last executing test programs: 8.83177127s ago: executing program 3 (id=4407): r0 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x1f7ff6, 0x2) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x4080) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000b80), r2) r3 = socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x60, 0x30, 0x2, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0x0, 0xffffffff}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000005c0), &(0x7f0000000600)=0xc) r7 = socket$packet(0x11, 0x2, 0x300) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="30000000100001000000ce6bb9092919507f3400", @ANYRES32=0x0, @ANYRES32=r3, @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0) recvmmsg(r7, &(0x7f0000000480)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=""/11, 0x17}}], 0x400000000000179, 0x0, 0x0) getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@private1={0xfc, 0x1, '\x00', 0x1}, 0x0, 0x1, 0x0, 0x4, 0x0, 0x1}, 0x0) r9 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) ioctl$FS_IOC_GETFSLABEL(r9, 0x400452c8, &(0x7f0000000100)) sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a64000000060a0b040000000000000000020000000900010073797a30000000000900020073797a32000000003800048034000180090001007866726d00000000240002800500030000000000080001400000000008000440000000830800024000000005140000001100010000000000000010000500000a"], 0x8c}}, 0x0) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x1, 0x1, 0x1}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xe1000, 0x280000b, 0x28011, r0, 0x0) 6.530836765s ago: executing program 3 (id=4416): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x5, &(0x7f0000000100)={0x0, 0x8de3, 0x10310, 0x1, 0x4004a, 0x0, r1}, &(0x7f00000003c0)=0x0, &(0x7f0000000400)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0) ioctl$VT_RESIZEX(r1, 0x560a, 0x0) r5 = socket$pppl2tp(0x18, 0x1, 0x1) close(r5) r6 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r6, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x12}}, 0x2, 0x0, 0x0, 0x2}}, 0x2e) r7 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0) ioctl$SNDCTL_DSP_SETFMT(r7, 0xc0045005, &(0x7f0000000140)=0x2000) openat$sndseq(0xffffff9c, &(0x7f0000000240), 0x101000) ppoll(&(0x7f00000000c0)=[{r7, 0x9620}], 0x1, 0x0, 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x3) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @remote}, 0x6}, 0x1c) ioctl$SNDCTL_DSP_SETTRIGGER(r1, 0x40045010, &(0x7f00000001c0)=0x4) r8 = syz_open_dev$vim2m(0x0, 0x7fffffff, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r8, 0xc008561c, &(0x7f0000000140)={0x2098f907, 0x8}) connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c) syz_emit_ethernet(0x42, &(0x7f0000000180)=ANY=[@ANYRES32=r2, @ANYRES32=0x41424344, @ANYRESHEX=r8, @ANYBLOB="80046071907800e7080a09df168a000000"], 0x0) timer_create(0x8, &(0x7f0000000340)={0x0, 0x39, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000380)) 6.090685371s ago: executing program 0 (id=4419): socket$inet6_udplite(0xa, 0x2, 0x88) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$VIDIOC_S_HW_FREQ_SEEK(0xffffffffffffffff, 0x40305652, 0x0) r1 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) mmap(&(0x7f00005b9000/0x1000)=nil, 0x1000, 0x1000003, 0x11012, r1, 0x68255000) syz_clone(0x202000, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x101121) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) r4 = syz_io_uring_setup(0x1c57, &(0x7f0000000300)={0x0, 0x40ac, 0x10000, 0x2, 0x3f, 0x0, r3}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000140)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r2}) io_uring_enter(r4, 0x2def, 0x4000, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) 6.075330672s ago: executing program 1 (id=4420): ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, 0x0) write$USERIO_CMD_SET_PORT_TYPE(0xffffffffffffffff, &(0x7f0000000100)={0x1, 0x2}, 0x2) ioctl$KVM_CAP_X86_GUEST_MODE(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000240)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x6, 0x3, 0x8000000000005, 0x180, 0x4, 0x10, 0xf1, 0x50, 0x7fffffffffffe, 0x5, 0x0, 0x9, 0x0, 0x6, 0x6, 0x100000000000bdb], 0xffff1001, 0x124182}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x60000000002, 0x1000000000, 0x0, 0x43, 0x2000001, 0x0, 0x2004cb, 0x0, 0x1000000, 0x68ff, 0x5, 0x9, 0x3], 0xeeee8000, 0x202}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000480)={[{0x9570000, 0x3, 0x0, 0x0, 0x85, 0x1, 0xff, 0x2, 0x6, 0x4, 0x47, 0xf, 0x1}, {0x9f83, 0x7, 0xe, 0x5a, 0x1, 0xa7, 0x9, 0x81, 0x7, 0x5, 0x6, 0x3, 0x6}, {0x6, 0x1005, 0x81, 0xa, 0x6, 0x46, 0xf8, 0x4e, 0xc, 0x98, 0x1a, 0x1, 0x8}], 0x3}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 5.34467248s ago: executing program 1 (id=4422): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10) r2 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, &(0x7f00000003c0)={'pcl818\x00', [0x4f23, 0x5, 0x1, 0x13, 0x8, 0x5, 0x8, 0x3, 0xa, 0xfd, 0x1081, 0x1, 0x1, 0x7, 0x6, 0x101, 0xf7fffffe, 0x7f, 0x3, 0x40000003, 0x8c, 0xca9f, 0x0, 0x20001e58, 0xb, 0xe66, 0x3, 0x8, 0x4085, 0x0, 0x1]}) 5.330829042s ago: executing program 3 (id=4423): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x0, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="1802000000000000000000000000000085000000170000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000009b00000095"], 0x0, 0xffffffff}, 0x94) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x3, 0xc, &(0x7f0000000000)=ANY=[], &(0x7f0000000080)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 5.063210693s ago: executing program 1 (id=4424): r0 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x1f7ff6, 0x2) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x4080) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000b80), r2) r3 = socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x60, 0x30, 0x2, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0x0, 0xffffffff}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000005c0), &(0x7f0000000600)=0xc) r7 = socket$packet(0x11, 0x2, 0x300) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="30000000100001000000ce6bb9092919507f3400", @ANYRES32=0x0, @ANYRES32=r3, @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0) recvmmsg(r7, &(0x7f0000000480)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=""/11, 0x17}}], 0x400000000000179, 0x0, 0x0) getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@private1={0xfc, 0x1, '\x00', 0x1}, 0x0, 0x1, 0x0, 0x4, 0x0, 0x1}, 0x0) r9 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) ioctl$FS_IOC_GETFSLABEL(r9, 0x400452c8, &(0x7f0000000100)) sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a64000000060a0b040000000000000000020000000900010073797a30000000000900020073797a32000000003800048034000180090001007866726d00000000240002800500030000000000080001400000000008000440000000830800024000000005140000001100010000000000000010000500000a"], 0x8c}}, 0x0) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x1, 0x1, 0x1}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xe1000, 0x280000b, 0x28011, r0, 0x0) 5.061686753s ago: executing program 0 (id=4425): sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000640), r0) setsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0, 0x10001}, 0x8) openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0) r2 = socket(0x6, 0x2, 0xfffffff2) getsockname$packet(r2, 0x0, 0x0) mmap(&(0x7f0000fed000/0x12000)=nil, 0x12000, 0x2, 0x11, 0xffffffffffffffff, 0x20) dup(0xffffffffffffffff) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r3, 0x107, 0x14, 0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x40600, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x0) syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010, 0x1, 0x39d}, &(0x7f0000000040)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x2, 0x0, 0x0, 0x0, 0x1}) sendmsg$IEEE802154_LIST_PHY(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000005c0)={0x14, r1, 0x30b, 0x0, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x44}, 0x20000004) syz_genetlink_get_family_id$nfc(0x0, r0) r7 = syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x9840) ioctl$SG_SET_RESERVED_SIZE(r7, 0x2275, &(0x7f0000000000)=0x1) ioctl$SG_IO(r7, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffe, 0x6, 0x1, @buffer={0x300, 0x56, &(0x7f0000000440)=""/86}, &(0x7f0000000380)="259374c94982", 0x0, 0x0, 0x14, 0x0, 0x0}) 5.059971393s ago: executing program 3 (id=4426): r0 = syz_open_dev$usbfs(&(0x7f0000000080), 0x75, 0x109301) ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000380)=@urb_type_bulk={0x3, {0x1, 0x1}, 0x0, 0x41, &(0x7f00000002c0), 0x0, 0x10, 0xd21, 0xfffffffe, 0x5, 0x71ab, 0x0}) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) r1 = open(&(0x7f0000000240)='./file0\x00', 0x699ca911a6aa00f6, 0x42) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, &(0x7f00000003c0)=""/244, &(0x7f0000000180)=0xf4) landlock_restrict_self(r1, 0x5) execveat(r1, &(0x7f0000000280)='./file0\x00', 0x0, 0x0, 0x0) mount(&(0x7f0000000140)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='qnx6\x00', 0x208800, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) write$tun(r2, &(0x7f0000000840)={@val={0x8, 0x4305}, @val={0x6, 0x0, 0x6, 0x0, 0x14}, @ipv4=@generic={{0x5, 0x4, 0x2, 0x2, 0xf34, 0x66, 0x0, 0xb, 0x89, 0x0, @rand_addr=0x64010102, @broadcast}, "3297e3ba0fa8a2e71bd9fe1a399b5110420b70460c0dad392d66248a43540df968e7fcaab34569c0e36170578c0d3c546a98b26295e2592f360905866eb4720fed03a977a3df4224895629fd6ccec64f13a999f18f518e3ee28798381975e862f1db9dccdb2f1c1fb60f5ffc7a339d40a8bd1f24cede8a32f186f142e194d4fb48224759faf813ea80e6a853e79b4fe27fe3e1aec5897b314a7f0d515b07b1835986b4885e9826d902c40f16cd77c58b6433ab039955ce9db11f36f459e7114ace6c9989eecea80a81fd39f339356c7c3391af83da2486503a7973f6db4806cf3e5ca94cf7e1f79fd00decd76100c18251a59d1474caabf4d3ca6a9a9885df710e68c5b0dc11832dbb5eecb5c88c2f8f02bdbd88569ad4a740359cbca8c378118220d73bdd1e661c3a74f77aa931b11cd38119b0f084bb96e84803fca6566c33ee1e4e34ab0253fbf24f9f5974af5e1fc2a43a4ec9dd9928a8f38a128ea27c429300ae5a6bd7740471f973d8224b2b07879f4fbe7dcbed776a72ebdc713bcf1d7aa45b01c32a1003e6670d58510bd79ba2fde5cb2b82cef2cc315648f4e9d96d848ba327949b8926253cbdef6888a8982108b6ac7a1108533dd3fe125002e2e286362d1055082a9d73ec5ac3080f2a501ff27250b62c8965f371cf92b32d6422d79f66261eb08a2f8fe50049e102c69ce703d116d0834208cc957d0f1376457a90245816d7642412897fdd2f982fdfbc3af65aa0446b00c767b79aec40e460887ea02188e3a0960eea39b144859467b881978378c9fd593259e0f63148179fe2c2f6d40987b63a6e384e63027f03d8039d707522942d5dc88fd842524d006290b6a65e9cc86cc5b401a60ec4aedfb3bf4d0447bb681810a16b9684b72c2f4593ef834a0203e78cd1d9dbc978e9ae8f3ab62c07f1e41d59470decee7b0cc41ac49e4b7589ab6da65849f62ec217bb39ed161e7d337822d96badbd74d66451ea9a74bed591dc9631bf639dcf7846ee428a9fa55bfceedf3b1c23642f3b58dd0a7273664c6c49c9160a4b9cc5b72d0210e305b94e2cb09ae1d4af9d365b5093851f229c8c30aef75d45ccdbab4b86d801a9ad3b27f26ba601d531c0743717aa7aae29d37f496fec7682c5a1abd321ad61941a2d23fcac6af1d1875e308c8d8c64a5152be47b59c09d293f46b857310a99f1885f0a49d432aa0d39a3e8fc885e75e66b63215133175a19267c8d0adf7d8f644e742ed5369d1405e99e63b78727f135e0243f24d9ce354a1562102ee8de4c191508343b86bf7e7519ddd770ce55e17e590561b2f437194c97ad46622a6ae3dd68d9993e6744954f4cd308bd6594fdccedc578e80aed274a65219697229059723ac37d535cca0e9c314e7941b4160bbd2ffba71f26ffe3228431bc81463078ad70583277ef18bce23ca2e5b9a00670956ea8e0e2c739c006106c8c9ee3f92ba728d8490742b74a9a18cbedfc4e69bb87e0da4c7dfb964374c28c837d4641fb99a19b233675f8526af395335e0185cf3934805442ac379980b687a7128e53284ba9e741b5fe9bc969bfbd55cbce76842915e076e2adf844338d16d3802c681bafdcc60465bd34dfc2d1c069ceee40060e0570fc1275ccabfe3f9be3e84ceedf72cd649c082232008e2b0c94594588c00e0fe911bbf1c12eb6c37ce05674a7597feecf27f5e051ffa824d9ff93638dfa9a84c77562aa2cf897f55a97b79c18544ad03480e1011b8f93e0ead9c2c6672448f585c5803ae99be777fbc662ef4450c1e936ed8b3c8047f00e72adc84561f417f8e5e1dde4967005d96a64fc75d9f486b3ebdb5904a0a56ec48542f0efce939f66fd69259e7376ad37e84434ea90f35b2d3bd63b5c36b267d8f2c7dc5a50b46e00ed086dff8b039e07b84c60611269d4f282ad04dc8e0b481eece2f8a614734be73617f0ad5be195446b09dca4cf1f32653dd3e188aece76f3014deb2ba61744835c0f735234b6a4637c948a7b4fd4203b286ca87d669e325d70277075b094f59eb1dff6c9c05c40d5e464c563df79486e1a32e6ed9bcf675aac7968b4e98dc4e210215b0d3b6a2525b2e3df11f3f1490eb39cabffbe32e23659121fde8e4e346e0f595aaf3666a5f6f118c1a1128039502ac04c40b85eb4c54e6c95b8d1c2aac74ae9e1c355ccde9d54d5d833293f5df09224482179e5bcd8e227c99172a6e14c2cd4e6462ceb0a905a1d64804840ce62e350c6efac10a7fcb029f84af64e2256d45afd3b3f59379895740e0cd2fd24c63264f785bb6e3f40ec72ed67d1a7d87dd264743d9c951cb5aa8bc6f1d1bc9b23303d5aa7f8f6f961326757456057000cb2bacf78cc229002777e932c2640b8dfa793846ca49fa93996db95104a8808a1906b19df17e754b90582b6c49efb3ddce067dd9292291cfd2bb0323ce8098f29e4fce0de31cf5c7e2e2da5d0d0996a8be776de8fecfd3ce68e80d21f1701f6b90ac51278abbd727d19415e0ebe001b990b177b8db0c592b18a4b5e4a6221902362e5b20e6e6f2131a5a5e03c1150b179ef40c933c2fef1b79de738652ec4c32565f5cf751a11db177099c4e2e5bd7616cd0dd501d5bfccf5691de3cca590365328648baf8a9487a3c212193c9bb837594460967e823067a9465eba7001eaf609a810488ef5c147aaa5e9e8c75b585ac3582b6915e20b5aa2f79b7a94857122988c56dbce1ea52de1a56652e839bb853be3ee16052b33fb83ca54d8e4e19440a5e81492107043a66286f63ca87a1f7b8a4e9547a7eb6005419cfd28cb37e9e374f4d0143973286e87070754025c1a6fccfdc6858eaca8c35ecb19584ce7141cc79a5bc813469161b87a19fc21f3373d1f25b3427916dd1be2a589b70ea3b39fcc7801e13beaf19b76164faf3dc4ab8faa5648d24eddd6caceaa0d5ac9cad633c19a4a4d059ee823a49b7cf82c5777d376c111f58ea8fd473429907852301a2c856f27bd0c687ab5be0e2bbef64ddee1601375a4440e3f59d60f57caebfe457f82432523ec4a61cdbb7f1e91e4b05fda892df131c274b19929d26f7a5a6d3ca487983f729601ed9bb4bf5c1cc3d453d406e9534688dec6a2dd0b9db149365c125a95e129565e62cc91f7d960abe1055b730ae0994e7eb08392d5745d0e4f529c4defc3d3e43d0815b0cc63effa88d20c13b14e780c2f6c89a1ee5e4db45a5c272186cc3e51b13dab3add5f467e8ca0f4c45a1fc76db2f0cbf794102946aafcd8cd8a3e935a606b9721645c4d550ae0907f345593736506efc626498c974753d474a73626041d3a54f8fb50de2a6335611a3779da3a02daceb2256d9b102d4d30dd3cd389a04b1a7a6076879f36534bb3379debb46ed1fa2c40096c752017dd024345c58313b43070ff7bef94dc3cafbe6ec20d59e5ea3c196ba3b783bfa87384407efc664cd350c80ac397516018e35371956e414755cde304d2a228c1540ba6fd6a7402d11c666964f024da4c016eb556ba2c5fab86c60c12efb1496295d80f0383526e8e0fc55a287bbd3cb966a916f57958d8b6ef97aa0c4b47f7746bab6b99698c1c96b25c4e2e084147866fe0970b109dd26984adc0758eb6442712cc46dcd8ed3038b0595252eed1b8a46525862662d1e67eba66ac341f8d27853eed54854f488f079bd48df6ce7a4be8b1b61fd23a2dc4d3ade0992011539cc63f80fcfc75008c20cb639348cb218f8f476a6d56917f4ca07e67fc20ea2e9642eaf2182b397e279f5f6c70438fb8aa39cba788588c181461ea7efe1a0dd5b95eb26f7158b91012f7ce0ee1b4e79ce4da377bea4551738a0f491a84f19b3be9827b4469c299527aa9c20b8bf12f919976a0356bba720fb91010763c79bcbb10d89280f0f97cdd19aa0d54828b308195fac170613cf4b515e340a9ef2c97f618a9f50b30ae34ebeed9a38b4c6969680accc740b154ecb014fb5d543a59ccb98a7de2823a2dec39f331cb503eb74fef61262c6d4050bc723caee834eb28c64ce007f6027375e936b62387cf1778970e88b0574a0106d4c855be7425767c551b2fa644d9d8a59f787e7610581b768057d229673344571c3d6e3f10975b2859f568398b1f38f89524d9ad0c1588617c3883a1227b714c81cdf28da54f33968c1c50f28da01c308eb31d319b3e77f96bec001c9300000000000000009cc0062283ac112868592619db14d629c47bfb793a723dcd2f7b07ae4ec14ca3ef4b955ea5b2b153a279b080f6236d418075b86850974c8850efb306d5c304e726bf2643b4403e6d46b0e0395b02e93308b4b2c3e957308d497dc51c753344a7878f1f0c91295fd76e3d1cc9ef813161c6b92b7ea6068ceb97d8f45a4ce57af7d7632d699951f7fe3c71c3a32b014c74425c67e5030546b10cf7edcec2eca5ba31dc62c08f83f35bc2e36b93f15f071bc2537ebe9ca19f86dce4e84272e10323d0ceaa2cc47fe4f6ad101d454c761f9863e94af91199ce5f12469bca7ba39314b84aa7efa4bdc18f7700c19511d48d6132450111d70401a8ac73565d5386ca12345e884d08b23f9c901000a95eb4167865e58c28b112f47c96beeaa6657c923e25e56529107c5c30e65bb485d5ed21b91332db4e09df7e59dcfa05c994570deb3f9b838e22ae4abbf9a9a8c319cc9112c8dba7c2278f78b9578b0254c46a4c04b8fa4fedad6bd275f70b1618971ef6503379bfb0a508c9944328af2c820091a89e3f75e68e7f980ddc9154d273f7f2ce7a6294aefe93136860786679b80e41f6636ff45efeacfb52e2ba2bd9bd9c9030079a46caca5c4b340c17d01ba8ecbc5c561b2038481a8321c009d12136a3ad5461881d998eeaac5236fdcd8f81fb5e53848bb096d9198fd0d38830d1809f2a632b31e2b67754140c907ed58aead048b2d8af9a1c407e48db815212cfdcca97222dabdfe01f311a73e1e82c3e189ec5add48d3f8190eb9e14b58e540f7f1388a7c687629eadb19fd8a133dc8177629270ecaabff79efb6c1f750d89b9e6c5f34c6238066f8e3e425e46a27b3c0d2e9e2ed3cffe2a6f39b8e0137ea5de689b94107fb4748a5feb3902f0feba64dae4c2e69bc8d86463575c6b0ef4a8a64fef41121e57a8c67eda07e9fc8f98299677de198ea0a649ef3c00591940b2c27ba1414aaa1633deb52e3a44cfa8d7a00d014317c026a7d7f42a34b97128e1bf9cda4d8315819ac73ed5061bf9b5631d07b09b85b78ff1b6eb86e9e8c4faa0f991cd6fa0b0eb71b39c20ca9bc7c156f3bd255a5b408df172396bafd7f0fb11c6eaf1eb0a06576d37bee00424bf699584b1dfed68f0d8d8a35f0427c783fe2d79b4373628971e87501a5e4bb05b5058d0b2132741f26e76065b6f4017d963c8ee5605c4c5b6eebb96fca0a41893cb6add3fb0d728abeb860f22cedbd36e464bdaf124a7041460f7af3d64b54e9ffd240b5afad9baf6e5dd8406bc1b205da5"}}, 0xf42) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001b80)={r1, 0xe0, &(0x7f0000001a80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000001900), &(0x7f0000001940)=[0x0, 0x0], 0x0, 0x48, &(0x7f00000004c0)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f00000019c0), &(0x7f0000001a00), 0x8, 0x44, 0x8, 0x8, &(0x7f0000001a40)}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000003c0)=ANY=[@ANYRES16=r0], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x2e, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r3}, 0x94) r4 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) close(r4) r5 = signalfd4(0xffffffffffffffff, &(0x7f00000008c0), 0x8, 0x800) mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r5}}) r6 = signalfd(0xffffffffffffffff, &(0x7f0000000280)={[0x6]}, 0x8) read$FUSE(r6, &(0x7f00000008c0)={0x2020}, 0xfffffef0) r7 = gettid() rt_sigsuspend(&(0x7f0000000040)={[0x3]}, 0x8) tkill(r7, 0x7) r8 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r8, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa) 4.310628254s ago: executing program 2 (id=4428): socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x43, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000100)={0x1, "ff0f000000000000f5a72d866b0000000000f0ffdefe00"}) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x6, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r2 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r2, 0xc0184800, &(0x7f0000000100)={0x4, r1}) ioctl$DMA_BUF_SET_NAME_A(r3, 0x40086203, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000004300), 0x1, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) io_uring_setup(0x294d, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x4}) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000440)=0x2) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r5, 0xffffffffffffffff, 0x0) 4.092288421s ago: executing program 0 (id=4429): r0 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x1f7ff6, 0x2) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x4080) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000b80), r2) r3 = socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x60, 0x30, 0x2, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0x0, 0xffffffff}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000005c0), &(0x7f0000000600)=0xc) r7 = socket$packet(0x11, 0x2, 0x300) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="30000000100001000000ce6bb9092919507f3400", @ANYRES32=0x0, @ANYRES32=r3, @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0) recvmmsg(r7, &(0x7f0000000480)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=""/11, 0x17}}], 0x400000000000179, 0x0, 0x0) getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@private1={0xfc, 0x1, '\x00', 0x1}, 0x0, 0x1, 0x0, 0x4, 0x0, 0x1}, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a64000000060a0b040000000000000000020000000900010073797a30000000000900020073797a32000000003800048034000180090001007866726d00000000240002800500030000000000080001400000000008000440000000830800024000000005140000001100010000000000000010000500000a"], 0x8c}}, 0x0) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x1, 0x1, 0x1}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xe1000, 0x280000b, 0x28011, r0, 0x0) 4.059448194s ago: executing program 3 (id=4430): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = inotify_init1(0x0) inotify_add_watch(r1, &(0x7f0000000400)='.\x00', 0xa4000271) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000080)='cdg\x00', 0x4) bind$inet6(r3, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) connect$inet6(r3, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000180)='bbr\x00', 0x4) fsopen(&(0x7f00000000c0)='hfs\x00', 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x1c1341, 0x0) r4 = socket(0x10, 0x803, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) ioctl$vim2m_VIDIOC_G_FMT(0xffffffffffffffff, 0xc0cc5604, &(0x7f00000003c0)={0x386db4e99dc99fb8, @pix_mp={0xca, 0x5, 0x3231564e, 0x8, 0x5, [{0x2, 0x7}, {0x2, 0x7}, {0x3, 0x9}, {0x0, 0x401}, {0x2, 0xd9}, {0x1, 0x10}, {0x80000000, 0x7}, {0xd0000000, 0xb552}], 0xb, 0x9, 0x2, 0x0, 0x4}}) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r4, 0x89f8, &(0x7f00000004c0)={'sit0\x00', &(0x7f00000002c0)={'syztnl2\x00', 0x0, 0x700, 0x80, 0xd, 0x11, {{0x9, 0x4, 0x1, 0x2, 0x24, 0x64, 0x0, 0x2, 0x5549ca03dbffd6cb, 0x0, @remote, @rand_addr=0x64010100, {[@generic={0x82, 0xd, "caec392d6b0ef1b412848b"}, @noop, @noop]}}}}}) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYRESDEC=r6], 0x1c}}, 0x0) socket$packet(0x11, 0x3, 0x300) socket$inet_smc(0x2b, 0x1, 0x0) r7 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x14d002) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)={0x1b, 0x0, 0x0, 0x400000, 0x0, 0xffffffffffffffff, 0x7ee, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x4}, 0x50) ioctl$NBD_SET_SOCK(r7, 0xab00, r8) read(r1, 0x0, 0x0) close(r1) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0xffffffffffffff15, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="740000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="8d6afed88f6a2bd729f877446fcdecb540fcdca9f729355058fcc9578f0da4884b8c307ce42f9e6c68083df1c6f4f5c7680dac28f432346a8eb72c8f6fcf1807dc293cb74319187c9f10a8f950b974d2bae214fc8afc7bb3d7469336cf473588a8e6fe26eb1a6424bc7fa938cf68326c9f7b88a5c9553fa99cb9038b293814193d9a9dfde8d8c48f4dacebf3c7f82b25d1b36acecdac30caf649bd7a0c5c7757fbe2a5d133f4df0094bf2a2a923b2d6604942f7c6f74127767f3a2a1ef7872f62ea28f303f6c4f586b5693a4218a85b24ffd653ae74192db0174c8"], 0x74}}, 0x2000c0c0) 3.799198365s ago: executing program 2 (id=4431): ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, &(0x7f0000000140)={0x0, 0x2c0, 0x0, 0x0}) write$USERIO_CMD_SET_PORT_TYPE(0xffffffffffffffff, &(0x7f0000000100)={0x1, 0x2}, 0x2) ioctl$KVM_CAP_X86_GUEST_MODE(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000240)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x6, 0x3, 0x8000000000005, 0x180, 0x4, 0x10, 0xf1, 0x50, 0x7fffffffffffe, 0x5, 0x0, 0x9, 0x0, 0x6, 0x6, 0x100000000000bdb], 0xffff1001, 0x124182}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x60000000002, 0x1000000000, 0x0, 0x43, 0x2000001, 0x0, 0x2004cb, 0x0, 0x1000000, 0x68ff, 0x5, 0x9, 0x3], 0xeeee8000, 0x202}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000480)={[{0x9570000, 0x3, 0x0, 0x0, 0x85, 0x1, 0xff, 0x2, 0x6, 0x4, 0x47, 0xf, 0x1}, {0x9f83, 0x7, 0xe, 0x5a, 0x1, 0xa7, 0x9, 0x81, 0x7, 0x5, 0x6, 0x3, 0x6}, {0x6, 0x1005, 0x81, 0xa, 0x6, 0x46, 0xf8, 0x4e, 0xc, 0x98, 0x1a, 0x1, 0x8}], 0x3}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3.255210468s ago: executing program 2 (id=4432): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) setrlimit(0x6, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000380)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x80, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x54, 0x4, 0x0, 0x1, [{0x50, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x40, 0x2, 0x0, 0x1, [@NFTA_TARGET_INFO={0x2c, 0x3, "7339f2f10455afb9fdd672bad09dfb78c7699c74e891a0c700"/40}, @NFTA_TARGET_REV={0x8}, @NFTA_TARGET_NAME={0x8, 0x1, 'LED\x00'}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xa8}, 0x1, 0x0, 0x0, 0x4000850}, 0x20040040) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) r2 = syz_open_dev$sndctrl(&(0x7f0000001ac0), 0x0, 0x0) r3 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r3, 0x40405514, &(0x7f0000000200)={0x9, 0x2, 0x0, 0xfffffff7, 'syz1\x00', 0xffffff7d}) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r3, 0xc1105511, &(0x7f0000000040)={0x9}) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r2, 0xc1105511, &(0x7f0000000040)) 3.218246951s ago: executing program 1 (id=4433): socket$inet6_udplite(0xa, 0x2, 0x88) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$VIDIOC_S_HW_FREQ_SEEK(0xffffffffffffffff, 0x40305652, 0x0) r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) mmap(&(0x7f00005b9000/0x1000)=nil, 0x1000, 0x1000003, 0x11012, r0, 0x68255000) syz_clone(0x202000, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x101121) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) r3 = syz_io_uring_setup(0x1c57, &(0x7f0000000300)={0x0, 0x40ac, 0x10000, 0x2, 0x3f, 0x0, r2}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000140)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r1}) io_uring_enter(r3, 0x2def, 0x4000, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) 1.222939622s ago: executing program 2 (id=4434): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x0, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="1802000000000000000000000000000085000000170000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000009b00000095"], 0x0, 0xffffffff}, 0x94) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x3, 0xc, &(0x7f0000000000)=ANY=[], &(0x7f0000000080)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0x0, 0x0, &(0x7f0000000580), 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.103295601s ago: executing program 3 (id=4435): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x8008000000010, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x60, 0x30, 0x1, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_procfs(0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x15) writev(r3, &(0x7f0000000280)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025", 0x1d}, {&(0x7f0000000580)="fa21bd2b5c40cc420740358ffc7f9f4b6e68fc8d1aa2597e7b484f301f11e35f22", 0x21}], 0x2) r4 = socket$rxrpc(0x21, 0x2, 0xa) syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0xffffffffffffff2b) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="740000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="2b030040000000004c0012800b00010067656e65766500003c0002800800050001000000140007000000000000000005000000000000000108000f", @ANYBLOB="96f0ba0c", @ANYRES32=r4], 0x74}}, 0x0) bind$rxrpc(r4, &(0x7f0000000000)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e20, 0x3, @empty, 0xd}}, 0x24) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) write$6lowpan_enable(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, &(0x7f0000000340)=ANY=[@ANYBLOB="180200000000e1ff00000000000000008500000027000000850000005000000095"], &(0x7f0000000080)='GPL\x00', 0x4}, 0x94) 948.783414ms ago: executing program 2 (id=4436): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$unix(0x1, 0x2, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000340)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x4c, r2, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x8, 0x1, 0x60}, @val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x7ff, 0x70}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}]}, 0x4c}, 0x1, 0x0, 0x0, 0x81}, 0x24044884) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_CONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00', @ANYRES16=r6, @ANYBLOB="050000000000000000002e00000008000300", @ANYRES32, @ANYBLOB="0a00340002021b060202f3ff"], 0x28}}, 0x0) close(r4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) 773.631158ms ago: executing program 0 (id=4437): sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000640), r0) setsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0, 0x10001}, 0x8) openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0) r2 = socket(0x6, 0x2, 0xfffffff2) getsockname$packet(r2, 0x0, 0x0) mmap(&(0x7f0000fed000/0x12000)=nil, 0x12000, 0x2, 0x11, 0xffffffffffffffff, 0x20) dup(0xffffffffffffffff) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r3, 0x107, 0x14, 0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x40600, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x0) syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010, 0x1, 0x39d}, &(0x7f0000000040)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x2, 0x0, 0x0, 0x0, 0x1}) sendmsg$IEEE802154_LIST_PHY(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000005c0)={0x14, r1, 0x30b, 0x0, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x44}, 0x20000004) syz_genetlink_get_family_id$nfc(0x0, r0) r7 = syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x9840) ioctl$SG_SET_RESERVED_SIZE(r7, 0x2275, &(0x7f0000000000)=0x1) ioctl$SG_IO(r7, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffe, 0x6, 0x1, @buffer={0x300, 0x56, &(0x7f0000000440)=""/86}, &(0x7f0000000380)="259374c94982", 0x0, 0x0, 0x14, 0x0, 0x0}) 476.184042ms ago: executing program 2 (id=4438): r0 = syz_open_dev$usbfs(&(0x7f0000000080), 0x75, 0x109301) ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000380)=@urb_type_bulk={0x3, {0x1, 0x1}, 0x0, 0x41, &(0x7f00000002c0), 0x0, 0x10, 0xd21, 0xfffffffe, 0x5, 0x71ab, 0x0}) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) r1 = open(&(0x7f0000000240)='./file0\x00', 0x699ca911a6aa00f6, 0x42) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, &(0x7f00000003c0)=""/244, &(0x7f0000000180)=0xf4) landlock_restrict_self(r1, 0x5) execveat(r1, &(0x7f0000000280)='./file0\x00', 0x0, 0x0, 0x0) mount(&(0x7f0000000140)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='qnx6\x00', 0x208800, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) write$tun(r2, &(0x7f0000000840)={@val={0x8, 0x4305}, @val={0x6, 0x0, 0x6, 0x0, 0x14}, @ipv4=@generic={{0x5, 0x4, 0x2, 0x2, 0xf3c, 0x66, 0x0, 0xb, 0x89, 0x0, @rand_addr=0x64010102, @broadcast}, "3297e3ba0fa8a2e71bd9fe1a399b5110420b70460c0dad392d66248a43540df968e7fcaab34569c0e36170578c0d3c546a98b26295e2592f360905866eb4720fed03a977a3df4224895629fd6ccec64f13a999f18f518e3ee28798381975e862f1db9dccdb2f1c1fb60f5ffc7a339d40a8bd1f24cede8a32f186f142e194d4fb48224759faf813ea80e6a853e79b4fe27fe3e1aec5897b314a7f0d515b07b1835986b4885e9826d902c40f16cd77c58b6433ab039955ce9db11f36f459e7114ace6c9989eecea80a81fd39f339356c7c3391af83da2486503a7973f6db4806cf3e5ca94cf7e1f79fd00decd76100c18251a59d1474caabf4d3ca6a9a9885df710e68c5b0dc11832dbb5eecb5c88c2f8f02bdbd88569ad4a740359cbca8c378118220d73bdd1e661c3a74f77aa931b11cd38119b0f084bb96e84803fca6566c33ee1e4e34ab0253fbf24f9f5974af5e1fc2a43a4ec9dd9928a8f38a128ea27c429300ae5a6bd7740471f973d8224b2b07879f4fbe7dcbed776a72ebdc713bcf1d7aa45b01c32a1003e6670d58510bd79ba2fde5cb2b82cef2cc315648f4e9d96d848ba327949b8926253cbdef6888a8982108b6ac7a1108533dd3fe125002e2e286362d1055082a9d73ec5ac3080f2a501ff27250b62c8965f371cf92b32d6422d79f66261eb08a2f8fe50049e102c69ce703d116d0834208cc957d0f1376457a90245816d7642412897fdd2f982fdfbc3af65aa0446b00c767b79aec40e460887ea02188e3a0960eea39b144859467b881978378c9fd593259e0f63148179fe2c2f6d40987b63a6e384e63027f03d8039d707522942d5dc88fd842524d006290b6a65e9cc86cc5b401a60ec4aedfb3bf4d0447bb681810a16b9684b72c2f4593ef834a0203e78cd1d9dbc978e9ae8f3ab62c07f1e41d59470decee7b0cc41ac49e4b7589ab6da65849f62ec217bb39ed161e7d337822d96badbd74d66451ea9a74bed591dc9631bf639dcf7846ee428a9fa55bfceedf3b1c23642f3b58dd0a7273664c6c49c9160a4b9cc5b72d0210e305b94e2cb09ae1d4af9d365b5093851f229c8c30aef75d45ccdbab4b86d801a9ad3b27f26ba601d531c0743717aa7aae29d37f496fec7682c5a1abd321ad61941a2d23fcac6af1d1875e308c8d8c64a5152be47b59c09d293f46b857310a99f1885f0a49d432aa0d39a3e8fc885e75e66b63215133175a19267c8d0adf7d8f644e742ed5369d1405e99e63b78727f135e0243f24d9ce354a1562102ee8de4c191508343b86bf7e7519ddd770ce55e17e590561b2f437194c97ad46622a6ae3dd68d9993e6744954f4cd308bd6594fdccedc578e80aed274a65219697229059723ac37d535cca0e9c314e7941b4160bbd2ffba71f26ffe3228431bc81463078ad70583277ef18bce23ca2e5b9a00670956ea8e0e2c739c006106c8c9ee3f92ba728d8490742b74a9a18cbedfc4e69bb87e0da4c7dfb964374c28c837d4641fb99a19b233675f8526af395335e0185cf3934805442ac379980b687a7128e53284ba9e741b5fe9bc969bfbd55cbce76842915e076e2adf844338d16d3802c681bafdcc60465bd34dfc2d1c069ceee40060e0570fc1275ccabfe3f9be3e84ceedf72cd649c082232008e2b0c94594588c00e0fe911bbf1c12eb6c37ce05674a7597feecf27f5e051ffa824d9ff93638dfa9a84c77562aa2cf897f55a97b79c18544ad03480e1011b8f93e0ead9c2c6672448f585c5803ae99be777fbc662ef4450c1e936ed8b3c8047f00e72adc84561f417f8e5e1dde4967005d96a64fc75d9f486b3ebdb5904a0a56ec48542f0efce939f66fd69259e7376ad37e84434ea90f35b2d3bd63b5c36b267d8f2c7dc5a50b46e00ed086dff8b039e07b84c60611269d4f282ad04dc8e0b481eece2f8a614734be73617f0ad5be195446b09dca4cf1f32653dd3e188aece76f3014deb2ba61744835c0f735234b6a4637c948a7b4fd4203b286ca87d669e325d70277075b094f59eb1dff6c9c05c40d5e464c563df79486e1a32e6ed9bcf675aac7968b4e98dc4e210215b0d3b6a2525b2e3df11f3f1490eb39cabffbe32e23659121fde8e4e346e0f595aaf3666a5f6f118c1a1128039502ac04c40b85eb4c54e6c95b8d1c2aac74ae9e1c355ccde9d54d5d833293f5df09224482179e5bcd8e227c99172a6e14c2cd4e6462ceb0a905a1d64804840ce62e350c6efac10a7fcb029f84af64e2256d45afd3b3f59379895740e0cd2fd24c63264f785bb6e3f40ec72ed67d1a7d87dd264743d9c951cb5aa8bc6f1d1bc9b23303d5aa7f8f6f961326757456057000cb2bacf78cc229002777e932c2640b8dfa793846ca49fa93996db95104a8808a1906b19df17e754b90582b6c49efb3ddce067dd9292291cfd2bb0323ce8098f29e4fce0de31cf5c7e2e2da5d0d0996a8be776de8fecfd3ce68e80d21f1701f6b90ac51278abbd727d19415e0ebe001b990b177b8db0c592b18a4b5e4a6221902362e5b20e6e6f2131a5a5e03c1150b179ef40c933c2fef1b79de738652ec4c32565f5cf751a11db177099c4e2e5bd7616cd0dd501d5bfccf5691de3cca590365328648baf8a9487a3c212193c9bb837594460967e823067a9465eba7001eaf609a810488ef5c147aaa5e9e8c75b585ac3582b6915e20b5aa2f79b7a94857122988c56dbce1ea52de1a56652e839bb853be3ee16052b33fb83ca54d8e4e19440a5e81492107043a66286f63ca87a1f7b8a4e9547a7eb6005419cfd28cb37e9e374f4d0143973286e87070754025c1a6fccfdc6858eaca8c35ecb19584ce7141cc79a5bc813469161b87a19fc21f3373d1f25b3427916dd1be2a589b70ea3b39fcc7801e13beaf19b76164faf3dc4ab8faa5648d24eddd6caceaa0d5ac9cad633c19a4a4d059ee823a49b7cf82c5777d376c111f58ea8fd473429907852301a2c856f27bd0c687ab5be0e2bbef64ddee1601375a4440e3f59d60f57caebfe457f82432523ec4a61cdbb7f1e91e4b05fda892df131c274b19929d26f7a5a6d3ca487983f729601ed9bb4bf5c1cc3d453d406e9534688dec6a2dd0b9db149365c125a95e129565e62cc91f7d960abe1055b730ae0994e7eb08392d5745d0e4f529c4defc3d3e43d0815b0cc63effa88d20c13b14e780c2f6c89a1ee5e4db45a5c272186cc3e51b13dab3add5f467e8ca0f4c45a1fc76db2f0cbf794102946aafcd8cd8a3e935a606b9721645c4d550ae0907f345593736506efc626498c974753d474a73626041d3a54f8fb50de2a6335611a3779da3a02daceb2256d9b102d4d30dd3cd389a04b1a7a6076879f36534bb3379debb46ed1fa2c40096c752017dd024345c58313b43070ff7bef94dc3cafbe6ec20d59e5ea3c196ba3b783bfa87384407efc664cd350c80ac397516018e35371956e414755cde304d2a228c1540ba6fd6a7402d11c666964f024da4c016eb556ba2c5fab86c60c12efb1496295d80f0383526e8e0fc55a287bbd3cb966a916f57958d8b6ef97aa0c4b47f7746bab6b99698c1c96b25c4e2e084147866fe0970b109dd26984adc0758eb6442712cc46dcd8ed3038b0595252eed1b8a46525862662d1e67eba66ac341f8d27853eed54854f488f079bd48df6ce7a4be8b1b61fd23a2dc4d3ade0992011539cc63f80fcfc75008c20cb639348cb218f8f476a6d56917f4ca07e67fc20ea2e9642eaf2182b397e279f5f6c70438fb8aa39cba788588c181461ea7efe1a0dd5b95eb26f7158b91012f7ce0ee1b4e79ce4da377bea4551738a0f491a84f19b3be9827b4469c299527aa9c20b8bf12f919976a0356bba720fb91010763c79bcbb10d89280f0f97cdd19aa0d54828b308195fac170613cf4b515e340a9ef2c97f618a9f50b30ae34ebeed9a38b4c6969680accc740b154ecb014fb5d543a59ccb98a7de2823a2dec39f331cb503eb74fef61262c6d4050bc723caee834eb28c64ce007f6027375e936b62387cf1778970e88b0574a0106d4c855be7425767c551b2fa644d9d8a59f787e7610581b768057d229673344571c3d6e3f10975b2859f568398b1f38f89524d9ad0c1588617c3883a1227b714c81cdf28da54f33968c1c50f28da01c308eb31d319b3e77f96bec001c9300000000000000009cc0062283ac112868592619db14d629c47bfb793a723dcd2f7b07ae4ec14ca3ef4b955ea5b2b153a279b080f6236d418075b86850974c8850efb306d5c304e726bf2643b4403e6d46b0e0395b02e93308b4b2c3e957308d497dc51c753344a7878f1f0c91295fd76e3d1cc9ef813161c6b92b7ea6068ceb97d8f45a4ce57af7d7632d699951f7fe3c71c3a32b014c74425c67e5030546b10cf7edcec2eca5ba31dc62c08f83f35bc2e36b93f15f071bc2537ebe9ca19f86dce4e84272e10323d0ceaa2cc47fe4f6ad101d454c761f9863e94af91199ce5f12469bca7ba39314b84aa7efa4bdc18f7700c19511d48d6132450111d70401a8ac73565d5386ca12345e884d08b23f9c901000a95eb4167865e58c28b112f47c96beeaa6657c923e25e56529107c5c30e65bb485d5ed21b91332db4e09df7e59dcfa05c994570deb3f9b838e22ae4abbf9a9a8c319cc9112c8dba7c2278f78b9578b0254c46a4c04b8fa4fedad6bd275f70b1618971ef6503379bfb0a508c9944328af2c820091a89e3f75e68e7f980ddc9154d273f7f2ce7a6294aefe93136860786679b80e41f6636ff45efeacfb52e2ba2bd9bd9c9030079a46caca5c4b340c17d01ba8ecbc5c561b2038481a8321c009d12136a3ad5461881d998eeaac5236fdcd8f81fb5e53848bb096d9198fd0d38830d1809f2a632b31e2b67754140c907ed58aead048b2d8af9a1c407e48db815212cfdcca97222dabdfe01f311a73e1e82c3e189ec5add48d3f8190eb9e14b58e540f7f1388a7c687629eadb19fd8a133dc8177629270ecaabff79efb6c1f750d89b9e6c5f34c6238066f8e3e425e46a27b3c0d2e9e2ed3cffe2a6f39b8e0137ea5de689b94107fb4748a5feb3902f0feba64dae4c2e69bc8d86463575c6b0ef4a8a64fef41121e57a8c67eda07e9fc8f98299677de198ea0a649ef3c00591940b2c27ba1414aaa1633deb52e3a44cfa8d7a00d014317c026a7d7f42a34b97128e1bf9cda4d8315819ac73ed5061bf9b5631d07b09b85b78ff1b6eb86e9e8c4faa0f991cd6fa0b0eb71b39c20ca9bc7c156f3bd255a5b408df172396bafd7f0fb11c6eaf1eb0a06576d37bee00424bf699584b1dfed68f0d8d8a35f0427c783fe2d79b4373628971e87501a5e4bb05b5058d0b2132741f26e76065b6f4017d963c8ee5605c4c5b6eebb96fca0a41893cb6add3fb0d728abeb860f22cedbd36e464bdaf124a7041460f7af3d64b54e9ffd240b5afad9baf6e5dd8406bc1b205da5848f51fc9dd51977"}}, 0xf4a) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001b80)={r1, 0xe0, &(0x7f0000001a80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000001900), &(0x7f0000001940)=[0x0, 0x0], 0x0, 0x48, &(0x7f00000004c0)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f00000019c0), &(0x7f0000001a00), 0x8, 0x44, 0x8, 0x8, &(0x7f0000001a40)}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000003c0)=ANY=[@ANYRES16=r0], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x2e, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r3}, 0x94) r4 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) close(r4) r5 = signalfd4(0xffffffffffffffff, &(0x7f00000008c0), 0x8, 0x800) mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r5}}) r6 = signalfd(0xffffffffffffffff, &(0x7f0000000280)={[0x6]}, 0x8) read$FUSE(r6, &(0x7f00000008c0)={0x2020}, 0xfffffef0) r7 = gettid() rt_sigsuspend(&(0x7f0000000040)={[0x3]}, 0x8) tkill(r7, 0x7) r8 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r8, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa) 249.23381ms ago: executing program 0 (id=4439): socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x43, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000100)={0x1, "ff0f000000000000f5a72d866b0000000000f0ffdefe00"}) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x6, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r2 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r2, 0xc0184800, &(0x7f0000000100)={0x4, r1}) ioctl$DMA_BUF_SET_NAME_A(r3, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00') r4 = openat$kvm(0xffffffffffffff9c, 0x0, 0x1, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) io_uring_setup(0x294d, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x4}) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000440)=0x2) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r5, 0xffffffffffffffff, 0x0) 175.227696ms ago: executing program 1 (id=4440): ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, &(0x7f0000000140)={0x0, 0x2c0, 0x0, 0x0}) write$USERIO_CMD_SET_PORT_TYPE(0xffffffffffffffff, &(0x7f0000000100)={0x1, 0x2}, 0x2) ioctl$KVM_CAP_X86_GUEST_MODE(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000240)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x6, 0x3, 0x8000000000005, 0x180, 0x4, 0x10, 0xf1, 0x50, 0x7fffffffffffe, 0x5, 0x0, 0x9, 0x0, 0x6, 0x6, 0x100000000000bdb], 0xffff1001, 0x124182}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x60000000002, 0x1000000000, 0x0, 0x43, 0x2000001, 0x0, 0x2004cb, 0x0, 0x1000000, 0x68ff, 0x5, 0x9, 0x3], 0xeeee8000, 0x202}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000480)={[{0x9570000, 0x3, 0x0, 0x0, 0x85, 0x1, 0xff, 0x2, 0x6, 0x4, 0x47, 0xf, 0x1}, {0x9f83, 0x7, 0xe, 0x5a, 0x1, 0xa7, 0x9, 0x81, 0x7, 0x5, 0x6, 0x3, 0x6}, {0x6, 0x1005, 0x81, 0xa, 0x6, 0x46, 0xf8, 0x4e, 0xc, 0x98, 0x1a, 0x1, 0x8}], 0x3}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 34.601857ms ago: executing program 0 (id=4441): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0) socketpair(0x25, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$igmp6(0xa, 0x3, 0x2) bind$inet6(r3, &(0x7f0000000000)={0xa, 0x4e24, 0x80, @mcast1, 0xf}, 0x1c) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0xa000, 0x1da) io_setup(0x5, &(0x7f0000000180)=0x0) sendmsg$TIPC_CMD_SET_NODE_ADDR(r4, 0x0, 0x8091) io_submit(r5, 0x3, &(0x7f0000000580)=[&(0x7f00000003c0)={0x0, 0x0, 0x0, 0x8, 0xf17, r2, &(0x7f0000000200), 0x0, 0x1000, 0x0, 0x4, r4}, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x5, 0xee, r1, 0x0, 0x0, 0x5, 0x0, 0x0, r4}, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1, 0x6, r1, &(0x7f0000000480)="5acaa90420f6f63da0a6ddf96032592b1f5692cf5240320ec7f71404c9228c3b1e385de72ad78018ab5ca20a6bf28685f7d8b5bf3255b2327bbea90971fde872ef051de7ca931a38882f225dbe22c1fc6c12d5c5723880703038d5a7fc78ec94baac064462450011f9de9aac5378840820c8dc375a3a548456959bb3e8ecefbbfaa2495a14d2c3b86f51f7f9a2e60eaf1503690a08939100f309c6648c", 0x9d, 0x4000017, 0x0, 0x0, r2}]) socket$inet_smc(0x2b, 0x1, 0x0) read$FUSE(r4, &(0x7f0000004140)={0x2020}, 0x2020) r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x62, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r7}, 0x10) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f00000005c0)) clock_nanosleep(0xb, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x0) pselect6(0x40, &(0x7f0000000100)={0x3, 0x0, 0x0, 0xfffffffffffffffd, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0xa, 0x0, 0x0, 0x4}, 0x0, 0x0) 0s ago: executing program 1 (id=4442): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) setrlimit(0x6, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000380)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x80, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x54, 0x4, 0x0, 0x1, [{0x50, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x40, 0x2, 0x0, 0x1, [@NFTA_TARGET_INFO={0x2c, 0x3, "7339f2f10455afb9fdd672bad09dfb78c7699c74e891a0c700"/40}, @NFTA_TARGET_REV={0x8}, @NFTA_TARGET_NAME={0x8, 0x1, 'LED\x00'}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xa8}, 0x1, 0x0, 0x0, 0x4000850}, 0x20040040) r2 = syz_open_dev$sndctrl(&(0x7f0000001ac0), 0x0, 0x0) r3 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r3, 0x40405514, &(0x7f0000000200)={0x9, 0x2, 0x0, 0xfffffff7, 'syz1\x00', 0xffffff7d}) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r3, 0xc1105511, &(0x7f0000000040)={0x9}) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r2, 0xc1105511, &(0x7f0000000040)) kernel console output (not intermixed with test programs): mended to keep mac addresses unique to avoid problems! [ 958.272568][T14577] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 958.322783][T14577] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 958.345472][T14577] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 958.389310][T14577] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 958.430906][T14577] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 958.441562][T14577] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 958.453178][T14577] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 958.481603][T14577] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 958.502067][T14577] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 958.535155][T14577] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 958.551248][T14577] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 958.575702][T14577] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 958.600985][T14577] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 958.610961][T14577] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 958.622054][T14577] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 958.632221][T14577] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 958.642992][T14577] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 958.653436][T14577] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 958.664306][T14577] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 958.677559][T14577] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 958.709793][T14577] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 958.718823][T14577] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 958.728803][T14577] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 958.738655][T14577] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 958.877164][ T2933] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 958.886778][ T73] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 958.900847][ T2933] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 958.932033][ T73] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 959.141548][T14684] 9pnet_virtio: no channels available for device syz [ 959.539987][T14689] usb usb7: usbfs: process 14689 (syz.3.2431) did not claim interface 0 before use [ 959.563345][T14689] qnx6: unable to set blocksize [ 959.636595][T10143] Bluetooth: hci0: command tx timeout [ 959.871819][T14701] netlink: 'syz.0.2430': attribute type 12 has an invalid length. [ 960.158540][T14705] usb usb7: usbfs: process 14705 (syz.1.2433) did not claim interface 0 before use [ 960.204203][T14705] syz.1.2433: attempt to access beyond end of device [ 960.204203][T14705] nbd1: rw=0, sector=16, nr_sectors = 1 limit=0 [ 960.231167][T14705] qnx6: unable to read the first superblock [ 960.244950][T14705] syz.1.2433: attempt to access beyond end of device [ 960.244950][T14705] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0 [ 960.270121][T14705] qnx6: unable to read the first superblock [ 960.276247][T14705] qnx6: unable to read the first superblock [ 961.414737][ T23] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 961.617129][ T23] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 961.628866][ T23] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 961.639984][ T23] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 961.663297][ T23] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 961.751653][T14722] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 961.796961][ T23] usb 1-1: Quirk or no altest; falling back to MIDI 1.0 [ 962.084945][ T23] usb 1-1: USB disconnect, device number 5 [ 963.195867][T14744] usb usb7: usbfs: process 14744 (syz.0.2443) did not claim interface 0 before use [ 963.271919][T14744] syz.0.2443: attempt to access beyond end of device [ 963.271919][T14744] nbd0: rw=0, sector=16, nr_sectors = 1 limit=0 [ 963.348904][T14744] qnx6: unable to read the first superblock [ 963.396161][T14744] syz.0.2443: attempt to access beyond end of device [ 963.396161][T14744] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0 [ 963.469071][T14744] qnx6: unable to read the first superblock [ 963.519342][T14744] qnx6: unable to read the first superblock [ 963.889211][T14757] netlink: 'syz.1.2446': attribute type 12 has an invalid length. [ 966.371152][T14783] sp0: Synchronizing with TNC [ 969.073478][T13256] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 970.391603][T13256] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 970.440173][T13256] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 970.785132][T13256] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 970.838958][T10143] Bluetooth: hci4: link tx timeout [ 970.847344][T10143] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 970.885340][T10143] Bluetooth: hci4: link tx timeout [ 970.907204][T10143] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 971.049781][T13256] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 971.080594][T13256] usb 2-1: string descriptor 0 read error: -71 [ 971.099167][T13256] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 971.109135][T13256] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 971.127579][T13256] usb 2-1: can't set config #1, error -71 [ 971.166119][T13256] usb 2-1: USB disconnect, device number 4 [ 971.302926][T14806] usb usb7: usbfs: process 14806 (syz.2.2457) did not claim interface 0 before use [ 971.346023][T14806] syz.2.2457: attempt to access beyond end of device [ 971.346023][T14806] nbd2: rw=0, sector=16, nr_sectors = 1 limit=0 [ 971.377341][T14806] qnx6: unable to read the first superblock [ 971.383572][T14806] syz.2.2457: attempt to access beyond end of device [ 971.383572][T14806] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0 [ 971.405933][T14806] qnx6: unable to read the first superblock [ 971.436304][T14806] qnx6: unable to read the first superblock [ 971.659729][T14821] bridge0: entered allmulticast mode [ 971.681079][T14821] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2460'. [ 971.700741][T14821] bridge_slave_1: left allmulticast mode [ 971.714750][T14821] bridge_slave_1: left promiscuous mode [ 971.724683][T14821] bridge0: port 2(bridge_slave_1) entered disabled state [ 971.746786][T14821] bridge_slave_0: left allmulticast mode [ 971.761558][T14821] bridge_slave_0: left promiscuous mode [ 971.783046][T14821] bridge0: port 1(bridge_slave_0) entered disabled state [ 971.882326][T14821] bridge0 (unregistering): left allmulticast mode [ 972.434940][T14833] usb usb7: usbfs: process 14833 (syz.3.2463) did not claim interface 0 before use [ 973.084897][T10143] Bluetooth: hci4: command 0x0406 tx timeout [ 973.306454][T14833] qnx6: unable to set blocksize [ 974.588789][T14860] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2469'. [ 974.662745][T14860] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 975.258667][T14869] usb usb7: usbfs: process 14869 (syz.0.2472) did not claim interface 0 before use [ 975.317323][T14869] syz.0.2472: attempt to access beyond end of device [ 975.317323][T14869] nbd0: rw=0, sector=16, nr_sectors = 1 limit=0 [ 975.354780][T14869] qnx6: unable to read the first superblock [ 975.365496][T14869] syz.0.2472: attempt to access beyond end of device [ 975.365496][T14869] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0 [ 975.395185][T10143] Bluetooth: hci4: command 0x0406 tx timeout [ 975.405271][T14869] qnx6: unable to read the first superblock [ 975.419069][T14869] qnx6: unable to read the first superblock [ 975.641093][T14872] tipc: Enabled bearer , priority 0 [ 975.655324][T14872] syzkaller0: entered promiscuous mode [ 975.671118][T14872] syzkaller0: entered allmulticast mode [ 975.762858][T14872] tipc: Resetting bearer [ 975.791032][T14871] tipc: Resetting bearer [ 975.841153][T14871] tipc: Disabling bearer [ 976.837963][T14888] usb usb7: usbfs: process 14888 (syz.2.2477) did not claim interface 0 before use [ 976.857051][T14888] syz.2.2477: attempt to access beyond end of device [ 976.857051][T14888] nbd2: rw=0, sector=16, nr_sectors = 1 limit=0 [ 976.918999][T14888] qnx6: unable to read the first superblock [ 976.938908][T14888] syz.2.2477: attempt to access beyond end of device [ 976.938908][T14888] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0 [ 976.957450][T14888] qnx6: unable to read the first superblock [ 976.963390][T14888] qnx6: unable to read the first superblock [ 978.047354][T14909] usb usb7: usbfs: process 14909 (syz.0.2484) did not claim interface 0 before use [ 978.064513][T14909] syz.0.2484: attempt to access beyond end of device [ 978.064513][T14909] nbd0: rw=0, sector=16, nr_sectors = 1 limit=0 [ 978.085129][T14909] qnx6: unable to read the first superblock [ 978.091579][T14909] syz.0.2484: attempt to access beyond end of device [ 978.091579][T14909] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0 [ 978.180791][T14909] qnx6: unable to read the first superblock [ 978.228912][T14909] qnx6: unable to read the first superblock [ 981.384469][T14960] usb usb7: usbfs: process 14960 (syz.2.2493) did not claim interface 0 before use [ 981.401326][T14960] syz.2.2493: attempt to access beyond end of device [ 981.401326][T14960] nbd2: rw=0, sector=16, nr_sectors = 1 limit=0 [ 981.417128][T14960] qnx6: unable to read the first superblock [ 981.423914][T14960] syz.2.2493: attempt to access beyond end of device [ 981.423914][T14960] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0 [ 981.444981][T14960] qnx6: unable to read the first superblock [ 981.460705][T14960] qnx6: unable to read the first superblock [ 981.582814][T14968] usb usb7: usbfs: process 14968 (syz.0.2497) did not claim interface 0 before use [ 981.621575][T14968] syz.0.2497: attempt to access beyond end of device [ 981.621575][T14968] nbd0: rw=0, sector=16, nr_sectors = 1 limit=0 [ 981.649518][T14968] qnx6: unable to read the first superblock [ 981.662572][T14968] syz.0.2497: attempt to access beyond end of device [ 981.662572][T14968] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0 [ 981.736085][T14968] qnx6: unable to read the first superblock [ 981.769499][T14968] qnx6: unable to read the first superblock [ 982.160626][T14979] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2499'. [ 982.192031][T14979] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 984.667528][T10143] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 984.685510][T10143] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 984.693772][T10143] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 984.707844][T10143] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 984.719530][T10143] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 984.730421][T10143] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 985.534306][ T2966] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 985.565691][ T2966] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 985.739852][ T2966] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 985.759905][T15019] usb usb7: usbfs: process 15019 (syz.1.2509) did not claim interface 0 before use [ 985.794198][T15019] syz.1.2509: attempt to access beyond end of device [ 985.794198][T15019] nbd1: rw=0, sector=16, nr_sectors = 1 limit=0 [ 985.814698][ T2966] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 985.861404][T15019] qnx6: unable to read the first superblock [ 985.869300][T15019] syz.1.2509: attempt to access beyond end of device [ 985.869300][T15019] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0 [ 985.882534][T15019] qnx6: unable to read the first superblock [ 985.888768][T15019] qnx6: unable to read the first superblock [ 985.989853][ T2966] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 986.007131][ T2966] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 986.177503][ T2966] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 986.211620][ T2966] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 986.732170][T14997] chnl_net:caif_netlink_parms(): no params data found [ 986.755062][T14136] Bluetooth: hci1: command tx timeout [ 988.126396][ T2966] tipc: Left network mode [ 988.555866][T14997] bridge0: port 1(bridge_slave_0) entered blocking state [ 988.568434][T14997] bridge0: port 1(bridge_slave_0) entered disabled state [ 988.591366][T14997] bridge_slave_0: entered allmulticast mode [ 988.738305][T14997] bridge_slave_0: entered promiscuous mode [ 988.791841][T14997] bridge0: port 2(bridge_slave_1) entered blocking state [ 988.825796][T14136] Bluetooth: hci1: command tx timeout [ 988.845768][T14997] bridge0: port 2(bridge_slave_1) entered disabled state [ 988.896656][T14997] bridge_slave_1: entered allmulticast mode [ 988.938655][T14997] bridge_slave_1: entered promiscuous mode [ 989.147283][T15054] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2513'. [ 989.162663][T15054] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 989.249585][T14997] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 989.251370][T14997] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 989.478388][T14997] team0: Port device team_slave_0 added [ 989.479991][T14997] team0: Port device team_slave_1 added [ 989.791935][T14997] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 989.791951][T14997] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 989.791974][T14997] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 989.794064][T14997] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 989.794077][T14997] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 989.794098][T14997] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 990.006791][ C1] vkms_vblank_simulate: vblank timer overrun [ 990.461513][T14997] hsr_slave_0: entered promiscuous mode [ 990.500164][T14997] hsr_slave_1: entered promiscuous mode [ 990.638395][T14997] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 990.646280][T14997] Cannot create hsr debugfs directory [ 991.974851][T14136] Bluetooth: hci1: command tx timeout [ 992.161987][T15087] usb usb7: usbfs: process 15087 (syz.0.2519) did not claim interface 0 before use [ 992.228368][T15091] syz.0.2519: attempt to access beyond end of device [ 992.228368][T15091] nbd0: rw=0, sector=16, nr_sectors = 1 limit=0 [ 992.305054][T15091] qnx6: unable to read the first superblock [ 992.337948][T15091] syz.0.2519: attempt to access beyond end of device [ 992.337948][T15091] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0 [ 992.351049][T15091] qnx6: unable to read the first superblock [ 992.359364][T15091] qnx6: unable to read the first superblock [ 993.055431][ T2966] hsr_slave_0: left promiscuous mode [ 993.084141][ T2966] hsr_slave_1: left promiscuous mode [ 993.115617][ T2966] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 993.123163][ T2966] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 993.144093][ T2966] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 993.162832][ T2966] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 993.185679][ T2966] bridge_slave_1: left allmulticast mode [ 993.194993][ T2966] bridge_slave_1: left promiscuous mode [ 993.202744][ T2966] bridge0: port 2(bridge_slave_1) entered disabled state [ 993.232284][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.238858][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 993.252780][ T2966] bridge_slave_0: left allmulticast mode [ 993.259114][ T2966] bridge_slave_0: left promiscuous mode [ 993.276466][ T2966] bridge0: port 1(bridge_slave_0) entered disabled state [ 993.394373][ T2966] veth1_macvtap: left promiscuous mode [ 993.410806][ T2966] veth0_macvtap: left promiscuous mode [ 993.417454][ T2966] veth1_vlan: left promiscuous mode [ 993.694567][ T2966] bond1 (unregistering): (slave geneve2): Releasing active interface [ 993.947040][ T2966] bond1 (unregistering): Released all slaves [ 994.035009][T14136] Bluetooth: hci1: command tx timeout [ 994.893859][ T2966] team0 (unregistering): Port device team_slave_1 removed [ 994.962750][ T2966] team0 (unregistering): Port device team_slave_0 removed [ 995.030121][ T2966] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 995.097795][ T2966] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 995.879785][ T2966] bond0 (unregistering): Released all slaves [ 996.032000][T15124] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2524'. [ 996.045010][T15124] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 996.122911][T15133] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2525'. [ 996.171806][T15133] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1000.735564][T15167] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2533'. [ 1000.787402][T15171] usb usb7: usbfs: process 15171 (syz.1.2534) did not claim interface 0 before use [ 1000.797250][T15167] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1000.880585][T15171] syz.1.2534: attempt to access beyond end of device [ 1000.880585][T15171] nbd1: rw=0, sector=16, nr_sectors = 1 limit=0 [ 1001.043370][T15171] qnx6: unable to read the first superblock [ 1001.076509][T15171] syz.1.2534: attempt to access beyond end of device [ 1001.076509][T15171] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0 [ 1001.159938][T15171] qnx6: unable to read the first superblock [ 1001.186778][T15171] qnx6: unable to read the first superblock [ 1001.211575][T14997] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1001.237445][T14997] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1001.251177][T14997] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1001.270952][T14997] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1001.540822][T14997] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1001.604278][T14997] 8021q: adding VLAN 0 to HW filter on device team0 [ 1001.708978][ T2933] bridge0: port 1(bridge_slave_0) entered blocking state [ 1001.716238][ T2933] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1001.746731][ T2933] bridge0: port 2(bridge_slave_1) entered blocking state [ 1001.753901][ T2933] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1001.817429][T14997] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1001.851518][T14997] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1002.473503][T14997] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1002.687717][T14997] veth0_vlan: entered promiscuous mode [ 1002.756615][T14997] veth1_vlan: entered promiscuous mode [ 1002.862799][T14997] veth0_macvtap: entered promiscuous mode [ 1002.911177][T14997] veth1_macvtap: entered promiscuous mode [ 1003.184231][T14997] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1003.267043][T14997] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1003.303860][T14997] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1005.276172][T14997] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1005.287030][T14997] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1005.297838][T14997] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1005.308012][T14997] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1005.318729][T14997] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1005.328838][T14997] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1005.339592][T14997] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1005.440542][T14997] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1005.906150][T14997] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1005.973878][T14997] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1006.010934][T14997] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1006.039710][T14997] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1006.089988][T14997] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1006.269296][T14997] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1006.322136][T14997] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1007.317111][T14997] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1007.334687][T14997] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1007.544856][T14997] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1007.589543][T14997] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1007.690445][T14997] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1007.722287][T14997] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1007.770231][T14997] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1007.814213][T14997] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1008.129111][T15260] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1008.166144][T15260] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1008.253042][ T69] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1008.301964][ T69] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1008.661388][T15313] usb usb7: usbfs: process 15313 (syz.3.2543) did not claim interface 0 before use [ 1008.708619][T15313] qnx6: unable to set blocksize [ 1008.739348][T15306] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2542'. [ 1008.754840][T15306] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1009.060776][T15328] block device autoloading is deprecated and will be removed. [ 1009.185618][T15324] md2: using deprecated bitmap file support [ 1010.589485][T15347] netlink: 'syz.1.2549': attribute type 12 has an invalid length. [ 1010.602824][T15347] netlink: 'syz.1.2549': attribute type 29 has an invalid length. [ 1010.611212][T15347] netlink: 148 bytes leftover after parsing attributes in process `syz.1.2549'. [ 1010.624804][T15347] netlink: 'syz.1.2549': attribute type 2 has an invalid length. [ 1010.634089][T15347] netlink: 23 bytes leftover after parsing attributes in process `syz.1.2549'. [ 1010.965063][T15366] netlink: 'syz.3.2550': attribute type 12 has an invalid length. [ 1011.154717][T15371] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2553'. [ 1011.185598][T15371] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1015.027267][T15421] block device autoloading is deprecated and will be removed. [ 1015.146142][T15420] md2: using deprecated bitmap file support [ 1015.152086][T15420] md2: error: bitmap file is already in use [ 1015.298402][T15430] usb usb7: usbfs: process 15430 (syz.3.2558) did not claim interface 0 before use [ 1015.396957][T15430] qnx6: unable to set blocksize [ 1015.967996][T15449] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2560'. [ 1016.116229][T15452] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2563'. [ 1016.129238][T15452] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1019.076254][T15483] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2572'. [ 1019.678340][T15501] usb usb7: usbfs: process 15501 (syz.1.2574) did not claim interface 0 before use [ 1019.725781][T15501] syz.1.2574: attempt to access beyond end of device [ 1019.725781][T15501] nbd1: rw=0, sector=16, nr_sectors = 1 limit=0 [ 1019.769959][T15501] qnx6: unable to read the first superblock [ 1019.790142][T15501] syz.1.2574: attempt to access beyond end of device [ 1019.790142][T15501] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0 [ 1019.870315][T15501] qnx6: unable to read the first superblock [ 1019.912700][T15501] qnx6: unable to read the first superblock [ 1020.029742][T15508] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2576'. [ 1021.906164][T15530] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2582'. [ 1023.260705][T15546] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2586'. [ 1023.538998][T15559] usb usb7: usbfs: process 15559 (syz.2.2588) did not claim interface 0 before use [ 1023.593441][T15559] syz.2.2588: attempt to access beyond end of device [ 1023.593441][T15559] nbd2: rw=0, sector=16, nr_sectors = 1 limit=0 [ 1023.627888][T15559] qnx6: unable to read the first superblock [ 1023.645740][T15559] syz.2.2588: attempt to access beyond end of device [ 1023.645740][T15559] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0 [ 1023.696320][T15559] qnx6: unable to read the first superblock [ 1023.702366][T15559] qnx6: unable to read the first superblock [ 1023.742022][T15562] netlink: 'syz.0.2587': attribute type 12 has an invalid length. [ 1026.487647][T15576] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2593'. [ 1026.508762][T15588] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2596'. [ 1026.953928][T15596] usb usb7: usbfs: process 15596 (syz.0.2600) did not claim interface 0 before use [ 1026.981517][T15596] syz.0.2600: attempt to access beyond end of device [ 1026.981517][T15596] nbd0: rw=0, sector=16, nr_sectors = 1 limit=0 [ 1026.994888][T15596] qnx6: unable to read the first superblock [ 1027.002236][T15596] syz.0.2600: attempt to access beyond end of device [ 1027.002236][T15596] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0 [ 1027.018458][T15596] qnx6: unable to read the first superblock [ 1027.043951][T15596] qnx6: unable to read the first superblock [ 1028.288664][T15614] 9pnet_virtio: no channels available for device syz [ 1028.747674][T15616] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2607'. [ 1030.269095][T15632] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2609'. [ 1030.583222][T15644] usb usb7: usbfs: process 15644 (syz.0.2615) did not claim interface 0 before use [ 1030.723814][T15644] syz.0.2615: attempt to access beyond end of device [ 1030.723814][T15644] nbd0: rw=0, sector=16, nr_sectors = 1 limit=0 [ 1030.723914][T15644] qnx6: unable to read the first superblock [ 1030.728706][T15644] syz.0.2615: attempt to access beyond end of device [ 1030.728706][T15644] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0 [ 1030.728813][T15644] qnx6: unable to read the first superblock [ 1030.728865][T15644] qnx6: unable to read the first superblock [ 1031.537420][T15663] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2617'. [ 1033.981791][T15703] netlink: 'syz.2.2626': attribute type 12 has an invalid length. [ 1035.105665][T15699] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2628'. [ 1037.241129][T15749] netlink: 'syz.0.2638': attribute type 12 has an invalid length. [ 1037.434058][T15746] blktrace: Concurrent blktraces are not allowed on sg0 [ 1039.005977][T15752] tty tty1: ldisc open failed (-12), clearing slot 0 [ 1039.364294][T15762] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2640'. [ 1039.695704][T15768] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2651'. [ 1043.526921][T15823] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2653'. [ 1047.082355][T10143] Bluetooth: hci1: link tx timeout [ 1047.090859][T10143] Bluetooth: hci1: killing stalled connection 10:aa:aa:aa:aa:aa [ 1047.121724][T10143] Bluetooth: hci1: link tx timeout [ 1047.133995][T10143] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa [ 1047.164973][T10143] Bluetooth: hci1: link tx timeout [ 1047.172321][T10143] Bluetooth: hci1: killing stalled connection 10:aa:aa:aa:aa:aa [ 1047.180888][T10143] Bluetooth: hci1: link tx timeout [ 1047.186161][T10143] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa [ 1049.234739][T10143] Bluetooth: hci1: command 0x0406 tx timeout [ 1049.290281][T15895] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2668'. [ 1049.300000][T15895] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2668'. [ 1049.315045][T15895] geneve2: entered promiscuous mode [ 1049.320468][T15895] geneve2: entered allmulticast mode [ 1051.347497][T14136] Bluetooth: hci1: command 0x0406 tx timeout [ 1053.704777][T14136] Bluetooth: hci1: command 0x0406 tx timeout [ 1054.673279][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 1055.578660][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 1057.952714][T15975] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2686'. [ 1058.014716][T15975] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2686'. [ 1060.423450][T16008] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2698'. [ 1060.450578][T16008] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2698'. [ 1063.293577][T16056] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2708'. [ 1063.319992][T16056] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2708'. [ 1064.670562][T16093] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2718'. [ 1064.735143][T16093] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2718'. [ 1065.752632][T16113] usb usb7: usbfs: process 16113 (syz.3.2725) did not claim interface 0 before use [ 1065.766944][T16113] qnx6: unable to set blocksize [ 1066.514279][T16130] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2728'. [ 1066.604522][T16130] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2728'. [ 1068.555969][T16173] usb usb7: usbfs: process 16173 (syz.0.2740) did not claim interface 0 before use [ 1068.605979][T16173] syz.0.2740: attempt to access beyond end of device [ 1068.605979][T16173] nbd0: rw=0, sector=16, nr_sectors = 1 limit=0 [ 1068.652989][T16173] qnx6: unable to read the first superblock [ 1068.663448][T16173] syz.0.2740: attempt to access beyond end of device [ 1068.663448][T16173] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0 [ 1068.676825][T16173] qnx6: unable to read the first superblock [ 1068.682884][T16173] qnx6: unable to read the first superblock [ 1068.987000][T16177] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2741'. [ 1069.017377][T16177] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2741'. [ 1070.282789][T15264] tipc: Left network mode [ 1070.639162][T16210] devtmpfs: Cannot change global quota limit on remount [ 1070.709806][T16212] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2751'. [ 1070.934937][T16212] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2751'. [ 1071.275585][T16216] usb usb7: usbfs: process 16216 (syz.2.2753) did not claim interface 0 before use [ 1071.329389][T16216] syz.2.2753: attempt to access beyond end of device [ 1071.329389][T16216] nbd2: rw=0, sector=16, nr_sectors = 1 limit=0 [ 1071.425296][T16216] qnx6: unable to read the first superblock [ 1071.431539][T16216] syz.2.2753: attempt to access beyond end of device [ 1071.431539][T16216] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0 [ 1071.446009][T16216] qnx6: unable to read the first superblock [ 1071.452185][T16216] qnx6: unable to read the first superblock [ 1072.043704][T16233] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(10) [ 1072.050356][T16233] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1072.059131][T16233] vhci_hcd vhci_hcd.0: Device attached [ 1072.301940][T16238] vhci_hcd: connection closed [ 1072.324733][ T9066] usb 35-1: new low-speed USB device number 2 using vhci_hcd [ 1072.324856][ T2917] vhci_hcd: stop threads [ 1072.646844][ T2917] vhci_hcd: release socket [ 1072.651383][ T2917] vhci_hcd: disconnect device [ 1072.809407][T15264] hsr_slave_0: left promiscuous mode [ 1072.865315][T15264] hsr_slave_1: left promiscuous mode [ 1072.896832][T15264] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1072.965490][T15264] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1072.994343][T15264] bridge_slave_1: left allmulticast mode [ 1073.024332][T15264] bridge_slave_1: left promiscuous mode [ 1073.030398][T15264] bridge0: port 2(bridge_slave_1) entered disabled state [ 1073.056620][T15264] bridge_slave_0: left allmulticast mode [ 1073.093539][T15264] bridge_slave_0: left promiscuous mode [ 1073.113900][T15264] bridge0: port 1(bridge_slave_0) entered disabled state [ 1073.257951][T15264] bond1 (unregistering): (slave geneve2): Releasing active interface [ 1073.571888][T15264] bond1 (unregistering): Released all slaves [ 1075.249296][T15264] team0 (unregistering): Port device team_slave_1 removed [ 1075.328987][T15264] team0 (unregistering): Port device team_slave_0 removed [ 1075.433386][T15264] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1075.545885][T15264] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1076.133187][T15264] bond0 (unregistering): Released all slaves [ 1076.225525][T16254] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2761'. [ 1076.234490][T16255] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2761'. [ 1076.264178][T16271] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2764'. [ 1076.341538][T16271] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1077.021511][T16297] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2770'. [ 1077.063064][T16297] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1077.225305][T10143] Bluetooth: hci2: command 0x0406 tx timeout [ 1077.332018][T16301] syz_tun: entered allmulticast mode [ 1077.348071][T16301] dvmrp8: entered allmulticast mode [ 1077.371648][T16300] syz_tun: left allmulticast mode [ 1077.379828][T16300] dvmrp8: left allmulticast mode [ 1077.465723][ T9066] vhci_hcd: vhci_device speed not set [ 1078.023295][T16316] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2778'. [ 1078.103143][T16316] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2778'. [ 1078.499505][T16324] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2779'. [ 1078.546145][T16324] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1080.240033][T16348] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2787'. [ 1080.244901][ T8] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 1080.313008][T16348] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1080.424752][ T8] usb 2-1: device descriptor read/64, error -71 [ 1080.501559][T16351] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2788'. [ 1080.522565][T16351] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2788'. [ 1080.705185][ T8] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 1080.864899][ T8] usb 2-1: device descriptor read/64, error -71 [ 1081.022532][ T8] usb usb2-port1: attempt power cycle [ 1081.444901][ T8] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 1081.508001][ T8] usb 2-1: device descriptor read/8, error -71 [ 1081.778219][ T8] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 1081.824071][ T8] usb 2-1: device descriptor read/8, error -71 [ 1081.950781][ T8] usb usb2-port1: unable to enumerate USB device [ 1082.964532][T16389] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2798'. [ 1082.992487][T16389] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2798'. [ 1083.673763][T16401] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2799'. [ 1084.466650][T16401] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1085.455544][T16421] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2807'. [ 1085.534077][T16421] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2807'. [ 1087.408382][T16461] syz_tun: entered allmulticast mode [ 1087.439596][T16461] dvmrp8: entered allmulticast mode [ 1087.491068][T16460] syz_tun: left allmulticast mode [ 1087.497450][T16460] dvmrp8: left allmulticast mode [ 1087.644177][T16464] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2819'. [ 1087.659400][T16464] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2819'. [ 1088.681098][T16473] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2817'. [ 1088.807342][T16473] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1091.234495][T16513] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2829'. [ 1091.259090][T16513] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2829'. [ 1092.614790][T10143] Bluetooth: hci0: command 0x0406 tx timeout [ 1094.688663][T16529] IPVS: Unknown mcast interface: nicvf0 [ 1094.745494][T10143] Bluetooth: hci1: command 0x0406 tx timeout [ 1095.073611][T16544] binder_alloc: 16543: binder_alloc_buf, no vma [ 1096.520144][T16566] fuse: blksize only supported for fuseblk [ 1096.784001][T16564] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2842'. [ 1099.911412][T16613] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2855'. [ 1102.592414][T16665] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2868'. [ 1104.568933][T16704] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2879'. [ 1104.690670][T16711] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2880'. [ 1104.705583][T16711] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2880'. [ 1104.745020][T16702] IPVS: Unknown mcast interface: nicvf0 [ 1106.074308][T16737] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2889'. [ 1106.092913][T16737] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2889'. [ 1106.379577][T16739] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2888'. [ 1106.509305][T10143] Bluetooth: hci1: command 0x0406 tx timeout [ 1107.050164][T16753] usb usb7: usbfs: process 16753 (syz.0.2892) did not claim interface 0 before use [ 1107.083364][T16753] syz.0.2892: attempt to access beyond end of device [ 1107.083364][T16753] nbd0: rw=0, sector=16, nr_sectors = 1 limit=0 [ 1107.115514][T16753] qnx6: unable to read the first superblock [ 1107.121781][T16753] syz.0.2892: attempt to access beyond end of device [ 1107.121781][T16753] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0 [ 1107.134708][T16753] qnx6: unable to read the first superblock [ 1107.142021][T16753] qnx6: unable to read the first superblock [ 1108.554211][T16773] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2898'. [ 1108.605105][T16773] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2898'. [ 1108.811933][T16784] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2900'. [ 1110.505268][T14136] Bluetooth: hci1: command 0x0406 tx timeout [ 1111.411580][T16821] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2909'. [ 1111.455467][T16821] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1111.558290][T16825] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2910'. [ 1112.584832][T14136] Bluetooth: hci1: command 0x0406 tx timeout [ 1113.322594][T16830] fuse: blksize only supported for fuseblk [ 1113.923658][T16838] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2913'. [ 1113.960681][T16838] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1116.145494][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 1116.151838][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 1116.207257][T16849] netlink: 'syz.3.2915': attribute type 12 has an invalid length. [ 1116.375067][T16854] fuse: Unknown parameter '0x0000000000000003' [ 1116.446364][T16851] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2919'. [ 1116.904727][T14136] Bluetooth: hci1: command 0x0406 tx timeout [ 1117.691403][T16876] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2924'. [ 1117.734412][T16876] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1117.770773][T16881] usb usb7: usbfs: process 16881 (syz.1.2927) did not claim interface 0 before use [ 1118.796711][T16889] syz.1.2927: attempt to access beyond end of device [ 1118.796711][T16889] nbd1: rw=0, sector=16, nr_sectors = 1 limit=0 [ 1118.895764][T16889] qnx6: unable to read the first superblock [ 1118.902011][T16889] syz.1.2927: attempt to access beyond end of device [ 1118.902011][T16889] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0 [ 1118.941978][T16893] fuse: Unknown parameter '0x0000000000000003' [ 1118.953372][T16889] qnx6: unable to read the first superblock [ 1118.983620][T16889] qnx6: unable to read the first superblock [ 1119.269834][T16896] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2930'. [ 1119.413678][T16903] fuse: Bad value for 'fd' [ 1119.500127][T16905] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2928'. [ 1119.556269][T16908] fuse: Bad value for 'fd' [ 1119.640790][T16905] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1120.895815][T16919] netlink: 'syz.0.2934': attribute type 12 has an invalid length. [ 1121.130015][T16931] fuse: Unknown parameter '0x0000000000000003' [ 1121.216574][T16934] usb usb7: usbfs: process 16934 (syz.3.2939) did not claim interface 0 before use [ 1121.379184][T16934] qnx6: unable to set blocksize [ 1122.293898][T16940] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2940'. [ 1123.795301][T16956] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2942'. [ 1123.868498][T16956] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1124.816467][T16980] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2947'. [ 1124.908117][T16980] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1125.356894][T16987] usb usb7: usbfs: process 16987 (syz.0.2950) did not claim interface 0 before use [ 1125.432114][T16987] syz.0.2950: attempt to access beyond end of device [ 1125.432114][T16987] nbd0: rw=0, sector=16, nr_sectors = 1 limit=0 [ 1125.481431][T16987] qnx6: unable to read the first superblock [ 1125.514502][T16987] syz.0.2950: attempt to access beyond end of device [ 1125.514502][T16987] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0 [ 1125.549341][T16987] qnx6: unable to read the first superblock [ 1125.565837][T16987] qnx6: unable to read the first superblock [ 1125.612527][T16989] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2951'. [ 1126.423369][T17003] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2962'. [ 1127.661982][T17029] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2958'. [ 1127.857764][T17029] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1128.272535][T17030] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2959'. [ 1128.417795][T17030] lo: entered promiscuous mode [ 1128.422860][T17030] lo: entered allmulticast mode [ 1128.673364][T17030] tunl0: entered promiscuous mode [ 1128.682260][T17030] tunl0: entered allmulticast mode [ 1128.698223][T17030] gre0: entered promiscuous mode [ 1128.708151][T17030] gre0: entered allmulticast mode [ 1128.953488][T17030] gretap0: entered promiscuous mode [ 1129.172820][T17030] gretap0: entered allmulticast mode [ 1129.236053][T17030] erspan0: entered promiscuous mode [ 1129.292349][T17030] erspan0: entered allmulticast mode [ 1129.404362][T17030] ip_vti0: entered promiscuous mode [ 1129.426790][T17030] ip_vti0: entered allmulticast mode [ 1129.463755][T17030] ip6_vti0: entered promiscuous mode [ 1129.485074][T17030] ip6_vti0: entered allmulticast mode [ 1129.529127][T17030] sit0: entered promiscuous mode [ 1129.534114][T17030] sit0: entered allmulticast mode [ 1129.626177][T17030] ip6tnl0: entered promiscuous mode [ 1129.650335][T17030] ip6tnl0: entered allmulticast mode [ 1129.717944][T17030] ip6gre0: entered promiscuous mode [ 1129.728925][T17030] ip6gre0: entered allmulticast mode [ 1129.778070][T17030] syz_tun: entered promiscuous mode [ 1129.786665][T17030] syz_tun: entered allmulticast mode [ 1129.793191][T17030] ip6gretap0: entered promiscuous mode [ 1129.799028][T17030] ip6gretap0: entered allmulticast mode [ 1129.812328][T17030] bridge0: entered promiscuous mode [ 1129.817942][T17030] bridge0: entered allmulticast mode [ 1129.827528][T17030] vcan0: entered promiscuous mode [ 1129.838439][T17030] vcan0: entered allmulticast mode [ 1129.847891][T17030] bond0: entered promiscuous mode [ 1129.853706][T17030] bond_slave_0: entered promiscuous mode [ 1129.860956][T17030] bond_slave_1: entered promiscuous mode [ 1129.873411][T17030] bond0: entered allmulticast mode [ 1129.890344][T17030] bond_slave_0: entered allmulticast mode [ 1129.898657][T17030] bond_slave_1: entered allmulticast mode [ 1129.919401][T17030] team0: entered promiscuous mode [ 1129.934398][T17030] team_slave_0: entered promiscuous mode [ 1129.943402][T17030] team_slave_1: entered promiscuous mode [ 1129.961453][T17030] team0: entered allmulticast mode [ 1129.994825][T17030] team_slave_0: entered allmulticast mode [ 1130.000844][T17030] team_slave_1: entered allmulticast mode [ 1130.017844][T17030] dummy0: entered promiscuous mode [ 1130.028936][T17030] dummy0: entered allmulticast mode [ 1130.048789][T17030] nlmon0: entered promiscuous mode [ 1130.054284][T17030] nlmon0: entered allmulticast mode [ 1130.071869][T17030] caif0: entered promiscuous mode [ 1130.087205][T17030] caif0: entered allmulticast mode [ 1130.093791][T17030] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1130.379984][T17054] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2961'. [ 1130.464034][T17054] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1130.921420][T17061] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2966'. [ 1135.613199][T17111] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2976'. [ 1138.179157][T17145] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2979'. [ 1138.204856][T17145] lo: left promiscuous mode [ 1138.212986][T17145] lo: left allmulticast mode [ 1138.224893][T17145] tunl0: left promiscuous mode [ 1138.232882][T17145] tunl0: left allmulticast mode [ 1138.244682][T17145] gre0: left promiscuous mode [ 1138.249448][T17145] gre0: left allmulticast mode [ 1138.288416][T17145] gretap0: left promiscuous mode [ 1138.314237][T17145] gretap0: left allmulticast mode [ 1138.363099][T17151] usb usb7: usbfs: process 17151 (syz.2.2986) did not claim interface 0 before use [ 1138.387157][T17151] syz.2.2986: attempt to access beyond end of device [ 1138.387157][T17151] nbd2: rw=0, sector=16, nr_sectors = 1 limit=0 [ 1138.400226][T17151] qnx6: unable to read the first superblock [ 1138.407294][T17151] syz.2.2986: attempt to access beyond end of device [ 1138.407294][T17151] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0 [ 1138.424086][T17151] qnx6: unable to read the first superblock [ 1138.430577][T17151] qnx6: unable to read the first superblock [ 1138.466128][T17145] erspan0: left promiscuous mode [ 1138.471230][T17145] erspan0: left allmulticast mode [ 1138.480498][T17145] ip_vti0: left promiscuous mode [ 1138.498840][T17145] ip_vti0: left allmulticast mode [ 1138.511459][T17145] ip6_vti0: left promiscuous mode [ 1138.530856][T17145] ip6_vti0: left allmulticast mode [ 1138.540947][T17145] sit0: left promiscuous mode [ 1138.550868][T17145] sit0: left allmulticast mode [ 1138.561687][T17145] ip6tnl0: left promiscuous mode [ 1138.570415][T17145] ip6tnl0: left allmulticast mode [ 1138.585205][T17145] ip6gre0: left promiscuous mode [ 1138.590185][T17145] ip6gre0: left allmulticast mode [ 1138.615358][T17145] syz_tun: left promiscuous mode [ 1138.620525][T17145] syz_tun: left allmulticast mode [ 1138.631345][T17145] ip6gretap0: left promiscuous mode [ 1138.646467][T17145] ip6gretap0: left allmulticast mode [ 1138.669345][T17145] bridge0: left promiscuous mode [ 1138.675159][T17145] bridge0: left allmulticast mode [ 1138.693918][T17145] vcan0: left promiscuous mode [ 1138.712378][T17145] vcan0: left allmulticast mode [ 1138.752106][T17159] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2988'. [ 1138.778517][T17145] bond0: left promiscuous mode [ 1138.783524][T17145] bond_slave_0: left promiscuous mode [ 1138.801909][T17145] bond_slave_1: left promiscuous mode [ 1138.823419][T17145] bond0: left allmulticast mode [ 1138.867483][T17145] bond_slave_0: left allmulticast mode [ 1138.873191][T17145] bond_slave_1: left allmulticast mode [ 1138.884297][T17145] team0: left promiscuous mode [ 1138.890802][T17145] team_slave_0: left promiscuous mode [ 1138.896808][T17145] team_slave_1: left promiscuous mode [ 1138.902569][T17145] team0: left allmulticast mode [ 1138.939432][T17145] team_slave_0: left allmulticast mode [ 1138.951601][T17145] team_slave_1: left allmulticast mode [ 1138.959892][T17145] dummy0: left promiscuous mode [ 1138.969014][T17145] dummy0: left allmulticast mode [ 1138.976461][T17145] nlmon0: left promiscuous mode [ 1138.983806][T17145] nlmon0: left allmulticast mode [ 1138.992304][T17145] caif0: left promiscuous mode [ 1138.997764][T17145] caif0: left allmulticast mode [ 1139.043954][T17145] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1139.192323][T17167] fuse: Bad value for 'fd' [ 1140.557967][T17186] binder: BINDER_SET_CONTEXT_MGR already set [ 1140.564238][T17186] binder: 17185:17186 ioctl 4018620d 200000000040 returned -16 [ 1141.241151][T17195] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2997'. [ 1141.852189][T17210] usb usb7: usbfs: process 17210 (syz.0.3001) did not claim interface 0 before use [ 1141.944465][T17210] syz.0.3001: attempt to access beyond end of device [ 1141.944465][T17210] nbd0: rw=0, sector=16, nr_sectors = 1 limit=0 [ 1141.965583][T17210] qnx6: unable to read the first superblock [ 1141.972605][T17210] syz.0.3001: attempt to access beyond end of device [ 1141.972605][T17210] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0 [ 1141.985775][T17210] qnx6: unable to read the first superblock [ 1141.991897][T17210] qnx6: unable to read the first superblock [ 1143.143530][T17234] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3002'. [ 1143.284293][T17234] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1143.820175][T17240] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3006'. [ 1144.037984][T17246] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3007'. [ 1144.074887][T17246] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3007'. [ 1147.749042][T17273] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3015'. [ 1148.526153][T17288] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3018'. [ 1150.302126][T17288] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1152.126378][T17316] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3026'. [ 1153.417471][T17334] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3030'. [ 1153.840787][T17334] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1154.478704][T17352] syz.3.3035 (17352): /proc/17351/oom_adj is deprecated, please use /proc/17351/oom_score_adj instead. [ 1154.588992][T17352] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3035'. [ 1155.716448][T17360] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3038'. [ 1155.747005][T17360] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3038'. [ 1157.945437][T14136] Bluetooth: hci1: command 0x0406 tx timeout [ 1158.090829][T17366] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3039'. [ 1158.491279][T17387] netlink: 120 bytes leftover after parsing attributes in process `syz.2.3046'. [ 1159.103142][T17392] nvme_fabrics: missing parameter 'transport=%s' [ 1159.202039][T17392] nvme_fabrics: missing parameter 'nqn=%s' [ 1159.293177][T17398] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3047'. [ 1159.914415][T17398] bridge0: port 2(bridge_slave_1) entered disabled state [ 1159.922132][T17398] bridge0: port 1(bridge_slave_0) entered disabled state [ 1160.257467][T17398] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1160.294537][T17398] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1160.668006][T17398] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1160.677980][T17398] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1160.687052][T17398] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1160.699752][T17398] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1160.709093][T17398] geneve2: left promiscuous mode [ 1160.714050][T17398] geneve2: left allmulticast mode [ 1160.729927][T17397] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3048'. [ 1160.760319][T17400] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR [ 1160.829315][T17402] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3048'. [ 1162.928555][T17413] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3051'. [ 1163.224968][T14136] Bluetooth: hci1: command 0x0406 tx timeout [ 1165.923974][T17439] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3058'. [ 1165.975209][T17439] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3058'. [ 1166.409737][T17450] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3057'. [ 1166.842141][T17456] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3062'. [ 1167.361186][T17450] bridge0: port 2(bridge_slave_1) entered disabled state [ 1167.367581][T17463] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3064'. [ 1167.368857][T17450] bridge0: port 1(bridge_slave_0) entered disabled state [ 1169.722753][T17450] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1169.800265][T17450] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1170.212954][T17450] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1170.229187][T17450] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1170.239176][T17450] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1170.251565][T17450] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1173.178836][T17509] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3077'. [ 1178.180906][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 1178.188772][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 1178.377805][T17552] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3088'. [ 1182.895696][T17595] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3095'. [ 1183.175347][T17598] binder: 17597:17598 ioctl 4018620d 0 returned -22 [ 1183.496295][T17600] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3100'. [ 1188.104928][T10143] Bluetooth: hci1: command 0x0406 tx timeout [ 1188.120297][T17636] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3112'. [ 1192.104983][T10143] Bluetooth: hci1: command 0x0406 tx timeout [ 1192.334919][T17673] usb usb7: usbfs: process 17673 (syz.0.3122) did not claim interface 0 before use [ 1197.704831][T10143] Bluetooth: hci1: command 0x0406 tx timeout [ 1198.142925][T17710] usb usb7: usbfs: process 17710 (syz.3.3134) did not claim interface 0 before use [ 1198.982495][T17729] binder: BINDER_SET_CONTEXT_MGR already set [ 1198.992230][T17729] binder: 17728:17729 ioctl 4018620d 200000000040 returned -16 [ 1201.112107][T17754] usb usb7: usbfs: process 17754 (syz.2.3146) did not claim interface 0 before use [ 1201.748908][T17771] binder: BINDER_SET_CONTEXT_MGR already set [ 1201.773873][T17771] binder: 17770:17771 ioctl 4018620d 200000000040 returned -16 [ 1203.725234][T17791] usb usb7: usbfs: process 17791 (syz.2.3155) did not claim interface 0 before use [ 1203.739530][T17791] syz.2.3155: attempt to access beyond end of device [ 1203.739530][T17791] nbd2: rw=0, sector=16, nr_sectors = 1 limit=0 [ 1203.753873][T17791] qnx6: unable to read the first superblock [ 1203.780755][T17791] syz.2.3155: attempt to access beyond end of device [ 1203.780755][T17791] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0 [ 1203.822648][T17791] qnx6: unable to read the first superblock [ 1203.831688][T17791] qnx6: unable to read the first superblock [ 1205.435615][T17806] binder: 17805:17806 ioctl c0306201 0 returned -14 [ 1205.443108][T17807] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3158'. [ 1206.273426][T17817] usb usb7: usbfs: process 17817 (syz.1.3161) did not claim interface 0 before use [ 1207.176485][T17828] fuse: Bad value for 'group_id' [ 1207.640937][T17807] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1207.812342][T17807] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1208.542062][T17838] binder: 17837:17838 ioctl c0306201 0 returned -14 [ 1209.074702][T17807] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1209.084954][T17807] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1209.094018][T17807] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1209.103237][T17807] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1210.498546][T17861] usb usb7: usbfs: process 17861 (syz.3.3173) did not claim interface 0 before use [ 1210.888376][T17870] fuse: Bad value for 'group_id' [ 1210.993671][T17872] binder: 17871:17872 ioctl c0306201 0 returned -14 [ 1211.890023][T17889] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3183'. [ 1213.270205][T17909] usb usb7: usbfs: process 17909 (syz.0.3190) did not claim interface 0 before use [ 1214.118430][T17928] usb usb7: usbfs: process 17928 (syz.2.3195) did not claim interface 0 before use [ 1214.187834][T17928] syz.2.3195: attempt to access beyond end of device [ 1214.187834][T17928] nbd2: rw=0, sector=16, nr_sectors = 1 limit=0 [ 1214.269140][T17928] qnx6: unable to read the first superblock [ 1214.348615][T17928] syz.2.3195: attempt to access beyond end of device [ 1214.348615][T17928] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0 [ 1214.362297][T17928] qnx6: unable to read the first superblock [ 1214.368798][T17928] qnx6: unable to read the first superblock [ 1215.641806][T17949] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3199'. [ 1216.047158][T17959] block device autoloading is deprecated and will be removed. [ 1216.898119][T17968] usb usb7: usbfs: process 17968 (syz.2.3205) did not claim interface 0 before use [ 1217.623942][T17986] usb usb7: usbfs: process 17986 (syz.0.3210) did not claim interface 0 before use [ 1217.663821][T17986] syz.0.3210: attempt to access beyond end of device [ 1217.663821][T17986] nbd0: rw=0, sector=16, nr_sectors = 1 limit=0 [ 1217.680813][T17986] qnx6: unable to read the first superblock [ 1217.687605][T17986] syz.0.3210: attempt to access beyond end of device [ 1217.687605][T17986] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0 [ 1217.773785][T17986] qnx6: unable to read the first superblock [ 1217.815004][T17986] qnx6: unable to read the first superblock [ 1219.292578][T18014] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3214'. [ 1221.946963][T18034] qnx6: unable to set blocksize [ 1222.943438][T18049] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1223.577557][T18049] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3225'. [ 1225.719003][T18083] usb usb7: usbfs: process 18083 (syz.0.3233) did not claim interface 0 before use [ 1225.733015][T18083] syz.0.3233: attempt to access beyond end of device [ 1225.733015][T18083] nbd0: rw=0, sector=16, nr_sectors = 1 limit=0 [ 1225.754860][T18083] qnx6: unable to read the first superblock [ 1225.761183][T18083] syz.0.3233: attempt to access beyond end of device [ 1225.761183][T18083] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0 [ 1225.774643][T18083] qnx6: unable to read the first superblock [ 1225.781055][T18083] qnx6: unable to read the first superblock [ 1229.544369][T18118] fuse: Unknown parameter 'grou00000000000000000000' [ 1231.891822][T18137] usb usb7: usbfs: process 18137 (syz.1.3247) did not claim interface 0 before use [ 1231.942751][T18137] syz.1.3247: attempt to access beyond end of device [ 1231.942751][T18137] nbd1: rw=0, sector=16, nr_sectors = 1 limit=0 [ 1232.014310][T18137] qnx6: unable to read the first superblock [ 1232.020716][T18137] syz.1.3247: attempt to access beyond end of device [ 1232.020716][T18137] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0 [ 1232.038396][T18137] qnx6: unable to read the first superblock [ 1232.044334][T18137] qnx6: unable to read the first superblock [ 1232.477073][T18154] fuse: Unknown parameter 'grou00000000000000000000' [ 1235.103510][T18179] fuse: Bad value for 'fd' [ 1235.166698][T18181] Bluetooth: MGMT ver 1.22 [ 1235.248513][T18183] fuse: Unknown parameter 'grou00000000000000000000' [ 1236.560153][T18200] usb usb7: usbfs: process 18200 (syz.1.3267) did not claim interface 0 before use [ 1236.598315][T18200] syz.1.3267: attempt to access beyond end of device [ 1236.598315][T18200] nbd1: rw=0, sector=16, nr_sectors = 1 limit=0 [ 1236.622864][T18200] qnx6: unable to read the first superblock [ 1236.640793][T18200] syz.1.3267: attempt to access beyond end of device [ 1236.640793][T18200] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0 [ 1236.712805][T18200] qnx6: unable to read the first superblock [ 1236.750708][T18200] qnx6: unable to read the first superblock [ 1237.002445][T18210] 9pnet_virtio: no channels available for device syz [ 1238.218427][T18230] fuse: Unknown parameter 'group_i00000000000000000000' [ 1239.556021][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 1239.564724][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 1239.675365][ T5788] hid-generic 00A0:0008:0003.0005: unknown main item tag 0x7 [ 1239.709496][ T5788] hid-generic 00A0:0008:0003.0005: item fetching failed at offset 14/15 [ 1239.740932][ T5788] hid-generic: probe of 00A0:0008:0003.0005 failed with error -22 [ 1240.019127][T18248] binder: 18247:18248 ioctl 4018620d 0 returned -22 [ 1240.366165][T18251] usb usb7: usbfs: process 18251 (syz.1.3281) did not claim interface 0 before use [ 1240.397594][T18251] syz.1.3281: attempt to access beyond end of device [ 1240.397594][T18251] nbd1: rw=0, sector=16, nr_sectors = 1 limit=0 [ 1240.414206][T18251] qnx6: unable to read the first superblock [ 1240.421257][T18251] syz.1.3281: attempt to access beyond end of device [ 1240.421257][T18251] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0 [ 1240.434283][T18251] qnx6: unable to read the first superblock [ 1240.440411][T18251] qnx6: unable to read the first superblock [ 1243.545748][T18290] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3289'. [ 1243.565533][T18290] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3289'. [ 1243.665459][T18292] fuse: Unknown parameter 'group_i00000000000000000000' [ 1243.697930][T18293] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3287'. [ 1244.119109][T18293] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1244.168279][T18293] 8021q: adding VLAN 0 to HW filter on device team0 [ 1244.220765][T18297] binder: 18294:18297 ioctl 4018620d 0 returned -22 [ 1244.373048][T18305] usb usb7: usbfs: process 18305 (syz.1.3293) did not claim interface 0 before use [ 1244.385918][T18305] syz.1.3293: attempt to access beyond end of device [ 1244.385918][T18305] nbd1: rw=0, sector=16, nr_sectors = 1 limit=0 [ 1244.404175][T18305] qnx6: unable to read the first superblock [ 1244.435076][T18305] syz.1.3293: attempt to access beyond end of device [ 1244.435076][T18305] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0 [ 1244.481514][T18293] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1244.505557][T18305] qnx6: unable to read the first superblock [ 1244.576040][T18305] qnx6: unable to read the first superblock [ 1247.396618][T18332] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3299'. [ 1247.442045][T18332] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3299'. [ 1248.422093][T18346] binder: 18344:18346 ioctl 4018620d 0 returned -22 [ 1248.901899][T18354] usb usb7: usbfs: process 18354 (syz.0.3304) did not claim interface 0 before use [ 1248.924467][T18354] syz.0.3304: attempt to access beyond end of device [ 1248.924467][T18354] nbd0: rw=0, sector=16, nr_sectors = 1 limit=0 [ 1248.992294][T18354] qnx6: unable to read the first superblock [ 1249.028736][T18354] syz.0.3304: attempt to access beyond end of device [ 1249.028736][T18354] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0 [ 1249.235994][T18354] qnx6: unable to read the first superblock [ 1249.261721][T18354] qnx6: unable to read the first superblock [ 1252.155535][T18387] fuse: Unknown parameter 'group_id00000000000000000000' [ 1252.467998][T18391] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3313'. [ 1252.487317][T18391] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3313'. [ 1252.745573][T18396] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3312'. [ 1252.839464][T18400] usb usb7: usbfs: process 18400 (syz.1.3315) did not claim interface 0 before use [ 1252.863039][T18400] syz.1.3315: attempt to access beyond end of device [ 1252.863039][T18400] nbd1: rw=0, sector=16, nr_sectors = 1 limit=0 [ 1252.904054][T18400] qnx6: unable to read the first superblock [ 1252.949175][T18400] syz.1.3315: attempt to access beyond end of device [ 1252.949175][T18400] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0 [ 1252.994057][T18400] qnx6: unable to read the first superblock [ 1253.034312][T18396] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1253.050451][T18400] qnx6: unable to read the first superblock [ 1253.566294][T18411] usb usb7: usbfs: process 18411 (syz.2.3318) did not claim interface 0 before use [ 1253.761789][T18418] fuse: Unknown parameter 'group_id00000000000000000000' [ 1256.053516][T18445] binder: 18444:18445 ioctl c0306201 0 returned -14 [ 1256.554891][ T5854] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 1256.746763][ T5854] usb 4-1: config index 0 descriptor too short (expected 39, got 27) [ 1256.767429][ T5854] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1256.792882][ T5854] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1256.815767][ T5854] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 1256.835558][ T5854] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 1256.843854][ T5854] usb 4-1: Product: syz [ 1256.859353][ T5854] usb 4-1: Manufacturer: syz [ 1256.864045][ T5854] usb 4-1: SerialNumber: syz [ 1256.901595][ T5854] usb 4-1: config 0 descriptor?? [ 1256.922919][ T5854] hub 4-1:0.0: bad descriptor, ignoring hub [ 1256.944730][ T5854] hub: probe of 4-1:0.0 failed with error -5 [ 1256.974026][ T5854] usb 4-1: selecting invalid altsetting 0 [ 1257.377470][T18456] usb usb7: usbfs: process 18456 (syz.1.3328) did not claim interface 0 before use [ 1257.417419][T18456] syz.1.3328: attempt to access beyond end of device [ 1257.417419][T18456] nbd1: rw=0, sector=16, nr_sectors = 1 limit=0 [ 1257.483281][T18456] qnx6: unable to read the first superblock [ 1257.538136][T18456] syz.1.3328: attempt to access beyond end of device [ 1257.538136][T18456] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0 [ 1257.572119][T18456] qnx6: unable to read the first superblock [ 1257.580446][T18456] qnx6: unable to read the first superblock [ 1257.654294][T18462] fuse: Unknown parameter 'group_id00000000000000000000' [ 1257.781954][T18465] usb usb7: usbfs: process 18465 (syz.2.3330) did not claim interface 0 before use [ 1259.609892][T18489] fuse: Bad value for 'user_id' [ 1259.896922][ T5788] usb 4-1: USB disconnect, device number 3 [ 1260.022998][T18495] fuse: Bad value for 'user_id' [ 1260.723055][T18508] usb usb7: usbfs: process 18508 (syz.0.3342) did not claim interface 0 before use [ 1262.609585][T18531] fuse: Bad value for 'user_id' [ 1262.748498][T18538] fuse: Unknown parameter 'group_id00000000000000000000' [ 1262.970436][T18541] fuse: Bad value for 'fd' [ 1263.079574][T18544] usb usb7: usbfs: process 18544 (syz.2.3353) did not claim interface 0 before use [ 1265.050205][T18563] fuse: Bad value for 'fd' [ 1265.160566][T18568] syz.0.3361: attempt to access beyond end of device [ 1265.160566][T18568] nbd0: rw=0, sector=16, nr_sectors = 1 limit=0 [ 1265.182519][T18570] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3355'. [ 1265.204737][T18568] qnx6: unable to read the first superblock [ 1265.219649][T18568] syz.0.3361: attempt to access beyond end of device [ 1265.219649][T18568] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0 [ 1265.250739][T18568] qnx6: unable to read the first superblock [ 1265.262943][T18568] qnx6: unable to read the first superblock [ 1265.366079][T18570] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1265.390187][T18570] 8021q: adding VLAN 0 to HW filter on device team0 [ 1265.422833][T18570] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1265.593174][T18579] fuse: Unknown parameter 'group_id00000000000000000000' [ 1265.783661][T18583] usb usb7: usbfs: process 18583 (syz.2.3364) did not claim interface 0 before use [ 1267.733567][T18601] fuse: Bad value for 'fd' [ 1267.875224][T18606] fuse: Unknown parameter 'group_id00000000000000000000' [ 1267.934485][T18610] usb usb7: usbfs: process 18610 (syz.1.3374) did not claim interface 0 before use [ 1268.033479][T18613] syz.2.3375: attempt to access beyond end of device [ 1268.033479][T18613] nbd2: rw=0, sector=16, nr_sectors = 1 limit=0 [ 1268.046896][T18613] qnx6: unable to read the first superblock [ 1268.053126][T18613] syz.2.3375: attempt to access beyond end of device [ 1268.053126][T18613] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0 [ 1268.095683][T18613] qnx6: unable to read the first superblock [ 1268.135945][T18613] qnx6: unable to read the first superblock [ 1269.210495][T18630] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3378'. [ 1269.529283][T18630] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1270.292158][T18641] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 1272.122200][T18653] fuse: Bad value for 'user_id' [ 1272.146796][T18655] usb usb7: usbfs: process 18655 (syz.1.3385) did not claim interface 0 before use [ 1272.260447][T18659] tipc: Started in network mode [ 1272.267939][T10143] Bluetooth: hci1: command 0x0406 tx timeout [ 1272.271520][T18659] tipc: Node identity 080211000001, cluster identity 4711 [ 1272.305200][T18659] tipc: Enabled bearer , priority 0 [ 1272.346952][T18661] syz.2.3387: attempt to access beyond end of device [ 1272.346952][T18661] nbd2: rw=0, sector=16, nr_sectors = 1 limit=0 [ 1272.361685][T18661] qnx6: unable to read the first superblock [ 1272.367859][T18659] mac80211_hwsim hwsim13 syzkaller0: entered promiscuous mode [ 1272.376296][T18661] syz.2.3387: attempt to access beyond end of device [ 1272.376296][T18661] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0 [ 1272.394881][T18659] mac80211_hwsim hwsim13 syzkaller0: entered allmulticast mode [ 1272.414061][T18661] qnx6: unable to read the first superblock [ 1272.451270][T18661] qnx6: unable to read the first superblock [ 1272.540991][T18659] tipc: Resetting bearer [ 1273.406349][T16586] tipc: Node number set to 134418688 [ 1273.809709][T18688] fuse: Bad value for 'user_id' [ 1275.878097][T18691] usb usb7: usbfs: process 18691 (syz.3.3396) did not claim interface 0 before use [ 1275.954791][T18651] Bluetooth: hci1: command 0x0406 tx timeout [ 1276.247421][T18698] bridge_slave_0: left allmulticast mode [ 1276.263421][T18698] bridge_slave_0: left promiscuous mode [ 1276.281424][T18698] bridge0: port 1(bridge_slave_0) entered disabled state [ 1276.329181][T18698] bridge_slave_1: left allmulticast mode [ 1276.337493][T18698] bridge_slave_1: left promiscuous mode [ 1276.391053][T18698] bridge0: port 2(bridge_slave_1) entered disabled state [ 1276.620142][T18698] bond0: (slave bond_slave_0): Releasing backup interface [ 1276.681500][T18698] bond0: (slave bond_slave_1): Releasing backup interface [ 1276.751732][T18698] team0: Port device team_slave_0 removed [ 1276.835990][T18698] team0: Port device team_slave_1 removed [ 1276.842799][T18698] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1276.858548][T18698] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1276.893757][T18705] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3398'. [ 1277.015559][T18705] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1277.140174][T18702] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3397'. [ 1278.461319][T18722] fuse: root generation should be zero [ 1280.664893][T18651] Bluetooth: hci1: command 0x0406 tx timeout [ 1280.945429][T18741] 9pnet_virtio: no channels available for device syz [ 1281.402517][T18746] kvm: requested 7542 ns i8254 timer period limited to 200000 ns [ 1281.429779][T18751] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3411'. [ 1281.933573][T18751] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1281.950550][T18751] 8021q: adding VLAN 0 to HW filter on device team0 [ 1282.035440][T18751] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1282.829021][T18762] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3415'. [ 1283.007881][T18762] veth3: entered promiscuous mode [ 1286.024744][T10143] Bluetooth: hci1: command 0x0406 tx timeout [ 1286.894751][T15671] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 1287.096589][T15671] usb 3-1: config index 0 descriptor too short (expected 39, got 27) [ 1287.124739][T15671] usb 3-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1287.154716][T15671] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1287.176666][T15671] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 1287.206105][T15671] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 1287.219636][T15671] usb 3-1: Product: syz [ 1287.223838][T15671] usb 3-1: Manufacturer: syz [ 1287.228831][T15671] usb 3-1: SerialNumber: syz [ 1287.237700][T15671] usb 3-1: config 0 descriptor?? [ 1287.252493][T15671] hub 3-1:0.0: bad descriptor, ignoring hub [ 1287.258807][T15671] hub: probe of 3-1:0.0 failed with error -5 [ 1287.267103][T15671] usb 3-1: selecting invalid altsetting 0 [ 1287.376139][T18798] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3424'. [ 1287.416351][T18798] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1290.504932][T18651] Bluetooth: hci1: command 0x0406 tx timeout [ 1290.963241][T13256] usb 3-1: USB disconnect, device number 3 [ 1295.784871][T10143] Bluetooth: hci1: command 0x0406 tx timeout [ 1296.602690][T18866] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3441'. [ 1296.693188][T18866] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1296.979303][T18871] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3446'. [ 1297.069545][T18871] veth3: entered promiscuous mode [ 1297.210336][ T28] kauditd_printk_skb: 13 callbacks suppressed [ 1297.210351][ T28] audit: type=1800 audit(1756332137.273:198): pid=18880 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.3449" name="bus" dev="overlay" ino=1306 res=0 errno=0 [ 1297.909706][T18897] mac80211_hwsim hwsim13 syzkaller0: left promiscuous mode [ 1298.001306][T18897] mac80211_hwsim hwsim13 syzkaller0: left allmulticast mode [ 1298.296758][T18907] fuse: Bad value for 'group_id' [ 1298.631168][T18911] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3461'. [ 1299.405572][T18926] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3464'. [ 1299.536687][T18926] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1300.435253][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 1300.442706][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 1300.513501][T18935] fuse: Bad value for 'group_id' [ 1300.594932][T18939] usb usb7: usbfs: process 18939 (syz.2.3471) did not claim interface 0 before use [ 1300.730965][T18944] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3472'. [ 1302.475238][T18967] fuse: Bad value for 'group_id' [ 1302.677175][T18972] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3482'. [ 1303.596115][T18978] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3483'. [ 1303.689398][T18978] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1303.840014][T18983] usb usb7: usbfs: process 18983 (syz.3.3485) did not claim interface 0 before use [ 1304.336165][T18993] fuse: Unknown parameter 'use00000000000000000000' [ 1304.533748][T18997] tipc: Started in network mode [ 1304.557104][T18997] tipc: Node identity 080211000001, cluster identity 4711 [ 1304.564450][T18997] tipc: Enabled bearer , priority 0 [ 1304.948306][T19004] fuse: Bad value for 'rootmode' [ 1305.241139][T19010] binder: BINDER_SET_CONTEXT_MGR already set [ 1305.254841][T19010] binder: 19009:19010 ioctl 4018620d 200000000040 returned -16 [ 1305.674857][T16586] tipc: Node number set to 134418688 [ 1305.895311][T19018] block device autoloading is deprecated and will be removed. [ 1305.922243][T19016] block device autoloading is deprecated and will be removed. [ 1306.819529][T19031] usb usb7: usbfs: process 19031 (syz.0.3499) did not claim interface 0 before use [ 1307.158661][T19041] fuse: Bad value for 'rootmode' [ 1307.477685][T19047] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3500'. [ 1307.602898][T19047] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1307.944156][T19061] netlink: 'syz.3.3505': attribute type 4 has an invalid length. [ 1308.016732][T19061] netlink: 17 bytes leftover after parsing attributes in process `syz.3.3505'. [ 1308.232636][T19063] delete_channel: no stack [ 1310.822553][T19076] fuse: Bad value for 'rootmode' [ 1312.173614][T19094] usb usb7: usbfs: process 19094 (syz.0.3515) did not claim interface 0 before use [ 1314.070184][T19106] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3517'. [ 1314.197852][T19106] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1316.043817][T19108] block nbd0: shutting down sockets [ 1316.454596][T19139] usb usb7: usbfs: process 19139 (syz.3.3529) did not claim interface 0 before use [ 1317.855183][ T5854] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 1318.056763][ T5854] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1318.066964][ T5854] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1318.087500][ T5854] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1318.107485][ T5854] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 1318.134799][ T5854] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.00 [ 1318.154242][ T5854] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1318.176083][ T5854] usb 4-1: config 0 descriptor?? [ 1318.265315][ T5788] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 1318.340778][T19155] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3534'. [ 1318.367109][T19155] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1318.476896][ T5788] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1318.505299][T19157] fuse: Unknown parameter 'user_id00000000000000000000' [ 1318.532540][ T5788] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1318.578048][ T5788] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 1318.594931][ T5854] keytouch 0003:0926:3333.0006: fixing up Keytouch IEC report descriptor [ 1318.625892][ T5854] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.0006/input/input7 [ 1318.634954][ T5788] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 1318.658358][ T5788] usb 2-1: Product: syz [ 1318.669837][ T5788] usb 2-1: Manufacturer: syz [ 1318.679103][ T5788] usb 2-1: SerialNumber: syz [ 1318.691570][ T5788] usb 2-1: config 0 descriptor?? [ 1318.710594][ T5788] usb 2-1: selecting invalid altsetting 0 [ 1318.755873][ T5854] keytouch 0003:0926:3333.0006: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0 [ 1318.839751][ T5854] usb 4-1: USB disconnect, device number 4 [ 1318.987088][ T5788] usb 2-1: USB disconnect, device number 9 [ 1319.062239][T19162] fido_id[19162]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory [ 1320.326048][T19175] usb usb7: usbfs: process 19175 (syz.1.3540) did not claim interface 0 before use [ 1322.182540][T19199] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3544'. [ 1322.355421][T19199] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1322.789705][T19205] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3545'. [ 1322.845707][T19205] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1325.059120][T19227] usb usb7: usbfs: process 19227 (syz.2.3553) did not claim interface 0 before use [ 1326.531024][T19242] usb usb7: usbfs: process 19242 (syz.3.3555) did not claim interface 0 before use [ 1326.574335][T19242] qnx6: unable to set blocksize [ 1327.143768][T19260] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3557'. [ 1327.335451][T19260] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1328.486195][T19279] gfs2: gfs2 mount does not exist [ 1328.740739][T19287] usb usb7: usbfs: process 19287 (syz.1.3566) did not claim interface 0 before use [ 1328.797666][T19290] usb usb7: usbfs: process 19290 (syz.0.3567) did not claim interface 0 before use [ 1328.828965][T19290] syz.0.3567: attempt to access beyond end of device [ 1328.828965][T19290] nbd0: rw=0, sector=16, nr_sectors = 1 limit=0 [ 1328.852505][T19290] qnx6: unable to read the first superblock [ 1328.873224][T19290] syz.0.3567: attempt to access beyond end of device [ 1328.873224][T19290] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0 [ 1328.928531][T19290] qnx6: unable to read the first superblock [ 1328.949778][T19290] qnx6: unable to read the first superblock [ 1331.233008][T19325] gfs2: gfs2 mount does not exist [ 1331.477971][T19335] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3572'. [ 1332.544824][T19335] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1334.633001][T19368] 9pnet_virtio: no channels available for device syz [ 1334.945279][T19370] usb usb7: usbfs: process 19370 (syz.0.3588) did not claim interface 0 before use [ 1335.162444][T19379] fuse: Unknown parameter 'user_id00000000000000000000' [ 1336.283488][T19394] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3596'. [ 1336.620788][T19397] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3596'. [ 1336.754402][T19397] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1337.428813][T19401] usb usb7: usbfs: process 19401 (syz.1.3597) did not claim interface 0 before use [ 1337.482389][T19401] syz.1.3597: attempt to access beyond end of device [ 1337.482389][T19401] nbd1: rw=0, sector=16, nr_sectors = 1 limit=0 [ 1337.534350][T19401] qnx6: unable to read the first superblock [ 1337.541014][T19401] syz.1.3597: attempt to access beyond end of device [ 1337.541014][T19401] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0 [ 1337.575021][T19401] qnx6: unable to read the first superblock [ 1337.613623][T19401] qnx6: unable to read the first superblock [ 1338.490825][T19424] usb usb7: usbfs: process 19424 (syz.1.3602) did not claim interface 0 before use [ 1339.747589][T19439] tipc: Enabling of bearer rejected, already enabled [ 1339.763841][T19439] mac80211_hwsim hwsim13 syzkaller0: entered promiscuous mode [ 1339.771747][T19439] mac80211_hwsim hwsim13 syzkaller0: entered allmulticast mode [ 1339.791207][T19439] netem: change failed [ 1340.980194][T19450] usb usb7: usbfs: process 19450 (syz.3.3610) did not claim interface 0 before use [ 1341.018148][T19451] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3609'. [ 1341.042617][T19450] qnx6: unable to set blocksize [ 1341.313301][T19457] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3609'. [ 1341.468665][T19457] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1343.603451][T19485] syz.2.3616 (19485): drop_caches: 2 [ 1344.221112][T19486] fuse: Bad value for 'fd' [ 1344.430591][T19494] usb usb7: usbfs: process 19494 (syz.3.3622) did not claim interface 0 before use [ 1344.447974][T19494] qnx6: unable to set blocksize [ 1345.422409][T19513] fuse: Unknown parameter 'group_i00000000000000000000' [ 1346.611514][T19522] usb usb7: usbfs: process 19522 (syz.1.3628) did not claim interface 0 before use [ 1346.651827][T19524] fuse: Unknown parameter '00000000000000000003' [ 1346.859712][T19534] fuse: Unknown parameter '00000000000000000003' [ 1346.982214][T19531] 9pnet_fd: p9_fd_create_tcp (19531): problem connecting socket to 127.0.0.1 [ 1346.983396][T19537] usb usb7: usbfs: process 19537 (syz.0.3633) did not claim interface 0 before use [ 1347.013351][T19537] syz.0.3633: attempt to access beyond end of device [ 1347.013351][T19537] nbd0: rw=0, sector=16, nr_sectors = 1 limit=0 [ 1347.032850][T19537] qnx6: unable to read the first superblock [ 1347.041299][T19537] syz.0.3633: attempt to access beyond end of device [ 1347.041299][T19537] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0 [ 1347.060156][T19537] qnx6: unable to read the first superblock [ 1347.069411][T19537] qnx6: unable to read the first superblock [ 1347.489178][T19545] fuse: Unknown parameter 'group_id00000000000000000000' [ 1348.989759][T19560] fuse: Unknown parameter '00000000000000000003' [ 1349.294315][T19568] fuse: Unknown parameter '00000000000000000003' [ 1349.472161][T19572] fuse: Unknown parameter 'group_id00000000000000000000' [ 1349.488347][T19570] usb usb7: usbfs: process 19570 (syz.2.3642) did not claim interface 0 before use [ 1352.684487][T19588] usb usb7: usbfs: process 19588 (syz.0.3645) did not claim interface 0 before use [ 1352.781943][T19588] syz.0.3645: attempt to access beyond end of device [ 1352.781943][T19588] nbd0: rw=0, sector=16, nr_sectors = 1 limit=0 [ 1352.801954][T19588] qnx6: unable to read the first superblock [ 1352.808489][T19588] syz.0.3645: attempt to access beyond end of device [ 1352.808489][T19588] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0 [ 1352.822587][T19588] qnx6: unable to read the first superblock [ 1352.829973][T19588] qnx6: unable to read the first superblock [ 1353.549940][T19605] fuse: Unknown parameter '00000000000000000003' [ 1353.724514][T19607] fuse: Unknown parameter 'group_id00000000000000000000' [ 1353.732400][T19609] fuse: Unknown parameter 'fd00000000000000000003' [ 1353.924370][T19615] usb usb7: usbfs: process 19615 (syz.0.3655) did not claim interface 0 before use [ 1355.494504][T19628] fuse: Unknown parameter '00000000000000000003' [ 1355.688306][T19632] fuse: Bad value for 'user_id' [ 1355.724964][T19636] usb usb7: usbfs: process 19636 (syz.2.3659) did not claim interface 0 before use [ 1355.767269][T19638] fuse: Unknown parameter 'fd00000000000000000003' [ 1355.818502][T19636] syz.2.3659: attempt to access beyond end of device [ 1355.818502][T19636] nbd2: rw=0, sector=16, nr_sectors = 1 limit=0 [ 1355.864266][T19636] qnx6: unable to read the first superblock [ 1355.871180][T19636] syz.2.3659: attempt to access beyond end of device [ 1355.871180][T19636] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0 [ 1355.884348][T19636] qnx6: unable to read the first superblock [ 1355.935887][T19636] qnx6: unable to read the first superblock [ 1358.561521][T19664] fuse: Unknown parameter '00000000000000000003' [ 1358.618560][T19666] usb usb7: usbfs: process 19666 (syz.3.3670) did not claim interface 0 before use [ 1358.707106][T19669] fuse: Bad value for 'user_id' [ 1358.879960][T19674] fuse: Unknown parameter 'fd00000000000000000003' [ 1361.088394][T19694] fuse: Unknown parameter '00000000000000000003' [ 1361.237314][T19698] fuse: Bad value for 'user_id' [ 1361.870057][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 1361.876493][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 1361.924058][T19711] usb usb7: usbfs: process 19711 (syz.3.3684) did not claim interface 0 before use [ 1364.740714][T19730] fuse: Bad value for 'fd' [ 1366.120165][T19759] usb usb7: usbfs: process 19759 (syz.3.3696) did not claim interface 0 before use [ 1368.075666][T19769] fuse: Bad value for 'fd' [ 1368.506115][T19777] mkiss: ax0: crc mode is auto. [ 1368.546791][T19777] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3701'. [ 1373.341958][T19818] nftables ruleset with unbound chain [ 1373.404443][T19820] fuse: Unknown parameter 'fd00000000000000000003' [ 1374.856080][T19837] fuse: Bad value for 'fd' [ 1377.250122][T19872] fuse: Bad value for 'fd' [ 1379.144188][T19897] fuse: Bad value for 'fd' [ 1380.898874][T10143] Bluetooth: hci2: Malformed MSFT vendor event: 0x02 [ 1381.280949][T19924] fuse: Invalid rootmode [ 1381.421702][T19929] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3745'. [ 1381.623072][T19929] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1383.725640][T19952] mac80211_hwsim hwsim13 syzkaller0: left promiscuous mode [ 1383.732965][T19952] mac80211_hwsim hwsim13 syzkaller0: left allmulticast mode [ 1383.874067][T19956] fuse: Invalid rootmode [ 1385.527394][T19982] lo speed is unknown, defaulting to 1000 [ 1385.534946][T19982] lo speed is unknown, defaulting to 1000 [ 1385.551939][T19982] lo speed is unknown, defaulting to 1000 [ 1385.579976][T19982] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 1385.622119][T19982] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 1385.719557][T19982] lo speed is unknown, defaulting to 1000 [ 1385.732508][T19982] lo speed is unknown, defaulting to 1000 [ 1385.745766][T19982] lo speed is unknown, defaulting to 1000 [ 1385.796405][T19982] lo speed is unknown, defaulting to 1000 [ 1385.840538][T19982] lo speed is unknown, defaulting to 1000 [ 1385.853845][T19982] lo speed is unknown, defaulting to 1000 [ 1386.228102][T19990] fuse: Invalid rootmode [ 1388.959474][T20022] fuse: Bad value for 'rootmode' [ 1392.666679][T20059] fuse: Bad value for 'rootmode' [ 1393.286972][T20066] netlink: 3 bytes leftover after parsing attributes in process `syz.0.3787'. [ 1394.561776][T20066] batadv1: entered allmulticast mode [ 1394.583466][T20073] input: syz1 as /devices/virtual/input/input8 [ 1394.881998][T20078] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3788'. [ 1395.600480][T20078] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1397.374808][T20102] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3797'. [ 1397.552872][T20112] fuse: Unknown parameter 'use00000000000000000000' [ 1397.661732][T20115] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3801'. [ 1399.279929][T20130] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3803'. [ 1400.348753][T20140] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3807'. [ 1400.375728][T20130] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1401.318889][T20156] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3809'. [ 1401.361764][T20156] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1401.421169][T20157] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 1404.181178][T20174] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3817'. [ 1407.728591][T20205] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3825'. [ 1407.977655][T20205] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1410.662029][T20224] fuse: Bad value for 'fd' [ 1415.675099][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805c5aa800: rx timeout, send abort [ 1415.686200][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805c5a9000: rx timeout, send abort [ 1415.694703][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805c5aa800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1415.710943][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805c5a9000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1417.307030][T20284] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3843'. [ 1417.372013][T20284] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1423.809883][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 1423.822407][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 1424.603454][T20364] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3862'. [ 1424.953604][T20364] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1430.168748][T20429] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3882'. [ 1430.376095][T20429] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1431.051988][T20448] 9pnet_fd: p9_fd_create_tcp (20448): problem connecting socket to 127.0.0.1 [ 1431.967341][T20446] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3888'. [ 1431.983489][T20446] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1436.568677][T20506] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3902'. [ 1436.698657][T20506] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1442.618843][T20580] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3927'. [ 1444.290937][T20580] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1444.369566][T20592] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 1445.004455][T20602] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3932'. [ 1445.264217][T20602] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1447.022361][T20622] netlink: 3 bytes leftover after parsing attributes in process `syz.0.3939'. [ 1447.106248][T20622] batadv1: entered allmulticast mode [ 1447.466832][T20638] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3942'. [ 1447.519199][T20638] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1447.662983][T20643] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3945'. [ 1449.926648][T20667] netlink: 3 bytes leftover after parsing attributes in process `syz.0.3953'. [ 1450.015583][T20667] batadv1: entered allmulticast mode [ 1450.548434][T20676] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3954'. [ 1453.427460][T20710] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3961'. [ 1453.689664][T20710] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1454.148474][T20722] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3964'. [ 1454.340355][T20722] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1454.901298][T20728] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3966'. [ 1457.038722][T20754] netlink: 3 bytes leftover after parsing attributes in process `syz.1.3970'. [ 1457.184163][T20754] batadv1: entered allmulticast mode [ 1457.221269][T20757] input: syz1 as /devices/virtual/input/input9 [ 1458.604130][T20780] 9pnet_virtio: no channels available for device syz [ 1458.655176][T20782] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3978'. [ 1458.918286][T20782] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1460.899915][T20803] usb usb7: usbfs: process 20803 (syz.2.3985) did not claim interface 0 before use [ 1460.916960][T20803] syz.2.3985: attempt to access beyond end of device [ 1460.916960][T20803] nbd2: rw=0, sector=16, nr_sectors = 1 limit=0 [ 1460.936159][T20803] qnx6: unable to read the first superblock [ 1460.943629][T20803] syz.2.3985: attempt to access beyond end of device [ 1460.943629][T20803] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0 [ 1460.958110][T20803] qnx6: unable to read the first superblock [ 1460.968561][T20803] qnx6: unable to read the first superblock [ 1461.403381][T20816] netlink: 3 bytes leftover after parsing attributes in process `syz.3.3988'. [ 1461.529498][T20816] batadv1: entered allmulticast mode [ 1461.593264][T20819] input: syz1 as /devices/virtual/input/input10 [ 1464.334378][T20845] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3995'. [ 1464.613238][T20845] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1465.313419][T20858] usb usb7: usbfs: process 20858 (syz.1.4000) did not claim interface 0 before use [ 1465.427422][T20859] syz.1.4000: attempt to access beyond end of device [ 1465.427422][T20859] nbd1: rw=0, sector=16, nr_sectors = 1 limit=0 [ 1465.466863][T20859] qnx6: unable to read the first superblock [ 1465.496403][T20859] syz.1.4000: attempt to access beyond end of device [ 1465.496403][T20859] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0 [ 1465.546965][T20859] qnx6: unable to read the first superblock [ 1465.953896][T20859] qnx6: unable to read the first superblock [ 1470.300261][T20905] 9pnet_fd: p9_fd_create_tcp (20905): problem connecting socket to 127.0.0.1 [ 1471.398516][T20929] usb usb7: usbfs: process 20929 (syz.3.4018) did not claim interface 0 before use [ 1471.437380][T20929] qnx6: unable to set blocksize [ 1473.178387][T20961] mac80211_hwsim hwsim15 wlan1: entered allmulticast mode [ 1474.346001][T20965] 9pnet_fd: p9_fd_create_tcp (20965): problem connecting socket to 127.0.0.1 [ 1474.801283][T20993] usb usb7: usbfs: process 20993 (syz.1.4034) did not claim interface 0 before use [ 1474.818025][T20993] syz.1.4034: attempt to access beyond end of device [ 1474.818025][T20993] nbd1: rw=0, sector=16, nr_sectors = 1 limit=0 [ 1474.834917][T20993] qnx6: unable to read the first superblock [ 1474.841195][T20993] syz.1.4034: attempt to access beyond end of device [ 1474.841195][T20993] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0 [ 1474.854210][T20993] qnx6: unable to read the first superblock [ 1474.860294][T20993] qnx6: unable to read the first superblock [ 1476.343842][T21006] mac80211_hwsim hwsim13 wlan1: entered allmulticast mode [ 1477.503064][T21022] 9pnet_fd: p9_fd_create_tcp (21022): problem connecting socket to 127.0.0.1 [ 1478.338667][T21045] usb usb7: usbfs: process 21045 (syz.3.4046) did not claim interface 0 before use [ 1478.358238][T21045] qnx6: unable to set blocksize [ 1480.115667][T21065] 9pnet_fd: p9_fd_create_tcp (21065): problem connecting socket to 127.0.0.1 [ 1480.732404][T21090] netlink: 3 bytes leftover after parsing attributes in process `syz.1.4058'. [ 1480.803068][T21090] batadv1: entered allmulticast mode [ 1480.870585][T21091] input: syz1 as /devices/virtual/input/input11 [ 1481.975116][T13256] usb 4-1: new full-speed USB device number 5 using dummy_hcd [ 1482.167577][T13256] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1482.181348][T13256] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 1482.194440][T13256] usb 4-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 1482.211170][T13256] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1482.327689][T13256] usb 4-1: config 0 descriptor?? [ 1482.337449][T13256] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 1482.346739][T13256] dvb-usb: bulk message failed: -22 (3/0) [ 1482.374950][T13256] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 1482.385694][T13256] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 1482.393513][T13256] usb 4-1: media controller created [ 1482.402083][T13256] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1482.428242][T13256] dvb-usb: bulk message failed: -22 (6/0) [ 1482.436002][T13256] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 1482.465239][T13256] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input12 [ 1482.514010][T13256] dvb-usb: schedule remote query interval to 150 msecs. [ 1482.526077][T13256] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 1482.577482][T15671] usb 4-1: USB disconnect, device number 5 [ 1482.826581][T15671] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 1483.749753][T21135] 9pnet_fd: p9_fd_create_tcp (21135): problem connecting socket to 127.0.0.1 [ 1484.654370][T21152] netlink: 3 bytes leftover after parsing attributes in process `syz.1.4073'. [ 1484.785178][T10143] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 1485.181580][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 1485.198234][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 1486.065698][T21152] batadv1: entered allmulticast mode [ 1486.090467][T21156] input: syz1 as /devices/virtual/input/input13 [ 1488.486972][T21196] 9pnet_fd: p9_fd_create_tcp (21196): problem connecting socket to 127.0.0.1 [ 1489.008784][T21202] netlink: 'syz.1.4089': attribute type 1 has an invalid length. [ 1489.602954][T21217] netlink: 3 bytes leftover after parsing attributes in process `syz.3.4092'. [ 1489.813936][T21217] batadv1: entered allmulticast mode [ 1489.913839][T21219] input: syz1 as /devices/virtual/input/input14 [ 1492.177007][T21240] 9pnet_fd: p9_fd_create_tcp (21240): problem connecting socket to 127.0.0.1 [ 1496.140719][T21285] netlink: 3 bytes leftover after parsing attributes in process `syz.1.4108'. [ 1496.180821][T21285] batadv1: entered allmulticast mode [ 1496.422435][T21294] input: syz1 as /devices/virtual/input/input15 [ 1500.650498][T21346] syz.3.4126 uses obsolete (PF_INET,SOCK_PACKET) [ 1502.316002][T21367] netlink: 3 bytes leftover after parsing attributes in process `syz.2.4132'. [ 1502.503092][T21367] batadv1: entered allmulticast mode [ 1505.147920][ T28] audit: type=1326 audit(1756332345.213:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21392 comm="syz.3.4139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f20e1f8ebe9 code=0x7ffc0000 [ 1505.232840][ T28] audit: type=1326 audit(1756332345.253:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21392 comm="syz.3.4139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f20e1f8ebe9 code=0x7ffc0000 [ 1505.279506][T21396] pim6reg: entered allmulticast mode [ 1505.368087][ T28] audit: type=1326 audit(1756332345.393:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21392 comm="syz.3.4139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f20e1f8ebe9 code=0x7ffc0000 [ 1505.431543][ T28] audit: type=1326 audit(1756332345.403:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21392 comm="syz.3.4139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f20e1f8ebe9 code=0x7ffc0000 [ 1505.463281][ T28] audit: type=1326 audit(1756332345.433:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21392 comm="syz.3.4139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f20e1f8ebe9 code=0x7ffc0000 [ 1505.889964][T21392] pim6reg: left allmulticast mode [ 1506.551979][T21422] genirq: Flags mismatch irq 4. 00000000 (das16m1) vs. 00000000 (ttyS0) [ 1506.575584][T21422] (null): rxe_set_mtu: Set mtu to 1024 [ 1506.945756][T21422] infiniband syz0: set down [ 1506.950724][T21422] infiniband syz0: added ipvlan1 [ 1507.034924][T21422] RDS/IB: syz0: added [ 1507.058866][T21422] smc: adding ib device syz0 with port count 1 [ 1507.073079][T21422] smc: ib device syz0 port 1 has pnetid [ 1511.934042][T21475] usb usb7: usbfs: process 21475 (syz.1.4162) did not claim interface 0 before use [ 1511.969675][T21475] syz.1.4162: attempt to access beyond end of device [ 1511.969675][T21475] nbd1: rw=0, sector=16, nr_sectors = 1 limit=0 [ 1511.990341][T21475] qnx6: unable to read the first superblock [ 1511.997120][T21475] syz.1.4162: attempt to access beyond end of device [ 1511.997120][T21475] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0 [ 1512.016463][T21475] qnx6: unable to read the first superblock [ 1512.039798][T21475] qnx6: unable to read the first superblock [ 1512.252758][T21481] netlink: 'syz.0.4163': attribute type 10 has an invalid length. [ 1512.270838][T21481] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4163'. [ 1512.280593][T21481] dummy0: entered promiscuous mode [ 1512.290862][T21481] bridge0: port 1(dummy0) entered blocking state [ 1512.299517][T21481] bridge0: port 1(dummy0) entered disabled state [ 1512.309966][T21483] Bluetooth: MGMT ver 1.22 [ 1512.320956][T21481] dummy0: entered allmulticast mode [ 1512.335044][T21481] bridge0: port 1(dummy0) entered blocking state [ 1512.341548][T21481] bridge0: port 1(dummy0) entered forwarding state [ 1512.392815][T21481] random: crng reseeded on system resumption [ 1512.899582][T21488] usb usb7: usbfs: process 21488 (syz.1.4173) did not claim interface 0 before use [ 1512.944326][T21488] syz.1.4173: attempt to access beyond end of device [ 1512.944326][T21488] nbd1: rw=0, sector=16, nr_sectors = 1 limit=0 [ 1512.983472][T21488] qnx6: unable to read the first superblock [ 1513.039058][T21488] syz.1.4173: attempt to access beyond end of device [ 1513.039058][T21488] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0 [ 1513.106112][T21488] qnx6: unable to read the first superblock [ 1513.112159][T21488] qnx6: unable to read the first superblock [ 1517.132113][T21531] usb usb7: usbfs: process 21531 (syz.2.4176) did not claim interface 0 before use [ 1517.288945][T21531] syz.2.4176: attempt to access beyond end of device [ 1517.288945][T21531] nbd2: rw=0, sector=16, nr_sectors = 1 limit=0 [ 1517.302443][T21531] qnx6: unable to read the first superblock [ 1517.308817][T21531] syz.2.4176: attempt to access beyond end of device [ 1517.308817][T21531] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0 [ 1517.321764][T21531] qnx6: unable to read the first superblock [ 1517.327906][T21531] qnx6: unable to read the first superblock [ 1517.843602][T21543] netlink: 'syz.3.4179': attribute type 10 has an invalid length. [ 1517.851651][T21543] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4179'. [ 1517.862330][T21543] dummy0: entered promiscuous mode [ 1517.869389][T21543] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check. [ 1517.902004][T21543] random: crng reseeded on system resumption [ 1521.322855][T21573] usb usb7: usbfs: process 21573 (syz.2.4188) did not claim interface 0 before use [ 1521.336488][T21573] syz.2.4188: attempt to access beyond end of device [ 1521.336488][T21573] nbd2: rw=0, sector=16, nr_sectors = 1 limit=0 [ 1521.349996][T21573] qnx6: unable to read the first superblock [ 1521.357938][T21573] syz.2.4188: attempt to access beyond end of device [ 1521.357938][T21573] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0 [ 1521.371436][T21573] qnx6: unable to read the first superblock [ 1521.377713][T21573] qnx6: unable to read the first superblock [ 1523.917412][T21598] genirq: Flags mismatch irq 4. 00000000 (das16m1) vs. 00000000 (ttyS0) [ 1523.958094][T21598] (null): rxe_set_mtu: Set mtu to 1024 [ 1523.981188][T21598] rdma_rxe: rxe_newlink: failed to add ipvlan1 [ 1524.040804][T21601] netlink: 3 bytes leftover after parsing attributes in process `syz.2.4193'. [ 1524.168736][T21601] batadv1: entered allmulticast mode [ 1524.638830][ T28] audit: type=1326 audit(1756332364.673:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21587 comm="syz.0.4192" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9094d8ebe9 code=0x7ffc0000 [ 1524.661851][ T28] audit: type=1326 audit(1756332364.673:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21587 comm="syz.0.4192" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9094d8ebe9 code=0x7ffc0000 [ 1524.925830][T21590] pim6reg: entered allmulticast mode [ 1525.001030][T21615] usb usb7: usbfs: process 21615 (syz.3.4199) did not claim interface 0 before use [ 1525.028351][T21615] qnx6: unable to set blocksize [ 1525.118698][T21587] pim6reg: left allmulticast mode [ 1529.847854][T21656] netlink: 320 bytes leftover after parsing attributes in process `syz.2.4210'. [ 1531.646966][T21661] usb usb7: usbfs: process 21661 (syz.3.4215) did not claim interface 0 before use [ 1531.661123][T21661] qnx6: unable to set blocksize [ 1532.752073][T21677] netlink: 3 bytes leftover after parsing attributes in process `syz.1.4214'. [ 1532.800455][T21677] batadv1: entered allmulticast mode [ 1535.871049][T21713] random: crng reseeded on system resumption [ 1538.858816][ T2917] smc: removing ib device syz0 [ 1539.418853][T21735] netlink: 3 bytes leftover after parsing attributes in process `syz.2.4233'. [ 1539.652018][T21735] batadv1: entered allmulticast mode [ 1540.092248][T21745] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4239'. [ 1542.302348][T21751] C: renamed from team_slave_0 [ 1542.320478][T21751] netlink: 'syz.3.4240': attribute type 3 has an invalid length. [ 1542.343162][T21751] netlink: 152 bytes leftover after parsing attributes in process `syz.3.4240'. [ 1542.362747][T21751] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 1544.840736][T21772] fuse: Bad value for 'fd' [ 1545.465615][T21788] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4252'. [ 1545.758800][T21798] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4255'. [ 1545.799791][T21798] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4255'. [ 1545.828524][T21798] netlink: 'syz.1.4255': attribute type 12 has an invalid length. [ 1546.191060][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 1546.197515][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 1547.277474][T21801] nvme_fabrics: missing parameter 'transport=%s' [ 1547.283869][T21801] nvme_fabrics: missing parameter 'nqn=%s' [ 1547.809679][T10143] Bluetooth: hci2: unexpected event for opcode 0x1003 [ 1549.293733][ T28] audit: type=1800 audit(1756332389.353:206): pid=21843 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.4269" name="bus" dev="overlay" ino=2325 res=0 errno=0 [ 1549.397118][T21846] random: crng reseeded on system resumption [ 1551.874038][T10143] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 1551.883552][T10143] Bluetooth: hci2: Injecting HCI hardware error event [ 1551.894122][T18651] Bluetooth: hci2: hardware error 0x00 [ 1552.606572][T21885] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1552.668948][T21885] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1552.984800][ T5788] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 1553.264722][ T5788] usb 4-1: Using ep0 maxpacket: 8 [ 1553.541452][ T5788] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 1553.581772][ T5788] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1553.591714][ T5788] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1553.605923][ T5788] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1553.617110][ T5788] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1553.630694][ T5788] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1553.640363][ T5788] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1553.865792][ T5788] usb 4-1: usb_control_msg returned -32 [ 1553.871497][ T5788] usbtmc 4-1:16.0: can't read capabilities [ 1553.944841][T18651] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 1554.228688][T21918] usbtmc 4-1:16.0: control status returned 0 [ 1554.344745][T18651] Bluetooth: hci4: command 0x0406 tx timeout [ 1554.433131][ T5788] usb 4-1: USB disconnect, device number 6 [ 1554.745011][T18651] Bluetooth: hci1: command 0x0406 tx timeout [ 1555.867392][T21941] netlink: 320 bytes leftover after parsing attributes in process `syz.1.4295'. [ 1557.621397][T21943] netlink: 3 bytes leftover after parsing attributes in process `syz.3.4297'. [ 1557.750823][T21943] batadv1: entered allmulticast mode [ 1558.135629][T21955] C: renamed from team_slave_0 [ 1558.143000][T21955] netlink: 'syz.1.4301': attribute type 3 has an invalid length. [ 1558.173619][T21955] netlink: 152 bytes leftover after parsing attributes in process `syz.1.4301'. [ 1558.224807][T21955] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 1560.742768][T22051] netlink: 3 bytes leftover after parsing attributes in process `syz.1.4314'. [ 1560.995062][T22051] batadv1: entered allmulticast mode [ 1563.362400][ T28] audit: type=1800 audit(1756332403.423:207): pid=22080 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.4324" name="bus" dev="overlay" ino=2567 res=0 errno=0 [ 1564.514444][T22091] netlink: 3 bytes leftover after parsing attributes in process `syz.0.4327'. [ 1564.540414][T22091] batadv1: entered allmulticast mode [ 1566.132462][T22112] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4329'. [ 1567.198643][T22112] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1568.726012][T22135] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1568.734894][T22135] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1569.345334][T22154] netlink: 3 bytes leftover after parsing attributes in process `syz.0.4342'. [ 1569.391024][T22154] batadv1: entered allmulticast mode [ 1570.664752][T18651] Bluetooth: hci4: command 0x0406 tx timeout [ 1570.745117][T18651] Bluetooth: hci1: command 0x0406 tx timeout [ 1571.577955][T22177] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4353'. [ 1571.626028][T22177] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4353'. [ 1571.784581][T22179] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4350'. [ 1572.161498][T22179] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1573.989125][T22189] Set syz1 is full, maxelem 65536 reached [ 1576.258793][T22211] netlink: 3 bytes leftover after parsing attributes in process `syz.2.4361'. [ 1576.290199][T22211] batadv1: entered allmulticast mode [ 1577.415401][T22233] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4368'. [ 1577.415423][T22233] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4368'. [ 1579.635306][T22253] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4370'. [ 1579.678617][T22253] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1580.428459][T22269] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4376'. [ 1580.609483][T22269] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1585.533416][T22327] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4388'. [ 1585.558995][T22327] dummy0: left promiscuous mode [ 1585.621287][T22327] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1585.961285][T22338] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4394'. [ 1586.005950][T22338] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1587.494321][ T28] audit: type=1326 audit(1756332427.553:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22352 comm="syz.3.4399" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f20e1f8ebe9 code=0x7fc00000 [ 1587.591850][ T28] audit: type=1326 audit(1756332427.593:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22352 comm="syz.3.4399" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f20e1f8ebe9 code=0x7fc00000 [ 1588.197790][ T28] audit: type=1326 audit(1756332428.263:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22352 comm="syz.3.4399" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f20e1f8ebe9 code=0x7fc00000 [ 1589.536705][T22391] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4410'. [ 1590.317551][T22391] workqueue: Failed to create a rescuer kthread for wq "nbd64-recv": -EINTR [ 1590.390031][T22386] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4407'. [ 1590.419643][T22386] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1590.440850][T22391] block (null): Could not allocate knbd recv work queue. [ 1590.511236][T22391] nbd: failed to add new device [ 1590.734511][T22399] usb usb7: usbfs: process 22399 (syz.0.4412) did not claim interface 0 before use [ 1590.771302][T22399] syz.0.4412: attempt to access beyond end of device [ 1590.771302][T22399] nbd0: rw=0, sector=16, nr_sectors = 1 limit=0 [ 1590.784493][T22399] qnx6: unable to read the first superblock [ 1590.812446][T22400] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4411'. [ 1590.825000][T22399] syz.0.4412: attempt to access beyond end of device [ 1590.825000][T22399] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0 [ 1590.842160][T22400] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1590.866220][T22399] qnx6: unable to read the first superblock [ 1590.900072][T22399] qnx6: unable to read the first superblock [ 1592.448068][T22434] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4421'. [ 1592.764027][T22437] genirq: Flags mismatch irq 5. 00000000 (pcl818) vs. 00000000 (dt2814) [ 1592.820701][T22440] 9pnet_virtio: no channels available for device syz [ 1592.967274][T22442] usb usb7: usbfs: process 22442 (syz.3.4426) did not claim interface 0 before use [ 1593.021029][T22442] qnx6: unable to set blocksize [ 1593.391869][T22452] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4424'. [ 1593.446597][T22452] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1594.365777][T22469] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4429'. [ 1594.435746][T22469] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1594.694862][T22467] netlink: 84 bytes leftover after parsing attributes in process `syz.3.4430'. [ 1595.128751][T22463] block nbd3: shutting down sockets [ 1597.686132][T22494] usb usb7: usbfs: process 22494 (syz.2.4438) did not claim interface 0 before use [ 1597.704211][T22494] syz.2.4438: attempt to access beyond end of device [ 1597.704211][T22494] nbd2: rw=0, sector=16, nr_sectors = 1 limit=0 [ 1597.717905][T22494] qnx6: unable to read the first superblock [ 1597.724073][T22494] syz.2.4438: attempt to access beyond end of device [ 1597.724073][T22494] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0 [ 1597.741979][T22494] qnx6: unable to read the first superblock [ 1597.748350][T22494] qnx6: unable to read the first superblock [ 1598.080997][T22510] general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN [ 1598.092738][T22510] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f] [ 1598.101156][T22510] CPU: 0 PID: 22510 Comm: syz.0.4441 Not tainted 6.6.102-syzkaller #0 [ 1598.109300][T22510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1598.119439][T22510] RIP: 0010:pcl818_ai_cancel+0x69/0x3f0 [ 1598.124984][T22510] Code: 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 c9 a3 e0 f9 48 8b 03 48 89 04 24 49 83 c4 28 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 a8 a3 e0 f9 4d 8b 24 24 48 83 c3 [ 1598.144582][T22510] RSP: 0018:ffffc900032a7a78 EFLAGS: 00010206 [ 1598.150633][T22510] RAX: 0000000000000005 RBX: ffff88807e7ad480 RCX: 0000000000080000 [ 1598.158592][T22510] RDX: ffffc900052c9000 RSI: 00000000000007e1 RDI: 00000000000007e2 [ 1598.166550][T22510] RBP: 0000000000000001 R08: ffff88814c18692f R09: 1ffff11029830d25 [ 1598.174501][T22510] R10: dffffc0000000000 R11: ffffed1029830d26 R12: 0000000000000028 [ 1598.182459][T22510] R13: dffffc0000000000 R14: ffff88814c186800 R15: dffffc0000000000 [ 1598.190419][T22510] FS: 00007f9095cd36c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 1598.199333][T22510] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1598.205905][T22510] CR2: 0000001b33023ffc CR3: 000000002fd2a000 CR4: 00000000003506f0 [ 1598.213880][T22510] Call Trace: [ 1598.217162][T22510] [ 1598.220099][T22510] pcl818_detach+0x66/0xd0 [ 1598.224515][T22510] comedi_device_detach+0x131/0x6f0 [ 1598.229736][T22510] comedi_unlocked_ioctl+0xbd0/0xf90 [ 1598.235027][T22510] ? comedi_poll+0x8c0/0x8c0 [ 1598.239635][T22510] ? __fget_files+0x28/0x4d0 [ 1598.244232][T22510] ? bpf_lsm_file_ioctl+0x9/0x10 [ 1598.249150][T22510] ? security_file_ioctl+0x80/0xa0 [ 1598.254265][T22510] ? comedi_poll+0x8c0/0x8c0 [ 1598.258843][T22510] __se_sys_ioctl+0xfd/0x170 [ 1598.263434][T22510] do_syscall_64+0x55/0xb0 [ 1598.267835][T22510] ? clear_bhb_loop+0x40/0x90 [ 1598.272491][T22510] ? clear_bhb_loop+0x40/0x90 [ 1598.277164][T22510] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1598.283146][T22510] RIP: 0033:0x7f9094d8ebe9 [ 1598.287560][T22510] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1598.307326][T22510] RSP: 002b:00007f9095cd3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1598.315732][T22510] RAX: ffffffffffffffda RBX: 00007f9094fb5fa0 RCX: 00007f9094d8ebe9 [ 1598.323685][T22510] RDX: 0000000000000000 RSI: 0000000040946400 RDI: 0000000000000003 [ 1598.331631][T22510] RBP: 00007f9094e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 1598.339583][T22510] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1598.347550][T22510] R13: 00007f9094fb6038 R14: 00007f9094fb5fa0 R15: 00007ffda15351c8 [ 1598.355507][T22510] [ 1598.358516][T22510] Modules linked in: [ 1598.369619][T22506] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4435'. [ 1598.378617][T22506] netlink: 'syz.3.4435': attribute type 5 has an invalid length. [ 1598.389143][T22506] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4435'. [ 1598.398352][T22510] ---[ end trace 0000000000000000 ]--- [ 1598.403837][T22510] RIP: 0010:pcl818_ai_cancel+0x69/0x3f0 [ 1598.421762][T22510] Code: 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 c9 a3 e0 f9 48 8b 03 48 89 04 24 49 83 c4 28 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 a8 a3 e0 f9 4d 8b 24 24 48 83 c3 [ 1598.461481][T22510] RSP: 0018:ffffc900032a7a78 EFLAGS: 00010206 [ 1598.503234][T22510] RAX: 0000000000000005 RBX: ffff88807e7ad480 RCX: 0000000000080000 [ 1598.532754][T22510] RDX: ffffc900052c9000 RSI: 00000000000007e1 RDI: 00000000000007e2 [ 1598.534705][T22506] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 256 - 0 [ 1598.552504][T22514] caif:caif_disconnect_client(): nothing to disconnect [ 1598.552736][T22506] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 256 - 0 [ 1598.566938][T22510] RBP: 0000000000000001 R08: ffff88814c18692f R09: 1ffff11029830d25 [ 1598.589380][T22506] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 256 - 0 [ 1598.597176][T22510] R10: dffffc0000000000 R11: ffffed1029830d26 R12: 0000000000000028 [ 1598.654260][T22510] R13: dffffc0000000000 R14: ffff88814c186800 R15: dffffc0000000000 [ 1598.783380][T22510] FS: 00007f9095cd36c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 1599.009389][T22510] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1599.621078][T22506] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 256 - 0 [ 1599.627894][T22510] CR2: 000000110c35ea70 CR3: 000000002fd2a000 CR4: 00000000003506f0 [ 1599.651076][T22510] Kernel panic - not syncing: Fatal exception [ 1599.657389][T22510] Kernel Offset: disabled [ 1599.661717][T22510] Rebooting in 86400 seconds..