last executing test programs: 21m28.580469863s ago: executing program 32 (id=1933): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000080)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000540), 0x4) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000380)=0xffffffffffffffff, 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_128={{0x303, 0x37}, "475566172f45f011", "bd14060000000000000092f94413582b", "00001000", "4e67cb72f328ac2f"}, 0x28) sendmmsg$inet6(r0, &(0x7f0000002dc0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)=ANY=[], 0x50}}], 0x2, 0x40) 20m24.287664784s ago: executing program 33 (id=2256): syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) io_uring_setup(0xf08, &(0x7f0000000480)={0x0, 0xfb6e, 0x8, 0x4, 0x254}) r2 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000380)={'vxcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000140)={0x1d, r3, 0x0, {}, 0xfe}, 0x18) connect$can_j1939(r2, &(0x7f00000002c0)={0x1d, r3, 0x0, {0x0, 0xf0}, 0xfd}, 0x18) sendmsg$can_j1939(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)='.', 0x1a000}}, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 19m33.311493624s ago: executing program 34 (id=2336): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x3, 0x0, 0x0, &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sched_cls=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) mount$tmpfs(0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC_PROXY(r3, 0x0, 0xd2, 0x0, 0x0) fstat(r0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x10, 0x2, 0xb6, '\x00', 0x2}) 19m31.667935885s ago: executing program 35 (id=2340): syz_usb_connect(0x2, 0x24, &(0x7f0000000600)=ANY=[@ANYBLOB="120100001d9167204f17316a3f260102030109021200010000"], 0x0) syz_io_uring_setup(0x7479, &(0x7f0000000200)={0x0, 0x665, 0x0, 0x1, 0x11c}, 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f00000001c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha256\x00'}, 0x58) syz_open_dev$video(&(0x7f0000000080), 0x7, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7734, 0x80, 0x0, 0x34b}, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x15523ea56aa22b9a, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}) io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0) 17m37.314744476s ago: executing program 36 (id=2455): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_TID_CONFIG(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000a80)={0x28, r0, 0x10ada85e65c25359, 0xfffffffd, 0x25dfdbfd, {{0x6b}, {@val={0x8}, @void}}, [@NL80211_ATTR_TID_CONFIG={0xc, 0x11d, 0x0, 0x1, [{0x8, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x4}]}]}]}, 0x28}}, 0x20000000) 13m46.403764958s ago: executing program 37 (id=3643): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000700)='cgroup.kill\x00', 0x275a, 0x0) write$cgroup_int(r1, &(0x7f0000000040)=0x4, 0x12) 9m45.9974724s ago: executing program 38 (id=5287): socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) setns(0xffffffffffffffff, 0x0) getsockopt$SO_J1939_ERRQUEUE(0xffffffffffffffff, 0x6b, 0x4, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94) mq_open(0x0, 0x40, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 9m45.96041397s ago: executing program 8 (id=5316): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00'}) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f0000000300)=ANY=[], &(0x7f0000000280)='GPL\x00', 0xa, 0xb9, &(0x7f0000000140)=""/185, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=@base={0x6, 0x4, 0x1010, 0x89}, 0x50) 9m44.538440996s ago: executing program 8 (id=5318): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000340)=ANY=[], &(0x7f00000000c0)='GPL\x00', 0xc, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xd825}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = syz_open_dev$evdev(&(0x7f0000000040), 0x2, 0x0) ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, &(0x7f0000000100)={@local}) close(r3) 9m42.730346713s ago: executing program 8 (id=5320): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000003c0)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r3, &(0x7f0000002680)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}}, 0x1c, &(0x7f0000000300)=[{&(0x7f0000000340)="18", 0x1}], 0x1}}, {{&(0x7f0000000140)={0xa, 0x4e20, 0x0, @private0, 0x80000001}, 0x1c, &(0x7f0000000800)=[{&(0x7f0000000180)="ed", 0x1}], 0x1}}], 0x2, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r4, 0x0) shutdown(r3, 0x1) r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) fchmodat(r5, &(0x7f0000000140)='./file1\x00', 0x120) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="b8a6b3ed", @ANYRES16=r6, @ANYBLOB="010025bd7000fedbdf2508000000180004801300010062726f6164636173742d6c696e6b0000"], 0x2c}, 0x1, 0x0, 0x0, 0x14}, 0x40080) 9m41.495926988s ago: executing program 8 (id=5321): unshare(0x0) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x1) r4 = creat(&(0x7f00000000c0)='./file0\x00', 0xc9028ba210c11f8b) ioctl$BLKTRACESETUP(r4, 0xc0481273, &(0x7f0000000000)={'\x00', 0xc, 0x2, 0x4, 0x1, 0x800}) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0xffffffffffffffff) 9m39.855392904s ago: executing program 8 (id=5322): r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0) syz_usb_disconnect(r0) r1 = syz_usb_connect(0x0, 0x24, &(0x7f00000007c0)=ANY=[], 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$sierra_net(r0, 0x0, &(0x7f0000000740)={0x1c, &(0x7f0000000200)=ANY=[], 0x0, 0x0}) 9m31.700002655s ago: executing program 8 (id=5332): socket$netlink(0x10, 0x3, 0x8) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mremap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000481000/0x1000)=nil) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000}) socket$inet6_mptcp(0xa, 0x1, 0x106) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x400, 0x1, 0x40000333}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1}) io_uring_enter(r3, 0x847ba, 0x0, 0xe, 0x0, 0x0) 9m25.287497345s ago: executing program 9 (id=5338): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb2570000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mount$afs(0x0, 0x0, 0x0, 0x0, 0x0) r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f0000000100)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, 0x0) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r3, 0x7a8, 0x0) r4 = socket$phonet_pipe(0x23, 0x5, 0x2) setsockopt$PNPIPE_ENCAP(r4, 0x113, 0x1, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x47bc, 0x0, 0x0, 0x0, 0x0) 9m23.520078927s ago: executing program 9 (id=5341): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, 0x0, 0x0) r2 = openat$ubi_ctrl(0xffffffffffffff9c, 0x0, 0x40300, 0x0) r3 = socket$unix(0x1, 0x5, 0x0) bind$unix(r3, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r3, 0x0) r4 = socket$unix(0x1, 0x5, 0x0) connect$unix(r4, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) accept4$unix(r3, 0x0, 0x0, 0x80800) setsockopt$inet_int(r2, 0x0, 0x5, &(0x7f00000000c0)=0x4, 0x4) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) 9m21.000197039s ago: executing program 9 (id=5343): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x1, &(0x7f0000000000)) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$kvm(0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x84901, 0x101) r3 = gettid() timer_create(0x8, &(0x7f00000000c0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)=0x0) timer_create(0x0, 0x0, &(0x7f0000000040)) timer_settime(r4, 0x0, &(0x7f00000002c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) syz_open_dev$evdev(0x0, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r5 = socket$tipc(0x1e, 0x5, 0x0) listen(r5, 0x0) accept4$tipc(r5, 0x0, 0x0, 0x0) 9m18.588339459s ago: executing program 9 (id=5345): socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$OBJ_GET_PROG(0x7, &(0x7f00000000c0)=@o_path={0x0, 0x0, 0x4000}, 0x18) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000140)=@raw={'raw\x00', 0x8, 0x3, 0x390, 0x240, 0x1000000, 0xffffffff, 0x0, 0xffffffff, 0x2f8, 0xffffffff, 0xffffffff, 0x2f8, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0x220, 0x240, 0x0, {0x0, 0x1c8}, [@common=@inet=@hashlimit3={{0x158}, {'veth0_to_batadv\x00', {0x800006, 0x0, 0x39, 0x0, 0x0, 0x80000000, 0x5, 0x3}, {0x3}}}, @common=@inet=@hashlimit1={{0x58}, {'veth0_to_batadv\x00', {0x0, 0x0, 0x8, 0x0, 0x2, 0x5, 0x4023}}}]}, @unspec=@TRACE={0x20}}, {{@ip={@remote, @rand_addr=0x64010101, 0xff, 0xffffff, 'veth0_vlan\x00', 'vcan0\x00', {}, {0xff}}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x3, 0x400, 0x7ff, 0x200, 'netbios-ns\x00', {0x4}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x64}}}}, 0x3f0) r3 = add_key$user(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd) r4 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000300)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) socket$inet_tcp(0x2, 0x1, 0x0) r5 = add_key$user(&(0x7f0000006400), &(0x7f0000006c00)={'syz', 0x3}, 0x0, 0x0, r4) keyctl$dh_compute(0x17, &(0x7f0000000100)={0x0, r3, r5}, 0x0, 0x0, 0x0) r6 = add_key$fscrypt_v1(&(0x7f0000000400), &(0x7f0000000440)={'fscrypt:', @desc1}, &(0x7f00000005c0)={0x0, "3ff4057cbe5924464c439b8f826f00a0b3ab198e40a55462c05d329ad8430d9611dc0ff693dd1367edfa74cf2a6da5f4d68b3cfb2979dc95ee34f9c3da5707ae", 0x34}, 0x48, 0xffffffffffffffff) keyctl$update(0x2, r6, &(0x7f0000000d00)="ae", 0x1) 9m16.181616354s ago: executing program 39 (id=5332): socket$netlink(0x10, 0x3, 0x8) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mremap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000481000/0x1000)=nil) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000}) socket$inet6_mptcp(0xa, 0x1, 0x106) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x400, 0x1, 0x40000333}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1}) io_uring_enter(r3, 0x847ba, 0x0, 0xe, 0x0, 0x0) 9m15.018868139s ago: executing program 9 (id=5349): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) mount(0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@local, 0x0, 0x5, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000000}}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x0, 0x0, 0x3}]}]}, 0xfc}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000005c0)=ANY=[@ANYBLOB="b00100002100010000000000fefffffffc020000000000000000000000000000fc020000000000000000000000000001fffc0000000000000a00e08000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="020000000000000034011100fe80000000000000000000000000001164010102000000000000000000000000ac1414aa000000000000000000000000fe8000000000000000000000000000bb3c000000000000000a000a00fc020000000000000000000000000001e0000002000000000000000000000000fe880000000000000000000000000101200100000000000000000000000000022b030000043500000a0002000a"], 0x1b0}, 0x1, 0x0, 0x0, 0x800}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) 9m13.633566335s ago: executing program 9 (id=5351): syz_open_dev$vim2m(&(0x7f00000002c0), 0xe, 0x2) syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x6c, 0xf9, 0x6b, 0x10, 0x9e8, 0x62, 0x80f2, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xf0, 0x3e, 0xfc}}]}}]}}, 0x0) fsopen(&(0x7f0000000040)='afs\x00', 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x48) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x408001, 0x0, 0xa, 0x0, 0xfffffe0000000001, 0x0, 0xffffffff}, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f00006ef000/0x4000)=nil, 0x4000, 0x9, 0x10, 0xffffffffffffffff, 0x8000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000140)='\x00'/16, 0x10) ioctl$SCSI_IOCTL_GET_PCI(0xffffffffffffffff, 0x5393, &(0x7f0000000000)) syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, 0x0, 0x8) syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), r2) 8m57.838559767s ago: executing program 40 (id=5351): syz_open_dev$vim2m(&(0x7f00000002c0), 0xe, 0x2) syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x6c, 0xf9, 0x6b, 0x10, 0x9e8, 0x62, 0x80f2, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xf0, 0x3e, 0xfc}}]}}]}}, 0x0) fsopen(&(0x7f0000000040)='afs\x00', 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x48) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x408001, 0x0, 0xa, 0x0, 0xfffffe0000000001, 0x0, 0xffffffff}, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f00006ef000/0x4000)=nil, 0x4000, 0x9, 0x10, 0xffffffffffffffff, 0x8000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000140)='\x00'/16, 0x10) ioctl$SCSI_IOCTL_GET_PCI(0xffffffffffffffff, 0x5393, &(0x7f0000000000)) syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, 0x0, 0x8) syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), r2) 4m39.80063545s ago: executing program 3 (id=6411): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) bind$tipc(0xffffffffffffffff, 0x0, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, 0x0, 0x0) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x5, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0x24}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0xe}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0xf, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) 4m38.057330642s ago: executing program 3 (id=6414): mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000146000/0x4000)=nil) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00') getdents(r0, &(0x7f0000000ec0)=""/4096, 0x1000) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0) mount$bind(&(0x7f0000000100)='\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x40000, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1c0) mount$tmpfs(0x0, &(0x7f0000000200)='./file0/file0\x00', &(0x7f0000000240), 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0/file1\x00', 0x1c0) landlock_create_ruleset(&(0x7f00000002c0)={0x1}, 0x18, 0x0) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) r1 = syz_open_dev$sndctrl(&(0x7f0000000500), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r1, 0xc4c85513, &(0x7f0000000d80)={{0x8, 0x4, 0xfffffbdb, 0x4, '\x00', 0xfffff801}, 0x0, [0x7f, 0xd, 0x2, 0x10001, 0x8c08, 0xa, 0x10000, 0x2, 0xf0f3, 0xfffffffffff7fbff, 0x87, 0x4, 0x6c2b, 0xfffffffffffffffc, 0x100, 0x68, 0x402, 0x400000004, 0x6, 0x8000000000000000, 0x1, 0x8, 0x109, 0xff, 0x1, 0xbbd, 0x6, 0x8, 0x6, 0x7, 0x2002, 0x1001, 0x3, 0x9, 0x7, 0x8200000000000000, 0x8, 0x0, 0x1, 0x3e30, 0x3, 0x4, 0xdb4, 0x5, 0x19, 0x9, 0xe, 0x8f46, 0xa, 0x6, 0x0, 0x3b7, 0x5, 0x5, 0xfffffffffffffff9, 0x6, 0x7ff, 0x1, 0x0, 0x5, 0x5, 0x34c, 0x7, 0x7, 0x4, 0x9, 0xb79, 0x4, 0xfff, 0x81, 0x8, 0x83, 0x7, 0xf8, 0x0, 0x9, 0x4, 0x5, 0x82, 0x0, 0x10, 0x8, 0xb, 0x8000000000000001, 0x200000000000f, 0x7, 0x2, 0x4, 0x8527, 0x80000001, 0x4, 0x10003, 0xe72, 0x3ff, 0x7, 0x40c08b, 0x4000410, 0x80000001, 0x40, 0xbbb283e000000, 0x100000000, 0x8bc, 0x1040, 0x1000000000002, 0x9, 0xc5, 0x0, 0x4003, 0x3, 0x33, 0x2f6f, 0x7, 0x6, 0xc, 0x7fffffff, 0x8, 0xa, 0x6d98, 0x8000, 0x6, 0x800000000, 0x10, 0x2, 0x1f58, 0x4, 0x7, 0xfffffffffffffff7]}) move_mount(0xffffffffffffff9c, &(0x7f00000003c0)='./file0/file0\x00', 0xffffffffffffff9c, &(0x7f0000000400)='./file0/file0\x00', 0x0) mount$bind(&(0x7f0000000440)='\x00', &(0x7f0000000480)='./file0/file0\x00', &(0x7f00000004c0), 0x21, 0x0) 4m36.745124178s ago: executing program 3 (id=6418): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3) r1 = syz_io_uring_setup(0x497, &(0x7f0000000380)={0x0, 0x8, 0x4, 0x1, 0x36a}, &(0x7f0000000340), &(0x7f0000000040)) io_uring_enter(r1, 0x627, 0x4c1, 0x43, 0x0, 0x30) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x4b, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCGPROP(r2, 0x40047438, &(0x7f0000000180)=""/246) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet6(0xa, 0x3, 0x5) sendmmsg(r3, &(0x7f0000001500)=[{{&(0x7f0000000040)=@l2tp6={0xa, 0x0, 0x7080000, @ipv4={'\x00', '\xff\xff', @empty}, 0x7, 0x1}, 0x80, 0x0, 0x0, &(0x7f0000001580)=ANY=[@ANYRES64=r3], 0x108}}], 0x1, 0xc040) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@textreal={0x8, &(0x7f00000001c0)="0f01cb363e6464670fae880050000066b91406000066b85eacd44e66ba000000000f3066b90d03000066b8d715691966baa1495ef00f300f01370f01cf0f01c266b9be0200000f320f01c40f20c06635000004000f22c0", 0x57}], 0x1, 0x1, 0x0, 0x0) ioctl$PPPIOCSMRU1(r2, 0x4020744f, 0x0) 4m33.832936671s ago: executing program 3 (id=6431): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="0000000000004a641c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000980)=ANY=[@ANYBLOB="3c0000001000030425bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="0005000082180000140012800b00010062726964676500000400028008000a00", @ANYRES32=r5], 0x3c}, 0x1, 0x0, 0x0, 0x24000804}, 0x8000) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket(0x1, 0x803, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x300, 0xc000}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x4c}}, 0x884) 4m29.018223635s ago: executing program 3 (id=6428): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = open(&(0x7f0000000100)='.\x00', 0x0, 0x50) getdents(r4, &(0x7f0000001fc0)=""/184, 0xb8) 4m20.987333283s ago: executing program 3 (id=6441): r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = eventfd(0x8c66) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000240)={0x27800000000, 0x0, 0x1, r3, 0x1}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x11, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, 0x0) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000fd5000/0x18000)=nil, 0x0, 0x0, 0x10, 0x0, 0x0) syz_usb_control_io$printer(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x0) accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x80000) close_range(r0, 0xffffffffffffffff, 0x0) 4m5.742705897s ago: executing program 41 (id=6441): r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = eventfd(0x8c66) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000240)={0x27800000000, 0x0, 0x1, r3, 0x1}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x11, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, 0x0) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000fd5000/0x18000)=nil, 0x0, 0x0, 0x10, 0x0, 0x0) syz_usb_control_io$printer(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x0) accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x80000) close_range(r0, 0xffffffffffffffff, 0x0) 4m1.076272678s ago: executing program 6 (id=6465): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) syz_emit_ethernet(0x4e, &(0x7f00000003c0)={@link_local, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "0300", 0x18, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_na={0x88, 0x0, 0x0, 0x4a, '\x00', @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}}}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_emit_ethernet(0x12, &(0x7f00000024c0)={@broadcast, @empty, @val={@void, {0x8100, 0x0, 0x1, 0x4}}, {@generic={0x88f7}}}, 0x0) r2 = getpid() prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0) sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x10, &(0x7f0000000300)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xbf21, 0x0, 0x0, 0x0, 0x3}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x10000000}}, {}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffff5}], {{}, {}, {0x85, 0x0, 0x0, 0x84}, {0x7, 0x0, 0xb, 0x0, 0x0, 0x0, 0x102}}}, &(0x7f0000000200)='syzkaller\x00', 0x3, 0x0, 0x0, 0x41000}, 0x94) 3m58.523497349s ago: executing program 6 (id=6467): sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x14) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x41100, 0x10, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94) ioctl$KVM_RUN(r3, 0xae80, 0x0) 3m54.92254849s ago: executing program 6 (id=6471): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) openat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x24d81, 0x2) io_setup(0x202, &(0x7f0000000200)=0x0) r1 = creat(&(0x7f0000002980)='./file0\x00', 0x0) mount$cgroup(0x0, &(0x7f0000007ec0)='./file0\x00', &(0x7f0000007f00), 0x820000, &(0x7f00000003c0)={[], [{@smackfshat}]}) io_submit(r0, 0x1, &(0x7f00000006c0)=[&(0x7f00000001c0)={0xfffffffe, 0x20011004, 0x4, 0x5, 0x4, r1, &(0x7f0000000340)='-', 0x1, 0x6, 0x0, 0x0, r1}]) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000000)={0x5ce, 0x234, 0x8000, 0xff, 0x5, 0xff2, 0x7, 0x8001}, &(0x7f0000000400)=0x20) syz_emit_ethernet(0x2a, &(0x7f0000000100)=ANY=[@ANYBLOB="bbbbbbbbbbbb8a0a61cdec5908060001080006040001ffffffffffffac1414bbaaaaaaaaaa14ac"], 0x0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0/file0\x00', 0x1c0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x1c0) r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) setsockopt$llc_int(r2, 0x10c, 0x3, &(0x7f0000000000)=0xff, 0x4) r3 = landlock_create_ruleset(&(0x7f0000000180)={0x100, 0x4, 0x4}, 0x18, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r3, 0x1, &(0x7f0000000200)={0x100}, 0x0) umount2(&(0x7f00000002c0)='./file0\x00', 0x0) mknodat(0xffffffffffffff9c, &(0x7f00000003c0)='./file2\x00', 0x81c0, 0x0) 3m49.544705157s ago: executing program 6 (id=6477): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) mount$fuse(0x0, 0x0, 0x0, 0x280449c, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) getresuid(&(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000280)=0x0) quotactl_fd$Q_SETINFO(r3, 0xffffffff80000600, r4, &(0x7f00000002c0)={0x8, 0x7, 0x1, 0x3}) r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x2042, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff}) fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0) ioctl$AUTOFS_IOC_FAIL(r5, 0x4c80, 0x7000000) 3m43.952583758s ago: executing program 6 (id=6482): openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/profiling', 0x141b82, 0xa9) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000300)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffc}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c000000020000000000000002000004080000000000000003000000000000000000000003000000000000000000000000000002000000000000000000000004"], 0x0, 0x56}, 0x28) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x7000000) 3m37.526467897s ago: executing program 6 (id=6487): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0xc0, &(0x7f0000000100)=0x27, 0x0, 0x4) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r2 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r2, 0x0, 0x48c, &(0x7f0000000040)={0x1, 'veth0_vlan\x00'}, 0x18) socket$nl_generic(0x10, 0x3, 0x10) socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'bridge0\x00'}) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$netlink(0x10, 0x3, 0x0) writev(r3, 0x0, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001100)=@newsa={0x194, 0x10, 0x1, 0x70bd2b, 0x0, {{@in=@broadcast, @in=@private, 0x0, 0xecdf, 0x4e22}, {@in=@multicast1, 0x4d5, 0x32}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, {0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x0, 0x400800, 0x0, 0x2}, {0x1000}, 0x0, 0x3507, 0x2, 0x4, 0x0, 0x7d}, [@algo_crypt={0x58, 0x2, {{'cbc(aes)\x00'}, 0x80, "e0fad3f10cd3a506627800000000074f"}}, @algo_auth_trunc={0x4c, 0x14, {{'hmac(sha256)\x00'}, 0x0, 0x40}}]}, 0x194}}, 0x4050) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3800000040000100feffffffffdbdf25017c0000040042800c00018006000600800a0000140002801000"], 0x38}, 0x1, 0x0, 0x0, 0x4000004}, 0x800c010) 3m21.047994395s ago: executing program 42 (id=6487): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0xc0, &(0x7f0000000100)=0x27, 0x0, 0x4) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r2 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r2, 0x0, 0x48c, &(0x7f0000000040)={0x1, 'veth0_vlan\x00'}, 0x18) socket$nl_generic(0x10, 0x3, 0x10) socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'bridge0\x00'}) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$netlink(0x10, 0x3, 0x0) writev(r3, 0x0, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001100)=@newsa={0x194, 0x10, 0x1, 0x70bd2b, 0x0, {{@in=@broadcast, @in=@private, 0x0, 0xecdf, 0x4e22}, {@in=@multicast1, 0x4d5, 0x32}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, {0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x0, 0x400800, 0x0, 0x2}, {0x1000}, 0x0, 0x3507, 0x2, 0x4, 0x0, 0x7d}, [@algo_crypt={0x58, 0x2, {{'cbc(aes)\x00'}, 0x80, "e0fad3f10cd3a506627800000000074f"}}, @algo_auth_trunc={0x4c, 0x14, {{'hmac(sha256)\x00'}, 0x0, 0x40}}]}, 0x194}}, 0x4050) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3800000040000100feffffffffdbdf25017c0000040042800c00018006000600800a0000140002801000"], 0x38}, 0x1, 0x0, 0x0, 0x4000004}, 0x800c010) 2m36.56771921s ago: executing program 0 (id=6541): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0) r1 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r1, &(0x7f00000000c0), 0x10) sendmsg$can_bcm(r1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2}, 0x0) r2 = dup3(0xffffffffffffffff, r0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000640)={0x8, 0x0, &(0x7f0000000000)=[@increfs], 0x0, 0x0, 0x0}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x3, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x1, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xd825}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$evdev(&(0x7f0000000040), 0x2, 0x0) ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, &(0x7f0000000100)={@local}) socket$inet(0x2, 0x3, 0x400) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)={0x34, r8, 0x705, 0x70bd2e, 0x25dfdbff, {}, [@ETHTOOL_A_STRSET_STRINGSETS={0x1c, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x6}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x5}]}]}, @ETHTOOL_A_STRSET_COUNTS_ONLY={0x4}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x0) 2m32.275819511s ago: executing program 0 (id=6543): socket$inet(0x2, 0x2000000080002, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x202240, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) socket$alg(0x26, 0x5, 0x0) syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) socket$nl_route(0x10, 0x3, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000100), 0x0, 0x80) openat$mice(0xffffffffffffff9c, &(0x7f0000000000), 0x240840) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x13, 0xa, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0xffd0}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x64, 0x8}, @initr0, @exit]}, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94) socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000580)) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) openat$drirender128(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) socket$inet6(0xa, 0x5, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) socket$kcm(0x10, 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x4000000, {0x2, 0x4e22, @private=0xa010100}, {0x2, 0x0, @local}, {0x2, 0x4e24, @broadcast}, 0x1d7, 0x0, 0x0, 0x0, 0xfff8, 0x0, 0x4, 0x8}) r0 = socket(0x200000000000011, 0x4000000000080002, 0x0) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYRES32, @ANYRES16=0x0, @ANYRES8=r0], 0x1c}, 0x1, 0x0, 0x0, 0x20000844}, 0x48885) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r1, &(0x7f0000000000), 0xd) 2m31.516773636s ago: executing program 0 (id=6545): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0xa, 0x0, 0xfffffe0000000001, 0xfa11, 0x1ff}, 0x0) mremap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000004c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha384\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4000, 0x0, &(0x7f0000389000/0x4000)=nil) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002040)=ANY=[], 0xbf0}}, 0x0) syz_open_dev$video4linux(&(0x7f0000000140), 0x200007, 0x48cc82) ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000040)={0x80000001, 0x1, 0x4}) ioctl$vim2m_VIDIOC_STREAMOFF(0xffffffffffffffff, 0x40045612, &(0x7f0000000240)=0x1) ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f0000000380)={0x3ff, 0x1, 0x0, "eef1b7de005bd152f35ed734fc000000000000000000000000000000004000", 0x43353039}) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, &(0x7f0000001400)={{0x80}, 'port1\x00', 0xe3, 0x1b1c07}) r3 = openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x40, 0x0) openat(r3, 0x0, 0xd40, 0x80) bpf$MAP_CREATE(0x0, 0x0, 0x48) mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0xc0, 0x49, 0x7fff0000}]}) lchown(&(0x7f0000000740)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) 2m26.486989245s ago: executing program 0 (id=6552): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0e000000040000000400000002"], 0x50) keyctl$get_keyring_id(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2a, 0xa9}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000700)=@abs={0x0, 0x0, 0x10000}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r4, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x4000080) bpf$MAP_CREATE(0x0, 0x0, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xd, &(0x7f0000000440)=ANY=[@ANYRES64=r2, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca20000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc641}, 0x94) r6 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000c00), 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r6, 0x4008af00, &(0x7f0000000000)=0x200000000) write$vhost_msg(r6, &(0x7f0000000540)={0x1, {&(0x7f0000000040)=""/62, 0x3e, 0x0, 0x2, 0x2}}, 0x48) write$vhost_msg_v2(r6, &(0x7f0000000400)={0x2, 0x0, {&(0x7f0000000080)=""/169, 0xa9, 0x0, 0x2, 0x2}}, 0x48) write$vhost_msg_v2(r6, &(0x7f0000000d40)={0x2, 0x0, {&(0x7f0000000ac0)=""/116, 0x74, 0x0, 0x2, 0x2}}, 0x48) write$vhost_msg_v2(r6, &(0x7f00000039c0)={0x2, 0x0, {&(0x7f0000000680)=""/184, 0xfffffefd, 0x0, 0x3, 0x2}}, 0x48) write$vhost_msg_v2(r6, &(0x7f0000000300)={0x2, 0x0, {&(0x7f00000002c0)=""/3, 0x3, 0x0, 0x1, 0x2}}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r5, 0x2000012, 0xd, 0x0, &(0x7f0000000080)="63eced8e46dc3f2ddf33c9e9b9", 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50) 2m24.945628697s ago: executing program 0 (id=6555): bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x3, 0x4, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000004000000000000000800000091119000000000009500"], &(0x7f0000000c40)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff9}, 0x94) 2m24.766814792s ago: executing program 0 (id=6557): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$sndmidi(0x0, 0x2, 0x141101) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000000c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00') lseek(r2, 0x6, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r5 = socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0) unshare(0x2040400) r6 = fsopen(&(0x7f0000000440)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0) unshare(0x2000400) fsmount(r6, 0x0, 0x0) r7 = openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VIDIOC_ENUM_FRAMESIZES(r7, 0xc02c564a, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000e40)=@raw={'raw\x00', 0x3c1, 0x3, 0x4b0, 0x2fc, 0x18c, 0x203, 0x0, 0x19030000, 0x3e8, 0x2e0, 0x2e0, 0x3e8, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x2d4, 0x2fc, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{0x1d}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {0xfffc, 0x0, 0x0, 0xe}, {}, {0x0, 0x0, 0x3}, {0x2}, {0xffff}, {0x0, 0x0, 0x0, 0x1}, {}, {}, {0x16}, {}, {}, {0x7}, {}, {0x0, 0x0, 0x0, 0x101}, {}, {}, {}, {}, {}, {}, {0xfffe}, {}, {}, {}, {0x0, 0xfd}, {}, {0x7a04}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x800}, {}, {0xb84, 0x0, 0x0, 0xf00}, {0x0, 0x1, 0x0, 0x3}, {}, {}, {0x0, 0x0, 0x0, 0x2}, {}, {}, {}, {0x0, 0x0, 0x0, 0x2000000}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4, 0x0, 0x10}]}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x0, 0x4}}}, {{@uncond, 0x0, 0xa4, 0xec}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0xb, 'syz1\x00', {0x6c8}}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x50c) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2) 2m9.334240007s ago: executing program 43 (id=6557): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$sndmidi(0x0, 0x2, 0x141101) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000000c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00') lseek(r2, 0x6, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r5 = socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0) unshare(0x2040400) r6 = fsopen(&(0x7f0000000440)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0) unshare(0x2000400) fsmount(r6, 0x0, 0x0) r7 = openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VIDIOC_ENUM_FRAMESIZES(r7, 0xc02c564a, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000e40)=@raw={'raw\x00', 0x3c1, 0x3, 0x4b0, 0x2fc, 0x18c, 0x203, 0x0, 0x19030000, 0x3e8, 0x2e0, 0x2e0, 0x3e8, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x2d4, 0x2fc, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{0x1d}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {0xfffc, 0x0, 0x0, 0xe}, {}, {0x0, 0x0, 0x3}, {0x2}, {0xffff}, {0x0, 0x0, 0x0, 0x1}, {}, {}, {0x16}, {}, {}, {0x7}, {}, {0x0, 0x0, 0x0, 0x101}, {}, {}, {}, {}, {}, {}, {0xfffe}, {}, {}, {}, {0x0, 0xfd}, {}, {0x7a04}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x800}, {}, {0xb84, 0x0, 0x0, 0xf00}, {0x0, 0x1, 0x0, 0x3}, {}, {}, {0x0, 0x0, 0x0, 0x2}, {}, {}, {}, {0x0, 0x0, 0x0, 0x2000000}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4, 0x0, 0x10}]}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x0, 0x4}}}, {{@uncond, 0x0, 0xa4, 0xec}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0xb, 'syz1\x00', {0x6c8}}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x50c) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2) 9.639206764s ago: executing program 1 (id=6987): socket$inet(0x2, 0x4000000000000001, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r2, 0x3ba0, &(0x7f0000000200)={0x48}) ioctl$FBIO_WAITFORVSYNC(0xffffffffffffffff, 0x40044620, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a00000709000100"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) 4.708245817s ago: executing program 1 (id=7019): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000780), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_WOL_GET(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f00000007c0)={0x2c, r1, 0xb60aebde7ebb79ef, 0x70bd27, 0x25dfdbfc, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000848}, 0x4000010) 4.475291246s ago: executing program 1 (id=7022): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x6, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000040000000000000003000007"], 0x0, 0x5, 0x0, 0x0, 0x41100, 0x9}, 0x94) r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f00000002c0)=ANY=[@ANYBLOB="540000001200b7a325bd7000fddbdf25200f07074e204e22030000002f00000001ffffffc300000006000000000000000000000007000000", @ANYRES32=0x0, @ANYBLOB="de00fbffa611195cc93f0347080000000800"], 0x54}, 0x1, 0x0, 0x0, 0x4008000}, 0x40000) 4.188295371s ago: executing program 1 (id=7026): mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xbecd6000) futex(&(0x7f000000cffc)=0x1, 0x800000000006, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc)=0x40000000, 0x800000000006, 0x0, 0x0, 0x0, 0x0) 3.081399292s ago: executing program 1 (id=7036): r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d9, 0xa0c2, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x40, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0xff, 0x0, 0x7}}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="000088"], 0x0, 0x0, 0x0, 0x0}, 0x0) 2.498212973s ago: executing program 7 (id=7044): timer_create(0x2, 0x0, &(0x7f0000000600)=0x0) timer_settime(r0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x9}}, 0x0) timer_settime(r0, 0x0, &(0x7f0000000040)={{}, {0x77359400}}, &(0x7f0000000080)) 2.013513756s ago: executing program 7 (id=7047): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_X2APIC_API(r1, 0x4068aea3, &(0x7f0000000080)={0x81, 0x0, 0x4}) 1.924082033s ago: executing program 5 (id=7048): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x8ab43, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_X86_SET_MSR_FILTER(r1, 0x4188aec6, &(0x7f0000001e80)={0x1, [{0x1, 0x3008, 0x10000, &(0x7f0000000e80)="d35f19053d369f47a79ee846398342475d7981111b71a318068d92c37784527684346b60b77e3c4fc775d1c3d8f4211431bce2bb87360676e1287a6902e81a8354cfe6bc1fe0bdc2a03423436e02241f2cfaac506fa7d96f94abcee0f1e1a8326d0ce173a2ecef56ec7711a2ec81b821a7e7786e2786bb89026a0fc277470ac683d71454c627f10263c42bc7d0aba091a627251e33e785d3f3763e95a949836c932550e7f8646448ecd02466009ad9c9de7a2b5b32807ddfc687241b5a731835f43e19ed97cb576d07aaa9f3cc47d9cece8b06f90dba929728aca3cbf4c1d54b8e04bf867691a01832167addf5dead7f6bfc51c837cb13e78150818397c4b593f236835db986130bf49cd12b5accd563d363d79275d8eb66d1f215c30ebcf9d3ed4a073eca82ec9cd723bf34d0eed33022d8fae3673d45fce993bc417ffcfec860ea45fbd08d8b687fbb71592a3d39a2096e1db00257453cded33e59c78cb00186a2ba8e48629e1928561ed1c23f0da7ff530e1764caa7be56be83bc127a5db4423f670385ec033f03634f6696aadc37b0c84a731c24d51d7f5944ad7a78ccd65a3d0953e9d354f8dfce1f7de49ef780dd737922e3bb68dfc56c8a1868423b4ad052886a522bb2bf1c3800a9e735e2977b02d52c5944904c6c16125b296b7f6290bddc89849ade4f9e0671372b8e16743b1e640d6cf026d4e13f91ef24d29758ed6d62bb891a3488ede93cbfaed4733f22e49bec8d7be08e522f52499ce353a9515abd364a7395ed0e54cb245b4fb3b1f948389fb5d6abb122606aa26a8f88b29c351b29edbb206ce800710b169ed57db9aca9fb9048986bf4c0d1c7b47a2e0d0222745be6a29eecdac71978dc0ad30e7a07b4d6ffec7ba4a7bb1a955615b592db6bb4c595a0196f3327815cb0338f8e7124faef3a8c62e4687ecc514fb12d310696856a54dae67552a29db3af9f97f8d1068e79fbc343e9a4aeae115f8cd0648dbee61b0fd2115456d70e76992164e23148c1aff00eb4b4292cfa77f1f1fc666e90569c534a47f31197dde307cafd2689b5dc10700a6ed2c6dc9c1b80aefaa9998b065c72d03813a406a6918afd9b76d319c9943c07fafa0f12059632c70a677d3bd132b7e4e9e839fc221e9075b121345753cbf1dd0abe99b21fbfe6319b42b6b9ceaf3155efdec89c3d6081170ef4afedfd53f500a3a1bc6a8308d0cc32c8b43c0a6381a4548c07c6eb2c9489dd0270d9b5e933d10870dff08a2834d6dec05881467e59eb8852c866efea842946d86ad54f1b03da9d0302ef680158affcef79b620cb7cc5f5e2a0d9d8f68f895336a0234688c29916c44890fb653f60a01e9b8c94d7db99dd6b3fc38071506d33d0b89bd64be6b7916812da9321f1f6d5a722994c479bf44eb81778939021ce28ad2fb90373c02868c74d5644575cd3a157649209c5e3c4034ea0e55a80b9782fd81c12aeea18dab0fe7f2f1e0ed4c6476cc85b831cbfefc6173310bceccc155e866a53682b77473155fe4c574c8a10d842de11e1d865cf2ca8c50bea4a4dfca5d6611ac63b9f5829d01d5a8c62321970fc6211a9876e2a88918bf82932dd440b54ac4f2897de6233a7bc5910880fe7332e5c2e10005cc9bf16c4aa15e678e887d8089121fb55049dabb33309597a0ddbe30d86ff3dd72346850374fb7f9f2e2db59c23b1b0141530eaa271a08c70bd965658147e2d2a6086f18b6209d870126f1a254f6394c3573e84265a59d68706000f3c6c616beb0026c48f93364454808547cc1d8887d3fed8b636e4cae3424fff2f43b524584da79eba69ea09f4f6f4cc735df20b048927aea7fc4ff6ba0d8addbc96032ebebd2a2f07d58ea5b82f38a979b5890b742a74a3f0432d87addec97ccd16c0efbb75bf3a43eddb305f16873661f8bb2251e2d4a1f28461276bf948a53f626777390cd86bced6c3eb1660ce8f44162ba5e68e682598a3908f5cf9e8ac89907e81df7cc74a6ca3de78a0fec1096886b0f901dd678859c9e36afb17132a3d91d741535044e26647f1938b7189018bd10bd9f53d7ac502f0877dcc4bd1f6e1f1a686335569a238b08e9d35164ec0072f0efeb2ff33d065e2168a3eaf4ed3c89c6bcebc804caa06ea1644ddffcdde6be58b876446880329b4f8948ff45070fefe"}, {0x1, 0x0, 0x0, 0x0}, {0x1, 0x0, 0x8001, 0x0}, {0x1, 0x0, 0x1, 0x0}, {0x3, 0x0, 0x6bdd, 0x0}, {0x0, 0x0, 0x5, 0x0}, {0x2, 0x0, 0x7ff, 0x0}, {0x1, 0x0, 0x7, 0x0}, {0x1, 0x0, 0x7fffffff, 0x0}, {0x0, 0x0, 0x894b, 0x0}, {0x2, 0x0, 0x4, 0x0}, {0x3, 0x0, 0x4, 0x0}, {0x2, 0x0, 0x2, 0x0}, {0x3, 0x0, 0x1, 0x0}, {0x2, 0x0, 0x8, 0x0}, {0x0, 0x0, 0x81, 0x0}]}) 1.56119075s ago: executing program 5 (id=7050): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @range={{0xa}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_RANGE_SREG={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x74}}, 0x4004890) 1.544952209s ago: executing program 4 (id=7051): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x2000) r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x200, 0x40000) pread64(r0, &(0x7f0000001200)=""/4079, 0xfef, 0x22) 1.433577014s ago: executing program 7 (id=7052): r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x1e3003, 0x0) ppoll(&(0x7f0000000440)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$SNDCTL_SEQ_RESET(r0, 0x5100) 1.282970678s ago: executing program 4 (id=7054): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x2100, 0x0) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff}) ioctl$SIOCGSKNS(r0, 0x894c, 0x0) 1.240246166s ago: executing program 1 (id=7055): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000000000401e04012800000000000109022400010000000009040100010300000009210000000122070009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000300)={0x24, 0x0, 0x0, &(0x7f0000000240)={0x0, 0x22, 0x7, {[@main=@item_012={0x1, 0x0, 0x8, "9c"}, @main=@item_4={0x3, 0x0, 0x9, "28fe09db"}]}}, 0x0}, 0x0) 1.132893682s ago: executing program 2 (id=7056): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x19, 0x4, 0x4, 0x2}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000000000000000000fbffffff18110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000060000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000100b704000000000000850000003300000085000000d000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r1, 0x2000012, 0xe, 0x0, &(0x7f0000000280)="63ec33c9e9b98600000000000000", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50) 1.131915809s ago: executing program 5 (id=7057): io_setup(0x2, &(0x7f0000000000)=0x0) syz_clone3(&(0x7f0000000080)={0x21800000, &(0x7f0000000040)=0xffffffffffffffff, 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, 0x0}, 0x58) io_submit(r0, 0x1, &(0x7f0000001300)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x6, r1, 0x0, 0x2d}]) 1.00781244s ago: executing program 4 (id=7058): r0 = socket$inet(0x2, 0x2, 0x1) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000080)=0x9, 0x4) bind$inet(r0, &(0x7f0000000000)={0x2, 0x6e24, @empty}, 0x10) 884.810162ms ago: executing program 4 (id=7059): r0 = socket$inet6_udp(0xa, 0x2, 0x0) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x300000a, 0x12, r0, 0x852ac000) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x9, [@enum64={0x4, 0x2, 0x0, 0x13, 0x1, 0x1, [{0x7, 0x1, 0x7fffffff}, {0x1, 0x10002, 0x5}]}]}, {0x0, [0x61, 0x5f, 0x5f, 0x2e, 0x5f, 0x5f, 0x5f]}}, &(0x7f0000000f40)=""/4089, 0x45, 0xff9, 0x9}, 0x28) 861.808234ms ago: executing program 2 (id=7060): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000800), r0) sendmsg$IEEE802154_ADD_IFACE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)={0x2c, r1, 0xa5456c2fe1cd7aeb, 0x70bd2b, 0x25dfdbfc, {}, [@IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy1\x00'}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0202}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000010}, 0x40882) 781.883173ms ago: executing program 2 (id=7061): capset(&(0x7f0000000000)={0x20071026}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x83, 0xffffffff}) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f00000006c0)=ANY=[@ANYBLOB="180000000000000000000000ffffffff180800002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000400008500000004000000b7080000000000007baaf8ff00000000b5080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 604.396254ms ago: executing program 4 (id=7062): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$qrtr(0x2a, 0x2, 0x0) bind$qrtr(r0, &(0x7f0000000000)={0x2a, 0xffffffffffffffff, 0x2}, 0xc) 604.109427ms ago: executing program 2 (id=7063): r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="380000001a00010000000000000000000a", @ANYRES32=0x0, @ANYRES64=r0], 0x38}}, 0x0) 603.196817ms ago: executing program 5 (id=7064): openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x220000, 0x1) r0 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r0, 0x0, 0x0) 530.462389ms ago: executing program 2 (id=7065): bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x7c, 0x7c, 0x2, [@var, @func_proto={0x0, 0x6, 0x0, 0xd, 0x0, [{}, {}, {0x0, 0x3}, {}, {0x3, 0xfffffffd}, {0xfffffffe}]}, @fwd, @volatile, @volatile={0x0, 0x0, 0x0, 0x9, 0x4}, @volatile={0x0, 0x0, 0x0, 0x9, 0x6}]}}, 0x0, 0x96}, 0xffffffffffffff61) r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x28) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x7, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000000000851000000300000018000000", @ANYRES32, @ANYBLOB="0000000000000000950000000000000095"], &(0x7f0000000280)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, 0x25, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x600}, 0x10}, 0x94) 424.858425ms ago: executing program 7 (id=7066): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x20, &(0x7f0000000680)=[{&(0x7f0000000340)="d80000001c0081044e81f782db44b904021d0802010000000500f0a1180002000000000000000e1208000f0100810401a8001600200001400300000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c11503c6bbace8017cb090000001fb791643a5ee4001b146218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e0060000000000000080bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd68adbef3d93452a00"/216, 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x20004800) socket$inet_sctp(0x2, 0x5, 0x84) 369.107593ms ago: executing program 7 (id=7067): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {0x7, 0x1, 0xb, 0x4, 0xa, 0x8}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0x5, 0x4}, {0x85, 0x0, 0x0, 0x1c}}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000900)={r1, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000040)="76389e147583ddd0569ba56a88a8", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 207.756218ms ago: executing program 5 (id=7068): mount(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000080)='pstore\x00', 0x10005, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) mount_setattr(r0, &(0x7f0000000100)='.\x00', 0x9000, &(0x7f0000001dc0)={0x9, 0xd, 0x80000}, 0x20) 207.526561ms ago: executing program 4 (id=7069): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='fd\x00') exit(0x7) fstat(r0, 0x0) 156.400428ms ago: executing program 2 (id=7070): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x0, 0x0, 0xffffffff}, 0x1c) 132.394927ms ago: executing program 7 (id=7071): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000008580418400000000000010902240001000040200904000002030001000921070000012205000905810300020600005905e68ce0baa3549612a880646f74e3ea8ac14624a8c891c989ee80f42391690eea40d19e113a9e0b0cfdd7741dd14a9e40f46bd264df"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000000c0)={0x24, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x22, 0x5, {[@main=@item_012={0x1, 0x0, 0xa, 'R'}, @global=@item_012={0x2, 0x1, 0x3, '+\x00'}]}}, 0x0}, 0x0) 0s ago: executing program 5 (id=7072): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18}, 0x20000040) close(r1) kernel console output (not intermixed with test programs): 6-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1282.164089][ C0] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1282.170244][ C0] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1282.170505][ C0] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1282.170762][ C0] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1282.171305][ C0] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1282.171710][ C0] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1282.332144][T23427] usb 6-1: USB disconnect, device number 11 [ 1282.332239][ C0] cm109 6-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 1282.454805][T23427] cm109 6-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 1282.485991][ T1020] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1282.875370][T23427] kernel read not supported for file inotify (pid: 23427 comm: kworker/0:5) [ 1283.125463][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1283.226001][T24059] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6263'. [ 1283.565331][T23427] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 1283.729139][T23427] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1283.729171][T23427] usb 6-1: config 0 has no interfaces? [ 1283.764739][T23427] usb 6-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13 [ 1283.764776][T23427] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1283.764801][T23427] usb 6-1: Product: syz [ 1283.764819][T23427] usb 6-1: Manufacturer: syz [ 1283.764838][T23427] usb 6-1: SerialNumber: syz [ 1283.854548][T23427] usb 6-1: config 0 descriptor?? [ 1284.264268][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1285.229140][T12517] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1285.285221][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1286.382116][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1286.384940][T14622] usb 6-1: USB disconnect, device number 12 [ 1286.503826][ T3558] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1286.516537][ T1364] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1286.660722][T24116] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1286.660910][T24116] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 1286.867927][T24124] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6278'. [ 1287.445222][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1288.246386][ T1020] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1288.485309][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1289.165604][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805ba4e400: rx timeout, send abort [ 1289.535426][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1289.665673][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805ba4e400: abort rx timeout. Force session deactivation [ 1290.565304][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1290.858862][T12517] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1291.605196][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1292.099662][ T9167] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1292.100010][ T9167] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1292.438519][T24220] tipc: Failed to remove unknown binding: 66,0,0/0:1048890128/1048890129 [ 1292.441788][T24220] tipc: Failed to remove unknown binding: 66,0,0/0:1048890128/1048890129 [ 1292.645347][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1293.063897][ T9] hid-generic 0000:0000:0000.0035: unknown main item tag 0x0 [ 1293.128337][ T9] hid-generic 0000:0000:0000.0035: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1293.695226][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1294.089438][T12517] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1294.230430][T24256] tipc: Enabled bearer , priority 0 [ 1294.320028][T24254] tipc: Disabling bearer [ 1294.735234][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1295.775238][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1296.565684][T12517] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1296.849362][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1297.925244][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1298.074559][ T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1298.075261][ T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1298.966366][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1299.780084][ T9153] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1300.015349][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1301.055779][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1301.299391][T24331] bridge0: port 2(bridge_slave_1) entered disabled state [ 1301.341838][T24331] bridge0: port 1(bridge_slave_0) entered disabled state [ 1301.685656][ T3558] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1301.901302][T24353] binder: BINDER_SET_CONTEXT_MGR bad uid 0 != 60929 [ 1301.901326][T24353] binder: 24351:24353 ioctl 4018620d 2000000000c0 returned -1 [ 1301.904779][T24353] binder: BINDER_SET_CONTEXT_MGR bad uid 0 != 60929 [ 1301.904799][T24353] binder: 24351:24353 ioctl 4018620d 200000000040 returned -1 [ 1302.095318][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1302.303613][T24357] netlink: 'syz.6.6342': attribute type 1 has an invalid length. [ 1302.433314][T24362] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6342'. [ 1302.489982][T12004] Bluetooth: hci3: command 0x0406 tx timeout [ 1303.125407][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1303.436215][T24331] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1303.512495][T24331] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1303.754481][ T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1303.754998][ T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1304.166369][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1304.973333][ T9164] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1305.205365][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1305.528538][T23445] usb 1-1: new high-speed USB device number 48 using dummy_hcd [ 1305.543966][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 1305.544043][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 1305.759574][T23445] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1305.759607][T23445] usb 1-1: config 0 has no interfaces? [ 1305.763272][T23445] usb 1-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13 [ 1305.763307][T23445] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1305.763331][T23445] usb 1-1: Product: syz [ 1305.763350][T23445] usb 1-1: Manufacturer: syz [ 1305.763367][T23445] usb 1-1: SerialNumber: syz [ 1305.831609][T23445] usb 1-1: config 0 descriptor?? [ 1306.252698][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1307.305366][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1307.452485][ T9167] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1308.325313][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1308.409017][ T9] usb 1-1: USB disconnect, device number 48 [ 1308.560748][T24357] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR [ 1308.794383][ T12] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1308.818916][ T12] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1308.820680][ T12] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1308.820724][ T12] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1309.178516][T24410] syzkaller0: entered promiscuous mode [ 1309.178544][T24410] syzkaller0: entered allmulticast mode [ 1309.365409][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1309.370155][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1309.371026][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1309.433238][T24415] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1310.405304][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1311.822884][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1312.549032][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1312.885347][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1314.077584][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1314.486428][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1314.490647][T24465] netlink: 'syz.6.6373': attribute type 3 has an invalid length. [ 1314.490985][T24465] netlink: 'syz.6.6373': attribute type 3 has an invalid length. [ 1314.783697][T24476] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6375'. [ 1315.126856][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1316.178824][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1317.082974][T24496] binder: 24488:24496 unknown command 0 [ 1317.083138][T24496] binder: 24488:24496 ioctl c0306201 2000000001c0 returned -22 [ 1317.197235][ T1020] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1317.205261][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1318.246279][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1318.511838][ T9164] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1319.285421][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1319.815387][ T3558] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1319.938434][T24513] tipc: Enabled bearer , priority 0 [ 1319.945621][T24513] syzkaller0: entered promiscuous mode [ 1319.945651][T24513] syzkaller0: entered allmulticast mode [ 1320.326297][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1320.762235][ T1020] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1322.097049][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1322.882252][ T9164] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1323.108672][T24516] tipc: Resetting bearer [ 1323.125319][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1323.225569][T24512] tipc: Resetting bearer [ 1323.643576][T24512] tipc: Disabling bearer [ 1323.868063][T22592] tipc: Node number set to 1348810132 [ 1324.085924][ T9153] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1324.165293][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1325.205330][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1325.620832][ T9153] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1326.246174][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1326.684022][ T9153] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1327.285548][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1328.328752][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1328.565883][ T9164] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1329.366524][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1329.794433][ T9164] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1331.784180][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1332.337148][ T1020] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1332.422444][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1332.894493][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1333.686053][ T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1333.847491][T24610] bridge0: port 3(vlan3) entered blocking state [ 1333.847644][T24610] bridge0: port 3(vlan3) entered disabled state [ 1333.847832][T24610] vlan3: entered allmulticast mode [ 1333.847852][T24610] bridge0: entered allmulticast mode [ 1333.915824][T24610] vlan3: left allmulticast mode [ 1333.915865][T24610] bridge0: left allmulticast mode [ 1333.925199][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1334.965272][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1336.620914][ T9164] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1336.645467][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1337.920594][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1337.923599][ T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1338.326336][ T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1339.853150][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1339.874676][ T1020] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1340.885356][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1341.245814][ T808] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 1342.469946][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1342.779957][ T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1343.405144][ T808] usb 6-1: Using ep0 maxpacket: 16 [ 1343.424802][ T1020] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1343.445441][ T9164] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1343.488291][T24683] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6431'. [ 1343.525419][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1344.594032][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1345.711162][ T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1345.736322][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1345.749366][ T808] usb 6-1: device descriptor read/all, error -71 [ 1347.171784][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1348.695952][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1348.999616][ T9153] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1349.046395][ T151] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1349.046827][ T151] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1349.777600][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1350.805757][ T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1350.912931][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1351.963578][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1353.419575][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1354.486075][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1355.069180][ T151] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1355.074272][ T1020] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1355.251849][ T9151] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1355.539224][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1356.565225][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1356.593400][ T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1358.558187][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1358.925154][T22592] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 1359.780482][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1360.777453][ T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1360.777852][ T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1360.778178][ T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1360.805390][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1362.795605][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1363.316950][ T1020] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1365.834912][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1365.854957][ T1020] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1366.141331][T24829] Bluetooth: MGMT ver 1.23 [ 1366.141364][T24829] Bluetooth: hci0: invalid length 0, exp 2 for type 11 [ 1366.326802][ T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1366.327138][ T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1366.781870][T13215] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 1366.938792][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1367.496018][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 1367.496095][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 1367.815154][T13215] usb 3-1: Using ep0 maxpacket: 16 [ 1367.858939][T13215] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1367.860894][T13215] usb 3-1: config 1 interface 0 has no altsetting 0 [ 1367.864630][T13215] usb 3-1: New USB device found, idVendor=03f0, idProduct=0004, bcdDevice= 0.40 [ 1367.864667][T13215] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1367.864693][T13215] usb 3-1: Product: syz [ 1367.864711][T13215] usb 3-1: Manufacturer: syz [ 1367.864729][T13215] usb 3-1: SerialNumber: syz [ 1368.005338][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1368.945553][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1369.055473][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1369.223191][T13215] usblp0: Disabling reads from problematic bidirectional printer [ 1369.257120][T13215] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 30 if 0 alt 32 proto 2 vid 0x03F0 pid 0x0004 [ 1369.289113][T13215] usb 3-1: USB disconnect, device number 30 [ 1369.327917][T13215] usblp0: removed [ 1370.259651][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1372.195955][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1372.332235][T12004] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1372.364669][T12004] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1372.375689][T12004] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1372.394566][T12004] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1372.405473][T12004] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1372.434068][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1372.440026][ T9163] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1372.440174][ T9163] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1373.205278][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1374.245271][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1374.569293][ T5805] Bluetooth: hci2: command tx timeout [ 1374.646918][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1376.516925][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1376.771951][ T5805] Bluetooth: hci2: command tx timeout [ 1377.628965][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1378.291076][ T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1378.315337][ T9153] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1378.343087][ T151] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1378.645914][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1378.659443][T24880] kvm: kvm [24877]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x495a [ 1378.663399][T24880] kvm: kvm [24877]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x1016 [ 1378.685280][T24880] kvm: kvm [24877]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x100004a31 [ 1378.685366][T24880] kvm: kvm [24877]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 1378.686788][T24880] kvm: kvm [24877]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x69d6 [ 1378.687395][T24880] kvm: kvm [24877]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x3926 [ 1378.687941][T24880] kvm: kvm [24877]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0x59e7 [ 1378.699513][T24880] kvm_intel: kvm [24877]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0x68d1 [ 1378.700076][T24880] kvm: kvm [24877]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x68d1 [ 1378.700259][T24880] kvm: kvm [24877]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 1378.715392][T24880] kvm: kvm [24877]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x2262 [ 1378.732202][T24880] kvm_intel: kvm [24877]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0x19c2 [ 1378.805490][ T5805] Bluetooth: hci2: command tx timeout [ 1379.950589][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1381.532623][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1381.675078][ T5805] Bluetooth: hci2: command tx timeout [ 1381.754639][ T9163] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1382.565360][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1383.366975][ T1020] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1383.605471][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1383.643838][ T9164] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1383.808633][ T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1384.303745][ T5805] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 1384.303773][ T5805] CPU: 0 UID: 0 PID: 5805 Comm: kworker/u9:3 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1384.303798][ T5805] Tainted: [L]=SOFTLOCKUP [ 1384.303805][ T5805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1384.303817][ T5805] Workqueue: hci1 hci_rx_work [ 1384.303849][ T5805] Call Trace: [ 1384.303856][ T5805] [ 1384.303865][ T5805] dump_stack_lvl+0xe8/0x150 [ 1384.303893][ T5805] sysfs_create_dir_ns+0x271/0x2a0 [ 1384.303919][ T5805] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 1384.303940][ T5805] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 1384.303968][ T5805] ? rt_spin_unlock+0x160/0x200 [ 1384.303990][ T5805] kobject_add_internal+0x631/0xd10 [ 1384.304025][ T5805] kobject_add+0x163/0x240 [ 1384.304055][ T5805] ? __pfx_kobject_add+0x10/0x10 [ 1384.304087][ T5805] ? get_device_parent+0x370/0x3a0 [ 1384.304109][ T5805] device_add+0x408/0xb80 [ 1384.304130][ T5805] hci_conn_add_sysfs+0xd5/0x210 [ 1384.304157][ T5805] le_conn_complete_evt+0xf1d/0x1430 [ 1384.304184][ T5805] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 1384.304203][ T5805] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1384.304228][ T5805] ? lockdep_hardirqs_on+0x7a/0x110 [ 1384.304253][ T5805] ? skb_pull_data+0xfb/0x200 [ 1384.304279][ T5805] hci_le_conn_complete_evt+0x187/0x470 [ 1384.304314][ T5805] hci_event_packet+0x7af/0x12c0 [ 1384.304343][ T5805] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 1384.304379][ T5805] ? __pfx_hci_event_packet+0x10/0x10 [ 1384.304403][ T5805] ? rt_spin_unlock+0x14f/0x200 [ 1384.304429][ T5805] ? hci_send_to_monitor+0xe2/0x590 [ 1384.304451][ T5805] hci_rx_work+0x3ee/0x1030 [ 1384.304481][ T5805] ? process_scheduled_works+0xa0f/0x17a0 [ 1384.304504][ T5805] process_scheduled_works+0xaec/0x17a0 [ 1384.304547][ T5805] ? __pfx_process_scheduled_works+0x10/0x10 [ 1384.304566][ T5805] ? do_raw_spin_lock+0x12b/0x2f0 [ 1384.304593][ T5805] ? assign_work+0x3d3/0x440 [ 1384.304619][ T5805] worker_thread+0x89f/0xd90 [ 1384.304660][ T5805] kthread+0x726/0x8b0 [ 1384.304688][ T5805] ? __pfx_worker_thread+0x10/0x10 [ 1384.304708][ T5805] ? __pfx_kthread+0x10/0x10 [ 1384.304731][ T5805] ? rt_spin_unlock+0x14f/0x200 [ 1384.304753][ T5805] ? rt_spin_unlock+0x160/0x200 [ 1384.304770][ T5805] ? __pfx_kthread+0x10/0x10 [ 1384.304796][ T5805] ret_from_fork+0x51b/0xa40 [ 1384.304819][ T5805] ? __pfx_ret_from_fork+0x10/0x10 [ 1384.304837][ T5805] ? __switch_to+0xc82/0x1410 [ 1384.304858][ T5805] ? __pfx_kthread+0x10/0x10 [ 1384.304884][ T5805] ret_from_fork_asm+0x1a/0x30 [ 1384.304924][ T5805] [ 1384.304945][ T5805] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 1384.304973][ T5805] Bluetooth: hci1: failed to register connection device [ 1384.694696][ T13] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1384.861079][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1384.935400][T24918] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6474'. [ 1385.926173][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1388.294813][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1390.648230][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1391.089861][ T151] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1391.123666][ T3558] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1391.124191][ T3558] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1391.151875][ T9164] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1391.725539][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1392.768713][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1393.978208][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1393.991043][T12004] Bluetooth: hci1: command 0x0406 tx timeout [ 1394.198796][ T13] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1394.468706][T24949] overlayfs: failed to resolve './file0': -2 [ 1394.921187][T24952] ALSA: mixer_oss: invalid OSS volume '' [ 1395.031409][ T13] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1395.045395][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1395.143083][T24854] chnl_net:caif_netlink_parms(): no params data found [ 1395.864076][ T13] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1396.194264][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1397.272270][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1397.570253][ T9163] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1397.570800][ T9163] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1397.619876][ T1364] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1397.645558][ T9153] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1398.472118][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1400.041558][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1401.009122][T24854] bridge0: port 1(bridge_slave_0) entered blocking state [ 1401.027150][T24854] bridge0: port 1(bridge_slave_0) entered disabled state [ 1401.027439][T24854] bridge_slave_0: entered allmulticast mode [ 1401.030331][T24854] bridge_slave_0: entered promiscuous mode [ 1401.045776][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1401.099026][T24854] bridge0: port 2(bridge_slave_1) entered blocking state [ 1401.104600][T24854] bridge0: port 2(bridge_slave_1) entered disabled state [ 1401.104897][T24854] bridge_slave_1: entered allmulticast mode [ 1401.151405][T24854] bridge_slave_1: entered promiscuous mode [ 1402.098030][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1402.812989][T12517] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1402.813364][ T9153] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1403.031117][T24854] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1403.125245][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1403.190154][T24854] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1404.796867][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1404.807034][ T9164] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1405.846626][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1406.409414][T12517] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1407.037853][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1408.093825][T25009] futex_wake_op: syz.5.6495 tries to shift op by 144; fix this program [ 1409.250755][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1409.254206][ T9164] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1409.265428][ T9164] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1410.441206][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1410.743043][ T1020] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1411.445960][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1411.842011][T25021] kvm_pr_unimpl_wrmsr: 4 callbacks suppressed [ 1411.842038][T25021] kvm: kvm [25018]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xc95a [ 1411.886780][T25021] kvm: kvm [25018]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x1016 [ 1411.913852][T25021] kvm: kvm [25018]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0x6191 [ 1411.925672][T25021] kvm: kvm [25018]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0x1131 [ 1411.961422][T25021] kvm: kvm [25018]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x71b1 [ 1411.961516][T25021] kvm: kvm [25018]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 1411.961972][T25021] kvm: kvm [25018]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0x20b1 [ 1412.024506][T25021] kvm_intel: kvm [25018]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0x41b1 [ 1412.489679][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1414.425721][ T3558] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1414.485899][ T9167] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1414.498340][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1414.968771][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1415.104624][T24854] team0: Port device team_slave_0 added [ 1415.124946][T24854] team0: Port device team_slave_1 added [ 1415.156327][ T5805] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1415.191203][ T5805] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1415.437280][ T5805] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1415.511156][ T5805] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1415.535758][ T5805] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1416.009894][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1416.364575][ T151] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1416.465684][ T13] bridge_slave_1: left allmulticast mode [ 1416.465720][ T13] bridge_slave_1: left promiscuous mode [ 1416.466551][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 1417.045829][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1418.100977][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1418.245232][T12004] Bluetooth: hci0: command tx timeout [ 1418.516917][ T13] bridge_slave_0: left allmulticast mode [ 1418.516951][ T13] bridge_slave_0: left promiscuous mode [ 1418.517257][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 1419.748471][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1420.248157][ T9153] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1420.249101][ T9153] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1420.285637][T25065] netlink: 7 bytes leftover after parsing attributes in process `syz.5.6506'. [ 1420.325218][T12004] Bluetooth: hci0: command tx timeout [ 1420.768850][ T3558] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1420.815285][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1422.110439][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1422.116225][ T1364] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1422.405247][T12004] Bluetooth: hci0: command tx timeout [ 1423.125195][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1424.643510][T12004] Bluetooth: hci0: command tx timeout [ 1424.796809][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1425.076973][T25084] netlink: 44 bytes leftover after parsing attributes in process `syz.0.6510'. [ 1426.005616][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1426.034516][ T9163] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1426.080685][ T9163] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1426.105992][T25087] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1426.486999][T22592] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 1427.010516][ T9164] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1427.057135][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1427.254963][T25087] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6512'. [ 1427.335255][T22592] usb 6-1: Using ep0 maxpacket: 32 [ 1427.337148][T22592] usb 6-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 1427.337171][T22592] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1427.468006][T22592] usb 6-1: config 0 descriptor?? [ 1427.684314][T22592] gspca_main: sunplus-2.14.0 probing 041e:400b [ 1428.086013][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1428.376453][T22592] gspca_sunplus: reg_w_riv err -110 [ 1428.377334][T22592] sunplus 6-1:0.0: probe with driver sunplus failed with error -110 [ 1428.503490][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 1428.504014][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 1428.655084][ T9163] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1428.714273][T22592] usb 6-1: USB disconnect, device number 17 [ 1429.133577][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1430.166107][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1431.357240][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1432.534220][ T9153] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1432.534761][ T9153] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1432.584611][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1432.584905][ T151] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1432.610988][ T5805] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1432.686366][ T5805] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1432.689807][ T5805] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1432.691904][ T5805] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1432.693119][ T5805] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1434.007432][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1434.546763][ T3558] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1435.815706][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1436.719841][T12004] Bluetooth: hci6: command tx timeout [ 1436.895311][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1437.606154][ T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1437.980921][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1438.043996][ T151] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1438.932858][T12004] Bluetooth: hci6: command tx timeout [ 1439.053625][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1440.495598][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1440.522053][ T9151] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1441.042886][T12004] Bluetooth: hci6: command tx timeout [ 1441.559040][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1442.972328][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1443.018050][ T9163] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1443.045641][T12004] Bluetooth: hci6: command tx timeout [ 1443.146606][ T9153] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1444.005322][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1444.357752][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1444.948202][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1445.178282][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1445.227432][T25173] syz.2.6526 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 1445.231702][T25173] ptrace attach of "./syz-executor exec"[21726] was attempted by ""[25173] [ 1446.330163][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1450.672835][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1450.691768][ T58] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1450.695470][ T1020] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1450.706672][ T9167] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1450.708872][ T1364] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1450.919388][ T13] bond0 (unregistering): Released all slaves [ 1450.929984][ T13] bond1 (unregistering): Released all slaves [ 1451.282643][T24854] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1451.282661][T24854] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1451.282694][T24854] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1451.685486][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1453.038589][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1453.988493][ T13] tipc: Left network mode [ 1454.095253][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1455.254746][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1455.765720][ T1020] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1455.766747][ T1020] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1456.338844][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1456.572759][ T9167] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1456.573795][ T9153] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1456.578754][T25195] binder: 25194:25195 ioctl c0306201 200000000180 returned -14 [ 1458.297127][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1459.365438][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1460.648320][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1461.582081][ T9167] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1461.641059][ T1020] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1461.692493][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1462.057318][ T1020] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1462.438332][ T9155] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1462.472151][T25218] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 1462.738581][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1463.775183][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1464.805215][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1465.474811][T25241] Bluetooth: MGMT ver 1.23 [ 1465.902230][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1466.815642][ T9153] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1466.816290][ T9153] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1466.975275][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1467.445570][ T9153] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1467.957016][T25249] kvm: kvm [25248]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xffc300000222 [ 1468.015557][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1468.087241][T12517] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1468.805569][T22592] usb 3-1: new full-speed USB device number 31 using dummy_hcd [ 1468.955772][ T13] hsr_slave_0: left promiscuous mode [ 1468.995379][ T13] hsr_slave_1: left promiscuous mode [ 1469.065887][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1469.244325][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1469.270647][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1469.870877][T22592] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1469.871648][T22592] usb 3-1: not running at top speed; connect to a high speed hub [ 1469.878971][T22592] usb 3-1: config 1 interface 0 altsetting 104 endpoint 0x3 has invalid maxpacket 512, setting to 64 [ 1469.879077][T22592] usb 3-1: config 1 interface 0 altsetting 104 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1469.879162][T22592] usb 3-1: config 1 interface 0 has no altsetting 0 [ 1469.882023][T22592] usb 3-1: language id specifier not provided by device, defaulting to English [ 1469.886733][T22592] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1469.886767][T22592] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1469.886851][T22592] usb 3-1: Product: syz [ 1469.886917][T22592] usb 3-1: Manufacturer: ꥅ綂ᤳ矜éŸåš¤ì·¹á‚ªÌºé²¶æ¶«îš¥î‡¯í’฻ò¸ˆµ [ 1469.886985][T22592] usb 3-1: SerialNumber: syz [ 1469.904099][T25254] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1470.085160][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1470.181260][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1470.181293][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1470.207172][T22592] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -71 [ 1470.261960][T22592] usb 3-1: USB disconnect, device number 31 [ 1470.440087][ T13] veth1_macvtap: left promiscuous mode [ 1470.440202][ T13] veth0_macvtap: left promiscuous mode [ 1470.440483][ T13] veth1_vlan: left promiscuous mode [ 1470.440675][ T13] veth0_vlan: left promiscuous mode [ 1471.129942][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1471.957494][ T1020] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1472.165261][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1472.718463][ T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1472.718983][ T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1473.205286][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1473.845749][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1474.245191][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1475.632527][ T5805] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1475.679840][ T5805] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1475.694666][ T5805] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1475.712351][ T5805] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1475.714044][ T5805] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1475.865133][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1477.028263][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1477.086478][ T9153] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1477.401009][T24859] Bluetooth: hci4: unexpected event for opcode 0x040d [ 1477.883887][T24859] Bluetooth: hci2: command tx timeout [ 1478.085469][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1478.116599][ T13] team0 (unregistering): Port device team_slave_1 removed [ 1478.329261][ T1364] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1478.330275][T12517] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1478.485939][ T13] team0 (unregistering): Port device team_slave_0 removed [ 1478.967177][ T9153] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1479.454439][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1479.926476][T24859] Bluetooth: hci2: command tx timeout [ 1480.426605][T25345] binder_alloc: 25342: binder_alloc_buf, no vma [ 1480.731445][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1481.695365][T23427] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 1481.765265][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1481.855186][T23427] usb 3-1: Using ep0 maxpacket: 16 [ 1481.858878][T23427] usb 3-1: config 0 has an invalid interface number: 108 but max is 0 [ 1481.858911][T23427] usb 3-1: config 0 has no interface number 0 [ 1481.858961][T23427] usb 3-1: config 0 interface 108 altsetting 0 endpoint 0x2 has an invalid bInterval 58, changing to 9 [ 1481.859011][T23427] usb 3-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=15.4c [ 1481.859039][T23427] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1481.876377][T23427] usb 3-1: config 0 descriptor?? [ 1482.005190][T24859] Bluetooth: hci2: command tx timeout [ 1482.097895][T23427] usb 3-1: USB disconnect, device number 32 [ 1482.713224][ T37] audit: type=1326 audit(1769317042.812:3752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25351 comm="syz.2.6584" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fba5a2facb9 code=0x0 [ 1482.815398][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1482.817098][ T1364] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1483.366434][ T1364] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1483.845377][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1484.085350][T24859] Bluetooth: hci2: command tx timeout [ 1484.256997][ T9153] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1484.352491][T25369] Invalid source name [ 1484.352540][T25369] UBIFS error (pid: 25369): cannot open "ubifs", error -22 [ 1484.931432][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1485.144527][ T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1485.610230][T25372] can0: slcan on ptm0. [ 1485.665824][T25374] bond1: option fail_over_mac: invalid value (33) [ 1485.756399][T25374] bond1 (unregistering): Released all slaves [ 1486.025201][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1486.289388][ T5805] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1486.317448][ T5805] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1486.356746][ T5805] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1486.358279][ T5805] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1486.359235][ T5805] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1487.087835][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1487.686394][T25370] can0 (unregistered): slcan off ptm0. [ 1487.875896][T25386] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6593'. [ 1488.768256][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1488.793564][T24859] Bluetooth: hci5: command tx timeout [ 1488.802261][ T9153] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1488.802790][ T9153] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1490.802203][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1490.820544][T24859] Bluetooth: hci5: command tx timeout [ 1490.821314][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 1490.821383][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 1490.868273][ T9163] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1490.868740][ T9163] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1491.404860][T25397] binder: 25394:25397 ioctl c0306201 0 returned -14 [ 1491.521185][T24859] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 1491.658733][T24859] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 1491.687994][T24859] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 1491.689825][T24859] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 1491.692363][T24859] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 1491.855198][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1492.885169][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1492.885679][T24859] Bluetooth: hci5: command tx timeout [ 1493.415125][ T808] usb 6-1: new full-speed USB device number 18 using dummy_hcd [ 1493.586062][ T808] usb 6-1: unable to get BOS descriptor or descriptor too short [ 1493.586655][ T808] usb 6-1: not running at top speed; connect to a high speed hub [ 1493.587722][ T808] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xEE, changing to 0x8E [ 1493.587753][ T808] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10 [ 1493.587780][ T808] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid maxpacket 221, setting to 64 [ 1493.587807][ T808] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1493.587831][ T808] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 1493.587852][ T808] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 67, setting to 64 [ 1493.676688][ T808] usb 6-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84 [ 1493.676723][ T808] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1493.676748][ T808] usb 6-1: Product: syz [ 1493.676765][ T808] usb 6-1: Manufacturer: syz [ 1493.676783][ T808] usb 6-1: SerialNumber: syz [ 1493.708639][T25397] syz.2.6595 (25397): drop_caches: 2 [ 1493.759367][ T808] usb 6-1: config 0 descriptor?? [ 1493.777472][T25417] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1493.777897][T25417] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1493.778385][T25417] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1493.859495][T24859] Bluetooth: hci7: command tx timeout [ 1493.914223][ T808] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 1493.935987][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1494.243191][ T808] usb 6-1: USB disconnect, device number 18 [ 1494.283268][T25377] chnl_net:caif_netlink_parms(): no params data found [ 1494.325667][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1494.326199][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1494.596164][T25429] udevd[25429]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1494.965194][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1494.969926][T24859] Bluetooth: hci5: command tx timeout [ 1495.203059][T25435] binder: 25434:25435 ioctl c0306201 200000000180 returned -14 [ 1495.925437][ T5805] Bluetooth: hci7: command tx timeout [ 1496.097756][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1496.326002][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1496.329030][ T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1497.125163][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1497.285192][T23427] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 1497.295252][ T5802] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 1497.367815][T25296] chnl_net:caif_netlink_parms(): no params data found [ 1497.435177][T23427] usb 3-1: Using ep0 maxpacket: 32 [ 1497.454344][ T5802] usb 6-1: Using ep0 maxpacket: 8 [ 1497.478932][ T5802] usb 6-1: config 225 has an invalid interface number: 130 but max is 0 [ 1497.478968][ T5802] usb 6-1: config 225 has no interface number 0 [ 1497.479006][ T5802] usb 6-1: config 225 interface 130 has no altsetting 0 [ 1497.482168][T23427] usb 3-1: New USB device found, idVendor=17cc, idProduct=1020, bcdDevice=b4.bf [ 1497.482202][T23427] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1497.482226][T23427] usb 3-1: Product: syz [ 1497.482243][T23427] usb 3-1: Manufacturer: syz [ 1497.482262][T23427] usb 3-1: SerialNumber: syz [ 1497.544383][ T5802] usb 6-1: New USB device found, idVendor=05ac, idProduct=0253, bcdDevice=82.93 [ 1497.544431][ T5802] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1497.544456][ T5802] usb 6-1: Product: syz [ 1497.544473][ T5802] usb 6-1: Manufacturer: syz [ 1497.544491][ T5802] usb 6-1: SerialNumber: syz [ 1497.602466][T23427] usb 3-1: config 0 descriptor?? [ 1497.930693][T23427] snd-usb-audio 3-1:0.0: probe with driver snd-usb-audio failed with error -71 [ 1497.936335][ T5802] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:225.130/input/input48 [ 1497.986361][T23427] usb 3-1: USB disconnect, device number 33 [ 1498.040045][ T5150] bcm5974 6-1:225.130: could not read from device [ 1498.165183][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1498.165552][ T13] netdevsim netdevsim6 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1498.165593][ T13] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1498.168325][ T5802] usb 6-1: USB disconnect, device number 19 [ 1498.325124][ T5805] Bluetooth: hci7: command tx timeout [ 1498.775335][T22592] usb 3-1: new full-speed USB device number 34 using dummy_hcd [ 1498.927694][T22592] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 129, using maximum allowed: 30 [ 1498.927760][T22592] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 1498.927792][T22592] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 129 [ 1498.927840][T22592] usb 3-1: New USB device found, idVendor=056a, idProduct=0039, bcdDevice= 0.00 [ 1498.927867][T22592] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1498.946295][T22592] usb 3-1: config 0 descriptor?? [ 1498.947411][T25472] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1499.205148][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1499.223488][T22592] usbhid 3-1:0.0: can't add hid device: -71 [ 1499.223649][T22592] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 1499.242706][T22592] usb 3-1: USB disconnect, device number 34 [ 1500.173740][ T13] netdevsim netdevsim6 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1500.173773][ T13] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1500.254166][T25398] chnl_net:caif_netlink_parms(): no params data found [ 1500.255197][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1500.405165][ T5805] Bluetooth: hci7: command tx timeout [ 1500.428827][T25377] bridge0: port 1(bridge_slave_0) entered blocking state [ 1500.428967][T25377] bridge0: port 1(bridge_slave_0) entered disabled state [ 1500.429241][T25377] bridge_slave_0: entered allmulticast mode [ 1500.432422][T25377] bridge_slave_0: entered promiscuous mode [ 1500.449433][T25501] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6622'. [ 1501.287287][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1501.970057][ T13] netdevsim netdevsim6 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1501.970099][ T13] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1502.099418][T25377] bridge0: port 2(bridge_slave_1) entered blocking state [ 1502.099635][T25377] bridge0: port 2(bridge_slave_1) entered disabled state [ 1502.099844][T25377] bridge_slave_1: entered allmulticast mode [ 1502.111006][T25377] bridge_slave_1: entered promiscuous mode [ 1502.325152][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1502.638469][ T13] netdevsim netdevsim6 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1502.638513][ T13] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1502.746053][T25296] bridge0: port 1(bridge_slave_0) entered blocking state [ 1502.746212][T25296] bridge0: port 1(bridge_slave_0) entered disabled state [ 1502.746444][T25296] bridge_slave_0: entered allmulticast mode [ 1502.748529][T25296] bridge_slave_0: entered promiscuous mode [ 1502.849422][T25296] bridge0: port 2(bridge_slave_1) entered blocking state [ 1502.849515][T25296] bridge0: port 2(bridge_slave_1) entered disabled state [ 1502.849779][T25296] bridge_slave_1: entered allmulticast mode [ 1502.851768][T25296] bridge_slave_1: entered promiscuous mode [ 1502.892976][T25377] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1503.021995][T25377] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1503.073504][T25296] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1503.237893][T25296] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1503.367314][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1503.544222][T25398] bridge0: port 1(bridge_slave_0) entered blocking state [ 1503.555430][T25398] bridge0: port 1(bridge_slave_0) entered disabled state [ 1503.555665][T25398] bridge_slave_0: entered allmulticast mode [ 1503.578798][T25398] bridge_slave_0: entered promiscuous mode [ 1503.656986][T25377] team0: Port device team_slave_0 added [ 1503.658480][T25398] bridge0: port 2(bridge_slave_1) entered blocking state [ 1503.658621][T25398] bridge0: port 2(bridge_slave_1) entered disabled state [ 1503.658836][T25398] bridge_slave_1: entered allmulticast mode [ 1503.702674][T25398] bridge_slave_1: entered promiscuous mode [ 1503.781080][T25377] team0: Port device team_slave_1 added [ 1504.086121][T25296] team0: Port device team_slave_0 added [ 1504.254759][T25296] team0: Port device team_slave_1 added [ 1504.359558][T25398] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1504.405289][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1504.498945][T25377] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1504.498967][T25377] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1504.498997][T25377] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1504.573221][T25398] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1504.805289][T25377] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1504.805305][T25377] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1504.805329][T25377] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1504.892135][T25296] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1504.892156][T25296] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1504.892187][T25296] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1505.247282][T25296] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1505.247304][T25296] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1505.247344][T25296] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1505.312955][T25398] team0: Port device team_slave_0 added [ 1505.400525][T25398] team0: Port device team_slave_1 added [ 1505.445118][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1506.242315][ T13] bridge_slave_1: left allmulticast mode [ 1506.242340][ T13] bridge_slave_1: left promiscuous mode [ 1506.242554][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 1506.285236][T23427] usb 3-1: new full-speed USB device number 35 using dummy_hcd [ 1506.346078][ T13] bridge_slave_0: left allmulticast mode [ 1506.346130][ T13] bridge_slave_0: left promiscuous mode [ 1506.346396][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 1506.444675][T23427] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1506.444759][T23427] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x61, changing to 0x1 [ 1506.444790][T23427] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 10 [ 1506.444822][T23427] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 1506.485281][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1506.501774][T23427] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 1506.501810][T23427] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 1506.501834][T23427] usb 3-1: Manufacturer: syz [ 1506.543197][ T13] bridge_slave_1: left allmulticast mode [ 1506.543435][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 1506.609641][T23427] usb 3-1: config 0 descriptor?? [ 1506.628850][ T13] bridge_slave_0: left allmulticast mode [ 1506.628886][ T13] bridge_slave_0: left promiscuous mode [ 1506.629153][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 1506.845296][T23427] usb 3-1: USB disconnect, device number 35 [ 1507.452232][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1507.547632][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1507.588349][T25585] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6650'. [ 1507.638950][ T13] bond0 (unregistering): Released all slaves [ 1507.700816][ T5873] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 1507.897511][ T5873] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 1507.897548][ T5873] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 1507.897577][ T5873] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1507.897604][ T5873] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0 [ 1507.897649][ T5873] usb 6-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 1507.897676][ T5873] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1507.902830][ T5873] usb 6-1: config 0 descriptor?? [ 1508.165602][ T5873] hdpvr 6-1:0.0: firmware version 0xd dated [ 1508.477740][ T5873] hdpvr 6-1:0.0: device init failed [ 1508.477851][ T5873] hdpvr 6-1:0.0: probe with driver hdpvr failed with error -12 [ 1508.500403][ T5873] usb 6-1: USB disconnect, device number 20 [ 1509.315676][ T13] bond1 (unregistering): (slave gretap1): Releasing active interface [ 1509.315706][ T13] gretap1 (unregistering): left allmulticast mode [ 1510.127864][T25604] binder_alloc: 25602: binder_alloc_buf, no vma [ 1510.762769][T25606] netlink: 36 bytes leftover after parsing attributes in process `syz.2.6658'. [ 1511.056135][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1511.136519][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1511.190286][ T13] bond0 (unregistering): Released all slaves [ 1511.586392][T25622] binder_alloc: 25619: binder_alloc_buf, no vma [ 1512.620295][ T37] audit: type=1326 audit(1769317072.722:3753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25625 comm="syz.2.6667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba5a2facb9 code=0x7ffc0000 [ 1512.620360][ T37] audit: type=1326 audit(1769317072.722:3754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25625 comm="syz.2.6667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba5a2facb9 code=0x7ffc0000 [ 1512.623650][ T37] audit: type=1326 audit(1769317072.722:3755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25625 comm="syz.2.6667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=12 compat=0 ip=0x7fba5a2facb9 code=0x7ffc0000 [ 1512.623707][ T37] audit: type=1326 audit(1769317072.722:3756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25625 comm="syz.2.6667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba5a2facb9 code=0x7ffc0000 [ 1512.623758][ T37] audit: type=1326 audit(1769317072.722:3757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25625 comm="syz.2.6667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba5a2facb9 code=0x7ffc0000 [ 1513.232063][ T5873] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 1513.395696][ T5873] usb 3-1: device descriptor read/64, error -71 [ 1513.475716][ T13] bond1 (unregistering): Released all slaves [ 1513.522737][T25377] hsr_slave_0: entered promiscuous mode [ 1513.523855][T25377] hsr_slave_1: entered promiscuous mode [ 1513.540058][T25398] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1513.540079][T25398] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1513.540112][T25398] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1513.720752][ T5873] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 1513.746373][T25398] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1513.746394][T25398] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1513.746428][T25398] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1513.790436][T25296] hsr_slave_0: entered promiscuous mode [ 1513.794627][T25296] hsr_slave_1: entered promiscuous mode [ 1513.855378][T25296] debugfs: 'hsr0' already exists in 'hsr' [ 1513.855410][T25296] Cannot create hsr debugfs directory [ 1513.883861][ T5873] usb 3-1: device descriptor read/64, error -71 [ 1513.985664][ T5873] usb usb3-port1: attempt power cycle [ 1514.100763][ T13] tipc: Disabling bearer [ 1514.121827][ T13] tipc: Left network mode [ 1514.405225][ T5873] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 1514.480205][ T5873] usb 3-1: device descriptor read/8, error -71 [ 1514.554278][T25398] hsr_slave_0: entered promiscuous mode [ 1514.562109][T25398] hsr_slave_1: entered promiscuous mode [ 1514.563040][T25398] debugfs: 'hsr0' already exists in 'hsr' [ 1514.563066][T25398] Cannot create hsr debugfs directory [ 1514.785417][ T5873] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 1514.806538][ T5873] usb 3-1: device descriptor read/8, error -71 [ 1514.915857][ T5873] usb usb3-port1: unable to enumerate USB device [ 1518.435164][ T5873] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 1518.585101][ T5873] usb 3-1: Using ep0 maxpacket: 16 [ 1518.589085][ T5873] usb 3-1: too many endpoints for config 1 interface 0 altsetting 210: 44, using maximum allowed: 30 [ 1518.589147][ T5873] usb 3-1: config 1 interface 0 altsetting 210 endpoint 0x81 has an invalid bInterval 64, changing to 10 [ 1518.589183][ T5873] usb 3-1: config 1 interface 0 altsetting 210 has 2 endpoint descriptors, different from the interface descriptor's value: 44 [ 1518.589216][ T5873] usb 3-1: config 1 interface 0 has no altsetting 0 [ 1518.590013][ T5873] usb 3-1: language id specifier not provided by device, defaulting to English [ 1518.646239][ T5873] usb 3-1: New USB device found, idVendor=1b1c, idProduct=1b09, bcdDevice= 0.40 [ 1518.646279][ T5873] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1518.646304][ T5873] usb 3-1: Manufacturer: ಢ퀛ê›êš‡é¦æ°·é‚䈅⾌鷺亡⹲싕⇥옮꛱ᆭí£ê“楢阕å©å“㬾â—꤂â˜ë•é€¿ä¹”膌踭d㫞菉∢ꤕ园凾诶ê¬é§ºê‰ êºæ˜Ê˜àª¥î¼¨èෘ⎳냟鳡Ⓚ쇋♡꣣愕äŽî›¢ë´¿å¡ã–厰ä [ 1518.646334][ T5873] usb 3-1: SerialNumber: Ð [ 1518.936546][ T5873] usbhid 3-1:1.0: can't add hid device: -71 [ 1518.936713][ T5873] usbhid 3-1:1.0: probe with driver usbhid failed with error -71 [ 1518.944839][ T5873] usb 3-1: USB disconnect, device number 40 [ 1519.958315][T25686] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1520.059747][T25686] netlink: 12 bytes leftover after parsing attributes in process `syz.5.6686'. [ 1520.239690][T25686] netlink: 12 bytes leftover after parsing attributes in process `syz.5.6686'. [ 1520.985139][T22592] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 1521.065538][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1521.071501][T25702] netlink: 'syz.5.6691': attribute type 1 has an invalid length. [ 1521.135228][T22592] usb 3-1: Using ep0 maxpacket: 16 [ 1521.137235][T22592] usb 3-1: config 11 has an invalid interface number: 32 but max is 0 [ 1521.137258][T22592] usb 3-1: config 11 has no interface number 0 [ 1521.137284][T22592] usb 3-1: config 11 interface 32 has no altsetting 0 [ 1521.139960][T22592] usb 3-1: New USB device found, idVendor=0b48, idProduct=1008, bcdDevice= 5.91 [ 1521.139996][T22592] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1521.140013][T22592] usb 3-1: Product: syz [ 1521.140025][T22592] usb 3-1: Manufacturer: syz [ 1521.140038][T22592] usb 3-1: SerialNumber: syz [ 1521.325346][ T13] hsr_slave_0: left promiscuous mode [ 1521.365859][ T13] hsr_slave_1: left promiscuous mode [ 1521.373402][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1521.373434][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1521.417619][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1521.417652][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1521.458202][T22592] ttusb_dec_send_command: command bulk message failed: error -22 [ 1521.458475][T22592] ttusb-dec 3-1:11.32: probe with driver ttusb-dec failed with error -22 [ 1521.515198][T22592] usb 3-1: USB disconnect, device number 41 [ 1521.622605][ T13] veth1_macvtap: left promiscuous mode [ 1521.622681][ T13] veth0_macvtap: left promiscuous mode [ 1521.622801][ T13] veth1_vlan: left promiscuous mode [ 1521.622924][ T13] veth0_vlan: left promiscuous mode [ 1522.156016][ T13] team0 (unregistering): Port device team_slave_1 removed [ 1522.385929][ T13] team0 (unregistering): Port device team_slave_0 removed [ 1526.579004][ T13] team0 (unregistering): Port device team_slave_1 removed [ 1527.005937][ T13] team0 (unregistering): Port device team_slave_0 removed [ 1530.298167][T25723] netlink: 'syz.2.6701': attribute type 2 has an invalid length. [ 1530.935208][T23427] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 1531.095182][T23427] usb 6-1: config 0 has an invalid interface number: 175 but max is 0 [ 1531.095215][T23427] usb 6-1: config 0 has no interface number 0 [ 1531.095264][T23427] usb 6-1: config 0 interface 175 altsetting 8 has 0 endpoint descriptors, different from the interface descriptor's value: 8 [ 1531.095293][T23427] usb 6-1: config 0 interface 175 has no altsetting 0 [ 1531.144491][T23427] usb 6-1: New USB device found, idVendor=0fc5, idProduct=1227, bcdDevice=da.8e [ 1531.144527][T23427] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1531.144549][T23427] usb 6-1: Product: syz [ 1531.144564][T23427] usb 6-1: Manufacturer: syz [ 1531.144580][T23427] usb 6-1: SerialNumber: syz [ 1531.262549][T23427] usb 6-1: config 0 descriptor?? [ 1531.506325][T23427] hub 6-1:0.175: bad descriptor, ignoring hub [ 1531.506369][T23427] hub 6-1:0.175: probe with driver hub failed with error -5 [ 1531.513679][T23427] usbsevseg 6-1:0.175: USB 7 Segment device now attached [ 1531.543840][T25747] netlink: 52 bytes leftover after parsing attributes in process `syz.2.6706'. [ 1531.566126][T23427] usb 6-1: USB disconnect, device number 21 [ 1531.567764][T23427] usbsevseg 6-1:0.175: USB 7 Segment now disconnected [ 1533.225367][T25777] netlink: 16 bytes leftover after parsing attributes in process `syz.5.6714'. [ 1533.225446][T25777] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6714'. [ 1533.225460][T25777] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6714'. [ 1533.225592][T25777] netlink: 108 bytes leftover after parsing attributes in process `syz.5.6714'. [ 1533.225604][T25777] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6714'. [ 1533.952570][T25790] netlink: 12 bytes leftover after parsing attributes in process `syz.5.6718'. [ 1533.952635][T25790] netlink: 48 bytes leftover after parsing attributes in process `syz.5.6718'. [ 1534.895309][ T49] usb 6-1: new full-speed USB device number 22 using dummy_hcd [ 1535.089437][ T49] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1535.112952][ T49] usb 6-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39 [ 1535.112985][ T49] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1535.113005][ T49] usb 6-1: Product: syz [ 1535.113020][ T49] usb 6-1: Manufacturer: syz [ 1535.113036][ T49] usb 6-1: SerialNumber: syz [ 1535.189557][T24859] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1535.217880][ T49] usb 6-1: config 0 descriptor?? [ 1535.224270][ T49] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b [ 1535.231244][T24859] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1535.234105][T24859] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1535.238665][T24859] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1535.239570][T24859] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1535.715165][ T49] gspca_pac7302: reg_w() failed i: 78 v: 00 error -71 [ 1535.715267][ T49] gspca_pac7302 6-1:0.0: probe with driver gspca_pac7302 failed with error -71 [ 1535.724832][ T49] usb 6-1: USB disconnect, device number 22 [ 1537.285168][T24859] Bluetooth: hci0: command tx timeout [ 1537.883995][ T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1537.884028][ T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1539.029452][T25801] chnl_net:caif_netlink_parms(): no params data found [ 1539.280450][T25377] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1539.367923][T24859] Bluetooth: hci0: command tx timeout [ 1539.505142][ T5873] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 1539.658846][ T5873] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1539.658879][ T5873] usb 3-1: config 0 has no interfaces? [ 1539.702560][ T5873] usb 3-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13 [ 1539.702594][ T5873] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1539.702618][ T5873] usb 3-1: Product: syz [ 1539.702635][ T5873] usb 3-1: Manufacturer: syz [ 1539.702652][ T5873] usb 3-1: SerialNumber: syz [ 1539.748179][ T5873] usb 3-1: config 0 descriptor?? [ 1539.775122][T25377] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1539.871619][T25870] binder: BINDER_SET_CONTEXT_MGR already set [ 1539.871641][T25870] binder: 25869:25870 ioctl 4018620d 200000004a80 returned -16 [ 1539.888394][T25377] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1541.251064][T25880] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1541.379992][T25883] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6740'. [ 1541.380022][T25883] netlink: 'syz.5.6740': attribute type 5 has an invalid length. [ 1541.380033][T25883] netlink: 12 bytes leftover after parsing attributes in process `syz.5.6740'. [ 1541.420893][ T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1541.420925][ T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1541.445597][T24859] Bluetooth: hci0: command tx timeout [ 1541.495598][T25377] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1541.596589][T25883] geneve3: entered promiscuous mode [ 1541.596667][T25883] geneve3: entered allmulticast mode [ 1541.681066][ T3558] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 65535 - 0 [ 1541.887580][ T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1541.887634][ T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1541.951037][T25801] bridge0: port 1(bridge_slave_0) entered blocking state [ 1541.951209][T25801] bridge0: port 1(bridge_slave_0) entered disabled state [ 1541.951510][T25801] bridge_slave_0: entered allmulticast mode [ 1541.960449][T25801] bridge_slave_0: entered promiscuous mode [ 1541.987196][ T3558] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 65535 - 0 [ 1542.070192][ T3558] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 65535 - 0 [ 1542.070847][T25801] bridge0: port 2(bridge_slave_1) entered blocking state [ 1542.070938][T25801] bridge0: port 2(bridge_slave_1) entered disabled state [ 1542.071242][T25801] bridge_slave_1: entered allmulticast mode [ 1542.074388][T25801] bridge_slave_1: entered promiscuous mode [ 1542.229819][T22592] usb 3-1: USB disconnect, device number 42 [ 1542.393558][ T3558] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 65535 - 0 [ 1542.642646][T25903] netlink: 'syz.2.6746': attribute type 10 has an invalid length. [ 1542.757024][ T13] netdevsim netdevsim0 netdevsim0 (unregistering): left promiscuous mode [ 1542.763043][ T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1542.763084][ T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1543.007590][T25801] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1543.071330][T25801] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1543.268022][T25801] team0: Port device team_slave_0 added [ 1543.311415][T25801] team0: Port device team_slave_1 added [ 1543.529911][T24859] Bluetooth: hci0: command tx timeout [ 1544.050855][T25917] mac80211_hwsim hwsim34 wlan0: entered promiscuous mode [ 1544.051018][T25917] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 1544.057186][T25801] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1544.057249][T25801] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1544.057326][T25801] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1544.175228][ T5873] usb 3-1: new high-speed USB device number 43 using dummy_hcd [ 1544.415175][ T5873] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1544.415210][ T5873] usb 3-1: config 0 has no interfaces? [ 1544.428987][ T5873] usb 3-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13 [ 1544.429025][ T5873] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1544.429129][ T5873] usb 3-1: Product: syz [ 1544.429175][ T5873] usb 3-1: Manufacturer: syz [ 1544.429236][ T5873] usb 3-1: SerialNumber: syz [ 1544.457144][ T5873] usb 3-1: config 0 descriptor?? [ 1544.504117][T25801] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1544.504137][T25801] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1544.504168][T25801] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1546.514582][ T5805] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1546.550490][ T5805] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1546.564008][ T5805] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1546.593358][ T5805] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1546.650173][ T5805] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1546.809441][T25801] hsr_slave_0: entered promiscuous mode [ 1546.810608][T25801] hsr_slave_1: entered promiscuous mode [ 1546.811423][T25801] debugfs: 'hsr0' already exists in 'hsr' [ 1546.811443][T25801] Cannot create hsr debugfs directory [ 1546.886241][T25398] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1546.941999][T25398] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1547.116966][ T13] bridge_slave_1: left allmulticast mode [ 1547.117001][ T13] bridge_slave_1: left promiscuous mode [ 1547.117278][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 1547.207906][T22592] usb 3-1: USB disconnect, device number 43 [ 1547.280279][ T13] bridge_slave_0: left allmulticast mode [ 1547.280311][ T13] bridge_slave_0: left promiscuous mode [ 1547.280609][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 1547.811324][ T13] bond_slave_0: left promiscuous mode [ 1547.811406][ T13] bond_slave_1: left promiscuous mode [ 1548.085196][T25976] netlink: 8964 bytes leftover after parsing attributes in process `syz.5.6771'. [ 1548.295308][T25978] binder: 25977:25978 ioctl c0306201 200000000180 returned -14 [ 1548.805225][ T5805] Bluetooth: hci1: command tx timeout [ 1549.521262][T26000] binder: BINDER_SET_CONTEXT_MGR already set [ 1549.521277][T26000] binder: 25999:26000 ioctl 4018620d 200000004a80 returned -16 [ 1549.595554][ T13] bond2 (unregistering): (slave gre1): Releasing backup interface [ 1549.595579][ T13] gre1 (unregistering): left promiscuous mode [ 1550.885160][ T5805] Bluetooth: hci1: command tx timeout [ 1551.292528][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 1551.292629][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 1551.326835][T24859] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1551.336406][T24859] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1551.351738][T24859] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1551.368574][T24859] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1551.370963][T24859] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1551.400168][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1551.506793][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1551.530357][ T13] bond0 (unregistering): Released all slaves [ 1551.547682][ T13] bond1 (unregistering): Released all slaves [ 1552.742654][ T13] bond2 (unregistering): Released all slaves [ 1552.892052][T25398] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1553.000244][ T5805] Bluetooth: hci1: command tx timeout [ 1553.502341][ T5805] Bluetooth: hci2: command tx timeout [ 1553.827967][ T13] tipc: Left network mode [ 1554.298279][T26021] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1555.045113][ T5805] Bluetooth: hci1: command tx timeout [ 1555.525162][ T5805] Bluetooth: hci2: command tx timeout [ 1556.095354][ T13] dummy0: left promiscuous mode [ 1556.225317][ T13] hsr_slave_0: left promiscuous mode [ 1556.275281][ T13] hsr_slave_1: left promiscuous mode [ 1556.276507][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1556.276537][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1556.350467][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1556.350498][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1556.448344][T26042] tmpfs: Bad value for 'mpol' [ 1556.549536][ T13] veth1_macvtap: left promiscuous mode [ 1556.549651][ T13] veth0_macvtap: left promiscuous mode [ 1556.549919][ T13] veth1_vlan: left promiscuous mode [ 1556.550106][ T13] veth0_vlan: left promiscuous mode [ 1557.609607][ T5805] Bluetooth: hci2: command tx timeout [ 1559.212571][T26055] netlink: 12 bytes leftover after parsing attributes in process `syz.5.6800'. [ 1559.445773][T26055] netlink: 12 bytes leftover after parsing attributes in process `syz.5.6800'. [ 1559.707901][ T5805] Bluetooth: hci2: command tx timeout [ 1562.175894][ T13] team0 (unregistering): Port device team_slave_1 removed [ 1562.501856][ T13] team0 (unregistering): Port device team_slave_0 removed [ 1566.617983][ T5873] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 1566.845059][ T5873] usb 6-1: Using ep0 maxpacket: 32 [ 1566.849321][ T5873] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 1566.854151][ T5873] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 1566.854185][ T5873] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 1566.854210][ T5873] usb 6-1: Product: syz [ 1566.854227][ T5873] usb 6-1: Manufacturer: syz [ 1566.854245][ T5873] usb 6-1: SerialNumber: syz [ 1566.879840][ T5873] usb 6-1: config 0 descriptor?? [ 1566.884563][T26072] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1566.921803][ T5873] hub 6-1:0.0: bad descriptor, ignoring hub [ 1566.921932][ T5873] hub 6-1:0.0: probe with driver hub failed with error -5 [ 1567.112856][T25952] chnl_net:caif_netlink_parms(): no params data found [ 1567.298213][ T5873] usb 6-1: USB disconnect, device number 23 [ 1567.446290][T26005] chnl_net:caif_netlink_parms(): no params data found [ 1567.708592][ T9] usb 3-1: new full-speed USB device number 44 using dummy_hcd [ 1567.884481][ T9] usb 3-1: config 8 has an invalid interface number: 177 but max is 0 [ 1567.884518][ T9] usb 3-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 1567.884542][ T9] usb 3-1: config 8 has no interface number 0 [ 1567.884590][ T9] usb 3-1: config 8 interface 177 altsetting 9 has an endpoint descriptor with address 0xE8, changing to 0x88 [ 1567.884621][ T9] usb 3-1: config 8 interface 177 altsetting 9 endpoint 0x88 has invalid wMaxPacketSize 0 [ 1567.884648][ T9] usb 3-1: config 8 interface 177 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1567.884679][ T9] usb 3-1: config 8 interface 177 has no altsetting 0 [ 1567.884717][ T9] usb 3-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1 [ 1567.884745][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1568.252922][ T9] usb 3-1: string descriptor 0 read error: -71 [ 1568.267989][ T9] ir_toy 3-1:8.177: required endpoints not found [ 1568.313021][ T9] usb 3-1: USB disconnect, device number 44 [ 1568.382141][T25952] bridge0: port 1(bridge_slave_0) entered blocking state [ 1568.382508][T25952] bridge0: port 1(bridge_slave_0) entered disabled state [ 1568.382783][T25952] bridge_slave_0: entered allmulticast mode [ 1568.406041][T25952] bridge_slave_0: entered promiscuous mode [ 1568.443327][T25952] bridge0: port 2(bridge_slave_1) entered blocking state [ 1568.443481][T25952] bridge0: port 2(bridge_slave_1) entered disabled state [ 1568.443765][T25952] bridge_slave_1: entered allmulticast mode [ 1568.466683][T25952] bridge_slave_1: entered promiscuous mode [ 1568.534453][T26005] bridge0: port 1(bridge_slave_0) entered blocking state [ 1568.534641][T26005] bridge0: port 1(bridge_slave_0) entered disabled state [ 1568.534797][T26005] bridge_slave_0: entered allmulticast mode [ 1568.543960][T26005] bridge_slave_0: entered promiscuous mode [ 1568.545524][T22592] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 1568.631740][T26005] bridge0: port 2(bridge_slave_1) entered blocking state [ 1568.631870][T26005] bridge0: port 2(bridge_slave_1) entered disabled state [ 1568.632076][T26005] bridge_slave_1: entered allmulticast mode [ 1568.634211][T26005] bridge_slave_1: entered promiscuous mode [ 1568.694845][T25952] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1568.731449][T25952] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1568.755067][T22592] usb 6-1: Using ep0 maxpacket: 8 [ 1568.756959][T22592] usb 6-1: config index 0 descriptor too short (expected 47, got 45) [ 1568.757013][T22592] usb 6-1: config 17 interface 0 altsetting 0 endpoint 0x8D has invalid wMaxPacketSize 0 [ 1568.757038][T22592] usb 6-1: config 17 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1568.757060][T22592] usb 6-1: config 17 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 40750, setting to 64 [ 1568.760189][T22592] usb 6-1: New USB device found, idVendor=1870, idProduct=0001, bcdDevice=e6.7f [ 1568.760223][T22592] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1568.760248][T22592] usb 6-1: Product: syz [ 1568.760266][T22592] usb 6-1: Manufacturer: syz [ 1568.760283][T22592] usb 6-1: SerialNumber: syz [ 1568.870833][T22592] usbtouchscreen 6-1:17.0: probe with driver usbtouchscreen failed with error -8 [ 1568.939393][T26005] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1569.079717][T26005] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1569.082158][ T5873] usb 6-1: USB disconnect, device number 24 [ 1569.198796][T25952] team0: Port device team_slave_0 added [ 1569.198920][T25801] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 1569.312690][T25952] team0: Port device team_slave_1 added [ 1569.313732][T25801] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 1569.378141][T25801] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 1569.385219][T14622] usb 3-1: new high-speed USB device number 45 using dummy_hcd [ 1569.421800][T26005] team0: Port device team_slave_0 added [ 1569.537024][T25801] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 1569.545313][T14622] usb 3-1: Using ep0 maxpacket: 8 [ 1569.559195][T14622] usb 3-1: config 0 has an invalid interface number: 196 but max is 0 [ 1569.559228][T14622] usb 3-1: config 0 has no interface number 0 [ 1569.561841][T14622] usb 3-1: New USB device found, idVendor=7d82, idProduct=8a53, bcdDevice=d9.ec [ 1569.561874][T14622] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1569.561891][T14622] usb 3-1: Product: syz [ 1569.561909][T14622] usb 3-1: Manufacturer: syz [ 1569.561921][T14622] usb 3-1: SerialNumber: syz [ 1569.574790][T14622] usb 3-1: config 0 descriptor?? [ 1569.618169][T14622] usb 3-1: bad CDC descriptors [ 1569.688062][T26005] team0: Port device team_slave_1 added [ 1569.689037][T25952] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1569.689055][T25952] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1569.689086][T25952] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1569.809940][ T9] usb 3-1: USB disconnect, device number 45 [ 1570.047077][T25952] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1570.047098][T25952] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1570.047131][T25952] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1570.346292][T26126] openvswitch: netlink: nsh attr 0 has unexpected len 3 expected 0 [ 1570.465141][T26130] comedi comedi0: board detection failed [ 1570.558060][T26005] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1570.558079][T26005] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1570.558108][T26005] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1570.626954][T26005] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1570.626977][T26005] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1570.627011][T26005] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1571.252002][T25952] hsr_slave_0: entered promiscuous mode [ 1571.253199][T25952] hsr_slave_1: entered promiscuous mode [ 1571.254009][T25952] debugfs: 'hsr0' already exists in 'hsr' [ 1571.254032][T25952] Cannot create hsr debugfs directory [ 1571.373099][T26160] binder: BC_ATTEMPT_ACQUIRE not supported [ 1571.373123][T26160] binder: 26159:26160 ioctl c0306201 2000000001c0 returned -22 [ 1571.829498][T26005] hsr_slave_0: entered promiscuous mode [ 1571.831377][T26005] hsr_slave_1: entered promiscuous mode [ 1571.864294][T26005] debugfs: 'hsr0' already exists in 'hsr' [ 1571.864330][T26005] Cannot create hsr debugfs directory [ 1572.197522][T14622] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 1572.368389][T14622] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 1572.368458][T14622] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1572.368490][T14622] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 1572.368517][T14622] usb 3-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1572.368565][T14622] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1572.368593][T14622] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1572.471836][T14622] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 1572.493217][T14622] usb 3-1: invalid MIDI out EP 0 [ 1573.042473][T14622] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 1573.079251][T14622] usb 3-1: USB disconnect, device number 46 [ 1573.188481][ T9] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 1573.355368][ T9] usb 6-1: Using ep0 maxpacket: 16 [ 1573.370743][ T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1573.370799][ T9] usb 6-1: New USB device found, idVendor=5543, idProduct=0045, bcdDevice= 0.00 [ 1573.370827][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1573.417887][ T9] usb 6-1: config 0 descriptor?? [ 1574.145164][ T9] usb 6-1: string descriptor 0 read error: -71 [ 1574.145676][ T9] uclogic 0003:5543:0045.0036: failed retrieving string descriptor #200: -71 [ 1574.145719][ T9] uclogic 0003:5543:0045.0036: failed retrieving pen parameters: -71 [ 1574.145734][ T9] uclogic 0003:5543:0045.0036: failed probing pen v2 parameters: -71 [ 1574.145772][ T9] uclogic 0003:5543:0045.0036: failed probing parameters: -71 [ 1574.145854][ T9] uclogic 0003:5543:0045.0036: probe with driver uclogic failed with error -71 [ 1574.205860][ T9] usb 6-1: USB disconnect, device number 25 [ 1574.830916][T25801] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1574.968479][T25801] 8021q: adding VLAN 0 to HW filter on device team0 [ 1575.322798][ T1020] bridge0: port 1(bridge_slave_0) entered blocking state [ 1575.340945][ T1020] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1575.444075][ T9151] bridge0: port 2(bridge_slave_1) entered blocking state [ 1575.444348][ T9151] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1575.780706][T26222] netlink: 'syz.2.6869': attribute type 10 has an invalid length. [ 1575.780729][T26222] netlink: 152 bytes leftover after parsing attributes in process `syz.2.6869'. [ 1576.135493][ T13] bridge_slave_1: left allmulticast mode [ 1576.135533][ T13] bridge_slave_1: left promiscuous mode [ 1576.135830][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 1576.336727][ T13] bridge_slave_0: left allmulticast mode [ 1576.336766][ T13] bridge_slave_0: left promiscuous mode [ 1576.337067][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 1576.440396][ T13] bridge_slave_1: left allmulticast mode [ 1576.440434][ T13] bridge_slave_1: left promiscuous mode [ 1576.440715][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 1576.517769][ T13] bridge_slave_0: left allmulticast mode [ 1576.517806][ T13] bridge_slave_0: left promiscuous mode [ 1576.518087][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 1576.617027][ T13] bridge_slave_1: left allmulticast mode [ 1576.617065][ T13] bridge_slave_1: left promiscuous mode [ 1576.617362][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 1576.625722][T14622] usb 3-1: new full-speed USB device number 47 using dummy_hcd [ 1576.708259][ T13] bridge_slave_0: left allmulticast mode [ 1576.708298][ T13] bridge_slave_0: left promiscuous mode [ 1576.708581][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 1576.778032][T14622] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1576.778075][T14622] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1576.778116][T14622] usb 3-1: New USB device found, idVendor=146b, idProduct=0902, bcdDevice= 0.00 [ 1576.778153][T14622] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1576.789680][T14622] usb 3-1: config 0 descriptor?? [ 1576.856197][T26247] kAFS: unable to lookup cell 'ÿ' [ 1576.864139][T26247] kAFS: unable to lookup cell '(,c¾Ì' [ 1577.293626][T14622] bigben 0003:146B:0902.0037: unexpected rdesc, please submit for review [ 1577.294509][T14622] bigben 0003:146B:0902.0037: item fetching failed at offset 1/5 [ 1577.320961][T14622] bigben 0003:146B:0902.0037: parse failed [ 1577.321047][T14622] bigben 0003:146B:0902.0037: probe with driver bigben failed with error -22 [ 1577.489948][ T9] usb 3-1: USB disconnect, device number 47 [ 1577.576237][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1577.687386][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1577.752304][ T13] bond0 (unregistering): Released all slaves [ 1578.626022][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1578.726369][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1578.788879][ T13] bond0 (unregistering): Released all slaves [ 1579.156206][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1579.237126][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1579.298128][ T13] bond0 (unregistering): Released all slaves [ 1580.556371][ T5873] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 1580.755191][ T13] hsr_slave_0: left promiscuous mode [ 1580.768075][ T5873] usb 3-1: config 0 has an invalid interface number: 216 but max is 0 [ 1580.768109][ T5873] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1580.768131][ T5873] usb 3-1: config 0 has no interface number 0 [ 1580.768179][ T5873] usb 3-1: config 0 interface 216 altsetting 4 endpoint 0x8F has invalid wMaxPacketSize 0 [ 1580.768196][ T5873] usb 3-1: config 0 interface 216 altsetting 4 bulk endpoint 0x8F has invalid maxpacket 0 [ 1580.768215][ T5873] usb 3-1: config 0 interface 216 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 1580.768236][ T5873] usb 3-1: config 0 interface 216 has no altsetting 0 [ 1580.768262][ T5873] usb 3-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice=c1.2e [ 1580.768280][ T5873] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1580.773599][ T5873] usb 3-1: config 0 descriptor?? [ 1580.867915][ T5873] usb 3-1: NFC: intf ffff88803c1cf000 id ffffffff8e339420 [ 1580.890428][ T13] hsr_slave_1: left promiscuous mode [ 1580.900797][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1580.925848][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1580.997449][ T9] usb 3-1: USB disconnect, device number 48 [ 1581.096579][ T13] hsr_slave_0: left promiscuous mode [ 1581.135287][ T13] hsr_slave_1: left promiscuous mode [ 1581.136144][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1581.166243][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1581.346415][ T13] hsr_slave_0: left promiscuous mode [ 1581.365902][ T13] hsr_slave_1: left promiscuous mode [ 1581.366740][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1581.406181][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1582.455897][ T13] team0 (unregistering): Port device team_slave_1 removed [ 1582.675830][ T13] team0 (unregistering): Port device team_slave_0 removed [ 1584.185989][ T13] team0 (unregistering): Port device team_slave_1 removed [ 1584.426027][ T13] team0 (unregistering): Port device team_slave_0 removed [ 1586.349259][ T13] team0 (unregistering): Port device team_slave_1 removed [ 1586.535892][ T13] team0 (unregistering): Port device team_slave_0 removed [ 1587.126236][ T3589] kworker/u8:11 (3589) used greatest stack depth: 14304 bytes left [ 1587.483722][T25801] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1588.508850][T26299] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1589.375316][T25801] veth0_vlan: entered promiscuous mode [ 1589.530254][T25801] veth1_vlan: entered promiscuous mode [ 1589.649393][T25952] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1589.780807][T25952] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1589.827994][T25952] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1589.910574][T25952] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1590.485309][ T9] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 1590.638195][T25801] veth0_macvtap: entered promiscuous mode [ 1590.653854][T25801] veth1_macvtap: entered promiscuous mode [ 1590.685036][ T9] usb 6-1: Using ep0 maxpacket: 8 [ 1590.689834][ T9] usb 6-1: New USB device found, idVendor=0b48, idProduct=3007, bcdDevice=4f.64 [ 1590.689869][ T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1590.689889][ T9] usb 6-1: Product: syz [ 1590.689906][ T9] usb 6-1: Manufacturer: syz [ 1590.689923][ T9] usb 6-1: SerialNumber: syz [ 1590.694774][ T9] usb 6-1: config 0 descriptor?? [ 1590.855737][ T9] dvb-usb: found a 'Technotrend TT Connect S2-3600' in warm state. [ 1590.855798][ T9] pctv452e: pctv452e_power_ctrl: 1 [ 1590.855798][ T9] [ 1590.855854][ T9] usb 6-1: selecting invalid altsetting 3 [ 1590.855875][ T9] pctv452e: pctv452e_power_ctrl: Warning set interface returned: -22 [ 1590.855875][ T9] [ 1590.855896][ T9] dvb-usb: bulk message failed: -22 (5/0) [ 1590.862014][ T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1590.862910][ T9] dvbdev: DVB: registering new adapter (Technotrend TT Connect S2-3600) [ 1590.862982][ T9] usb 6-1: media controller created [ 1590.863044][ T9] dvb-usb: bulk message failed: -22 (8/0) [ 1590.863063][ T9] pctv452e: I2C error -22; AA 01 A0 01 14 -> aa 01 31 04 a0 01 14 [ 1590.863121][ T9] dvb-usb: MAC address reading failed. [ 1590.961028][ T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1591.136305][ T9] DVB: Unable to find symbol stb0899_attach() [ 1591.136321][ T9] dvb-usb: no frontend was attached by 'Technotrend TT Connect S2-3600' [ 1591.185521][T26005] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1591.297211][ T9] rc_core: IR keymap rc-tt-1500 not found [ 1591.297235][ T9] Registered IR keymap rc-empty [ 1591.297268][T26005] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1591.304749][ T9] rc rc0: Technotrend TT Connect S2-3600 as /devices/platform/dummy_hcd.5/usb6/6-1/rc/rc0 [ 1591.339788][ T9] input: Technotrend TT Connect S2-3600 as /devices/platform/dummy_hcd.5/usb6/6-1/rc/rc0/input50 [ 1591.341441][T26330] binder: BINDER_SET_CONTEXT_MGR bad uid 60929 != 0 [ 1591.341456][T26330] binder: 26329:26330 ioctl 4018620d 200000000100 returned -1 [ 1591.416401][ T9] dvb-usb: schedule remote query interval to 100 msecs. [ 1591.416433][ T9] pctv452e: pctv452e_power_ctrl: 0 [ 1591.416433][ T9] [ 1591.416447][ T9] dvb-usb: Technotrend TT Connect S2-3600 successfully initialized and connected. [ 1591.421333][ T9] usb 6-1: USB disconnect, device number 26 [ 1591.432525][T26005] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1591.614469][T26005] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1591.741977][ T9] dvb-usb: Technotrend TT Connect S2-3600 successfully deinitialized and disconnected. [ 1591.917306][T25801] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1592.069586][T25801] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1592.160075][ T9164] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1592.164536][ T9164] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1592.197989][ T9164] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1592.203960][ T9164] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1592.255138][ T9] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 1592.415139][ T9] usb 6-1: Using ep0 maxpacket: 8 [ 1592.422737][ T9] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 1592.422794][ T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1592.422824][ T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1592.422850][ T9] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 1592.422895][ T9] usb 6-1: New USB device found, idVendor=0c45, idProduct=760b, bcdDevice= 0.00 [ 1592.422922][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1592.500356][ T9] usb 6-1: config 0 descriptor?? [ 1593.011461][ T9] redragon 0003:0C45:760B.0038: Fixing Redragon ASURA report descriptor. [ 1593.012146][ T9] redragon 0003:0C45:760B.0038: unknown main item tag 0x6 [ 1593.012179][ T9] redragon 0003:0C45:760B.0038: item fetching failed at offset 7/133 [ 1593.012968][ T9] redragon 0003:0C45:760B.0038: probe with driver redragon failed with error -22 [ 1593.115086][T14622] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 1593.132594][ T9164] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1593.132668][ T9164] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1593.201489][T23443] usb 6-1: USB disconnect, device number 27 [ 1593.217844][T25952] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1593.281999][T14622] usb 3-1: config 220 has an invalid interface number: 76 but max is 2 [ 1593.282032][T14622] usb 3-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 1593.282055][T14622] usb 3-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 1593.282078][T14622] usb 3-1: config 220 has no interface number 2 [ 1593.282175][T14622] usb 3-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 1593.282198][T14622] usb 3-1: config 220 interface 0 has no altsetting 0 [ 1593.282220][T14622] usb 3-1: config 220 interface 76 has no altsetting 0 [ 1593.282239][T14622] usb 3-1: config 220 interface 1 has no altsetting 0 [ 1593.358135][T14622] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 1593.358173][T14622] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1593.358197][T14622] usb 3-1: Product: syz [ 1593.358215][T14622] usb 3-1: Manufacturer: syz [ 1593.358251][T14622] usb 3-1: SerialNumber: syz [ 1593.480331][T12517] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1593.480358][T12517] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1593.509630][T25952] 8021q: adding VLAN 0 to HW filter on device team0 [ 1593.541732][T26005] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1593.619763][ T9163] bridge0: port 1(bridge_slave_0) entered blocking state [ 1593.619946][ T9163] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1593.712029][T14622] uvcvideo 3-1:220.0: Found UVC 7.01 device syz (8086:0b07) [ 1593.712071][T14622] uvcvideo 3-1:220.0: No valid video chain found. [ 1593.712140][T14622] usb 3-1: selecting invalid altsetting 0 [ 1593.802804][T14622] usb 3-1: selecting invalid altsetting 0 [ 1593.802851][T14622] usbtest 3-1:220.1: probe with driver usbtest failed with error -22 [ 1593.880867][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 1593.880973][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1593.881573][T14622] usb 3-1: USB disconnect, device number 49 [ 1593.923204][T26005] 8021q: adding VLAN 0 to HW filter on device team0 [ 1594.019424][T26358] vivid-007: disconnect [ 1594.740682][T26355] vivid-007: reconnect [ 1594.843180][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 1594.864167][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1594.970137][ T1364] bridge0: port 2(bridge_slave_1) entered blocking state [ 1594.970238][ T1364] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1595.057545][T26368] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1595.339123][T14622] usb 3-1: new high-speed USB device number 50 using dummy_hcd [ 1595.545162][T14622] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 1595.545200][T14622] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 1595.545228][T14622] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121 [ 1595.577487][T14622] usb 3-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 1595.577564][T14622] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1595.577622][T14622] usb 3-1: Product: syz [ 1595.577681][T14622] usb 3-1: Manufacturer: syz [ 1595.577750][T14622] usb 3-1: SerialNumber: syz [ 1595.640434][T14622] usb 3-1: config 0 descriptor?? [ 1595.641308][T26367] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1595.641444][T26367] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1595.737854][T14622] usb 3-1: ucan: probing device on interface #0 [ 1595.765205][ T9] usb 8-1: new high-speed USB device number 9 using dummy_hcd [ 1595.917877][ T9] usb 8-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1595.917914][ T9] usb 8-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 1595.917947][ T9] usb 8-1: config 0 interface 0 has no altsetting 0 [ 1595.917985][ T9] usb 8-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00 [ 1595.918013][ T9] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1595.993776][ T9] usb 8-1: config 0 descriptor?? [ 1596.057290][T14622] usb 3-1: ucan: device reported invalid tx-fifo size [ 1596.057320][T14622] usb 3-1: ucan: probe failed; try to update the device firmware [ 1596.283851][T13215] usb 3-1: USB disconnect, device number 50 [ 1596.427857][T26005] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1596.623408][ T9] hid-led 0003:0FC5:B080.0039: probe with driver hid-led failed with error -71 [ 1596.645328][ T9] usb 8-1: USB disconnect, device number 9 [ 1596.767572][T25952] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1596.768266][T26005] veth0_vlan: entered promiscuous mode [ 1596.848978][T26005] veth1_vlan: entered promiscuous mode [ 1597.049700][T26005] veth0_macvtap: entered promiscuous mode [ 1597.100573][T26005] veth1_macvtap: entered promiscuous mode [ 1597.181938][T26005] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1597.228655][T26005] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1597.315310][ T3558] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1597.329915][ T3558] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1597.368915][ T3558] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1597.394177][ T3558] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1598.128573][T26433] tipc: Started in network mode [ 1598.128613][T26433] tipc: Node identity aaaaaaaaaa3, cluster identity 4711 [ 1598.128842][T26433] tipc: Enabled bearer , priority 17 [ 1598.225098][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1598.225124][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1598.470187][ T3558] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1598.470211][ T3558] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1598.642413][T25952] veth0_vlan: entered promiscuous mode [ 1598.704856][T25952] veth1_vlan: entered promiscuous mode [ 1599.010929][T25952] veth0_macvtap: entered promiscuous mode [ 1599.073938][T25952] veth1_macvtap: entered promiscuous mode [ 1599.197178][T25952] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1599.222715][T25952] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1599.299592][T23427] tipc: Node number set to 10136234 [ 1599.874508][ T9163] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1599.877830][ T9163] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1599.878400][ T9163] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1599.878948][ T9163] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1600.284662][T26478] hub 8-0:1.0: USB hub found [ 1600.332662][T26478] hub 8-0:1.0: 1 port detected [ 1600.345080][T13625] usb 3-1: new full-speed USB device number 51 using dummy_hcd [ 1600.853356][T13625] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1600.853410][T13625] usb 3-1: New USB device found, idVendor=057e, idProduct=200e, bcdDevice= 0.00 [ 1600.853437][T13625] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1600.892291][T13625] usb 3-1: config 0 descriptor?? [ 1601.305434][ T1364] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1601.305457][ T1364] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1601.431880][T13625] nintendo 0003:057E:200E.003A: hidraw0: USB HID v80.00 Device [HID 057e:200e] on usb-dummy_hcd.2-1/input0 [ 1601.499788][T13625] nintendo 0003:057E:200E.003A: Failed charging grip handshake [ 1601.499818][T13625] nintendo 0003:057E:200E.003A: Failed to initialize controller; ret=-110 [ 1601.561535][T26505] QAT: Invalid ioctl -2114415556 [ 1601.575200][T13625] nintendo 0003:057E:200E.003A: probe - fail = -110 [ 1601.575371][T13625] nintendo 0003:057E:200E.003A: probe with driver nintendo failed with error -110 [ 1601.607561][T13625] usb 3-1: USB disconnect, device number 51 [ 1601.707856][ T9151] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1601.707877][ T9151] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1601.768580][T26504] fido_id[26504]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 1602.303104][T26525] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6968'. [ 1602.325047][T22592] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 1602.475024][T22592] usb 2-1: Using ep0 maxpacket: 8 [ 1602.477565][T22592] usb 2-1: config 2 has an invalid interface number: 31 but max is 0 [ 1602.477598][T22592] usb 2-1: config 2 has no interface number 0 [ 1602.477652][T22592] usb 2-1: config 2 interface 31 has no altsetting 0 [ 1602.480633][T22592] usb 2-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f [ 1602.480668][T22592] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1602.480693][T22592] usb 2-1: Product: syz [ 1602.480710][T22592] usb 2-1: Manufacturer: syz [ 1602.480728][T22592] usb 2-1: SerialNumber: syz [ 1602.554680][T14622] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 1602.738495][T14622] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1602.738536][T14622] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1602.738557][T14622] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1602.738621][T14622] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1602.738649][T14622] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1602.760238][T14622] usb 5-1: config 0 descriptor?? [ 1603.264248][T14622] plantronics 0003:047F:FFFF.003B: item fetching failed at offset 12/15 [ 1603.266350][T14622] plantronics 0003:047F:FFFF.003B: parse failed [ 1603.266551][T14622] plantronics 0003:047F:FFFF.003B: probe with driver plantronics failed with error -22 [ 1603.324738][T22592] ch9200 2-1:2.31: probe with driver ch9200 failed with error -22 [ 1603.375306][T22592] usb 2-1: USB disconnect, device number 21 [ 1603.498144][T13625] usb 5-1: USB disconnect, device number 27 [ 1603.841005][T26560] netlink: 8 bytes leftover after parsing attributes in process `syz.7.6980'. [ 1605.832101][T26593] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1605.999386][T26591] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6987'. [ 1606.565282][T23445] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 1606.639090][T26613] netlink: 48 bytes leftover after parsing attributes in process `syz.2.6996'. [ 1606.726935][T23445] usb 5-1: Using ep0 maxpacket: 16 [ 1606.729315][T23445] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 1606.729370][T23445] usb 5-1: New USB device found, idVendor=056e, idProduct=00fb, bcdDevice= 0.00 [ 1606.729398][T23445] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1606.840130][T23445] usb 5-1: config 0 descriptor?? [ 1608.159206][T23445] elecom 0003:056E:00FB.003C: collection stack underflow [ 1608.159247][T23445] elecom 0003:056E:00FB.003C: item 0 4 0 12 parsing failed [ 1608.160150][T23445] elecom 0003:056E:00FB.003C: probe with driver elecom failed with error -22 [ 1608.405515][T23445] usb 5-1: USB disconnect, device number 28 [ 1608.553612][T26628] netlink: 12 bytes leftover after parsing attributes in process `syz.7.7000'. [ 1608.875375][T26488] usb 3-1: new high-speed USB device number 52 using dummy_hcd [ 1608.999148][T26642] netlink: 'syz.5.7005': attribute type 32 has an invalid length. [ 1608.999179][T26642] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7005'. [ 1609.052996][T26488] usb 3-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1609.053040][T26488] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1609.075205][T26488] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 1609.075234][T26488] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 1609.075251][T26488] usb 3-1: Product: syz [ 1609.075263][T26488] usb 3-1: Manufacturer: syz [ 1609.075276][T26488] usb 3-1: SerialNumber: syz [ 1609.152772][T26488] usb 3-1: config 0 descriptor?? [ 1609.181831][T26488] usb 3-1: selecting invalid altsetting 0 [ 1609.378510][T26642] bond1: Setting coupled_control to off (0) [ 1609.601138][T23445] usb 3-1: USB disconnect, device number 52 [ 1609.885450][T26283] udevd[26283]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1610.605075][T23427] usb 8-1: new high-speed USB device number 10 using dummy_hcd [ 1610.767394][T23427] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1610.767436][T23427] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1610.767480][T23427] usb 8-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00 [ 1610.767509][T23427] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1610.838634][T23427] usb 8-1: config 0 descriptor?? [ 1611.353026][T23427] prodikeys 0003:041E:2801.003D: hidraw0: USB HID v0.00 Device [HID 041e:2801] on usb-dummy_hcd.7-1/input0 [ 1611.498900][T26488] usb 8-1: USB disconnect, device number 10 [ 1611.573422][T26711] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 1611.573731][T26711] macsec1: entered promiscuous mode [ 1611.708425][T26711] netdevsim netdevsim2 netdevsim0: left promiscuous mode [ 1611.846634][T26709] fido_id[26709]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.7/usb8/report_descriptor': No such file or directory [ 1612.315055][T23445] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 1612.472089][T23445] usb 2-1: Using ep0 maxpacket: 16 [ 1612.481357][T23445] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 1612.481412][T23445] usb 2-1: New USB device found, idVendor=04d9, idProduct=a0c2, bcdDevice= 0.00 [ 1612.481439][T23445] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1612.530715][T26736] netlink: 60 bytes leftover after parsing attributes in process `syz.7.7040'. [ 1612.531570][T26736] unsupported nlmsg_type 40 [ 1612.548930][T23445] usb 2-1: config 0 descriptor?? [ 1612.751644][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 1612.751772][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 1612.993717][T23445] holtek_mouse 0003:04D9:A0C2.003E: unknown main item tag 0x0 [ 1612.993762][T23445] holtek_mouse 0003:04D9:A0C2.003E: unknown main item tag 0x0 [ 1612.993793][T23445] holtek_mouse 0003:04D9:A0C2.003E: unknown main item tag 0x0 [ 1612.993824][T23445] holtek_mouse 0003:04D9:A0C2.003E: unknown main item tag 0x0 [ 1612.993854][T23445] holtek_mouse 0003:04D9:A0C2.003E: unknown main item tag 0x0 [ 1613.002552][T23445] holtek_mouse 0003:04D9:A0C2.003E: hidraw0: USB HID v0.05 Device [HID 04d9:a0c2] on usb-dummy_hcd.1-1/input0 [ 1613.219082][T23427] usb 2-1: USB disconnect, device number 22 [ 1613.441648][T26754] fido_id[26754]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 1614.215071][T14622] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 1614.375210][T14622] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 1614.375245][T14622] usb 2-1: config 0 has no interface number 0 [ 1614.376621][T14622] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1614.376657][T14622] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1614.376702][T14622] usb 2-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00 [ 1614.376730][T14622] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1614.551234][T14622] usb 2-1: config 0 descriptor?? [ 1614.656960][T26802] netlink: 132 bytes leftover after parsing attributes in process `syz.7.7066'. [ 1615.002225][T14622] prodikeys 0003:041E:2801.003F: hidraw0: USB HID v0.00 Device [HID 041e:2801] on usb-dummy_hcd.1-1/input1 [ 1615.031296][T14622] hid_prodikeys: hid-prodikeys: failed to find output report [ 1615.031296][T14622] [ 1615.170389][T26816] ================================================================== [ 1615.170409][T26816] BUG: KASAN: slab-use-after-free in report_descriptor_read+0xb5/0x100 [ 1615.170453][T26816] Read of size 7 at addr ffff8880216837e0 by task fido_id/26816 [ 1615.170474][T26816] [ 1615.170492][T26816] CPU: 0 UID: 0 PID: 26816 Comm: fido_id Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1615.170526][T26816] Tainted: [L]=SOFTLOCKUP [ 1615.170536][T26816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1615.170551][T26816] Call Trace: [ 1615.170560][T26816] [ 1615.170571][T26816] dump_stack_lvl+0xe8/0x150 [ 1615.170603][T26816] print_report+0xba/0x230 [ 1615.170631][T26816] ? report_descriptor_read+0xb5/0x100 [ 1615.170663][T26816] kasan_report+0x117/0x150 [ 1615.170701][T26816] ? report_descriptor_read+0xb5/0x100 [ 1615.170738][T26816] kasan_check_range+0x264/0x2c0 [ 1615.170760][T26816] ? report_descriptor_read+0xb5/0x100 [ 1615.170799][T26816] __asan_memcpy+0x29/0x70 [ 1615.170829][T26816] report_descriptor_read+0xb5/0x100 [ 1615.170864][T26816] ? __pfx_sysfs_kf_bin_read+0x10/0x10 [ 1615.170895][T26816] kernfs_fop_read_iter+0x452/0x6b0 [ 1615.170926][T26816] vfs_read+0x58b/0xa70 [ 1615.170963][T26816] ? __pfx_vfs_read+0x10/0x10 [ 1615.170991][T26816] ? lockdep_hardirqs_on+0x7a/0x110 [ 1615.171020][T26816] ? kmem_cache_free+0x18d/0x8c0 [ 1615.171046][T26816] ? do_sys_openat2+0x168/0x220 [ 1615.171078][T26816] ksys_read+0x156/0x270 [ 1615.171103][T26816] ? __pfx_ksys_read+0x10/0x10 [ 1615.171132][T26816] do_syscall_64+0xe2/0xf80 [ 1615.171158][T26816] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1615.171176][T26816] ? trace_irq_disable+0x37/0x100 [ 1615.171196][T26816] ? clear_bhb_loop+0x60/0xb0 [ 1615.171217][T26816] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1615.171235][T26816] RIP: 0033:0x7ff238c85407 [ 1615.171252][T26816] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 1615.171269][T26816] RSP: 002b:00007ffc982be2f0 EFLAGS: 00000202 ORIG_RAX: 0000000000000000 [ 1615.171290][T26816] RAX: ffffffffffffffda RBX: 00007ff238b97880 RCX: 00007ff238c85407 [ 1615.171304][T26816] RDX: 0000000000001000 RSI: 00007ffc982be340 RDI: 0000000000000004 [ 1615.171318][T26816] RBP: 00005617fda3b730 R08: 0000000000000000 R09: 0000000000000000 [ 1615.171330][T26816] R10: 0000000000000000 R11: 0000000000000202 R12: 00005617fda3a930 [ 1615.171343][T26816] R13: 00007ffc982be340 R14: 0000000000000004 R15: 00005617eacf24d8 [ 1615.171363][T26816] [ 1615.171370][T26816] [ 1615.171375][T26816] Allocated by task 14622: [ 1615.171384][T26816] kasan_save_track+0x3e/0x80 [ 1615.171409][T26816] __kasan_kmalloc+0x93/0xb0 [ 1615.171433][T26816] __kmalloc_node_track_caller_noprof+0x391/0x7f0 [ 1615.171459][T26816] kmemdup_noprof+0x2b/0x70 [ 1615.171479][T26816] hid_open_report+0x216/0xf00 [ 1615.171498][T26816] pk_probe+0x1c6/0xf90 [ 1615.171511][T26816] hid_device_probe+0x416/0x7a0 [ 1615.171532][T26816] really_probe+0x267/0xaf0 [ 1615.171551][T26816] __driver_probe_device+0x18c/0x320 [ 1615.171569][T26816] driver_probe_device+0x4f/0x240 [ 1615.171588][T26816] __device_attach_driver+0x279/0x430 [ 1615.171607][T26816] bus_for_each_drv+0x25b/0x2f0 [ 1615.171630][T26816] __device_attach+0x2c8/0x450 [ 1615.171647][T26816] device_initial_probe+0xa1/0xd0 [ 1615.171664][T26816] bus_probe_device+0x12d/0x220 [ 1615.171687][T26816] device_add+0x7b6/0xb80 [ 1615.171701][T26816] hid_add_device+0x272/0x3e0 [ 1615.171722][T26816] usbhid_probe+0xe1b/0x12d0 [ 1615.171739][T26816] usb_probe_interface+0x668/0xc90 [ 1615.171763][T26816] really_probe+0x267/0xaf0 [ 1615.171781][T26816] __driver_probe_device+0x18c/0x320 [ 1615.171799][T26816] driver_probe_device+0x4f/0x240 [ 1615.171818][T26816] __device_attach_driver+0x279/0x430 [ 1615.171837][T26816] bus_for_each_drv+0x25b/0x2f0 [ 1615.171860][T26816] __device_attach+0x2c8/0x450 [ 1615.171877][T26816] device_initial_probe+0xa1/0xd0 [ 1615.171894][T26816] bus_probe_device+0x12d/0x220 [ 1615.171917][T26816] device_add+0x7b6/0xb80 [ 1615.171931][T26816] usb_set_configuration+0x1a87/0x2110 [ 1615.171952][T26816] usb_generic_driver_probe+0x8d/0x150 [ 1615.171973][T26816] usb_probe_device+0x1c4/0x3b0 [ 1615.171995][T26816] really_probe+0x267/0xaf0 [ 1615.172013][T26816] __driver_probe_device+0x18c/0x320 [ 1615.172030][T26816] driver_probe_device+0x4f/0x240 [ 1615.172049][T26816] __device_attach_driver+0x279/0x430 [ 1615.172077][T26816] bus_for_each_drv+0x25b/0x2f0 [ 1615.172100][T26816] __device_attach+0x2c8/0x450 [ 1615.172117][T26816] device_initial_probe+0xa1/0xd0 [ 1615.172134][T26816] bus_probe_device+0x12d/0x220 [ 1615.172157][T26816] device_add+0x7b6/0xb80 [ 1615.172171][T26816] usb_new_device+0x9f8/0x16e0 [ 1615.172187][T26816] hub_event+0x2a49/0x4f60 [ 1615.172206][T26816] process_scheduled_works+0xaec/0x17a0 [ 1615.172226][T26816] worker_thread+0x89f/0xd90 [ 1615.172245][T26816] kthread+0x726/0x8b0 [ 1615.172269][T26816] ret_from_fork+0x51b/0xa40 [ 1615.172287][T26816] ret_from_fork_asm+0x1a/0x30 [ 1615.172314][T26816] [ 1615.172320][T26816] Freed by task 14622: [ 1615.172330][T26816] kasan_save_track+0x3e/0x80 [ 1615.172353][T26816] kasan_save_free_info+0x46/0x50 [ 1615.172373][T26816] __kasan_slab_free+0x5c/0x80 [ 1615.172397][T26816] kfree+0x1bb/0x8f0 [ 1615.172418][T26816] hid_close_report+0x632/0x720 [ 1615.172435][T26816] hid_device_probe+0x659/0x7a0 [ 1615.172457][T26816] really_probe+0x267/0xaf0 [ 1615.172475][T26816] __driver_probe_device+0x18c/0x320 [ 1615.172493][T26816] driver_probe_device+0x4f/0x240 [ 1615.172512][T26816] __device_attach_driver+0x279/0x430 [ 1615.172531][T26816] bus_for_each_drv+0x25b/0x2f0 [ 1615.172554][T26816] __device_attach+0x2c8/0x450 [ 1615.172572][T26816] device_initial_probe+0xa1/0xd0 [ 1615.172589][T26816] bus_probe_device+0x12d/0x220 [ 1615.172613][T26816] device_add+0x7b6/0xb80 [ 1615.172628][T26816] hid_add_device+0x272/0x3e0 [ 1615.172649][T26816] usbhid_probe+0xe1b/0x12d0 [ 1615.172667][T26816] usb_probe_interface+0x668/0xc90 [ 1615.172691][T26816] really_probe+0x267/0xaf0 [ 1615.172710][T26816] __driver_probe_device+0x18c/0x320 [ 1615.172729][T26816] driver_probe_device+0x4f/0x240 [ 1615.172749][T26816] __device_attach_driver+0x279/0x430 [ 1615.172768][T26816] bus_for_each_drv+0x25b/0x2f0 [ 1615.172791][T26816] __device_attach+0x2c8/0x450 [ 1615.172808][T26816] device_initial_probe+0xa1/0xd0 [ 1615.172826][T26816] bus_probe_device+0x12d/0x220 [ 1615.172848][T26816] device_add+0x7b6/0xb80 [ 1615.172863][T26816] usb_set_configuration+0x1a87/0x2110 [ 1615.172884][T26816] usb_generic_driver_probe+0x8d/0x150 [ 1615.172904][T26816] usb_probe_device+0x1c4/0x3b0 [ 1615.172926][T26816] really_probe+0x267/0xaf0 [ 1615.172944][T26816] __driver_probe_device+0x18c/0x320 [ 1615.172962][T26816] driver_probe_device+0x4f/0x240 [ 1615.172980][T26816] __device_attach_driver+0x279/0x430 [ 1615.172999][T26816] bus_for_each_drv+0x25b/0x2f0 [ 1615.173022][T26816] __device_attach+0x2c8/0x450 [ 1615.173039][T26816] device_initial_probe+0xa1/0xd0 [ 1615.173056][T26816] bus_probe_device+0x12d/0x220 [ 1615.173091][T26816] device_add+0x7b6/0xb80 [ 1615.173106][T26816] usb_new_device+0x9f8/0x16e0 [ 1615.173122][T26816] hub_event+0x2a49/0x4f60 [ 1615.173141][T26816] process_scheduled_works+0xaec/0x17a0 [ 1615.173161][T26816] worker_thread+0x89f/0xd90 [ 1615.173180][T26816] kthread+0x726/0x8b0 [ 1615.173203][T26816] ret_from_fork+0x51b/0xa40 [ 1615.173222][T26816] ret_from_fork_asm+0x1a/0x30 [ 1615.173247][T26816] [ 1615.173252][T26816] The buggy address belongs to the object at ffff8880216837e0 [ 1615.173252][T26816] which belongs to the cache kmalloc-8 of size 8 [ 1615.173268][T26816] The buggy address is located 0 bytes inside of [ 1615.173268][T26816] freed 8-byte region [ffff8880216837e0, ffff8880216837e8) [ 1615.173287][T26816] [ 1615.173293][T26816] The buggy address belongs to the physical page: [ 1615.173317][T26816] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x21683 [ 1615.173336][T26816] flags: 0x80000000000000(node=0|zone=1) [ 1615.173350][T26816] page_type: f5(slab) [ 1615.173367][T26816] raw: 0080000000000000 ffff88813fea6500 dead000000000100 dead000000000122 [ 1615.173383][T26816] raw: 0000000000000000 0000000000800080 00000000f5000000 0000000000000000 [ 1615.173394][T26816] page dumped because: kasan: bad access detected [ 1615.173408][T26816] page_owner tracks the page as allocated [ 1615.173415][T26816] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 4916047705, free_ts 0 [ 1615.173449][T26816] post_alloc_hook+0x228/0x280 [ 1615.173475][T26816] get_page_from_freelist+0x28bb/0x2950 [ 1615.173492][T26816] __alloc_frozen_pages_noprof+0x18d/0x380 [ 1615.173508][T26816] alloc_pages_mpol+0xd1/0x380 [ 1615.173524][T26816] allocate_slab+0x86/0x3a0 [ 1615.173544][T26816] ___slab_alloc+0xaf8/0x13d0 [ 1615.173561][T26816] __slab_alloc+0xc5/0x1f0 [ 1615.173578][T26816] __kmalloc_node_track_caller_noprof+0x2b6/0x7f0 [ 1615.173606][T26816] kstrdup+0x42/0x100 [ 1615.173624][T26816] kobject_set_name_vargs+0x61/0x110 [ 1615.173651][T26816] dev_set_name+0xe2/0x140 [ 1615.173674][T26816] tty_register_device_attr+0x3b0/0x950 [ 1615.173698][T26816] tty_register_driver+0x600/0xb90 [ 1615.173720][T26816] vty_init+0x1e4/0x2d0 [ 1615.173742][T26816] tty_init+0x118/0x150 [ 1615.173760][T26816] do_one_initcall+0x250/0x840 [ 1615.173785][T26816] page_owner free stack trace missing [ 1615.173792][T26816] [ 1615.173797][T26816] Memory state around the buggy address: [ 1615.173807][T26816] ffff888021683680: 05 fc fc fc 00 fc fc fc 00 fc fc fc 05 fc fc fc [ 1615.173821][T26816] ffff888021683700: 05 fc fc fc fa fc fc fc 05 fc fc fc fa fc fc fc [ 1615.173833][T26816] >ffff888021683780: 05 fc fc fc 00 fc fc fc 06 fc fc fc fa fc fc fc [ 1615.173844][T26816] ^ [ 1615.173855][T26816] ffff888021683800: 05 fc fc fc fa fc fc fc 06 fc fc fc fa fc fc fc [ 1615.173868][T26816] ffff888021683880: 00 fc fc fc fa fc fc fc 00 fc fc fc 05 fc fc fc [ 1615.173878][T26816] ================================================================== [ 1615.173896][T26816] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1615.173917][T26816] CPU: 0 UID: 0 PID: 26816 Comm: fido_id Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1615.173943][T26816] Tainted: [L]=SOFTLOCKUP [ 1615.173951][T26816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1615.173963][T26816] Call Trace: [ 1615.173970][T26816] [ 1615.173979][T26816] vpanic+0x1e0/0x670 [ 1615.174008][T26816] panic+0xc5/0xd0 [ 1615.174033][T26816] ? __pfx_panic+0x10/0x10 [ 1615.174068][T26816] ? report_descriptor_read+0xb5/0x100 [ 1615.174101][T26816] ? report_descriptor_read+0xb5/0x100 [ 1615.174128][T26816] check_panic_on_warn+0x89/0xb0 [ 1615.174159][T26816] ? report_descriptor_read+0xb5/0x100 [ 1615.174187][T26816] end_report+0x6f/0x140 [ 1615.174216][T26816] kasan_report+0x128/0x150 [ 1615.174247][T26816] ? report_descriptor_read+0xb5/0x100 [ 1615.174278][T26816] kasan_check_range+0x264/0x2c0 [ 1615.174297][T26816] ? report_descriptor_read+0xb5/0x100 [ 1615.174328][T26816] __asan_memcpy+0x29/0x70 [ 1615.174353][T26816] report_descriptor_read+0xb5/0x100 [ 1615.174382][T26816] ? __pfx_sysfs_kf_bin_read+0x10/0x10 [ 1615.174409][T26816] kernfs_fop_read_iter+0x452/0x6b0 [ 1615.174435][T26816] vfs_read+0x58b/0xa70 [ 1615.174464][T26816] ? __pfx_vfs_read+0x10/0x10 [ 1615.174489][T26816] ? lockdep_hardirqs_on+0x7a/0x110 [ 1615.174518][T26816] ? kmem_cache_free+0x18d/0x8c0 [ 1615.174546][T26816] ? do_sys_openat2+0x168/0x220 [ 1615.174573][T26816] ksys_read+0x156/0x270 [ 1615.174600][T26816] ? __pfx_ksys_read+0x10/0x10 [ 1615.174643][T26816] do_syscall_64+0xe2/0xf80 [ 1615.174668][T26816] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1615.174687][T26816] ? trace_irq_disable+0x37/0x100 [ 1615.174709][T26816] ? clear_bhb_loop+0x60/0xb0 [ 1615.174734][T26816] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1615.174753][T26816] RIP: 0033:0x7ff238c85407 [ 1615.174768][T26816] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 1615.174784][T26816] RSP: 002b:00007ffc982be2f0 EFLAGS: 00000202 ORIG_RAX: 0000000000000000 [ 1615.174805][T26816] RAX: ffffffffffffffda RBX: 00007ff238b97880 RCX: 00007ff238c85407 [ 1615.174819][T26816] RDX: 0000000000001000 RSI: 00007ffc982be340 RDI: 0000000000000004 [ 1615.174831][T26816] RBP: 00005617fda3b730 R08: 0000000000000000 R09: 0000000000000000 [ 1615.174843][T26816] R10: 0000000000000000 R11: 0000000000000202 R12: 00005617fda3a930 [ 1615.174855][T26816] R13: 00007ffc982be340 R14: 0000000000000004 R15: 00005617eacf24d8 [ 1615.174874][T26816] [ 1615.178290][T26816] Kernel Offset: disabled