892][ T980] usb 5-1: can't read configurations, error -22 [ 331.537744][T10733] syzkaller0: entered promiscuous mode [ 331.572645][T10733] syzkaller0: entered allmulticast mode [ 331.673087][ T980] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 331.735041][ T980] usb 5-1: Using ep0 maxpacket: 16 [ 331.751044][ T980] usb 5-1: no configurations [ 331.803043][ T980] usb 5-1: can't read configurations, error -22 [ 331.872383][ T980] usb usb5-port1: unable to enumerate USB device [ 332.500248][T10754] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1552'. [ 332.805204][T10762] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1554'. [ 332.814499][T10762] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1554'. [ 332.968131][T10767] syzkaller0: entered promiscuous mode [ 332.981394][T10767] syzkaller0: entered allmulticast mode [ 333.250161][T10769] syzkaller0: entered promiscuous mode [ 333.313561][T10769] syzkaller0: entered allmulticast mode [ 334.623272][ T5961] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 334.793079][ T5961] usb 5-1: Using ep0 maxpacket: 16 [ 334.846698][T10806] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1567'. [ 334.946312][ T5961] usb 5-1: no configurations [ 334.968199][T10805] Bluetooth: MGMT ver 1.23 [ 334.973067][ T5961] usb 5-1: can't read configurations, error -22 [ 335.133103][ T5961] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 335.345527][ T5961] usb 5-1: Using ep0 maxpacket: 16 [ 335.362635][ T5961] usb 5-1: no configurations [ 335.388706][ T5961] usb 5-1: can't read configurations, error -22 [ 335.417081][ T5961] usb usb5-port1: attempt power cycle [ 335.803297][ T5961] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 335.845054][ T5961] usb 5-1: Using ep0 maxpacket: 16 [ 335.868970][ T5961] usb 5-1: no configurations [ 335.905680][ T5961] usb 5-1: can't read configurations, error -22 [ 336.073407][ T5961] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 336.139151][ T5961] usb 5-1: Using ep0 maxpacket: 16 [ 336.227648][ T5961] usb 5-1: no configurations [ 336.271345][ T5961] usb 5-1: can't read configurations, error -22 [ 336.302673][ T5961] usb usb5-port1: unable to enumerate USB device [ 336.439507][T10833] syzkaller1: entered promiscuous mode [ 336.493544][T10833] syzkaller1: entered allmulticast mode [ 336.741756][T10847] tipc: Enabled bearer , priority 10 [ 337.077149][T10863] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1580'. [ 337.480072][T10872] gtp0: entered promiscuous mode [ 337.498902][T10872] gtp0: entered allmulticast mode [ 337.864673][ T5937] tipc: Node number set to 708742998 [ 338.471636][T10901] syzkaller0: entered promiscuous mode [ 338.487848][T10901] syzkaller0: entered allmulticast mode [ 338.714940][T10905] syzkaller1: entered promiscuous mode [ 338.726390][T10905] syzkaller1: entered allmulticast mode [ 338.954344][T10922] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1595'. [ 339.279258][T10935] net_ratelimit: 2 callbacks suppressed [ 339.279279][T10935] netlink: zone id is out of range [ 339.295810][T10928] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1599'. [ 339.304923][ T5961] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 339.347892][T10935] netlink: zone id is out of range [ 339.361189][T10935] netlink: zone id is out of range [ 339.381593][T10935] netlink: zone id is out of range [ 339.402448][T10936] netlink: del zone limit has 4 unknown bytes [ 339.443112][ T5961] usb 2-1: device descriptor read/64, error -71 [ 339.499095][T10935] netlink: set zone limit has 4 unknown bytes [ 339.713157][ T5961] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 339.866111][ T5961] usb 2-1: device descriptor read/64, error -71 [ 340.077760][ T5961] usb usb2-port1: attempt power cycle [ 340.488298][T10952] syzkaller0: entered promiscuous mode [ 340.534111][T10952] syzkaller0: entered allmulticast mode [ 340.563264][ T5961] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 340.617405][ T5961] usb 2-1: device descriptor read/8, error -71 [ 340.781352][T10957] syzkaller1: entered promiscuous mode [ 340.787206][T10957] syzkaller1: entered allmulticast mode [ 340.923663][ T5961] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 340.944465][ T5961] usb 2-1: device descriptor read/8, error -71 [ 341.065074][T10964] tipc: Enabled bearer , priority 10 [ 341.069374][ T5961] usb usb2-port1: unable to enumerate USB device [ 341.391634][T10979] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1613'. [ 341.408004][T10963] syzkaller0: entered promiscuous mode [ 341.472635][T10963] syzkaller0: entered allmulticast mode [ 343.039905][T11006] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1622'. [ 343.596822][T11024] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1626'. [ 343.901298][T11042] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1634'. [ 344.223304][ T980] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 344.365282][ T980] usb 2-1: device descriptor read/64, error -71 [ 344.613207][ T980] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 344.716800][T11057] syzkaller0: entered promiscuous mode [ 344.743189][ T980] usb 2-1: device descriptor read/64, error -71 [ 344.762190][T11057] syzkaller0: entered allmulticast mode [ 344.873382][ T980] usb usb2-port1: attempt power cycle [ 345.285529][ T980] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 345.374841][ T980] usb 2-1: device descriptor read/8, error -71 [ 345.653120][ T980] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 345.839443][ T980] usb 2-1: device descriptor read/8, error -71 [ 346.004807][ T980] usb usb2-port1: unable to enumerate USB device [ 347.364499][T11109] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1651'. [ 347.494889][T11113] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1653'. [ 347.810587][T11133] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1659'. [ 348.149556][T11149] openvswitch: netlink: Tunnel attr 16 has unexpected len 8 expected 0 [ 348.180418][T11138] syzkaller0: entered promiscuous mode [ 348.186654][T11138] syzkaller0: entered allmulticast mode [ 348.397706][T11160] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1667'. [ 348.716301][T11174] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1669'. [ 349.747334][T11154] syzkaller0: entered promiscuous mode [ 349.752856][T11154] syzkaller0: entered allmulticast mode [ 349.759436][T11170] netlink: 5 bytes leftover after parsing attributes in process `syz.0.1668'. [ 349.871775][T11178] tipc: Enabled bearer , priority 10 [ 350.116819][T11188] syzkaller0: entered promiscuous mode [ 350.122367][T11188] syzkaller0: entered allmulticast mode [ 350.461749][T11203] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1680'. [ 350.577237][T11213] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1681'. [ 350.854722][T11228] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in; [ 350.854722][T11228] program syz.4.1682 not setting count and/or reply_len properly [ 350.993498][ T5956] tipc: Node number set to 3563713868 [ 351.081959][T11220] netlink: 5 bytes leftover after parsing attributes in process `syz.1.1683'. [ 351.351126][T11234] syzkaller0: entered promiscuous mode [ 351.363339][T11234] syzkaller0: entered allmulticast mode [ 351.422373][T11239] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1685'. [ 351.458792][T11241] tipc: Enabled bearer , priority 10 [ 352.327534][T11259] syzkaller0: entered promiscuous mode [ 352.346410][T11259] syzkaller0: entered allmulticast mode [ 352.454034][ T5956] tipc: Node number set to 760628477 [ 352.479906][T11265] netlink: 5 bytes leftover after parsing attributes in process `syz.2.1695'. [ 352.517034][T11267] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1694'. [ 352.924452][T11278] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1698'. [ 353.105674][T11287] syzkaller0: entered promiscuous mode [ 353.111236][T11287] syzkaller0: entered allmulticast mode [ 353.318978][T11292] tipc: Enabled bearer , priority 10 [ 353.556095][T11314] __nla_validate_parse: 1 callbacks suppressed [ 353.556115][T11314] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1711'. [ 353.692349][T11323] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in; [ 353.692349][T11323] program syz.0.1710 not setting count and/or reply_len properly [ 353.722872][T11324] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1714'. [ 354.433731][ T5937] tipc: Node number set to 1572322683 [ 354.783300][T11348] syzkaller0: entered promiscuous mode [ 354.811913][T11348] syzkaller0: entered allmulticast mode [ 355.054933][T11357] batadv_slave_1: entered promiscuous mode [ 355.062198][T11355] batadv_slave_1: left promiscuous mode [ 355.298452][T11363] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1725'. [ 355.784423][T11372] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1728'. [ 356.065700][ T5207] udevd[5207]: worker [5850] terminated by signal 33 (Unknown signal 33) [ 356.124086][ T5207] udevd[5207]: worker [5850] failed while handling '/devices/virtual/block/loop1' [ 356.742735][T11406] batadv_slave_1: entered promiscuous mode [ 356.769970][T11404] batadv_slave_1: left promiscuous mode [ 356.842133][T11409] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1738'. [ 357.268095][T11418] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1741'. [ 358.017599][T11430] netlink: 5 bytes leftover after parsing attributes in process `syz.0.1744'. [ 360.384459][T11470] netlink: zone id is out of range [ 360.389703][T11470] netlink: zone id is out of range [ 360.435577][T11474] netlink: del zone limit has 4 unknown bytes [ 360.444121][T11470] netlink: zone id is out of range [ 360.450343][T11470] netlink: zone id is out of range [ 360.592894][T11470] netlink: set zone limit has 4 unknown bytes [ 361.864162][T11497] tipc: Enabling of bearer rejected, already enabled [ 364.035572][T11531] tipc: Enabling of bearer rejected, already enabled [ 364.976039][T11551] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1789'. [ 365.042152][ T5956] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 365.119076][ T5956] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 367.753131][T11576] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1796'. [ 370.669528][ T5956] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 371.033215][ T5956] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 371.345575][T11607] fido_id[11607]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 371.501201][T11609] tipc: Enabled bearer , priority 0 [ 371.523981][T11609] syzkaller0: entered promiscuous mode [ 371.609885][T11609] syzkaller0: entered allmulticast mode [ 371.713687][T11608] tipc: Resetting bearer [ 371.815692][T11608] tipc: Disabling bearer [ 372.246501][T11631] netlink: zone id is out of range [ 372.252225][T11631] netlink: zone id is out of range [ 372.257630][T11631] netlink: zone id is out of range [ 372.265852][T11631] netlink: zone id is out of range [ 372.302500][T11635] netlink: del zone limit has 4 unknown bytes [ 372.321191][T11631] netlink: set zone limit has 4 unknown bytes [ 372.622890][T11642] syzkaller0: entered promiscuous mode [ 372.657761][T11642] syzkaller0: entered allmulticast mode [ 372.688689][ T5914] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 372.727047][ T5914] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz1] on syz0 [ 373.072885][T11651] tipc: Enabled bearer , priority 0 [ 373.094645][T11651] syzkaller0: entered promiscuous mode [ 373.100185][T11651] syzkaller0: entered allmulticast mode [ 373.340044][T11650] tipc: Resetting bearer [ 373.372507][T11650] tipc: Disabling bearer [ 373.615719][T11665] netlink: zone id is out of range [ 373.620976][T11665] netlink: zone id is out of range [ 373.630580][T11669] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1830'. [ 373.636622][T11665] netlink: zone id is out of range [ 373.675884][T11665] netlink: zone id is out of range [ 374.192639][T11680] netlink: 5 bytes leftover after parsing attributes in process `syz.2.1833'. [ 374.233368][T11680] 0ªX¹¦D: renamed from macvtap0 (while UP) [ 374.270589][T11680] 0ªX¹¦D: entered allmulticast mode [ 374.294673][T11680] veth0_macvtap: entered allmulticast mode [ 374.962558][T11694] tipc: Enabled bearer , priority 0 [ 374.992867][T11694] syzkaller0: entered promiscuous mode [ 375.002810][T11694] syzkaller0: entered allmulticast mode [ 375.063421][T11693] tipc: Resetting bearer [ 375.146496][T11693] tipc: Disabling bearer [ 376.270547][T11716] sctp: [Deprecated]: syz.1.1845 (pid 11716) Use of struct sctp_assoc_value in delayed_ack socket option. [ 376.270547][T11716] Use struct sctp_sack_info instead [ 376.375985][T11711] netlink: 'syz.3.1844': attribute type 5 has an invalid length. [ 376.503593][T11726] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 376.578336][T11726] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 376.594907][T11726] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 376.611968][T11726] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 376.622168][T11726] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 378.445402][ T51] Bluetooth: hci0: command 0x0406 tx timeout [ 378.603200][ T51] Bluetooth: hci1: command 0x0406 tx timeout [ 378.609351][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 378.689251][ T51] Bluetooth: hci3: command 0x0406 tx timeout [ 378.699407][ T5854] Bluetooth: hci4: command 0x0406 tx timeout [ 378.732517][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.739095][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 380.587635][ T5937] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 380.614420][T11797] net_ratelimit: 10 callbacks suppressed [ 380.614439][T11797] netlink: zone id is out of range [ 380.648376][T11797] netlink: zone id is out of range [ 380.653625][T11797] netlink: zone id is out of range [ 380.669669][ T5937] hid-generic 0000:0000:0000.0004: hidraw0: HID v0.00 Device [syz1] on syz0 [ 380.692493][T11797] netlink: zone id is out of range [ 381.187029][T11803] netlink: del zone limit has 4 unknown bytes [ 381.264485][T11797] netlink: set zone limit has 4 unknown bytes [ 381.288681][T11800] fido_id[11800]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 381.338642][T11802] futex_wake_op: syz.4.1857 tries to shift op by 32; fix this program [ 381.486559][T11806] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1858'. [ 383.455752][T11830] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1865'. [ 383.557736][T11835] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1867'. [ 383.648934][T11840] netlink: zone id is out of range [ 383.654556][T11840] netlink: zone id is out of range [ 383.660037][T11840] netlink: zone id is out of range [ 383.667341][T11840] netlink: zone id is out of range [ 383.834004][T11847] tipc: Enabling of bearer rejected, failed to enable media [ 383.843334][T11847] syzkaller0: entered promiscuous mode [ 383.850270][T11847] syzkaller0: entered allmulticast mode [ 383.885966][T11851] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1874'. [ 385.384248][T11873] batadv_slave_1: entered promiscuous mode [ 385.447188][T11872] batadv_slave_1: left promiscuous mode [ 385.827362][T11875] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1883'. [ 385.986685][T11877] net_ratelimit: 7 callbacks suppressed [ 385.986708][T11877] netlink: set zone limit has 4 unknown bytes [ 387.650763][T11900] netlink: 'syz.0.1887': attribute type 5 has an invalid length. [ 387.669918][T11903] batadv_slave_1: entered promiscuous mode [ 387.679466][T11902] batadv_slave_1: left promiscuous mode [ 390.814808][ T5907] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 390.975223][ T5907] usb 5-1: Using ep0 maxpacket: 32 [ 391.011699][ T5907] usb 5-1: config 0 has an invalid interface number: 67 but max is 0 [ 391.051175][T11941] netlink: 5 bytes leftover after parsing attributes in process `syz.1.1903'. [ 391.060332][T11941] 0ªX¹¦D: renamed from macvtap0 (while UP) [ 391.077728][ T5907] usb 5-1: config 0 has no interface number 0 [ 391.101614][T11941] 0ªX¹¦D: entered allmulticast mode [ 391.123154][ T5907] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 391.137149][ T5907] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 391.154936][T11941] veth0_macvtap: entered allmulticast mode [ 391.184603][ T5907] usb 5-1: Product: syz [ 391.191858][ T5907] usb 5-1: Manufacturer: syz [ 391.194829][T11941] A link change request failed with some changes committed already. Interface 30ªX¹¦D may have been left with an inconsistent configuration, please check. [ 391.200517][ T5907] usb 5-1: SerialNumber: syz [ 391.243085][T11941] hub 1-0:1.0: USB hub found [ 391.249531][T11941] hub 1-0:1.0: 1 port detected [ 391.378735][ T5907] usb 5-1: config 0 descriptor?? [ 391.410799][ T5907] smsc95xx v2.0.0 [ 391.426782][ T5907] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 391.458533][ T5907] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -22 [ 391.941428][ T5956] usb 5-1: USB disconnect, device number 15 [ 393.747373][ T5907] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 394.076519][ T5907] hid-generic 0000:0000:0000.0005: hidraw0: HID v0.00 Device [syz1] on syz0 [ 394.097973][T11984] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1914'. [ 394.739830][T11987] fido_id[11987]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 399.888853][T12069] netlink: zone id is out of range [ 399.904813][T12069] netlink: zone id is out of range [ 399.920369][T12069] netlink: zone id is out of range [ 399.955038][T12070] netlink: del zone limit has 4 unknown bytes [ 399.987826][T12072] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1948'. [ 400.028439][T12069] netlink: set zone limit has 4 unknown bytes [ 401.811332][T12093] tipc: Enabled bearer , priority 0 [ 401.931521][T12093] syzkaller0: entered promiscuous mode [ 401.969069][T12093] syzkaller0: entered allmulticast mode [ 402.023214][T12103] tipc: Resetting bearer [ 402.100246][T12090] tipc: Resetting bearer [ 402.165788][T12090] tipc: Disabling bearer [ 404.338548][ T5914] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 405.131198][ T30] audit: type=1326 audit(1755655103.265:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12132 comm="syz.4.1968" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa6a78ebe9 code=0x7ffc0000 [ 405.172917][ T30] audit: type=1326 audit(1755655103.265:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12132 comm="syz.4.1968" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7ffa6a78ebe9 code=0x7ffc0000 [ 405.196254][ T5914] usb 1-1: Using ep0 maxpacket: 32 [ 405.206028][T12138] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1968'. [ 405.221731][ T5914] usb 1-1: config 0 interface 0 altsetting 15 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 405.235516][ T30] audit: type=1326 audit(1755655103.265:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12132 comm="syz.4.1968" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7ffa6a78ec23 code=0x7ffc0000 [ 405.257964][ T5914] usb 1-1: config 0 interface 0 has no altsetting 0 [ 405.269766][ T5914] usb 1-1: New USB device found, idVendor=046d, idProduct=c626, bcdDevice= 0.00 [ 405.291860][ T30] audit: type=1326 audit(1755655103.265:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12132 comm="syz.4.1968" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7ffa6a78ec23 code=0x7ffc0000 [ 405.314020][ T30] audit: type=1326 audit(1755655103.274:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12132 comm="syz.4.1968" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa6a78ebe9 code=0x7ffc0000 [ 405.339642][ T30] audit: type=1326 audit(1755655103.274:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12132 comm="syz.4.1968" exe="/root/syz-executor" sig=0 arch=c000003e syscall=213 compat=0 ip=0x7ffa6a78ebe9 code=0x7ffc0000 [ 405.364862][ T30] audit: type=1326 audit(1755655103.274:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12132 comm="syz.4.1968" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa6a78ebe9 code=0x7ffc0000 [ 405.386896][ T5914] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 405.407635][ T5914] usb 1-1: config 0 descriptor?? [ 405.557257][ T30] audit: type=1326 audit(1755655103.274:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12132 comm="syz.4.1968" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa6a78ebe9 code=0x7ffc0000 [ 405.578778][ C0] vkms_vblank_simulate: vblank timer overrun [ 405.743684][ T30] audit: type=1326 audit(1755655103.274:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12132 comm="syz.4.1968" exe="/root/syz-executor" sig=0 arch=c000003e syscall=441 compat=0 ip=0x7ffa6a78ebe9 code=0x7ffc0000 [ 405.891932][ T5914] logitech 0003:046D:C626.0006: item fetching failed at offset 5/7 [ 405.932135][ T5914] logitech 0003:046D:C626.0006: parse failed [ 405.962786][ T5914] logitech 0003:046D:C626.0006: probe with driver logitech failed with error -22 [ 406.176380][ T9] usb 1-1: USB disconnect, device number 12 [ 410.306524][T12207] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1991'. [ 412.419480][T12233] tipc: Enabling of bearer rejected, failed to enable media [ 412.456573][T12233] syzkaller0: entered promiscuous mode [ 412.462955][T12233] syzkaller0: entered allmulticast mode [ 413.998366][T12246] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2004'. [ 418.988150][ T30] audit: type=1800 audit(1755655115.837:35): pid=12306 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.2023" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 420.012456][T12318] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2025'. [ 420.646450][T12333] netlink: zone id is out of range [ 420.985657][T12334] netlink: del zone limit has 4 unknown bytes [ 421.038387][T12333] netlink: set zone limit has 4 unknown bytes [ 423.908743][T12367] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2039'. [ 424.560237][T12367] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2039'. [ 426.840282][T12404] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2052'. [ 429.485559][T12431] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in; [ 429.485559][T12431] program syz.4.2059 not setting count and/or reply_len properly [ 430.632913][T12441] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2065'. [ 432.770870][T12482] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2076'. [ 433.039690][T12488] No control pipe specified [ 433.555670][ T30] audit: type=1107 audit(1755655129.858:36): pid=12500 uid=0 auid=4294967295 ses=4294967295 subj=_ msg='' [ 434.586794][T12515] ieee802154 phy0 wpan0: encryption failed: -22 [ 434.675669][T12517] tipc: Enabling of bearer rejected, failed to enable media [ 434.796873][ T30] audit: type=1326 audit(1755655131.018:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12518 comm="syz.3.2091" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d3c98ebe9 code=0x7ffc0000 [ 434.906226][T12522] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2091'. [ 435.132638][ T30] audit: type=1326 audit(1755655131.018:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12518 comm="syz.3.2091" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d3c98ebe9 code=0x7ffc0000 [ 435.212898][ T30] audit: type=1326 audit(1755655131.018:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12518 comm="syz.3.2091" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f2d3c98ebe9 code=0x7ffc0000 [ 435.241234][ T30] audit: type=1326 audit(1755655131.018:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12518 comm="syz.3.2091" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f2d3c98ec23 code=0x7ffc0000 [ 435.266883][ T30] audit: type=1326 audit(1755655131.018:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12518 comm="syz.3.2091" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f2d3c98ec23 code=0x7ffc0000 [ 435.288683][ T30] audit: type=1326 audit(1755655131.018:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12518 comm="syz.3.2091" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d3c98ebe9 code=0x7ffc0000 [ 435.306363][T12517] syzkaller0: entered promiscuous mode [ 435.310945][ T30] audit: type=1326 audit(1755655131.027:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12518 comm="syz.3.2091" exe="/root/syz-executor" sig=0 arch=c000003e syscall=213 compat=0 ip=0x7f2d3c98ebe9 code=0x7ffc0000 [ 435.315941][T12517] syzkaller0: entered allmulticast mode [ 435.426825][ T30] audit: type=1326 audit(1755655131.027:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12518 comm="syz.3.2091" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d3c98ebe9 code=0x7ffc0000 [ 435.455658][ T30] audit: type=1326 audit(1755655131.027:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12518 comm="syz.3.2091" exe="/root/syz-executor" sig=0 arch=c000003e syscall=441 compat=0 ip=0x7f2d3c98ebe9 code=0x7ffc0000 [ 436.270597][T12542] hub 1-0:1.0: USB hub found [ 436.276177][T12542] hub 1-0:1.0: 1 port detected [ 436.487822][T12546] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2099'. [ 437.217514][T12569] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2102'. [ 437.878067][T12544] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2095'. [ 437.898828][T12544] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2095'. [ 439.283016][T12604] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2111'. [ 439.314262][T12604] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2111'. [ 439.384957][T12604] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2111'. [ 439.471027][ T30] kauditd_printk_skb: 11 callbacks suppressed [ 439.471045][ T30] audit: type=1326 audit(1755655135.396:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12607 comm="syz.3.2114" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d3c98ebe9 code=0x7ffc0000 [ 439.520590][ T30] audit: type=1326 audit(1755655135.396:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12607 comm="syz.3.2114" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d3c98ebe9 code=0x7ffc0000 [ 439.547392][ T30] audit: type=1326 audit(1755655135.396:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12607 comm="syz.3.2114" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f2d3c98ebe9 code=0x7ffc0000 [ 439.569248][ T30] audit: type=1326 audit(1755655135.424:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12607 comm="syz.3.2114" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f2d3c98ec23 code=0x7ffc0000 [ 439.572941][T12611] tipc: Enabling of bearer rejected, failed to enable media [ 439.591989][ T30] audit: type=1326 audit(1755655135.424:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12607 comm="syz.3.2114" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f2d3c98ec23 code=0x7ffc0000 [ 439.627483][T12613] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2114'. [ 439.666625][ T30] audit: type=1326 audit(1755655135.433:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12607 comm="syz.3.2114" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d3c98ebe9 code=0x7ffc0000 [ 439.688760][ T30] audit: type=1326 audit(1755655135.433:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12607 comm="syz.3.2114" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d3c98ebe9 code=0x7ffc0000 [ 439.710471][ T30] audit: type=1326 audit(1755655135.433:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12607 comm="syz.3.2114" exe="/root/syz-executor" sig=0 arch=c000003e syscall=213 compat=0 ip=0x7f2d3c98ebe9 code=0x7ffc0000 [ 439.743865][ T30] audit: type=1326 audit(1755655135.433:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12607 comm="syz.3.2114" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d3c98ebe9 code=0x7ffc0000 [ 439.809430][ T30] audit: type=1326 audit(1755655135.433:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12607 comm="syz.3.2114" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d3c98ebe9 code=0x7ffc0000 [ 439.881001][T12616] syzkaller0: entered promiscuous mode [ 439.959707][T12616] syzkaller0: entered allmulticast mode [ 443.491702][T12675] tipc: Enabled bearer , priority 0 [ 443.520879][T12675] syzkaller0: entered promiscuous mode [ 443.526419][T12675] syzkaller0: entered allmulticast mode [ 443.541320][ T5854] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 443.603487][T12675] tipc: Resetting bearer [ 443.608018][T12681] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2133'. [ 443.615777][ T9] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 443.632248][T12674] tipc: Resetting bearer [ 443.681816][T12674] tipc: Disabling bearer [ 443.797458][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 444.129571][ T9] usb 4-1: config 0 has an invalid interface number: 67 but max is 0 [ 444.231104][ T9] usb 4-1: config 0 has no interface number 0 [ 444.262938][ T9] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 444.289859][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 444.309349][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 444.321216][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 444.342960][ T9] usb 4-1: Product: syz [ 444.347195][ T9] usb 4-1: Manufacturer: syz [ 444.353632][ T9] usb 4-1: SerialNumber: syz [ 444.389627][ T9] usb 4-1: config 0 descriptor?? [ 444.404921][ T9] smsc95xx v2.0.0 [ 444.419235][ T9] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 444.439200][ T9] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -22 [ 444.516596][T12697] syzkaller0: entered promiscuous mode [ 444.522147][T12697] syzkaller0: entered allmulticast mode [ 444.594338][T12699] tipc: Enabling of bearer rejected, failed to enable media [ 444.675653][T12699] syzkaller0: entered promiscuous mode [ 444.681810][T12699] syzkaller0: entered allmulticast mode [ 446.594907][ T5956] usb 4-1: USB disconnect, device number 8 [ 446.752179][ T30] kauditd_printk_skb: 10 callbacks suppressed [ 446.752217][ T30] audit: type=1326 audit(1755655142.196:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12729 comm="syz.3.2152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d3c98ebe9 code=0x7ffc0000 [ 446.801846][ T30] audit: type=1326 audit(1755655142.196:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12729 comm="syz.3.2152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d3c98ebe9 code=0x7ffc0000 [ 446.824689][ T30] audit: type=1326 audit(1755655142.196:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12729 comm="syz.3.2152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f2d3c98ebe9 code=0x7ffc0000 [ 446.848327][ T30] audit: type=1326 audit(1755655142.205:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12729 comm="syz.3.2152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f2d3c98ec23 code=0x7ffc0000 [ 446.871558][T12734] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2152'. [ 446.884555][ T30] audit: type=1326 audit(1755655142.205:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12729 comm="syz.3.2152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f2d3c98ec23 code=0x7ffc0000 [ 446.939273][ T30] audit: type=1326 audit(1755655142.205:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12729 comm="syz.3.2152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d3c98ebe9 code=0x7ffc0000 [ 446.978069][ T30] audit: type=1326 audit(1755655142.205:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12729 comm="syz.3.2152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=213 compat=0 ip=0x7f2d3c98ebe9 code=0x7ffc0000 [ 447.004231][ T30] audit: type=1326 audit(1755655142.205:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12729 comm="syz.3.2152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d3c98ebe9 code=0x7ffc0000 [ 447.034754][T12709] tipc: Enabling of bearer rejected, already enabled [ 447.038899][ T30] audit: type=1326 audit(1755655142.205:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12729 comm="syz.3.2152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=441 compat=0 ip=0x7f2d3c98ebe9 code=0x7ffc0000 [ 448.726323][ T5956] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 449.160798][T12777] tipc: Enabling of bearer rejected, already enabled [ 449.170214][ T5956] usb 3-1: Using ep0 maxpacket: 32 [ 449.196538][ T5956] usb 3-1: config 0 has an invalid interface number: 67 but max is 0 [ 449.204879][ T5956] usb 3-1: config 0 has no interface number 0 [ 449.255642][ T5956] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 449.267890][ T5956] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 449.826930][ T5956] usb 3-1: Product: syz [ 449.831190][ T5956] usb 3-1: Manufacturer: syz [ 449.848585][ T5956] usb 3-1: SerialNumber: syz [ 449.857932][ T5956] usb 3-1: config 0 descriptor?? [ 449.887822][ T5956] smsc95xx v2.0.0 [ 449.895676][ T5956] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 449.918598][ T5956] smsc95xx 3-1:0.67: probe with driver smsc95xx failed with error -22 [ 450.441729][ T30] audit: type=1326 audit(1755655145.657:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12788 comm="syz.4.2169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa6a78ebe9 code=0x7ffc0000 [ 451.738054][ T980] usb 3-1: USB disconnect, device number 5 [ 452.090197][T12810] loop6: detected capacity change from 0 to 63 [ 452.105666][T12728] Buffer I/O error on dev loop6, logical block 0, async page read [ 452.149189][T12728] Buffer I/O error on dev loop6, logical block 0, async page read [ 452.334959][T12728] Buffer I/O error on dev loop6, logical block 0, async page read [ 452.345011][T12728] Buffer I/O error on dev loop6, logical block 0, async page read [ 452.361322][T12812] Buffer I/O error on dev loop6, logical block 0, async page read [ 452.392133][T12728] Buffer I/O error on dev loop6, logical block 0, async page read [ 452.407987][T12810] Buffer I/O error on dev loop6, logical block 0, async page read [ 452.464760][T12812] Buffer I/O error on dev loop6, logical block 0, async page read [ 452.565969][T12810] Buffer I/O error on dev loop6, logical block 0, async page read [ 452.632723][T12810] Buffer I/O error on dev loop6, logical block 0, async page read [ 453.176226][T12825] netlink: 5 bytes leftover after parsing attributes in process `syz.3.2177'. [ 453.227457][T12827] tipc: Enabling of bearer rejected, already enabled [ 453.269711][T12825] 0ªX¹¦D: renamed from macvtap0 (while UP) [ 453.317596][T12829] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2179'. [ 453.340990][T12825] 0ªX¹¦D: entered allmulticast mode [ 453.361203][T12825] veth0_macvtap: entered allmulticast mode [ 453.370342][T12825] A link change request failed with some changes committed already. Interface 30ªX¹¦D may have been left with an inconsistent configuration, please check. [ 453.419886][T12825] hub 1-0:1.0: USB hub found [ 453.429039][T12825] hub 1-0:1.0: 1 port detected [ 454.180610][T12841] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2183'. [ 454.801378][T12860] tipc: Enabling of bearer rejected, already enabled [ 455.840075][T12873] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2195'. [ 456.124606][ T30] kauditd_printk_skb: 9 callbacks suppressed [ 456.124623][ T30] audit: type=1326 audit(1755655150.979:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12884 comm="syz.2.2201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87f7f8ebe9 code=0x7ffc0000 [ 456.224560][ T30] audit: type=1326 audit(1755655151.008:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12884 comm="syz.2.2201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87f7f8ebe9 code=0x7ffc0000 [ 456.273038][ T30] audit: type=1326 audit(1755655151.008:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12884 comm="syz.2.2201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87f7f8ebe9 code=0x7ffc0000 [ 456.299869][ T30] audit: type=1326 audit(1755655151.008:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12884 comm="syz.2.2201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87f7f8ebe9 code=0x7ffc0000 [ 456.368756][ T30] audit: type=1326 audit(1755655151.008:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12884 comm="syz.2.2201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87f7f8ebe9 code=0x7ffc0000 [ 456.436703][ T30] audit: type=1326 audit(1755655151.008:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12884 comm="syz.2.2201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87f7f8ebe9 code=0x7ffc0000 [ 456.519125][ T30] audit: type=1326 audit(1755655151.008:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12884 comm="syz.2.2201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87f7f8ebe9 code=0x7ffc0000 [ 456.651832][ T30] audit: type=1326 audit(1755655151.008:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12884 comm="syz.2.2201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f87f7f8ebe9 code=0x7ffc0000 [ 457.527626][ T30] audit: type=1326 audit(1755655151.008:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12884 comm="syz.2.2201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f87f7f8ebe9 code=0x7ffc0000 [ 458.352705][T12915] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2213'. [ 458.864677][T12922] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2216'. [ 461.304643][T12948] tipc: Enabled bearer , priority 0 [ 461.534162][T12950] syzkaller0: entered promiscuous mode [ 461.579336][T12950] syzkaller0: entered allmulticast mode [ 461.736058][T12950] tipc: Resetting bearer [ 461.874752][T12947] tipc: Resetting bearer [ 462.160504][T12947] tipc: Disabling bearer [ 462.798626][T12961] batadv_slave_1: entered promiscuous mode [ 462.824978][T12961] batadv_slave_1: left promiscuous mode [ 463.173475][T12963] virt_wifi0 speed is unknown, defaulting to 1000 [ 463.211768][T12963] virt_wifi0 speed is unknown, defaulting to 1000 [ 463.248444][T12963] virt_wifi0 speed is unknown, defaulting to 1000 [ 463.304192][T12963] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 463.480247][T12963] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 463.518293][T12963] virt_wifi0 speed is unknown, defaulting to 1000 [ 463.527198][T12963] virt_wifi0 speed is unknown, defaulting to 1000 [ 463.563880][T12963] virt_wifi0 speed is unknown, defaulting to 1000 [ 463.588513][T12963] virt_wifi0 speed is unknown, defaulting to 1000 [ 463.612147][T12963] virt_wifi0 speed is unknown, defaulting to 1000 [ 463.652970][ T980] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 463.819146][T12978] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2232'. [ 463.831956][ T980] usb 3-1: Using ep0 maxpacket: 16 [ 463.842911][ T980] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 463.863191][T12978] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2232'. [ 463.870607][ T980] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 464.073466][T12983] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2235'. [ 464.080329][ T980] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 464.163243][ T980] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 464.174997][ T980] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 464.907049][ T980] usb 3-1: config 0 descriptor?? [ 465.025128][T12995] batadv_slave_1: entered promiscuous mode [ 465.033502][T12995] batadv_slave_1: left promiscuous mode [ 465.444212][ T980] usbhid 3-1:0.0: can't add hid device: -71 [ 465.502801][ T980] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 466.596570][ T980] usb 3-1: USB disconnect, device number 6 [ 467.110969][T13026] wg2: entered allmulticast mode [ 467.187937][T13026] capability: warning: `syz.0.2247' uses 32-bit capabilities (legacy support in use) [ 467.284845][ T980] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 468.349509][ T980] usb 2-1: Using ep0 maxpacket: 32 [ 468.504938][ T980] usb 2-1: config 0 has an invalid interface number: 67 but max is 0 [ 468.513162][ T980] usb 2-1: config 0 has no interface number 0 [ 468.539472][ T980] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 468.548988][ T980] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 468.567577][ T980] usb 2-1: Product: syz [ 468.571968][ T980] usb 2-1: Manufacturer: syz [ 468.580033][ T980] usb 2-1: SerialNumber: syz [ 468.627760][ T980] usb 2-1: config 0 descriptor?? [ 468.667788][ T980] smsc95xx v2.0.0 [ 468.678995][ T980] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 468.729302][ T980] smsc95xx 2-1:0.67: probe with driver smsc95xx failed with error -22 [ 469.070976][T13040] batadv_slave_1: entered promiscuous mode [ 469.103345][T13040] batadv_slave_1: left promiscuous mode [ 469.214643][T13048] netlink: 120 bytes leftover after parsing attributes in process `syz.0.2257'. [ 470.222828][T13056] nvme_fabrics: missing parameter 'transport=%s' [ 470.229634][T13056] nvme_fabrics: missing parameter 'nqn=%s' [ 470.433401][ T980] usb 2-1: USB disconnect, device number 12 [ 470.476305][T13064] netlink: 116 bytes leftover after parsing attributes in process `syz.3.2259'. [ 470.935634][T13077] tmpfs: Bad value for 'grpquota_block_hardlimit' [ 471.972822][T13093] batadv_slave_1: entered promiscuous mode [ 471.992038][T13089] batadv_slave_1: left promiscuous mode [ 472.049460][T13095] virt_wifi0 speed is unknown, defaulting to 1000 [ 472.154967][T13100] netlink: 5 bytes leftover after parsing attributes in process `syz.0.2265'. [ 472.164831][T13100] 0ªX¹¦D: renamed from macvtap0 [ 472.178670][T13100] 0ªX¹¦D: entered allmulticast mode [ 472.184252][T13100] veth0_macvtap: entered allmulticast mode [ 472.195780][T13100] A link change request failed with some changes committed already. Interface 30ªX¹¦D may have been left with an inconsistent configuration, please check. [ 472.237747][T13100] hub 1-0:1.0: USB hub found [ 472.243406][T13100] hub 1-0:1.0: 1 port detected [ 472.343768][T13081] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 473.788535][ T30] audit: type=1326 audit(1755655167.414:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13117 comm="syz.3.2274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d3c98ebe9 code=0x7ffc0000 [ 473.788585][ T30] audit: type=1326 audit(1755655167.414:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13117 comm="syz.3.2274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d3c98ebe9 code=0x7ffc0000 [ 473.788617][ T30] audit: type=1326 audit(1755655167.414:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13117 comm="syz.3.2274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2d3c98ebe9 code=0x7ffc0000 [ 473.788648][ T30] audit: type=1326 audit(1755655167.414:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13117 comm="syz.3.2274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d3c98ebe9 code=0x7ffc0000 [ 473.788678][ T30] audit: type=1326 audit(1755655167.424:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13117 comm="syz.3.2274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2d3c98ebe9 code=0x7ffc0000 [ 473.788708][ T30] audit: type=1326 audit(1755655167.424:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13117 comm="syz.3.2274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d3c98ebe9 code=0x7ffc0000 [ 473.788737][ T30] audit: type=1326 audit(1755655167.424:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13117 comm="syz.3.2274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2d3c98ebe9 code=0x7ffc0000 [ 473.788766][ T30] audit: type=1326 audit(1755655167.424:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13117 comm="syz.3.2274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d3c98ebe9 code=0x7ffc0000 [ 473.788796][ T30] audit: type=1326 audit(1755655167.424:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13117 comm="syz.3.2274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2d3c98ebe9 code=0x7ffc0000 [ 473.788824][ T30] audit: type=1326 audit(1755655167.424:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13117 comm="syz.3.2274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d3c98ebe9 code=0x7ffc0000 [ 474.176411][ C1] vkms_vblank_simulate: vblank timer overrun [ 475.416849][T13147] binder: Bad value for 'max' [ 475.554331][T13149] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 477.050176][T13150] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 477.324870][T13150] usb 5-1: Using ep0 maxpacket: 8 [ 477.383747][T13150] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 477.510615][T13150] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 477.639448][T13150] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 477.722699][T13150] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 477.758760][T13150] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 477.924835][T13150] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 478.618368][T13150] usb 5-1: GET_CAPABILITIES returned 0 [ 478.631464][T13150] usbtmc 5-1:16.0: can't read capabilities [ 478.974069][T12156] usb 5-1: USB disconnect, device number 16 [ 480.585026][T13222] loop6: detected capacity change from 0 to 63 [ 480.598085][T12969] buffer_io_error: 580 callbacks suppressed [ 480.598099][T12969] Buffer I/O error on dev loop6, logical block 0, async page read [ 480.650798][T12969] Buffer I/O error on dev loop6, logical block 0, async page read [ 480.725105][T13222] Buffer I/O error on dev loop6, logical block 0, async page read [ 480.733626][T13222] Buffer I/O error on dev loop6, logical block 0, async page read [ 480.741739][T13222] Buffer I/O error on dev loop6, logical block 0, async page read [ 480.749837][T13222] Buffer I/O error on dev loop6, logical block 0, async page read [ 480.758064][T13222] Buffer I/O error on dev loop6, logical block 0, async page read [ 480.766306][T13222] Buffer I/O error on dev loop6, logical block 0, async page read [ 480.774800][T13222] Buffer I/O error on dev loop6, logical block 0, async page read [ 480.783042][T13222] Buffer I/O error on dev loop6, logical block 0, async page read [ 481.323461][T13238] netlink: 4400 bytes leftover after parsing attributes in process `syz.4.2306'. [ 483.701561][T13273] netlink: 948 bytes leftover after parsing attributes in process `syz.2.2319'. [ 485.090782][T13287] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 485.598883][T13299] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2329'. [ 486.219946][T13306] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2332'. [ 486.411431][T13313] netlink: 'syz.0.2334': attribute type 9 has an invalid length. [ 486.419303][T13313] netlink: 61951 bytes leftover after parsing attributes in process `syz.0.2334'. [ 486.718001][T13320] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2336'. [ 487.199330][T13327] netlink: 'syz.0.2338': attribute type 6 has an invalid length. [ 488.283584][T13335] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2341'. [ 489.058745][T13344] tipc: Enabled bearer , priority 0 [ 489.349413][T13342] syzkaller0: entered promiscuous mode [ 489.355133][T13342] syzkaller0: entered allmulticast mode [ 489.402184][T13337] tipc: Resetting bearer [ 489.432792][T13337] tipc: Disabling bearer [ 491.005939][T13378] 9pnet_virtio: no channels available for device syz [ 494.101708][ T6014] IPVS: starting estimator thread 0... [ 494.374730][T13411] IPVS: using max 43 ests per chain, 103200 per kthread [ 496.667152][T13419] netlink: 'syz.1.2363': attribute type 10 has an invalid length. [ 497.535133][ T6014] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 497.574441][ T6014] hid-generic 0000:0000:0000.0007: hidraw0: HID v0.00 Device [syz1] on syz0 [ 498.321847][T13435] fido_id[13435]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 498.680719][T13450] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2371'. [ 498.833091][T13453] netlink: 'syz.1.2374': attribute type 10 has an invalid length. [ 499.452790][T13465] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2378'. [ 499.463042][T13465] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2378'. [ 499.720099][ C0] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 499.969484][T13474] loop6: detected capacity change from 0 to 63 [ 499.990695][T13421] buffer_io_error: 2280 callbacks suppressed [ 499.990709][T13421] Buffer I/O error on dev loop6, logical block 0, async page read [ 500.064458][T13474] Buffer I/O error on dev loop6, logical block 0, async page read [ 500.080697][T13475] Buffer I/O error on dev loop6, logical block 0, async page read [ 500.089088][T13474] Buffer I/O error on dev loop6, logical block 0, async page read [ 500.097717][T13475] Buffer I/O error on dev loop6, logical block 0, async page read [ 500.108927][T13474] Buffer I/O error on dev loop6, logical block 0, async page read [ 500.117797][T13475] Buffer I/O error on dev loop6, logical block 0, async page read [ 500.142079][T13421] Buffer I/O error on dev loop6, logical block 0, async page read [ 500.154389][T13421] Buffer I/O error on dev loop6, logical block 0, async page read [ 500.172598][T13421] Buffer I/O error on dev loop6, logical block 0, async page read [ 500.679576][T13482] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2383'. [ 501.148801][T13486] netlink: 'syz.3.2385': attribute type 10 has an invalid length. [ 501.170028][T13486] bond0: (slave ): Enslaving as an active interface with an up link [ 501.719647][T13496] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2389'. [ 501.741550][T13496] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2389'. [ 501.774592][T13496] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2389'. [ 501.954737][ T6014] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 502.360762][ T6014] hid-generic 0000:0000:0000.0008: hidraw0: HID v0.00 Device [syz1] on syz0 [ 502.643049][T13509] fido_id[13509]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 502.765379][T13518] netlink: 'syz.1.2398': attribute type 29 has an invalid length. [ 502.998916][T13523] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2401'. [ 503.194850][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 503.194869][ T30] audit: type=1326 audit(1755655194.999:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13529 comm="syz.3.2405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d3c98ebe9 code=0x7ffc0000 [ 503.226919][ T30] audit: type=1326 audit(1755655194.999:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13529 comm="syz.3.2405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d3c98ebe9 code=0x7ffc0000 [ 503.316084][T13536] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2407'. [ 503.416220][ T30] audit: type=1326 audit(1755655194.999:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13529 comm="syz.3.2405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f2d3c98ebe9 code=0x7ffc0000 [ 503.454393][ T30] audit: type=1326 audit(1755655194.999:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13529 comm="syz.3.2405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f2d3c98ec23 code=0x7ffc0000 [ 503.476542][ T30] audit: type=1326 audit(1755655194.999:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13529 comm="syz.3.2405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f2d3c98ec23 code=0x7ffc0000 [ 503.498411][ T30] audit: type=1326 audit(1755655194.999:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13529 comm="syz.3.2405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d3c98ebe9 code=0x7ffc0000 [ 503.520591][ T30] audit: type=1326 audit(1755655194.999:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13529 comm="syz.3.2405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=213 compat=0 ip=0x7f2d3c98ebe9 code=0x7ffc0000 [ 503.542661][ T30] audit: type=1326 audit(1755655194.999:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13529 comm="syz.3.2405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d3c98ebe9 code=0x7ffc0000 [ 503.588702][ T30] audit: type=1326 audit(1755655194.999:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13529 comm="syz.3.2405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d3c98ebe9 code=0x7ffc0000 [ 503.675964][ T30] audit: type=1326 audit(1755655194.999:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13529 comm="syz.3.2405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f2d3c98ebe9 code=0x7ffc0000 [ 504.168939][T13547] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 504.738744][ T5956] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 504.759365][ T5956] hid-generic 0000:0000:0000.0009: hidraw0: HID v0.00 Device [syz1] on syz0 [ 504.915741][T13564] netlink: zone id is out of range [ 504.942914][T13564] netlink: zone id is out of range [ 505.012195][T13564] netlink: zone id is out of range [ 505.028339][T13565] netlink: del zone limit has 4 unknown bytes [ 505.371631][T13564] netlink: set zone limit has 4 unknown bytes [ 505.672362][T13575] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2420'. [ 505.717801][T13575] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 505.725451][T13575] IPv6: NLM_F_CREATE should be set when creating new route [ 506.344415][T13589] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2423'. [ 506.371720][T13590] netlink: 'syz.0.2426': attribute type 29 has an invalid length. [ 508.742485][T13639] tipc: Enabled bearer , priority 0 [ 508.750222][T13639] syzkaller0: entered promiscuous mode [ 508.756261][T13639] syzkaller0: entered allmulticast mode [ 508.767704][T13639] tipc: Resetting bearer [ 508.775543][T13637] tipc: Resetting bearer [ 508.851058][T13637] tipc: Disabling bearer [ 508.867307][T13641] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2445'. [ 508.886783][T13641] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2445'. [ 509.407315][T13653] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2449'. [ 509.630210][ T5956] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 509.991362][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 509.997883][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 510.025925][ T5956] usb 5-1: Using ep0 maxpacket: 16 [ 510.035936][ T5956] usb 5-1: config 0 has an invalid interface number: 251 but max is 0 [ 510.045351][ T5956] usb 5-1: config 0 has no interface number 0 [ 510.184819][ T5956] usb 5-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16 [ 510.256341][ T5956] usb 5-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 510.351020][ T5956] usb 5-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 510.366467][ T5956] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 510.389212][ T5956] usb 5-1: Product: syz [ 510.429480][ T5956] usb 5-1: Manufacturer: syz [ 510.456248][ T5956] usb 5-1: SerialNumber: syz [ 510.494655][ T5956] usb 5-1: config 0 descriptor?? [ 510.512362][T13652] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 510.539045][T13652] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 510.796409][T13652] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 510.814906][T13652] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 511.110782][ T51] Bluetooth: hci4: unexpected event for opcode 0x0404 [ 511.501384][ T5956] asix 5-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 511.541907][ T5956] asix 5-1:0.251 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9 [ 511.607301][ T5956] asix 5-1:0.251: probe with driver asix failed with error -71 [ 511.645535][T13681] netlink: 'syz.2.2462': attribute type 29 has an invalid length. [ 511.663362][ T5956] usb 5-1: USB disconnect, device number 17 [ 512.974206][T13700] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 513.003030][ T6014] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 513.211922][ T6014] usb 3-1: Using ep0 maxpacket: 16 [ 513.344769][ T6014] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 513.546128][ T6014] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 513.556170][T13703] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2469'. [ 513.694065][ T6014] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 513.704451][ T6014] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 513.713301][ T6014] usb 3-1: Product: syz [ 513.723604][ T6014] usb 3-1: Manufacturer: syz [ 513.728380][ T6014] usb 3-1: SerialNumber: syz [ 513.981538][ T6014] usb 3-1: 0:2 : does not exist [ 514.016547][ T6014] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 514.067437][ T51] Bluetooth: hci2: unexpected event for opcode 0x0c56 [ 514.100997][ T6014] usb 3-1: USB disconnect, device number 7 [ 514.138097][T13719] tipc: Enabled bearer , priority 0 [ 514.188854][T13719] syzkaller0: entered promiscuous mode [ 514.194386][T13719] syzkaller0: entered allmulticast mode [ 514.231149][T13723] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2477'. [ 514.272507][T13421] udevd[13421]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 514.307796][T13719] tipc: Resetting bearer [ 514.333768][T13716] tipc: Resetting bearer [ 514.416447][T13716] tipc: Disabling bearer [ 514.664839][ T51] Bluetooth: hci2: unexpected event for opcode 0x202d [ 514.765192][T13738] netlink: 'syz.4.2485': attribute type 10 has an invalid length. [ 515.046147][T13743] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 515.653605][T13738] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 515.774842][T13742] usb usb8: usbfs: process 13742 (syz.0.2482) did not claim interface 0 before use [ 516.183928][T12156] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 516.367580][T12156] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 516.403540][T12156] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 516.454656][T12156] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 516.484894][T13776] netlink: 24032 bytes leftover after parsing attributes in process `syz.2.2498'. [ 516.495345][T13776] netlink: 104088 bytes leftover after parsing attributes in process `syz.2.2498'. [ 516.504867][T13776] netlink: 24032 bytes leftover after parsing attributes in process `syz.2.2498'. [ 516.531186][T12156] usb 5-1: config 0 descriptor?? [ 516.615671][T13778] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 517.201202][T12156] pwc: Askey VC010 type 2 USB webcam detected. [ 517.391163][T13782] ucma_write: process 1404 (syz.2.2502) changed security contexts after opening file descriptor, this is not allowed. [ 517.452759][T12156] pwc: recv_control_msg error -32 req 02 val 2b00 [ 517.480258][T12156] pwc: recv_control_msg error -32 req 02 val 2700 [ 517.498683][T12156] pwc: recv_control_msg error -32 req 02 val 2c00 [ 517.507114][T12156] pwc: recv_control_msg error -32 req 04 val 1000 [ 517.530870][T12156] pwc: recv_control_msg error -32 req 04 val 1300 [ 517.541570][T12156] pwc: recv_control_msg error -32 req 04 val 1400 [ 517.550193][T12156] pwc: recv_control_msg error -32 req 02 val 2000 [ 517.782958][T12156] pwc: recv_control_msg error -71 req 04 val 1500 [ 517.807634][T12156] pwc: recv_control_msg error -71 req 02 val 2500 [ 517.818283][T12156] pwc: recv_control_msg error -71 req 02 val 2400 [ 517.826408][T12156] pwc: recv_control_msg error -71 req 02 val 2600 [ 517.833841][T12156] pwc: recv_control_msg error -71 req 02 val 2900 [ 517.841165][T12156] pwc: recv_control_msg error -71 req 02 val 2800 [ 517.857303][T12156] pwc: recv_control_msg error -71 req 04 val 1100 [ 517.864745][T12156] pwc: recv_control_msg error -71 req 04 val 1200 [ 517.884846][T12156] pwc: Registered as video103. [ 517.899723][T12156] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input9 [ 517.959945][T12156] usb 5-1: USB disconnect, device number 18 [ 517.963819][T13797] kvm: emulating exchange as write [ 518.331886][T13805] comedi comedi3: rti802: a I/O base address must be specified [ 518.806983][T13832] loop7: detected capacity change from 0 to 7 [ 518.817702][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 518.826935][ C1] buffer_io_error: 859 callbacks suppressed [ 518.826951][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 518.841934][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 518.851116][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 518.860648][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 518.869854][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 518.878573][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 518.887748][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 518.896241][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 518.905476][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 518.914494][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 518.923744][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 518.932289][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 518.941508][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 518.949440][T13421] ldm_validate_partition_table(): Disk read failed. [ 518.959432][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 518.968776][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 518.977222][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 518.986516][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 518.994670][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 519.003973][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 519.012198][T13421] Dev loop7: unable to read RDB block 0 [ 519.020315][T13421] loop7: unable to read partition table [ 519.026247][T13421] loop7: partition table beyond EOD, truncated [ 519.040776][T13832] ldm_validate_partition_table(): Disk read failed. [ 519.049933][T13832] Dev loop7: unable to read RDB block 0 [ 519.056382][T13832] loop7: unable to read partition table [ 519.062827][T13832] loop7: partition table beyond EOD, truncated [ 519.069317][T13832] loop_reread_partitions: partition scan of loop7 () failed (rc=-5) [ 519.166916][T13834] netlink: 'syz.4.2522': attribute type 10 has an invalid length. [ 519.206733][T13834] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 519.593690][T13829] block device autoloading is deprecated and will be removed. [ 520.085780][T12156] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 520.235425][T12156] usb 5-1: device descriptor read/64, error -71 [ 520.492085][T12156] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 520.642244][T12156] usb 5-1: device descriptor read/64, error -71 [ 520.659033][T13871] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in; [ 520.659033][T13871] program syz.1.2536 not setting count and/or reply_len properly [ 520.715585][T13873] netlink: 'syz.0.2537': attribute type 10 has an invalid length. [ 520.727290][T13873] bond0: (slave ): Enslaving as an active interface with an up link [ 520.743459][T13873] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check. [ 520.759653][ T5937] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 520.823617][T12156] usb usb5-port1: attempt power cycle [ 521.042628][ T5937] usb 3-1: Using ep0 maxpacket: 32 [ 521.052853][ T5937] usb 3-1: config 0 has an invalid interface number: 67 but max is 0 [ 521.077017][ T5937] usb 3-1: config 0 has no interface number 0 [ 521.121188][ T5937] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 521.130965][ T5937] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 521.146328][ T5937] usb 3-1: Product: syz [ 521.150719][ T5937] usb 3-1: Manufacturer: syz [ 521.162276][ T5937] usb 3-1: SerialNumber: syz [ 521.189948][ T5937] usb 3-1: config 0 descriptor?? [ 521.205353][ T5937] smsc95xx v2.0.0 [ 521.219057][T12156] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 521.237731][T13884] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 521.256702][T12156] usb 5-1: device descriptor read/8, error -71 [ 521.311417][T13885] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2541'. [ 521.321556][T13885] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2541'. [ 521.331445][T13885] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2541'. [ 521.342337][T13885] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2541'. [ 521.354877][T13885] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2541'. [ 521.571801][T12156] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 521.604508][T12156] usb 5-1: device descriptor read/8, error -71 [ 521.658572][ T5937] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 521.687366][ T5937] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 521.732241][T12156] usb usb5-port1: unable to enumerate USB device [ 521.763648][T13891] netlink: 24032 bytes leftover after parsing attributes in process `syz.0.2544'. [ 521.779386][T13891] netlink: 104088 bytes leftover after parsing attributes in process `syz.0.2544'. [ 521.794432][T13891] netlink: 24032 bytes leftover after parsing attributes in process `syz.0.2544'. [ 521.944013][T13893] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2545'. [ 522.942364][T13924] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 523.696308][T13926] loop7: detected capacity change from 0 to 7 [ 523.723487][T13926] ldm_validate_partition_table(): Disk read failed. [ 523.737916][T13926] Dev loop7: unable to read RDB block 0 [ 523.754225][T13926] loop7: unable to read partition table [ 523.760133][T13926] loop7: partition table beyond EOD, truncated [ 523.796091][T13926] loop_reread_partitions: partition scan of loop7 () failed (rc=-5) [ 524.137403][T12156] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 524.323328][T12156] usb 2-1: config 0 interface 0 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 524.345511][T12156] usb 2-1: config 0 interface 0 altsetting 128 endpoint 0x81 has invalid wMaxPacketSize 0 [ 524.364830][ T5937] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 524.383209][T12156] usb 2-1: config 0 interface 0 has no altsetting 0 [ 524.390466][ T5937] smsc95xx 3-1:0.67: probe with driver smsc95xx failed with error -71 [ 524.399079][T12156] usb 2-1: New USB device found, idVendor=1b96, idProduct=000e, bcdDevice= 0.00 [ 524.425976][T12156] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 524.441432][ T5937] usb 3-1: USB disconnect, device number 8 [ 524.459222][T12156] usb 2-1: config 0 descriptor?? [ 524.487661][ T5854] Bluetooth: hci2: hardware error 0x07 [ 524.842930][ T980] usb 5-1: new low-speed USB device number 23 using dummy_hcd [ 524.934955][T12156] ntrig 0003:1B96:000E.000A: hidraw0: USB HID v0.00 Device [HID 1b96:000e] on usb-dummy_hcd.1-1/input0 [ 525.032470][ T980] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 525.051094][ T980] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 525.091728][ T980] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 525.120042][ T980] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 525.120728][T12156] ntrig 0003:1B96:000E.000A: Firmware version: 4.7.18.33.3 (5ed9 335c) [ 525.152326][ T980] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 525.166661][ T980] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 525.174139][ T980] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 525.217301][ T980] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 525.258540][ T980] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 525.283527][ T980] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 525.316251][ T980] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 525.323760][ T980] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 525.338667][ T980] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 525.350257][T12156] usb 2-1: USB disconnect, device number 13 [ 525.350531][ T980] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 525.367939][ T980] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 525.403603][ T980] usb 5-1: string descriptor 0 read error: -22 [ 525.427297][ T980] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 525.445470][ T980] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 525.522914][ T980] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 525.704651][T12156] usb 5-1: USB disconnect, device number 23 [ 525.987127][T13961] loop7: detected capacity change from 0 to 7 [ 526.001561][ C0] blk_print_req_error: 40 callbacks suppressed [ 526.001580][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 526.017084][ C0] buffer_io_error: 40 callbacks suppressed [ 526.017100][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 526.031051][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 526.040266][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 526.048656][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 526.057996][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 526.092806][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 526.102057][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 526.113076][T13961] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 526.152694][T13961] Buffer I/O error on dev loop7, logical block 0, async page read [ 526.183368][T13961] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 526.230250][T13961] Buffer I/O error on dev loop7, logical block 0, async page read [ 526.244718][T13961] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 526.294409][T13961] Buffer I/O error on dev loop7, logical block 0, async page read [ 526.310716][ T51] Bluetooth: unknown link type 190 [ 526.315953][ T51] Bluetooth: hci4: connection err: -111 [ 526.331114][T13961] ldm_validate_partition_table(): Disk read failed. [ 526.337989][T13961] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 526.347370][T13961] Buffer I/O error on dev loop7, logical block 0, async page read [ 526.347509][T13966] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2574'. [ 526.355620][T13961] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 526.374037][T13961] Buffer I/O error on dev loop7, logical block 0, async page read [ 526.382113][T13961] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 526.395558][T13961] Buffer I/O error on dev loop7, logical block 0, async page read [ 526.404026][T13961] Dev loop7: unable to read RDB block 0 [ 526.410763][T13961] loop7: unable to read partition table [ 526.421082][T13961] loop7: partition table beyond EOD, truncated [ 526.443273][T13961] loop_reread_partitions: partition scan of loop7 () failed (rc=-5) [ 526.660400][ T5854] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 526.974601][T13985] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2582'. [ 527.184946][T13992] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2585'. [ 527.211733][T13994] comedi comedi3: aio_aio12_8: I/O port conflict (0x2004f29,32) [ 527.721400][T14005] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 528.564698][T14012] syzkaller1: entered promiscuous mode [ 528.570255][T14012] syzkaller1: entered allmulticast mode [ 528.756111][T12156] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 528.926767][T12156] usb 3-1: Using ep0 maxpacket: 32 [ 528.947491][T12156] usb 3-1: config 0 has an invalid interface number: 67 but max is 0 [ 528.957620][T12156] usb 3-1: config 0 has no interface number 0 [ 528.969954][ T980] usb 4-1: new full-speed USB device number 9 using dummy_hcd [ 528.978064][T12156] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 528.998612][T12156] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 529.008876][T12156] usb 3-1: Product: syz [ 529.022938][T12156] usb 3-1: Manufacturer: syz [ 529.027782][T12156] usb 3-1: SerialNumber: syz [ 529.035661][T12156] usb 3-1: config 0 descriptor?? [ 529.051055][T12156] smsc95xx v2.0.0 [ 529.107563][T14026] loop6: detected capacity change from 0 to 63 [ 529.121965][T14024] [ 529.124368][T14024] ====================================================== [ 529.131411][T14024] WARNING: possible circular locking dependency detected [ 529.138481][T14024] 6.16.0-syzkaller #0 Not tainted [ 529.143534][T14024] ------------------------------------------------------ [ 529.150577][T14024] syz.4.2598/14024 is trying to acquire lock: [ 529.156676][T14024] ffff88802574a188 (&set->update_nr_hwq_lock){++++}-{4:4}, at: blk_mq_update_nr_hw_queues+0x3b/0x14c0 [ 529.167719][T14024] [ 529.167719][T14024] but task is already holding lock: [ 529.175094][T14024] ffff88802574a230 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_ioctl+0x131/0xeb0 [ 529.184069][T14024] [ 529.184069][T14024] which lock already depends on the new lock. [ 529.184069][T14024] [ 529.194489][T14024] [ 529.194489][T14024] the existing dependency chain (in reverse order) is: [ 529.203532][T14024] [ 529.203532][T14024] -> #2 (&nbd->config_lock){+.+.}-{4:4}: [ 529.211395][T14024] lock_acquire+0x120/0x360 [ 529.216455][T14024] __mutex_lock+0x182/0xe80 [ 529.221516][T14024] refcount_dec_and_mutex_lock+0x30/0xa0 [ 529.227694][T14024] nbd_config_put+0x2c/0x790 [ 529.232826][T14024] nbd_release+0xfe/0x140 [ 529.237703][T14024] bdev_release+0x533/0x650 [ 529.242749][T14024] blkdev_release+0x15/0x20 [ 529.247791][T14024] __fput+0x449/0xa70 [ 529.252308][T14024] fput_close_sync+0x119/0x200 [ 529.257618][T14024] __x64_sys_close+0x7f/0x110 [ 529.262835][T14024] do_syscall_64+0xfa/0x3b0 [ 529.267875][T14024] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 529.274312][T14024] [ 529.274312][T14024] -> #1 (&disk->open_mutex){+.+.}-{4:4}: [ 529.282173][T14024] lock_acquire+0x120/0x360 [ 529.287212][T14024] __mutex_lock+0x182/0xe80 [ 529.292260][T14024] __del_gendisk+0x129/0x9e0 [ 529.297391][T14024] del_gendisk+0xe8/0x160 [ 529.302268][T14024] loop_remove+0x42/0xc0 [ 529.307081][T14024] loop_control_ioctl+0x4ac/0x5a0 [ 529.312642][T14024] __se_sys_ioctl+0xfc/0x170 [ 529.317775][T14024] do_syscall_64+0xfa/0x3b0 [ 529.322818][T14024] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 529.329256][T14024] [ 529.329256][T14024] -> #0 (&set->update_nr_hwq_lock){++++}-{4:4}: [ 529.337712][T14024] validate_chain+0xb9b/0x2140 [ 529.343038][T14024] __lock_acquire+0xab9/0xd20 [ 529.348240][T14024] lock_acquire+0x120/0x360 [ 529.353264][T14024] down_write+0x96/0x1f0 [ 529.358037][T14024] blk_mq_update_nr_hw_queues+0x3b/0x14c0 [ 529.364282][T14024] nbd_start_device+0x16c/0xac0 [ 529.369666][T14024] nbd_ioctl+0x636/0xeb0 [ 529.374461][T14024] blkdev_ioctl+0x5a8/0x6d0 [ 529.379502][T14024] __se_sys_ioctl+0xfc/0x170 [ 529.384658][T14024] do_syscall_64+0xfa/0x3b0 [ 529.389714][T14024] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 529.396158][T14024] [ 529.396158][T14024] other info that might help us debug this: [ 529.396158][T14024] [ 529.406403][T14024] Chain exists of: [ 529.406403][T14024] &set->update_nr_hwq_lock --> &disk->open_mutex --> &nbd->config_lock [ 529.406403][T14024] [ 529.420605][T14024] Possible unsafe locking scenario: [ 529.420605][T14024] [ 529.428070][T14024] CPU0 CPU1 [ 529.433451][T14024] ---- ---- [ 529.438833][T14024] lock(&nbd->config_lock); [ 529.443456][T14024] lock(&disk->open_mutex); [ 529.450578][T14024] lock(&nbd->config_lock); [ 529.457729][T14024] lock(&set->update_nr_hwq_lock); [ 529.463028][T14024] [ 529.463028][T14024] *** DEADLOCK *** [ 529.463028][T14024] [ 529.471198][T14024] 1 lock held by syz.4.2598/14024: [ 529.476317][T14024] #0: ffff88802574a230 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_ioctl+0x131/0xeb0 [ 529.485683][T14024] [ 529.485683][T14024] stack backtrace: [ 529.491606][T14024] CPU: 1 UID: 0 PID: 14024 Comm: syz.4.2598 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 529.491628][T14024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 529.491645][T14024] Call Trace: [ 529.491656][T14024] [ 529.491666][T14024] dump_stack_lvl+0x189/0x250 [ 529.491690][T14024] ? __pfx_dump_stack_lvl+0x10/0x10 [ 529.491710][T14024] ? __pfx__printk+0x10/0x10 [ 529.491734][T14024] ? print_lock_name+0xde/0x100 [ 529.491757][T14024] print_circular_bug+0x2ee/0x310 [ 529.491781][T14024] check_noncircular+0x134/0x160 [ 529.491805][T14024] validate_chain+0xb9b/0x2140 [ 529.491832][T14024] ? stack_depot_save_flags+0x40/0x900 [ 529.491859][T14024] __lock_acquire+0xab9/0xd20 [ 529.491878][T14024] ? blk_mq_update_nr_hw_queues+0x3b/0x14c0 [ 529.491901][T14024] lock_acquire+0x120/0x360 [ 529.491916][T14024] ? blk_mq_update_nr_hw_queues+0x3b/0x14c0 [ 529.491943][T14024] ? __mutex_trylock_common+0x153/0x260 [ 529.491975][T14024] down_write+0x96/0x1f0 [ 529.491996][T14024] ? blk_mq_update_nr_hw_queues+0x3b/0x14c0 [ 529.492020][T14024] ? __pfx_down_write+0x10/0x10 [ 529.492040][T14024] ? rcu_is_watching+0x15/0xb0 [ 529.492059][T14024] ? trace_contention_end+0x39/0x120 [ 529.492080][T14024] ? __mutex_lock+0x330/0xe80 [ 529.492101][T14024] blk_mq_update_nr_hw_queues+0x3b/0x14c0 [ 529.492127][T14024] ? blkdev_common_ioctl+0xfc3/0x2450 [ 529.492147][T14024] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 529.492164][T14024] ? nbd_ioctl+0x131/0xeb0 [ 529.492188][T14024] ? __pfx___mutex_lock+0x10/0x10 [ 529.492210][T14024] nbd_start_device+0x16c/0xac0 [ 529.492233][T14024] ? security_capable+0x7e/0x2e0 [ 529.492258][T14024] nbd_ioctl+0x636/0xeb0 [ 529.492282][T14024] ? __pfx_nbd_ioctl+0x10/0x10 [ 529.492303][T14024] ? __asan_memset+0x22/0x50 [ 529.492327][T14024] ? smack_file_ioctl+0x24a/0x340 [ 529.492344][T14024] ? __pfx_smack_file_ioctl+0x10/0x10 [ 529.492361][T14024] ? __pfx_nbd_ioctl+0x10/0x10 [ 529.492384][T14024] blkdev_ioctl+0x5a8/0x6d0 [ 529.492405][T14024] ? __pfx_blkdev_ioctl+0x10/0x10 [ 529.492423][T14024] ? __fget_files+0x2a/0x420 [ 529.492444][T14024] ? bpf_lsm_file_ioctl+0x9/0x20 [ 529.492464][T14024] ? __pfx_blkdev_ioctl+0x10/0x10 [ 529.492483][T14024] __se_sys_ioctl+0xfc/0x170 [ 529.492510][T14024] do_syscall_64+0xfa/0x3b0 [ 529.492529][T14024] ? lockdep_hardirqs_on+0x9c/0x150 [ 529.492546][T14024] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 529.492563][T14024] ? clear_bhb_loop+0x60/0xb0 [ 529.492587][T14024] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 529.492607][T14024] RIP: 0033:0x7ffa6a78ebe9 [ 529.492629][T14024] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 529.492645][T14024] RSP: 002b:00007ffa6b5b4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 529.492665][T14024] RAX: ffffffffffffffda RBX: 00007ffa6a9b5fa0 RCX: 00007ffa6a78ebe9 [ 529.492678][T14024] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000003 [ 529.492689][T14024] RBP: 00007ffa6a811e19 R08: 0000000000000000 R09: 0000000000000000 [ 529.492701][T14024] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 529.492711][T14024] R13: 00007ffa6a9b6038 R14: 00007ffa6a9b5fa0 R15: 00007ffeb8837a28 [ 529.492738][T14024] [ 530.096394][T12156] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 530.134448][T12156] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 530.134512][ T980] usb 4-1: unable to get BOS descriptor or descriptor too short [ 530.155628][ T980] usb 4-1: not running at top speed; connect to a high speed hub [ 530.164333][ T980] usb 4-1: config 9 has an invalid interface number: 198 but max is 0 [ 530.183548][ T980] usb 4-1: config 9 has no interface number 0 [ 530.189779][ T980] usb 4-1: config 9 interface 198 has no altsetting 0 [ 530.200303][T14024] nbd4: detected capacity change from 0 to 4 [ 530.207979][ T980] usb 4-1: New USB device found, idVendor=15f4, idProduct=0015, bcdDevice=6f.2b [ 530.217134][ T980] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 530.225277][ T980] usb 4-1: Product: syz [ 530.234972][ T980] usb 4-1: Manufacturer: syz [ 530.249368][ T980] usb 4-1: SerialNumber: syz [ 530.276325][ T51] block nbd4: Receive control failed (result -32) [ 530.276801][T14027] block nbd4: shutting down sockets [ 530.289445][T13934] ldm_validate_partition_table(): Disk read failed. [ 530.311598][T13934] Dev nbd4: unable to read RDB block 0 [ 530.350269][T13934] nbd4: unable to read partition table [ 530.356206][T13934] nbd4: partition table beyond EOD, truncated [ 530.365728][ T5207] ldm_validate_partition_table(): Disk read failed. [ 530.371546][T12156] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 530.383571][T12156] smsc95xx 3-1:0.67: probe with driver smsc95xx failed with error -71 [ 530.412194][T12156] usb 3-1: USB disconnect, device number 9 [ 530.421097][ T5207] Dev nbd4: unable to read RDB block 0 [ 530.447623][ T5207] nbd4: unable to read partition table [ 530.453408][ T5207] nbd4: partition table beyond EOD, truncated [ 530.506711][ T980] dvb-usb: found a 'Hanftek UMT-010 DVB-T USB2.0' in warm state. [ 530.535123][T13934] ldm_validate_partition_table(): Disk read failed. [ 530.562036][T13934] Dev nbd4: unable to read RDB block 0 [ 530.567795][ T980] dvb-usb: bulk message failed: -22 (3/0) [ 530.599647][ T980] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 530.607377][T13934] nbd4: unable to read partition table [ 530.626904][T13934] nbd4: partition table beyond EOD, truncated [ 530.749511][ T980] dvb-usb: Hanftek UMT-010 DVB-T USB2.0 error while loading driver (-19) [ 530.770626][ T980] dvb_usb_umt_010 4-1:9.198: probe with driver dvb_usb_umt_010 failed with error -22 [ 530.800369][ T980] usb 4-1: USB disconnect, device number 9 Stopping sshd: stopped /usr/sbin/sshd (pid 5598) OK Stopping crond: stopped /usr/sbin/crond (pid 5581) OK Stopping dhcpcd... stopped /sbin/dhcpcd (pid 5501) Stopping network: OK Stopping iptables: OK Stopping system message bus: done Stopping klogd: OK Stopping acpid: OK Stopping syslogd: stopped /sbin/syslogd (pid 5189) OK umount: can't remount debugfs read-only umount: sysfs busy - remounted read-only umount: devtmpfs busy - remounted read-only umount: can't remount /dev/root read-only The system is going down NOW! Sent SIGTERM to all processes Connection to 10.128.0.93 closed by remote host. [ 537.253641][T11766] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 537.324022][T11766] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 537.450276][T11766] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 537.494178][T11766] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 537.563448][T11766] bridge_slave_1: left allmulticast mode [ 537.569241][T11766] bridge_slave_1: left promiscuous mode [ 537.574924][T11766] bridge0: port 2(bridge_slave_1) entered disabled state [ 537.583151][T11766] bridge_slave_0: left allmulticast mode [ 537.589240][T11766] bridge_slave_0: left promiscuous mode [ 537.594936][T11766] bridge0: port 1(bridge_slave_0) entered disabled state [ 537.604576][T11766] tipc: Resetting bearer [ 537.667187][T11766] tipc: Disabling bearer [ 537.718856][T11766] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 537.730468][T11766] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 537.740090][T11766] bond0 (unregistering): Released all slaves [ 537.750581][T11766] bond1 (unregistering): Released all slaves [ 537.760193][T11766] bond2 (unregistering): Released all slaves [ 537.844518][T11766] tipc: Left network mode Sent SIGKILL to all processes Requesting system poweroff [ 537.962485][T11766] hsr_slave_0: left promiscuous mode [ 537.968365][T11766] hsr_slave_1: left promiscuous mode [ 537.974171][T11766] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 537.981782][T11766] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 537.989437][T11766] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 537.996962][T11766] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 538.007647][T11766] veth1_macvtap: left promiscuous mode [ 538.013165][T11766] veth0_macvtap: left promiscuous mode [ 538.018830][T11766] veth1_vlan: left promiscuous mode [ 538.024101][T11766] veth0_vlan: left promiscuous mode [ 538.178051][T11766] team0 (unregistering): Port device team_slave_1 removed [ 538.200486][T11766] team0 (unregistering): Port device team_slave_0 removed [ 538.586869][T11766] IPVS: stop unused estimator thread 0... [ 538.811928][ T36] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 538.895840][ T36] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 538.969348][ T36] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 539.038610][ T36] netdevsim netdevsim2  (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0