last executing test programs: 2m56.237612945s ago: executing program 1 (id=2211): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, 0x0) socket$inet_udp(0x2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x14, 0x0, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) readlink(0x0, 0x0, 0x0) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r3, 0x1, 0x0) r4 = socket$kcm(0x21, 0x2, 0x2) r5 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000100), 0x404241, 0x0) ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000180)={0x2, 0x0, [{0x8ee, 0x0, 0x2}, {0x897, 0x0, 0x3ce1}]}) sendmsg$kcm(r4, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e22, @dev}}, 0x8c, &(0x7f0000000140)=[{&(0x7f0000000ac0)="ee", 0xfffffdef}], 0x3f, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000000040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b57000000860f5878c37ffe36e1165814d435be5b317c6c8189587d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988ab013f40afe403041323110f62055394412158e7a3adb148d641aa40d4ab077fe34232aa8b31851466d0998a61d7da0c86d70000001010"], 0x10b8}, 0xff4c) syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x418000) syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000090000082502000000000000000109025c00020100f92a0904000001020900000524060001053408fa6e0d240f0100000000000d000a0006471a0100001905"], 0x0) 2m52.901704648s ago: executing program 1 (id=2218): r0 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1, 0x0, 0x2}) ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000240)=@mmap={0x1, 0x2, 0x4, 0x100000, 0x7, {}, {0x2, 0x2, 0x4, 0xc0, 0x0, 0xf0, "18a6fc23"}, 0x4, 0x1, {}, 0x20}) 2m50.457179839s ago: executing program 1 (id=2222): r0 = socket$inet_smc(0x2b, 0x1, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x180, 0x4, 0x28}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r1}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_emit_ethernet(0x288, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) open(&(0x7f0000000080)='./bus\x00', 0x143142, 0x0) mount(&(0x7f0000000100), &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x0, &(0x7f0000000300)='trans=rdma,') write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x7fffffff, 0x2, 0x7, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x7, 0x3, 0x0, 0x5, 0x24, 0x1, 0x7, 0x3c5b, 0x1, 0x24, 0x6, 0x8000, 0x5, 0xffffffff, 0xe661, 0x4, 0x7, 0x89d2, 0x8, 0x4c74, 0x80000000, 0x40000, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0xd, 0x407, 0x5, 0x3e, 0x8f, 0x4006, 0x6, 0x80000000, 0x0, 0x4, 0x8, 0x400, 0x80, 0x0, 0x4, 0x7, 0x8, 0x4, 0xfffffffe, 0x40], [0x10000007, 0xf0000000, 0x8000012f, 0x8004, 0x5, 0x6, 0x129432e6, 0x2, 0xf9, 0xe, 0x2bf, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0x10, 0x312, 0xd, 0xea4, 0xffffffff, 0x4, 0x7, 0x7fff, 0x5a7c, 0x420, 0x401, 0x6, 0x0, 0xff, 0x1, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0x20009, 0x8, 0x9, 0x9, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0xfffffffe, 0x7, 0x9, 0x5, 0x3, 0x8, 0x1, 0x3, 0x6c0, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x8004, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x9, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x10000, 0x3, 0x5, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x1, 0x800003, 0x200, 0x7e, 0x7, 0x4, 0x2950bfaf, 0xffe, 0xa2, 0x7, 0xa9, 0x5, 0x9, 0xac8, 0x2000bf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0x0, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2004, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x9, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x4, 0x7fff, 0xffff, 0x2000a620, 0x2, 0x5, 0x1, 0x2, 0x5, 0xe7, 0x6, 0x16, 0xfffffffe, 0x80000003, 0x6, 0x4, 0xc8, 0x9, 0xfffff000, 0x10000, 0x3, 0x7e, 0xfd, 0x9602, 0x7, 0xaf, 0x8, 0x6, 0xffffffff, 0x5, 0x5, 0x8, 0x30b1d693, 0x5, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c) syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fffffff, 0x2) r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000180)={&(0x7f0000000040)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r4, 0xc02064b6, &(0x7f00000001c0)={r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f0000000100)={0x0, 0x0, r6, 0x0}) (fail_nth: 1) ioctl$DRM_IOCTL_MODE_SETCRTC(r4, 0xc06864a2, &(0x7f0000000500)={0x0, 0x0, r6, r7, 0x3, 0x5, 0x4, 0x5, {0x2, 0x5, 0x5, 0xa, 0xa, 0x9, 0x2, 0x5, 0x800b, 0xd25, 0x7, 0x60b, 0x2, 0x10001, "6f4f1b1330d057b30bd15586b7445443c528a97436419c2cd5ae7297dceeb0be"}}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r2}, 0x18) ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x4f0, 0x340, 0x25, 0x148, 0x0, 0x60, 0x458, 0x2a8, 0x2a8, 0x458, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'geneve0\x00', {0x44, 0x0, 0x9, 0x0, 0x0, 0xffffffff, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x1, 0x0, 0x6, './file0\x00'}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x6, 'syz0\x00'}}}, {{@ip={@broadcast, @multicast1, 0x0, 0x0, 'veth1_to_bond\x00', 'veth0\x00', {0xff}}, 0x0, 0xd0, 0x118, 0x0, {}, [@common=@unspec=@cgroup0={{0x28}, {0x4}}, @common=@unspec=@statistic={{0x38}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x8000, 'syz0\x00', {0x481c}}}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x550) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00'}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) wait4(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, &(0x7f0000000040)}) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000ec0)=ANY=[], 0xd0}}], 0x1, 0x0) close(0xffffffffffffffff) 2m47.602642811s ago: executing program 1 (id=2224): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x5, 0x1000086}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x4d, &(0x7f0000000140)=ANY=[@ANYRESDEC], 0x8) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r1, &(0x7f0000000100)={0xa, 0xffff, 0x0, @mcast2, 0x9}, 0x1c) sendto$inet6(r1, &(0x7f0000000300), 0x5aa, 0x0, 0x0, 0xfffffffffffffdfd) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000040)={'veth0_macvtap\x00', &(0x7f0000000080)=@ethtool_sfeatures={0x3b, 0x2, [{0x10009, 0x3}, {0x8000006, 0x6}]}}) r3 = socket$phonet(0x23, 0x2, 0x1) r4 = socket$nl_generic(0x10, 0x3, 0x10) timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=0x0) timer_settime(r5, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x200000b, 0x204031, 0xffffffffffffffff, 0xffffd000) r6 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x20800, 0x0) io_submit(0x0, 0x1, &(0x7f0000000500)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0xc, r6, &(0x7f0000000080)='E', 0x1, 0x8000}]) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001280), r4) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000012c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_GET_STATION(r4, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000001380)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="01002ad3ed5a3cd6cfd68e00000008000300", @ANYRES32=r8], 0x28}, 0x1, 0x0, 0x0, 0x81}, 0x8880) syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x10, 0xb05, 0x17e0, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x3, 0x2, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0xea, 0x1, {0x22, 0x1}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x20, 0x0, 0x3}}}}}]}}]}}, 0x0) 2m44.253381901s ago: executing program 1 (id=2232): socket$nl_route(0x10, 0x3, 0x0) openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000040), 0x6) ioctl$sock_bt_hci(r0, 0x400448df, &(0x7f00000002c0)="fc1a1a") ioctl$sock_bt_hci(r0, 0x400448e7, &(0x7f0000000080)) socket$inet6_sctp(0xa, 0x1, 0x84) write$FUSE_DIRENTPLUS(0xffffffffffffffff, 0x0, 0x150) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, &(0x7f0000000100), 0x4) openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0) r1 = syz_io_uring_setup(0x499, &(0x7f0000000400)={0x0, 0x1f91, 0x400, 0x0, 0x288}, &(0x7f0000000100)=0x0, &(0x7f0000000140)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000040)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x4}}, './file0\x00'}) sendto$rose(r3, &(0x7f0000000180)="55511ba04f317e6947e6ccfb0150840d208a927e7b166d831b5a440e05f190b0f4372ed64125b8e41bb94adcd254b127b421592dd2e0c9bb2427855b6d908ecf6f59bb6fa0bcd2b5f7e508034fd825a1d615951f", 0x54, 0x8c0, &(0x7f0000000300)=@full={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, 0x0, [@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @null, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}]}, 0x40) io_uring_enter(r1, 0x7f4e, 0x80ed, 0x43, &(0x7f0000000240)={[0xfffff800]}, 0x8) io_uring_enter(r1, 0x3516, 0x0, 0x4, 0x0, 0x0) r4 = syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2) ioctl$VIDIOC_S_CTRL(r4, 0xc008561c, &(0x7f00000000c0)={0xf0f041}) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000200)=ANY=[]) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='percpu_alloc_percpu\x00', r5}, 0x10) syz_io_uring_setup(0x111, &(0x7f0000000340)={0x0, 0x11, 0x2, 0x4, 0x700}, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 2m42.331741617s ago: executing program 1 (id=2241): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'syzkaller1\x00', 0xc201}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0) r2 = openat$sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) sendfile(r2, r1, &(0x7f0000002080)=0x76, 0x23b) (async) r3 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) (async) r4 = socket$inet_sctp(0x2, 0x1, 0x84) (async) getsockopt$inet_sctp_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000280)={0x0, 0x3, 0xfc01, 0x7f, 0x3}, &(0x7f00000002c0)=0x14) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r4, 0x84, 0x10, &(0x7f0000000340)=@assoc_value={r5}, 0x8) (async) write$tun(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="034886dd09032800030020000000600000001204730081e949b93897bc3b0000000000007d01ff020000000000000000000000000001"], 0xfdef) (async, rerun: 64) setsockopt$CAIFSO_LINK_SELECT(r1, 0x116, 0x7f, &(0x7f0000000240)=0x7, 0x4) (rerun: 64) r6 = syz_usb_connect(0x3, 0x24, &(0x7f0000001040)=ANY=[@ANYBLOB="12010000400109021200010000000009040000008ec46f00"], 0x0) (async, rerun: 32) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 32) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r9, 0x4138ae84, 0x0) (async) syz_usb_control_io$cdc_ncm(r6, 0x0, 0x0) (async) syz_usb_control_io(r6, 0x0, 0x0) (async, rerun: 32) r10 = dup(r7) (rerun: 32) sendmsg$IPSET_CMD_TYPE(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="1c0000000d0601030000000000000000010000050500210007000000"], 0x1c}, 0x1, 0x0, 0x0, 0x4000040}, 0x0) (async) ioctl$LOOP_SET_STATUS(r10, 0x4c02, &(0x7f0000000380)={0x0, {}, 0x0, {}, 0x7, 0x12, 0x12, 0x14, "c3c9927eb93e8c51695d25d134c6aeff7acf88af1c8c3b630a075cdaf1d2fe65c7a218b88ce7b4be041337c17ea45c15c444a643e1710f36c25e0b74f3a4f6d0", "d8ebabbd5c87bbc76fb6cdcc4283a387396784170b0210c6fd06456c7f32e621", [0xa, 0x5]}) (async, rerun: 32) syz_usb_control_io$uac1(r6, 0x0, 0x0) (rerun: 32) syz_usb_control_io$uac1(r6, 0x0, 0x0) r11 = socket$nl_route(0x10, 0x3, 0x0) (async) r12 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$TIOCGSID(r1, 0x5429, &(0x7f0000000080)=0x0) sched_setaffinity(r13, 0x8, &(0x7f00000001c0)=0x4) ioctl$VIDIOC_ENUM_FRAMESIZES(r12, 0xc02c564a, &(0x7f0000000040)={0x6, 0x59455247, 0x3, @discrete={0x401}}) (async) sendmsg$nl_route(r11, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="240000001a000100000000000000000081"], 0x24}}, 0x0) 2m26.509180704s ago: executing program 32 (id=2241): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'syzkaller1\x00', 0xc201}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0) r2 = openat$sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) sendfile(r2, r1, &(0x7f0000002080)=0x76, 0x23b) (async) r3 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) (async) r4 = socket$inet_sctp(0x2, 0x1, 0x84) (async) getsockopt$inet_sctp_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000280)={0x0, 0x3, 0xfc01, 0x7f, 0x3}, &(0x7f00000002c0)=0x14) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r4, 0x84, 0x10, &(0x7f0000000340)=@assoc_value={r5}, 0x8) (async) write$tun(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="034886dd09032800030020000000600000001204730081e949b93897bc3b0000000000007d01ff020000000000000000000000000001"], 0xfdef) (async, rerun: 64) setsockopt$CAIFSO_LINK_SELECT(r1, 0x116, 0x7f, &(0x7f0000000240)=0x7, 0x4) (rerun: 64) r6 = syz_usb_connect(0x3, 0x24, &(0x7f0000001040)=ANY=[@ANYBLOB="12010000400109021200010000000009040000008ec46f00"], 0x0) (async, rerun: 32) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 32) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r9, 0x4138ae84, 0x0) (async) syz_usb_control_io$cdc_ncm(r6, 0x0, 0x0) (async) syz_usb_control_io(r6, 0x0, 0x0) (async, rerun: 32) r10 = dup(r7) (rerun: 32) sendmsg$IPSET_CMD_TYPE(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="1c0000000d0601030000000000000000010000050500210007000000"], 0x1c}, 0x1, 0x0, 0x0, 0x4000040}, 0x0) (async) ioctl$LOOP_SET_STATUS(r10, 0x4c02, &(0x7f0000000380)={0x0, {}, 0x0, {}, 0x7, 0x12, 0x12, 0x14, "c3c9927eb93e8c51695d25d134c6aeff7acf88af1c8c3b630a075cdaf1d2fe65c7a218b88ce7b4be041337c17ea45c15c444a643e1710f36c25e0b74f3a4f6d0", "d8ebabbd5c87bbc76fb6cdcc4283a387396784170b0210c6fd06456c7f32e621", [0xa, 0x5]}) (async, rerun: 32) syz_usb_control_io$uac1(r6, 0x0, 0x0) (rerun: 32) syz_usb_control_io$uac1(r6, 0x0, 0x0) r11 = socket$nl_route(0x10, 0x3, 0x0) (async) r12 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$TIOCGSID(r1, 0x5429, &(0x7f0000000080)=0x0) sched_setaffinity(r13, 0x8, &(0x7f00000001c0)=0x4) ioctl$VIDIOC_ENUM_FRAMESIZES(r12, 0xc02c564a, &(0x7f0000000040)={0x6, 0x59455247, 0x3, @discrete={0x401}}) (async) sendmsg$nl_route(r11, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="240000001a000100000000000000000081"], 0x24}}, 0x0) 16.975346967s ago: executing program 0 (id=2550): socket(0x840000000002, 0x3, 0xff) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) keyctl$KEYCTL_CAPABILITIES(0x1f, &(0x7f0000002640)=""/1, 0x1) bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x18) r1 = socket$igmp(0x2, 0x3, 0x2) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'macvtap0\x00', 0x0}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001080)={0x6, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000e6f900000095ed000000040000"], &(0x7f0000000300)='GPL\x00', 0x4, 0x62, 0x0, 0x41000, 0x40, '\x00', r2}, 0x94) socket(0x0, 0x4, 0x1) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x121002, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r4, 0x0, 0x2a, &(0x7f0000000000)={0x3, {{0x2, 0x0, @multicast2}}}, 0x88) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) getsockopt$inet_buf(r4, 0x0, 0x30, &(0x7f0000000000)=""/4091, &(0x7f0000001000)=0xffb) ioctl$SIOCSIFHWADDR(r3, 0x8924, &(0x7f00000000c0)={'macvlan0\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3b}}) r5 = semget$private(0x0, 0x6, 0x0) semtimedop(r5, &(0x7f00000003c0)=[{0x0, 0x1}, {0x2, 0x4, 0x1800}], 0x2, 0x0) semctl$IPC_RMID(r5, 0x0, 0x0) 13.070792527s ago: executing program 0 (id=2559): socket$can_raw(0x1d, 0x3, 0x1) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x2, 0xf, &(0x7f0000000040)=@ringbuf={{0x18, 0x6}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0xb4}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x7b}}}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000123c4cb8ed98847580504776d7f4323d0be446735ddcb6dbf642a176286c599fd3858959f0063a7f1de467fa02ed0e0a2d1507ea9dd9cd87b29e9843de0a"], &(0x7f0000000080)='syzkaller\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000040)='contention_end\x00', r1}, 0x18) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)={0x28, r3, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_STRSET_HEADER={0x4}, @ETHTOOL_A_STRSET_STRINGSETS={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x16}]}]}]}, 0x28}}, 0x0) 11.826687472s ago: executing program 0 (id=2562): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="030000000400000004000000"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="180000000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70300000000008085000000c0000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = syz_io_uring_setup(0x48be, &(0x7f0000001280)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000000000), &(0x7f0000001640)) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f0000002300)=[{&(0x7f0000000140)=""/4096, 0x1000}], 0x3100) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='fdinfo/3\x00') prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000a40)=@newsa={0x140, 0x10, 0x1, 0x0, 0x0, {{@in6=@remote, @in6=@remote, 0x0, 0xfff7, 0x2000, 0x1, 0x0, 0x0, 0x0, 0x3b, 0x0, 0xffffffffffffffff}, {@in=@rand_addr=0x64010102, 0x0, 0x32}, @in6=@loopback, {0x0, 0x4, 0x0, 0x0, 0x3, 0x0, 0x4}, {0x800000000000, 0x4, 0x40000000}, {}, 0x70bd25, 0x3501, 0xa, 0x0, 0x1}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}, 0x45}}, @offload={0xc, 0x1c, {0x0, 0x2}}]}, 0x140}, 0x1, 0x0, 0x0, 0x4004000}, 0x4810) r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') renameat2(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000600)='./file5\x00', 0x2) bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3}, 0x50) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$UHID_INPUT(r5, &(0x7f0000002080)={0xfc, {"a2336848149e516d4b5e071887f70e09d038e7ff7fc6e5539b0d500a8b089b3f383563030890e0879b0a71c6e70a9b334a959b669a242f0a0af3988f7ef319520100ffe8d178708c523c921b1b3e31070d0773090acd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9903f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928d28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f2730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b81305c038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849cd9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484539ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1f93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb8843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b2804563407308c58c89d9e99c81769177e6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463373b4b87c9050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e080000007ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e3933ed07c2b8081c128ad2706f48261ff07000000000000613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59500000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r6, 0x0, 0x0) r7 = syz_open_dev$usbmon(&(0x7f00000005c0), 0x0, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1000003, 0x12, r7, 0x1000) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_io_uring_setup(0x24b9, &(0x7f0000001180)={0x0, 0xdebc, 0x41, 0x1, 0x1a3}, &(0x7f0000001200), 0x0) sendmsg$IPCTNL_MSG_EXP_GET(r8, &(0x7f0000001600)={0x0, 0x0, &(0x7f00000015c0)={&(0x7f0000001340)=ANY=[@ANYBLOB="7c0200000102010800000000000000000100000694000180060003400001000006000340000200000c00028005000100010000000c000280050001000100000006000340000400000c00028005000100060000000c000280050001002f0000002c000180140003000000000000000000000000000000000114000400fe8000000000000000000000000000aa060003400001000014000180080001000000000008000200ffffffff5c000a80580002802c000180140003002001000000000000000000000000000114000400ff01000000000000000000000000400106000340000400000c00028005000100210000000c0002800500010021000000060003400000000058010a8014000280060003400003000006000340000200000800014000000001080001400000000148000280060003400000000006000340000300001400018008000100e000000208000200ac1e00010c000280050001000100000014000180080001000a01010008000200640101022c0002800c000280050001001100000014000180080001000a01010008000200640101010600034000010000500002800600034000040000140001800800010000000000080002000a0101011400018008000100e000000108000200e000000206000340000400001400018008000100ac1414aa08000200e00000026c000280060003400003000014000180080001007f000001080002000000000014000180080001000a010100080002000a0101011400018008000100e000000208000200ac1414aa0600034000030000060003400002000014000180080001000a01010108000200e00000020a000b00512e3933310000000800054000000151080009407fffffff04000180"], 0x27c}, 0x1, 0x0, 0x0, 0x40000}, 0x4) pread64(r2, &(0x7f0000000080)=""/237, 0xed, 0x0) openat$audio(0xffffffffffffff9c, 0x0, 0x40000000040201, 0x0) 11.821233603s ago: executing program 2 (id=2563): mknodat(0xffffffffffffff9c, 0x0, 0x21c0, 0x103) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) landlock_restrict_self(0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = syz_io_uring_setup(0x837, 0x0, &(0x7f0000000040)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000100)=@IORING_OP_TIMEOUT={0xb, 0x41, 0x0, 0x0, 0xd, 0x0, 0x1, 0xc, 0x1}) io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0x0) 11.754638259s ago: executing program 5 (id=2566): r0 = socket$inet_udp(0x2, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002a00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000980)=""/6, 0x6}, 0x5}], 0x1, 0x2, 0x0) setsockopt$inet_int(r0, 0x0, 0x12, &(0x7f00000001c0)=0x3fd, 0x4) setsockopt$inet_int(r0, 0x0, 0x7, &(0x7f0000000140)=0x30, 0x4) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) r1 = socket$inet6_udp(0xa, 0x2, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) kcmp(0x0, 0x0, 0x3, 0xffffffffffffffff, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() r2 = userfaultfd(0x801) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000001c0)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000000)={&(0x7f00002b9000/0x400000)=nil, &(0x7f0000779000/0x1000)=nil, 0x400000, 0x3, 0x2}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x66) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xf0667000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r5, 0x29, 0x2, &(0x7f0000000c40)=0x2, 0x4) getsockopt$inet6_buf(r5, 0x29, 0x6, 0x0, &(0x7f0000000240)) connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f00000005c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x558, 0x0, 0xffffff80, 0x178, 0x0, 0x178, 0x488, 0x22b, 0x258, 0x488, 0x258, 0x2034, 0x0, {[{{@uncond, 0x1d, 0x300, 0x320, 0x340, {0x1e0002a8, 0x7203000000000000}, [@common=@unspec=@bpf1={{0x230}, @bytecode={0x0, 0x1a, 0x64, [{}, {}, {}, {0x0, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {0x0, 0x0, 0xfd}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {0x0, 0x1}, {}, {}, {}, {}, {}, {0x6}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x2}, {}, {}, {}, {}, {}, {}, {0xffff}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0xfd}]}}, @inet=@rpfilter={{0x28}}]}, @unspec=@NOTRACK={0x20}}, {{@ipv6={@loopback, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], [], 'veth1_to_bridge\x00', 'geneve1\x00'}, 0x0, 0x100, 0x168, 0x0, {}, [@common=@ah={{0x30}}, @common=@ipv6header={{0x28}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5b8) 10.033535469s ago: executing program 3 (id=2569): syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) r0 = socket(0x10, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r0, 0x89f8, &(0x7f0000000480)={'tunl0\x00', &(0x7f0000000500)={'syztnl0\x00', 0x0, 0x8000, 0x80, 0x4, 0xfff, {{0x16, 0x4, 0x2, 0x8, 0x58, 0x64, 0x0, 0x40, 0x29, 0x0, @multicast2, @remote, {[@timestamp_prespec={0x44, 0x14, 0xeb, 0x3, 0xe, [{@local, 0x10}, {@loopback, 0x80000001}]}, @ssrr={0x89, 0xf, 0x7e, [@remote, @initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x0, 0x0}]}, @rr={0x7, 0x1f, 0xf0, [@broadcast, @loopback, @loopback, @private=0xa010101, @initdev={0xac, 0x1e, 0x1, 0x0}, @empty, @multicast1]}]}}}}}) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x20, '\x00', r1, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe1c, 0x0, 0x0, 0x10, 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2, 0x0, 0xfffffffffffffffe}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r5, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r3, {r2}}, './file0\x00'}) ioctl$IOMMU_VFIO_CHECK_EXTENSION(r7, 0x3b65, 0x4) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r8, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000003a40)={0xd4, 0x3e, 0x400, 0xfffffffe, 0xfffffffc, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x9, 0x0, 0x0, @str='\x80\n'}]}, @nested={0xaf, 0x41, 0x0, 0x1, [@generic="648bb07f1c651b5a0c91f3ee86e9da16f039db5b380edee235180d04116bb4d4152a21f115ec7b5d1ffe0e44235846d1bbdc5c4cb3b716e0f7ac6ce0a5b319daff5cc156836a8b397beb63ece85272b6c0ea0d5013d7ed37ef15952c0b9f006ced462617e8c6a872bf04827422879b2197e9b6314d3e32066c5a339b2bb50a4ffc226b8fac147062c67ecd71b3961f40d366ea48b4b6f642dd4954a962263c", @nested={0xc, 0xec, 0x0, 0x1, [@typed={0x8, 0x6d, 0x0, 0x0, @u32=0x4}]}, @generic]}]}, 0xd4}, 0x1, 0x0, 0x0, 0x4000c000}, 0x2000c000) sendto$inet6(r5, &(0x7f0000000180)="b8", 0x1, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x8000000, @loopback, 0xffffffff}, 0x1c) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r5, 0x84, 0x1a, &(0x7f0000000dc0), &(0x7f0000000040)=0x8) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r6}, &(0x7f00000001c0), &(0x7f0000000400)=r6}, 0x20) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) getpid() pidfd_getfd(0xffffffffffffffff, r2, 0x0) r9 = socket$kcm(0x2, 0x3, 0x2) sendmsg$inet(r9, &(0x7f0000000100)={&(0x7f00000004c0)={0x2, 0x0, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000003a00)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x2a}, @multicast1}}}], 0x20}, 0x4008804) 9.161298212s ago: executing program 0 (id=2570): unshare(0x62040200) unshare(0x40000000) (async) unshare(0x40000000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x7, 0x8031, 0xffffffffffffffff, 0x1000) socket(0x10, 0x3, 0x0) (async) socket(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000020000100000000000000000002"], 0x40}, 0x1, 0x0, 0x0, 0x4010}, 0x4044) 8.256041604s ago: executing program 5 (id=2572): write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd637f4b22667f2f00db5b686158bbcfe8875a65969ff57b00000000000000000000000000ac1414aa35f086dd"], 0xfdef) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94) sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e486dd6317ce2200"], 0xcfa4) (async) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e486dd6317ce2200"], 0xcfa4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0) (async) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000100)=[{0x0}, {&(0x7f0000001180)=""/147, 0x93}], 0x2, 0x4, 0x0) (async) preadv(r1, &(0x7f0000000100)=[{0x0}, {&(0x7f0000001180)=""/147, 0x93}], 0x2, 0x4, 0x0) ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000080)={0x0, 0xf7, 0x6, &(0x7f0000000040)={0x21, "513b5039f80f88429eb83d67da3ef3f73e53b8a97fd486c28f4da99bcc9584d1d0"}}) 7.761474753s ago: executing program 3 (id=2574): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = memfd_create(&(0x7f0000000100)='ns/usr\x00\xa5-Oz\xba^\xd0\xe3\xeb\xddC\xc4G\x19\xe3I#\xc7YZD\x82\xb9\xc3h\x14\x7f\x8e\x9d\x19\a\x809Fw?N\xe0\xd4\xbc\x80\xc1\x99\xberXt\xd8\xee\xee%\x89\x9a\xf9\xc3\xee\x9e0\xec\x8b\xd0\xdb\x10.\x1b%\x9d\x1c\x83\x84\xb7\xdbH\".gR\xac\f\xf9w)f\xd5B\x05M\xb6\xe1\x92\xe9\x82\x9ekB#\x9c\x13\xe2Dp/P#\x14w\'w>\x80@-e\v\x9d\xa0c\xc1\x17\xcb\xc3\xb4\xf4)\x88V\xe0\xf6\x93v\xe8\x7f\x12*Q\xaa3Y\x00\xed\xfbh\xe7b\x15z\xb8\xb7\xd8E{\xfa\x85-q\x97\x8e\xd85\xc4$\aw\xc1\xd8\xed\xcf\x935\xd7\x87\xbb&\xf8\xd4\x05Y\xaf}4\xff7WD\xf1\x969\xacu\x83\xac\x852\xef\x9b\v\xb5\x0fO\xc3.\xee\xb97\x9c)C', 0x6) io_setup(0x8, &(0x7f0000000000)=0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000004300), 0x1, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x3d) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) r5 = eventfd2(0x3, 0x1) r6 = eventfd(0x2c0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000300)={r5, 0xa, 0x2, r6}) io_submit(r2, 0x1, &(0x7f0000000e80)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x7, 0x9, r1, 0x0, 0x0, 0xff, 0x0, 0x1, r5}]) syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r7 = getpid() iopl(0x37) sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r7, 0x1, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r8, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r9, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/power/reserved_size', 0x21a02, 0x105) mkdir(&(0x7f00000003c0)='./file0\x00', 0x21) mount(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x1214050, 0x0) mkdir(&(0x7f0000000200)='./bus\x00', 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) r10 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_S_INPUT(r10, 0xc0045627, &(0x7f0000000100)=0x3) 7.52919544s ago: executing program 2 (id=2576): socket$can_raw(0x1d, 0x3, 0x1) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x2, 0xf, &(0x7f0000000040)=@ringbuf={{0x18, 0x6}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0xb4}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x7b}}}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000123c4cb8ed98847580504776d7f4323d0be446735ddcb6dbf642a176286c599fd3858959f0063a7f1de467fa02ed0e0a2d1507ea9dd9cd87b29e9843de0a"], &(0x7f0000000080)='syzkaller\x00'}, 0x94) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)={0x28, r2, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_STRSET_HEADER={0x4}, @ETHTOOL_A_STRSET_STRINGSETS={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x16}]}]}]}, 0x28}}, 0x0) 6.753335926s ago: executing program 5 (id=2578): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f0000000040)={0xff}, 0x1) r1 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, &(0x7f0000000040)="1002d7d957c9dc8dda937c7b61567297207adb3029e20544ec044c2fbb6bf865c9331165cb94d9fcb78cb57f9b40b11393c0030046c2e390f91dbd9ddf7accf1295f9abfb2b534ba", 0x0, 0x48) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) close(r3) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f00007fd000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000180), 0x121000, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="12000000020000000400000002"], 0x50) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r4, &(0x7f0000000040)}, 0x20) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c00000004000000000000000000000300000000030000000300000000000101010000000000000800000000010000000100000506000000010000000200000000000000005f"], &(0x7f0000001540)=""/4096, 0x58, 0x1000, 0xa}, 0x28) sendto$inet6(r0, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)={0x68, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x20, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x4}}, @IPSET_ATTR_CADT_FLAGS={0x8}, @IPSET_ATTR_TIMEOUT={0x8}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x68}}, 0x0) write(r0, &(0x7f0000000080)="d8", 0x1) 6.60203354s ago: executing program 3 (id=2579): socket$inet6_udp(0xa, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) r0 = bpf$ITER_CREATE(0x21, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r1}, 0x10) bpf$MAP_CREATE(0x600000000000000, &(0x7f0000000580)=@base={0xf, 0x4, 0x4, 0x20002, 0x0, 0x1, 0xfffffffd, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x48) (fail_nth: 9) mkdirat$cgroup(r0, &(0x7f00000000c0)='syz1\x00', 0x1ff) listen(0xffffffffffffffff, 0x0) 6.492843381s ago: executing program 3 (id=2580): syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) socket$kcm(0xa, 0x922000000003, 0x11) r3 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="48000000150081fb7059ae08060c04000aff0f11000000040011018701546fabca1b4e7d06a6bd7c493872f750375ed08a562af5745e17b8c119418f0f000000d6e74703c48f93b8", 0x48}], 0x1}, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x9, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3fe, 0x5, 0x3, 0x9, 0x8, 0x45ff, 0x7ffffffc}, 0x0, 0x0) mount(&(0x7f0000000140)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000080)='cramfs\x00', 0x208000, 0x0) io_setup(0x8, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000"], &(0x7f0000000140)='GPL\x00'}, 0x94) socket$inet6_udp(0xa, 0x2, 0x0) 5.853749335s ago: executing program 2 (id=2581): r0 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x1d, 0x2, 0x6) socket(0x1d, 0x2, 0x6) bind$can_j1939(r3, &(0x7f0000000080)={0x1d, r1, 0x2, {0x1, 0xf2}, 0xfe}, 0x18) r4 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000000c0)={0x0, 0x2000, &(0x7f0000000240)={&(0x7f0000000f00)=@newtfilter={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x74, r5}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0) 5.746823424s ago: executing program 4 (id=2582): bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000380)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff0d}, 0x94) r1 = socket$rxrpc(0x21, 0x2, 0xa) connect$rxrpc(r1, &(0x7f0000000000)=@in6={0x21, 0x2, 0x2, 0x1c, {0xa, 0x4e20, 0x200, @dev={0xfe, 0x80, '\x00', 0x26}, 0x1}}, 0x24) sendmsg$inet(r1, 0x0, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_emit_ethernet(0x72, &(0x7f0000000440)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaabb86dd60004000003c3c01207fdd25ef0000000000000040000000ff0200000000000000000000000000010004000000000000c910"], 0x0) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) read$FUSE(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={0x0, r0, 0x0, 0x417}, 0x18) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x13f, 0x9}}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00'}, 0x10) mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='ntfs3\x00', 0x2208004, 0x0) 4.741515757s ago: executing program 2 (id=2583): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) listen(0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8f}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000000c0)='devtmpfs\x00', 0x0, 0x0) r4 = openat$smackfs_load(0xffffffffffffff9c, &(0x7f0000000000)='/sys/fs/smackfs/load-self2\x00', 0x2, 0x0) write$binfmt_script(r4, &(0x7f00000000c0)={'#! ', './file0', [{0x20, ')+'}, {0x20, '[k'}, {0x20, 'no&\x80\x85\xfe\x19\x17y\xb2\x82\x81AR\x86lo-\xc5hX\xbbt\b\x86xookie'}, {0x20, 'B-+'}, {0x20, 'hostdata'}, {0x20, '*'}], 0xa, '\vT'}, 0x42) r5 = memfd_create(&(0x7f0000000840)='[\v\xdbX\xae[\x1a\xa9\x00\xc2\x9aml\r\xcf\xaa\x13\x99\x85B\xc3\x06<\xc2\xa9\xc3\xdb\x88\xee\x85md\xc8\x85HX\xa9%\f\x8fe\xe0\x00\x00\xa8\xfdn\xbe \a\x0e\xa3\xb9\x1d\x9dO\xbdj\x00\x00\xfb\xff\x00c\xb2\xc9\ap\xd0\xa2\x82\x1e\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcb\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2\xa75\x9d\xcb\x1e\x80\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x00uNh\xc5(\xbc\xf3\xac{\x04D2\xf2\xcd\xc2{E\xae\x89\xddI\xc8\xc6\xe9\xef\x98\xf0\x8b\xac\xa7R\x10\x011\x9fi\x00\x00\x00\x00\x00\x00\x00\x00\x002?D\x86\x14\xa52<\x87n\xf4\x04R\x15\t\xb8\xbeT\xb8\xe7K)\x1fP\xb6\xce8\xcc\xabe\xcb\xd0\xf9\xc9\xfe_\v\xaa#\x8f\x8asu\xb2\xfe\xc4\xbe\x03\xd3\x93E\x1d\xaf}\x9b\xac\xc2\x9a\xe6W\x92sD\fn\x9e\xc2s\xc6_4\f\xc1\x8b\x9a\xa4_\xad\x9b\xb9 \v\x0f{>\xdf^.\xb8\x96\x1d\x99vY\xa8\xfa\xd7i\x94i^;\xaa\xe7XA\xd2\xc5\x02\x12I\xbe\xd0Ksq\x96 \xbf\xed\x1c\x91\xeeN\xda&\xddtG\xc2\xa8j\xae\xac)\xfdNu\x19\x91\xa7z\x1b\x0e\xab\xd2k\x16\x87#\xf6p#\x8d\xdd?\x9fXV\x12\xa9\xc7v\x02\x98g:4\xb6\xcaY\xc2~k\xcb\xef]h/\xa2\xaf\xc4\xec\xdc\xd4H\xed\x94qNY\x85\x87&\xf1\xbb\f\x02\x0fo\xae\xf4\x19|\xc4\xfcL\xdb\x00\xedrK\x13\xb5J?s\x93\xe6\xda\xf0\xf3B\x8d\xb4\xd8>\x12\xb0\x8e\x8d\xdaQ\xa2\xd0\xbc\x92d\x9e^\xbc\xd5\x8aNf\xefa\v*\xb08\xfc\xd2\xa4\x11`\xae\x98\xcc\xe1\xea\xc2\x1dKR\x0e\x1cK\x86\v\xba\xdfz\xa8\xdf\xb6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xef\xe9\xb3@\xe8\a0\x1e\xb8L\x83\xc4\xa8\xb2\xc1\xf8\xae\x1d\x198\x0f\xfa\t\x88+\xdc\xe1\x01@\xbd\x8ba\"|\x14\x1bF\x9b\xd3\xff7\a\x1c:U\xba\xf4\t\xdc\xef\xe3\x11\xdb^\xee\x8c0\xee\xde6:\x80t\xfb\xbc^K\xb4\x8c9\xb0\xec\x82\x127!\x0e\xa3\xc9\xe0\xea\xfa\x0f\xbb\x0e \xc3\xef\xb20xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) socket$inet6_sctp(0xa, 0x1, 0x84) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$kcm(0xa, 0x922000000003, 0x11) r5 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="48000000150081fb7059ae08060c04000aff0f11000000040011018701546fabca1b4e7d06a6bd7c493872f750375ed08a562af5745e17b8c119418f0f000000d6e74703c48f93", 0x47}], 0x1}, 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(0xffffffffffffffff, 0x40505331, &(0x7f0000000100)={{}, {0xe}, 0xbf00, 0xbf}) io_setup(0x8, &(0x7f0000004200)) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000"], &(0x7f0000000140)='GPL\x00'}, 0x94) socket$inet6_udp(0xa, 0x2, 0x0) 4.4745458s ago: executing program 0 (id=2585): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x60242, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000f40)={'pimreg\x00', 0x3c32}) io_setup(0x9, &(0x7f0000000140)=0x0) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)={0x90, 0x0, 0x8000, {0x2000003, 0x3, 0x5, 0x3, 0x1ff, 0x3, {0x6, 0x200000004, 0x7, 0x5, 0x100000001, 0x2, 0x3, 0x0, 0x439e, 0x6000, 0x5, 0x0, 0x0, 0x801, 0x8}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) io_submit(r2, 0x1, &(0x7f00000003c0)=[&(0x7f0000000300)={0x0, 0x0, 0x0, 0x8, 0x3, r1, &(0x7f0000000180)="7617", 0x2, 0x2}]) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@nfs_export_on}]}) chdir(&(0x7f00000000c0)='./bus\x00') r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) r4 = creat(&(0x7f0000000580)='./file1\x00', 0x0) r5 = fanotify_init(0xf00, 0x1) fanotify_mark(r5, 0x105, 0x40009975, r4, 0x0) fallocate(r3, 0x0, 0x1000000, 0x3) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r3, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f0000000000)={0x8001, 0x5, 0xde, 0xffff}, 0x8) sendto$inet6(r0, &(0x7f00000001c0)="ad", 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c) r6 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0) sendfile(r6, r6, 0x0, 0x1) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r0, 0x84, 0x21, 0x0, 0x0) 3.603808177s ago: executing program 2 (id=2586): mknodat(0xffffffffffffff9c, 0x0, 0x21c0, 0x103) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) landlock_restrict_self(0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = syz_io_uring_setup(0x837, &(0x7f0000000180)={0x0, 0x2b94, 0x80, 0x4, 0x3cf}, 0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(0x0, r3, &(0x7f0000000100)=@IORING_OP_TIMEOUT={0xb, 0x41, 0x0, 0x0, 0xd, 0x0, 0x1, 0xc, 0x1}) io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0x0) 3.392222385s ago: executing program 5 (id=2587): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NLBL_UNLABEL_C_STATICADD(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000500)=ANY=[@ANYBLOB="b2a3fd864715152d9dd916f9fef9203f0c196800023190f1deecd32131dc09886e7a1263ca2dbac4841f62b6d948d188697ee15ab2ca6b5b255e722d0f4588a7c933dd2d7e68ba28516bc606a3b1fbf2e7939a99b5ec760ff18ddb02493a4a3224d5817778ac80498028a1578e74bc36c4927da1613f51a82c6a6de97ba0fa832c92fad2c5b3311d2e2475c0fe4e8d73bbfe577199207d3d6be6", @ANYRESHEX=r0], 0x4c}, 0x8, 0x3000000000002}, 0x0) (async) r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f0000000180)=0x70) (async) openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) (async, rerun: 32) syz_io_uring_setup(0x1929, &(0x7f0000000640)={0x0, 0xf2f, 0x0, 0x0, 0x207}, &(0x7f0000000040)=0x0, &(0x7f0000000240)=0x0) (rerun: 32) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x80, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) (async) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) (async, rerun: 32) write$dsp(r1, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000) (async, rerun: 32) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={0x0, 0xffffffffffffffff, 0x0, 0x62}, 0x18) (async) r4 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_EVENTS(r4, 0x84, 0xb, &(0x7f00000000c0)={0xfc, 0x0, 0x6, 0xfb, 0x4, 0x5, 0x2, 0x80, 0x1, 0x54, 0xd, 0x2, 0x3}, 0xe) (async) setsockopt$inet_sctp_SCTP_RECVNXTINFO(r4, 0x84, 0x21, &(0x7f0000000000)=0xfff, 0x4) (async, rerun: 32) sendmmsg$inet(r4, &(0x7f0000000b80)=[{{&(0x7f0000000080)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f00000008c0)=[{&(0x7f00000005c0)="c3", 0x1}], 0x1}}], 0x1, 0x20000800) (rerun: 32) read(r4, &(0x7f0000000240)=""/138, 0x8a) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) (async) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000080), 0x2, 0x141102) writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) (async) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e21, 0x2, @empty}, 0x1c) (async) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e00, 0x5, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x12}}, 0x10}, 0xffffffffffffffd1) (async) madvise(&(0x7f0000ff3000/0x2000)=nil, 0x2000, 0xc) (async) r6 = syz_clone(0x8000, 0x0, 0x0, 0x0, 0x0, 0x0) r7 = landlock_create_ruleset(&(0x7f0000000040)={0xc5, 0x3}, 0x18, 0x0) landlock_restrict_self(r7, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[], 0x0) (async) r8 = syz_pidfd_open(r6, 0x0) pidfd_getfd(r8, r8, 0x0) 2.325152238s ago: executing program 4 (id=2588): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000380)='bic\x00', 0x4) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmmsg$inet(r0, &(0x7f00000005c0), 0x0, 0x0) 2.159851627s ago: executing program 4 (id=2589): r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x28) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0xf9}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1}, 0x6d) 1.785694436s ago: executing program 4 (id=2590): r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x28) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0xf9}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1}, 0x6d) (fail_nth: 1) 1.629580858s ago: executing program 5 (id=2591): socket$can_raw(0x1d, 0x3, 0x1) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x2, 0xf, &(0x7f0000000040)=@ringbuf={{0x18, 0x6}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0xb4}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x7b}}}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000123c4cb8ed98847580504776d7f4323d0be446735ddcb6dbf642a176286c599fd3858959f0063a7f1de467fa02ed0e0a2d1507ea9dd9cd87b29e9843de0a"], &(0x7f0000000080)='syzkaller\x00'}, 0x94) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)={0x28, r2, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_STRSET_HEADER={0x4}, @ETHTOOL_A_STRSET_STRINGSETS={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x16}]}]}]}, 0x28}}, 0x0) 1.199475718s ago: executing program 2 (id=2592): sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x48d4) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_open_procfs(0x0, &(0x7f0000000700)='mounts\x00') read$FUSE(r3, &(0x7f0000000980)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) setresgid(0x0, r4, r4) sendmsg$netlink(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000740)=ANY=[@ANYBLOB="10000000130000022abd7000fedbdf258910f167"], 0x10}], 0x1, &(0x7f00000009c0)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0x0, r4}}}], 0x20, 0x44040}, 0x10000000) r5 = fcntl$getown(r1, 0x9) getresgid(&(0x7f0000000640), &(0x7f0000000680), &(0x7f00000006c0)) gettid() getgroups(0x4, &(0x7f0000000700)=[0xee01, 0xee00, 0xee01, 0xee01]) sendmmsg$unix(r1, &(0x7f00000055c0)=[{{&(0x7f0000000280)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000400)=[{&(0x7f0000000340)}, {&(0x7f0000000200)="d76f7ffb1bcd26ab718a7a063b4585548d07fa5e924e086aeb261aaf13289aa6d3887585b02fb1", 0x27}], 0x2, 0x0, 0x0, 0xc000}}, {{&(0x7f0000000440)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000500)="2fd2ec984e7fff295b250a2d92de217af8713b1a", 0x14}], 0x2, &(0x7f0000000780)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES8, @ANYRES32=r6, @ANYRES32=r4, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRESHEX=r3, @ANYRES32=r3, @ANYRES16=r5, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES64=r5, @ANYRES32=0x0, @ANYRES8=r3, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRESHEX=r0, @ANYRES32=0x0, @ANYBLOB="000000001c", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r1, @ANYRES32, @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="000000001c000000000000000100", @ANYBLOB], 0xf8, 0x20000004}}], 0x2, 0x8000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r7 = socket(0x400000000010, 0x3, 0x0) r8 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r9, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000005680)=@newtfilter={0x1ef4, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r9, {0x0, 0x3}, {}, {0x8, 0xb}}, [@filter_kind_options=@f_route={{0xa}, {0x10, 0x2, [@TCA_ROUTE4_TO={0x8, 0x2, 0x8000e2}, @TCA_ROUTE4_ACT={0x4}]}}, @filter_kind_options=@f_u32={{0x8}, {0x1ea4, 0x2, [@TCA_U32_SEL={0x614, 0x5, {0x1, 0xf8, 0x3, 0x5485, 0x800, 0x7, 0x3, 0x10000, [{0x8, 0x1, 0x6, 0x6}, {0xc1c, 0x80000000, 0x3, 0x3}, {0x8, 0x7ff, 0x6, 0x5}, {0x8d70, 0xfffffffc, 0x81, 0x7fffffff}, {0xa58, 0x80000000, 0x10001, 0xa4f}, {0x510, 0x7, 0x58b0, 0x6}, {0x87b, 0x0, 0x0, 0x6}, {0x3, 0x400, 0x92, 0x7}, {0x8, 0x2, 0x6, 0x1c}, {0x100, 0x9, 0xffff}, {0x9, 0x7, 0xffffffff, 0x7}, {0x5, 0xfffffff1, 0x9}, {0x8, 0x2, 0x5021, 0x361245ad}, {0x7a455f8b, 0x8, 0xad4c, 0x2}, {0xb, 0xfffffff8, 0x6, 0x101}, {0x800, 0x2, 0x6, 0x6fae}, {0x0, 0xc, 0x1, 0x4}, {0x6, 0x7, 0x3, 0xa}, {0x6, 0x3, 0xee, 0x6}, {0x9, 0x6, 0x80000000, 0x1}, {0x4, 0x2, 0x6, 0x4}, {0x2, 0x9, 0x2, 0x73}, {0x8, 0xbc, 0x7}, {0x1, 0x8001, 0x9, 0x6}, {0xd, 0x7, 0xc, 0x4}, {0xe56a, 0x2, 0x0, 0x2}, {0x40, 0x7, 0xc74, 0x4}, {0x7, 0x4, 0x2, 0xa}, {0x8, 0x1, 0x9, 0x6}, {0x9, 0xfffffff8, 0xffffffff, 0x4}, {0x800, 0xf, 0x200, 0x3}, {0x7, 0x0, 0x7f, 0x8515}, {0x3, 0x3, 0x4, 0x40}, {0x8, 0xfffffff7, 0x9fd7, 0xff}, {0x10, 0x4, 0x800, 0x7fff}, {0x235, 0x14, 0x2c9}, {0x40, 0x5, 0x7, 0x4}, {0xfffffff7, 0x0, 0x1, 0x1}, {0x4, 0x80, 0x8, 0x4}, {0x9, 0xffffff11, 0x7f, 0x9}, {0x6270, 0x101, 0x6, 0x7}, {0x504, 0x339, 0xfffffffb, 0xa6}, {0x4, 0x0, 0x2, 0x1841}, {0x2a7, 0x3, 0x22, 0x2}, {0x650, 0xf2, 0x4, 0x6}, {0x5, 0x0, 0x401f, 0x8}, {0x5, 0x3, 0x6, 0x3}, {0x101, 0x80000000, 0xfffffff8, 0x6}, {0x3ff, 0x2, 0x7, 0x2328cc4e}, {0x100, 0x7, 0xffffffff, 0x80000000}, {0x3, 0x3, 0x6, 0x80}, {0x7ff, 0x0, 0x5a34, 0x7ff}, {0x5, 0x9f2, 0x5, 0x9}, {0xa, 0x80000001, 0x3, 0x7}, {0x7, 0x7f, 0x9, 0x1}, {0x5, 0x4, 0x8001, 0x4}, {0x1, 0x3, 0x0, 0x4}, {0xc, 0x8000, 0x5, 0x7}, {0x2, 0xfffffe00, 0x1, 0x9}, {0x1f, 0x7, 0x3, 0x27}, {0xb8c, 0x2, 0x4, 0x9}, {0x9, 0x6, 0x9, 0x6}, {0x9, 0x80000000, 0x2, 0x3ff}, {0x0, 0x0, 0x101, 0x6}, {0x40, 0x2, 0xffffffee, 0x6}, {0x5, 0x1, 0x6, 0xf71b}, {0x8, 0x2, 0x9, 0x7fffffff}, {0x7fffffff, 0xffffff3a, 0x8, 0xe3}, {0xd0c, 0x1958, 0xe, 0x7f}, {0x3, 0x7ee6, 0x4, 0x28eb}, {0x1, 0xf734, 0xfffffff9, 0x1b}, {0x4, 0x401, 0xff5, 0x2bf}, {0x0, 0x5, 0x4, 0x401}, {0x7, 0x8, 0x20, 0xf1c}, {0x0, 0x6, 0x8001, 0x6cb}, {0xbb, 0x2, 0x3, 0x100}, {0x100, 0x7fff, 0x8}, {0xffffffff, 0x0, 0x10001, 0x5541}, {0x18, 0x9, 0x0, 0x8}, {0x4, 0x8, 0xffffff01, 0x55}, {0x81, 0x5, 0x70, 0x1c47}, {0x1, 0x5, 0x2, 0x5}, {0x71e3, 0x9, 0x5, 0x7}, {0x401, 0x8, 0xb, 0xd8a}, {0x1, 0x400, 0x7, 0x9836}, {0x80000000, 0x8, 0x3ee7, 0x9}, {0x8, 0x5, 0x7d, 0x7b0e}, {0x1, 0xa7, 0xf7df, 0x5}, {0x80000000, 0x32e, 0x3000, 0x9}, {0x3, 0x1ff, 0x8, 0x100}, {0xc4, 0x4, 0x400, 0xe}, {0x51, 0x0, 0x80d, 0x6}, {0x1ff, 0x80, 0x5, 0x3ff}, {0x1000, 0x6be, 0x4, 0x23d0}, {0x7, 0x7, 0x1, 0x8}, {0x3, 0xd0cb, 0x40, 0x2}]}}, @TCA_U32_SEL={0x7b4, 0x5, {0x3, 0x7, 0x4, 0x10, 0xe87, 0x5, 0x2, 0x5, [{0x3, 0x3, 0x8000, 0x1}, {0x0, 0x2, 0x51, 0x4}, {0x80000001, 0x81, 0x8, 0xfff}, {0x54000000, 0x8, 0xfff, 0x100}, {0x101, 0x5, 0x0, 0xba}, {0x8, 0xfffffc01, 0x6ff8, 0x6}, {0x51, 0x7, 0x8, 0xffffff53}, {0x7, 0x100, 0x4, 0x9}, {0x3, 0x7fff, 0xffffc533, 0x7fff}, {0x9, 0xa44, 0x1, 0xb}, {0x4, 0x9, 0x1, 0xfffffff0}, {0x8001, 0x80000000, 0x1, 0x10001}, {0x5, 0x4, 0x6, 0x2}, {0x6, 0xf, 0xfffffffd, 0x6}, {0x7, 0x3, 0xf}, {0xcfb, 0x6, 0x8, 0x10}, {0xca, 0x0, 0x8, 0x3}, {0x6, 0x1000, 0x0, 0x4}, {0x200, 0x1, 0x2, 0x2}, {0xfffffff8, 0xec, 0x3, 0x7}, {0x4, 0xfffffbff, 0x6, 0x83c}, {0xd, 0xbea, 0x7, 0x6}, {0x2, 0x9, 0x0, 0x7}, {0x200, 0x10000, 0xe422, 0x5}, {0x7, 0x4, 0x5, 0x101}, {0x2, 0xbbd4, 0x2, 0xfffffffd}, {0x101, 0x50, 0x7, 0x2}, {0x1, 0x5ab0, 0x6, 0x90c}, {0x4393b5bd, 0x4, 0x15, 0x2}, {0x8, 0x0, 0x1, 0x5}, {0x2, 0x3, 0x2, 0x5}, {0x6, 0x4, 0x0, 0x8}, {0xffffffd7, 0x4, 0x800, 0xd7}, {0x7fffffff, 0x8342, 0x7, 0x10001}, {0x4, 0xfffffffc, 0x7, 0xfffffffe}, {0x1, 0x9, 0x3, 0x1}, {0x0, 0x1, 0x7ff, 0x8}, {0x3ff, 0x8001, 0x9, 0x3}, {0x4, 0x7f, 0x9, 0x6}, {0xfff, 0x2124, 0x100000, 0x81}, {0x0, 0xf8e, 0x9, 0x1}, {0x94, 0x10000, 0x9, 0x4d}, {0xb, 0x1, 0x2, 0x1}, {0xa333, 0xa5, 0x8}, {0x6, 0x9, 0x167b6b06, 0x7}, {0x7ff, 0xfffffffd, 0x4, 0x4}, {0x4, 0x3, 0x3, 0x7f}, {0x1, 0x6, 0x9, 0x380000}, {0x7, 0x3, 0x1a000, 0xfffffff7}, {0x3, 0x1, 0x20, 0x4}, {0x4, 0x482b, 0x2, 0x7}, {0x90, 0xa73, 0x4, 0x5}, {0x9, 0x7, 0x8, 0x4}, {0x3, 0x12, 0x9, 0x1}, {0x1, 0x8, 0x4d7a, 0x9}, {0x2, 0x9, 0x3, 0x4}, {0x6, 0x9, 0x8, 0x9}, {0x7, 0x2, 0xab, 0x9}, {0xeac, 0x0, 0x9, 0x2}, {0x5, 0x800, 0x7f, 0xfffffffc}, {0x1, 0xc1, 0xfffff025, 0x4}, {0xffffffff, 0xff, 0x5, 0x4}, {0x3, 0x1, 0x6}, {0xf2, 0x7, 0xd7, 0x80000001}, {0x7, 0x0, 0x400, 0x8}, {0x3, 0x742d3b0, 0x5, 0x5}, {0x75, 0x3c, 0xb80c000, 0xa4a}, {0x7, 0x9, 0x2, 0xfffffffa}, {0x2, 0x0, 0x2, 0x8}, {0xc0000, 0x10, 0xff, 0xfffffff2}, {0xc, 0x2a, 0xf, 0x6}, {0x3, 0x5, 0xa08, 0x1ff}, {0x8, 0xfffffffb, 0x7d, 0x6}, {0x1, 0xff, 0x2, 0x1000}, {0x8, 0x8, 0xf, 0x4}, {0x320, 0x2, 0xd2, 0xffffffff}, {0x2, 0xbddc, 0x986a, 0x7}, {0xb, 0x9, 0x2, 0x80000001}, {0x7f, 0xf24, 0x3, 0x5}, {0x86, 0x2, 0x0, 0x4}, {0xff, 0x3ff, 0x2, 0x3786}, {0x7fffffff, 0x3, 0x2, 0x3}, {0x6, 0x3, 0x4, 0x4}, {0x7, 0x1, 0xffffa2f5, 0x6}, {0xff1, 0x9, 0x8000, 0x8}, {0x2, 0x7, 0x0, 0x9f04}, {0x7, 0x0, 0xc55, 0x1}, {0xf9e834f, 0xc2b5, 0x401, 0x3}, {0xc6, 0xcf, 0x4, 0x7ff}, {0x1, 0x200, 0x5, 0x871a}, {0xc8c8a10, 0x7, 0x656}, {0x2, 0x1, 0x87a6, 0x7}, {0x3, 0x10000, 0xb853, 0x80000001}, {0x9, 0x4, 0x0, 0x1}, {0xc0000000, 0x3, 0x7, 0x6}, {0x3, 0x10000, 0x1, 0x2}, {0x4, 0x8, 0x40000, 0x9}, {0x3, 0xff, 0x80, 0x3}, {0x1, 0x4, 0x9, 0x4}, {0x7, 0xffff, 0x81, 0x8}, {0xd7f, 0x8, 0x7d32, 0x7}, {0x5, 0x180000, 0x3, 0x3}, {0x9, 0x40, 0x1, 0x8}, {0x0, 0xd366, 0x1000, 0x5}, {0x9, 0x7, 0x6, 0x4}, {0x9000000, 0x6, 0x9, 0x5}, {0x7f21, 0x46, 0x0, 0xffffffff}, {0xfffffffb, 0xfffeffff, 0xd68, 0x5}, {0x8, 0x2, 0x2, 0x8}, {0xe9, 0x7fff, 0x8, 0x9}, {0x4, 0x0, 0xb51, 0x400}, {0x3, 0xffffffff, 0x9, 0xe330}, {0x9, 0x9, 0xffff, 0xfffffff7}, {0x4, 0x3, 0x7}, {0x5, 0x6, 0x9, 0xffff34b9}, {0x2, 0x6, 0x800, 0x7}, {0x40, 0x200, 0x5, 0x4}, {0xffff, 0x0, 0xfffffff7, 0x3}, {0xff, 0x81, 0xbf0, 0x9}, {0x4, 0xfffffffe, 0x2cbc, 0x2}, {0x5, 0x9, 0x8}, {0x4, 0xde68, 0x2, 0x8000}]}}, @TCA_U32_SEL={0x164, 0x5, {0xf, 0x5, 0x1, 0x3, 0x2e8d, 0x8, 0x8403, 0x5, [{0x0, 0x2721, 0x707a, 0x910}, {0x3, 0x3, 0x10001, 0x7}, {0xd5, 0x2, 0x0, 0x5}, {0xc, 0x9, 0x18, 0x40}, {0x8, 0x4, 0x7, 0x6}, {0x0, 0x1, 0x7f, 0x88c1}, {0x2, 0xbc2, 0xad, 0x6}, {0x1000000, 0xfffffffd, 0xd, 0x5}, {0x4, 0x7ff}, {0xd5, 0x7fff, 0x9a58, 0xf38a}, {0x173b, 0xfffffff9, 0xfffffffc, 0x3}, {0x400, 0x1, 0x4, 0xfffffb89}, {0x1, 0x7c, 0x6, 0x3ff}, {0x80000000, 0x4, 0x0, 0x60}, {0xff, 0x17d, 0x8, 0x1}, {0x401, 0x1, 0x8, 0x1}, {0x7fff, 0x101, 0x0, 0xffffffff}, {0x4, 0xfffffffa, 0x7, 0x6}, {0x5d4, 0x1, 0xd6, 0x4}, {0x1, 0xbf7, 0x9, 0x2}, {0x3, 0x10001, 0x2, 0xbe}]}}, @TCA_U32_SEL={0x6b4, 0x5, {0x3, 0x6, 0x9, 0xb788, 0x40, 0x4, 0xffff, 0x6, [{0x7fff, 0x1, 0x3, 0x4}, {0x8, 0x8, 0xd4c5, 0x3}, {0xa4e, 0x3, 0x2, 0x3}, {0x1000, 0x2869, 0x7, 0x3}, {0xffff, 0x8000, 0x1, 0x6}, {0x4, 0x400, 0xfffffbff, 0x1}, {0x6, 0x8, 0x2, 0x97}, {0xfffffffc, 0x1, 0x2, 0xffff}, {0x2, 0x0, 0x80000000, 0x3a80}, {0x359, 0xffffffff, 0x7, 0x3}, {0x3, 0x1e80, 0x7ff, 0x3}, {0x3, 0x9, 0x4, 0xd555}, {0x100, 0x8, 0x7fff, 0x3ff}, {0x80000000, 0x64d, 0xf3a2, 0x7}, {0x1, 0x6, 0x1, 0xbc39}, {0x401, 0x7, 0x8000, 0x100}, {0x3, 0xeed6, 0x2, 0x2}, {0x3, 0x9, 0x556, 0x8}, {0x1, 0x800, 0x40, 0x9}, {0x5, 0xfffffffd, 0x2e, 0x9}, {0x4, 0x5, 0xc2, 0x62c}, {0x684e, 0xe0, 0x6}, {0x3, 0x1, 0xe67f, 0x8}, {0x5, 0x18, 0x7ff, 0xffff7f91}, {0x8, 0x101, 0x80, 0x1}, {0x0, 0xd, 0xe000000, 0x5}, {0x1ff, 0xc, 0xfd75, 0x7fffffff}, {0x2, 0x7fffffff, 0x0, 0x9}, {0x13, 0x7, 0x4a4e, 0x10}, {0x15, 0x1, 0xc, 0x5}, {0x80000001, 0x10001, 0x3, 0x4}, {0x7ff, 0xb9c9, 0x8000, 0x9}, {0x1ff, 0x589c, 0x80, 0x100}, {0xffffffff, 0x5, 0x9183875d, 0x401}, {0xfffffffa, 0x10, 0x0, 0x400}, {0xffffffff, 0x4, 0x800}, {0x5, 0x4, 0x0, 0x5}, {0x8001, 0x75a, 0xf5a7, 0xd7}, {0xe92, 0x4, 0x8, 0x5}, {0x0, 0xfff, 0xcb, 0x1}, {0xffffffff, 0x8, 0x4}, {0x2, 0x2, 0x6, 0x2}, {0x40, 0x5, 0x2, 0x4}, {0x7ff, 0xc, 0x40000, 0xab08}, {0x7, 0x7, 0x6, 0x7}, {0x4, 0xfffffffc, 0xc45, 0x1}, {0x7, 0x80, 0x401, 0x2}, {0xd8, 0x5, 0x2, 0x1}, {0x6, 0xffffffff, 0x5, 0x1}, {0x4, 0xd9d, 0xf5a, 0xfffff85a}, {0xfffff761, 0x23, 0x2, 0xc21}, {0x3, 0x3, 0xe88, 0x200}, {0x0, 0x8, 0x6d}, {0xfff, 0x0, 0xff, 0x40000000}, {0x6, 0x8, 0xdd10eb3e, 0x80000000}, {0x6, 0x1, 0x80, 0x8}, {0x9, 0x0, 0x1, 0x2}, {0x4, 0xb, 0x1, 0x6}, {0x2, 0xd, 0x1, 0x1}, {0x6, 0x6, 0x2, 0x6}, {0x8, 0x5, 0x7ff, 0x8}, {0x7, 0x5, 0x3, 0x5}, {0x3ff, 0x6, 0x4, 0xda4}, {0x7, 0x2, 0xfffffffb, 0xffffffff}, {0x7a, 0x0, 0xba6, 0xa98}, {0x602, 0xc77c, 0x1, 0x8}, {0x8000, 0xa, 0x7fffffff, 0x81}, {0x200, 0x1, 0x10001, 0x2}, {0xc, 0xaacb, 0x5, 0x5}, {0x9, 0x5, 0x7, 0x3}, {0x3, 0xfff, 0x30}, {0x7, 0x8001, 0x4, 0x200}, {0x7ff, 0x8000, 0x3, 0x3}, {0x2, 0x8, 0x7ff, 0x1da}, {0x0, 0x3, 0x7, 0xa}, {0x8, 0x2, 0xffffffff, 0x5}, {0x7fff, 0x3, 0x4}, {0x8, 0x2, 0x1, 0x1}, {0x5, 0xffffffff, 0x4, 0x7}, {0xf, 0x40, 0x1, 0x5}, {0x3, 0x3, 0xe7, 0x8000}, {0xffffff01, 0x7, 0xfd19, 0x4}, {0x8001, 0x10000}, {0xff, 0x2, 0xffff, 0x7}, {0x9, 0x200, 0x1c, 0x7fffffff}, {0x101, 0x66, 0x1ff, 0x800}, {0xc54, 0x6, 0xe, 0x57}, {0x9, 0x1ff, 0xbc5d, 0x1}, {0x80, 0x400, 0xa, 0x200}, {0x5, 0x2bb, 0x6, 0x5}, {0x0, 0x404d530f, 0x7, 0x1}, {0x10000, 0x2, 0x101, 0x3}, {0x4, 0x1, 0xfffffff4, 0xffff4598}, {0x7fffffff, 0x1, 0x5, 0x1}, {0x29, 0x5, 0x7, 0x52fd}, {0x6, 0x81, 0xffffffff, 0x2}, {0xe, 0x9, 0x9, 0x400000}, {0x2, 0xa, 0x8, 0x7}, {0x3, 0x9, 0x4, 0x8}, {0x9, 0x9, 0xfffffffc, 0xffffff3a}, {0x9a, 0x3, 0x1, 0x80000000}, {0x3, 0x800000, 0xfffffffc, 0x9}, {0x7, 0xb1, 0x9, 0x80000000}, {0x1, 0x2, 0xc62, 0x1}, {0x6, 0x8, 0xf, 0x80000001}, {0x1ff, 0x784, 0x4, 0x1}]}}, @TCA_U32_POLICE={0x8c0, 0x6, [@TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x9}, @TCA_POLICE_AVRATE={0x8, 0x4, 0x1}, @TCA_POLICE_RESULT={0x8, 0x5, 0xe1}, @TCA_POLICE_TBF={0x3c, 0x1, {0x9, 0x2, 0x6, 0xb, 0xe, {0x2, 0x2, 0xac, 0x7ff, 0x6, 0x9}, {0xe, 0x0, 0x80, 0x3, 0x1, 0xf}, 0x4, 0xfffffffc, 0x3ff}}, @TCA_POLICE_RATE={0x404, 0x2, [0x8, 0x3, 0x3, 0xfffffffc, 0xc, 0x200, 0x4, 0x4, 0xa, 0x2, 0x7, 0x7, 0x3, 0x10, 0x5, 0x41fa, 0x3, 0x4, 0x7, 0x3, 0x4, 0x8, 0x0, 0xfffffa6e, 0xfffffbff, 0x6, 0x1, 0x4, 0x9, 0x9, 0x800000, 0x3, 0x7, 0x1000, 0xa1af, 0xd71, 0x5, 0x8, 0x101, 0x200, 0x8, 0x5, 0x101, 0x80000001, 0x8, 0x5, 0x1, 0x5, 0x80000000, 0xffff7fff, 0x8, 0x4, 0x5, 0x32, 0x3, 0x10, 0x10, 0x9, 0x10, 0x9, 0x35, 0x3, 0x0, 0x0, 0xd39, 0x8, 0x7, 0x6, 0x0, 0x5, 0x0, 0x5d363b24, 0x6, 0x4, 0x0, 0x800, 0x0, 0xc5, 0x8, 0x8, 0x9, 0x7, 0xd, 0x101, 0x80000001, 0x800, 0x10000, 0xf129, 0xfffffff7, 0x8, 0x1, 0x60a531e2, 0xffffffff, 0xfffffffe, 0x8000, 0x800, 0x7, 0x8cd, 0x4, 0x886, 0x53d27339, 0x400, 0xf, 0x484, 0x2, 0x0, 0x3, 0x8, 0x8, 0x8000, 0x10, 0xe, 0x7f, 0x6, 0x1, 0xc2, 0x0, 0x800000, 0x2, 0x3, 0x3, 0x1, 0x5, 0xc, 0x80000000, 0x100, 0x8, 0x80000000, 0xfffffffc, 0xa7, 0x8, 0x4, 0x3, 0x5, 0xb, 0x9, 0x9bba, 0x9, 0x5, 0x0, 0x8, 0x8, 0x1, 0x5, 0x2, 0x0, 0x5, 0x40, 0x2, 0x68c2, 0x2, 0x6, 0x1, 0x3, 0x628da95, 0x0, 0x88, 0x1, 0x7, 0x4c5, 0xffffe91a, 0x2, 0x4, 0x6, 0xa, 0xe6, 0xfffffffd, 0x7, 0x99, 0x5, 0x6, 0x7, 0x5, 0x40, 0x9, 0x54, 0x6, 0x0, 0x0, 0x4, 0x0, 0x9, 0x9, 0xf449, 0x3, 0x7, 0x5, 0x401, 0x6, 0x0, 0xb, 0x9, 0x5, 0x8, 0xfffff7fc, 0x8, 0x2, 0x8, 0x101, 0xffff, 0x1000, 0x7fffffff, 0x2fa, 0x0, 0x1, 0x9, 0x8, 0x6, 0x6, 0x7, 0x0, 0xa423, 0x5, 0x5, 0x2, 0x40, 0x6, 0x200, 0xf13c, 0x8, 0x2, 0x3, 0x16d, 0x7, 0x10, 0x3, 0x9, 0x81, 0x8b, 0xbcf, 0x4f3e, 0x401, 0x5, 0x3, 0x3, 0x9, 0x4, 0x99, 0x6441, 0x10, 0x7f, 0x1c000, 0x3, 0xf, 0x4386, 0x55, 0xc0, 0x3, 0x9, 0x1, 0x4, 0x7fff, 0x4, 0x7, 0x2, 0x7]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x5, 0x10000000, 0xfff, 0xfffffffa, 0x3, {0x6, 0x0, 0x1ff, 0x7, 0xdc, 0x7fff}, {0xfa, 0x0, 0x8, 0x5, 0xf8ce, 0xf}, 0x1fffc00, 0x8, 0x19}}, @TCA_POLICE_RESULT={0x8, 0x5, 0x1}, @TCA_POLICE_RATE64={0xc, 0x8, 0x8}, @TCA_POLICE_RATE={0x404, 0x2, [0x2, 0x1, 0x4, 0x6, 0xa7, 0x8, 0xc, 0x3, 0xe, 0xc9fd, 0x3, 0x8, 0x5, 0x8, 0x8, 0x7, 0x5, 0x5, 0x9, 0x3, 0xfffffe01, 0x2, 0x0, 0x62, 0x401, 0x401, 0x8, 0x5, 0x1, 0x3ff, 0x5, 0x7, 0xd, 0xfffffff9, 0xfffffffd, 0x80000000, 0x7, 0x6, 0x8, 0x0, 0x8, 0x1e98, 0x7f, 0x4, 0x101, 0x5, 0xda, 0x9, 0x9, 0x10, 0xc74, 0x8, 0x9c65, 0x40, 0x3, 0x10, 0x2, 0x7, 0x6a9, 0x1, 0x7, 0xd9, 0x3, 0x9ca, 0x81, 0x4, 0xd3, 0xffffffff, 0x8, 0x1, 0xdc8f, 0x5, 0x5, 0x44, 0x2, 0x7fff, 0xe, 0x0, 0xd, 0x5, 0x5, 0x0, 0xa, 0x0, 0x200, 0xfffffffb, 0x6, 0xffffffc0, 0x3, 0x9, 0x0, 0x4, 0x3, 0x0, 0x6, 0x4, 0x7fffffff, 0x6, 0x98c, 0x81, 0x9, 0x63, 0x1, 0x6, 0x0, 0xc, 0x2, 0x0, 0x5, 0x23f, 0x5, 0x5, 0x4, 0x0, 0x99e, 0x8, 0x2000000, 0x6, 0x3, 0x5, 0x1, 0x10001, 0x4, 0x80000000, 0x8, 0x2, 0x2, 0x8, 0x0, 0xa4, 0x3, 0x3, 0x8, 0x6, 0x5, 0x1, 0x0, 0x7bdf, 0x66a, 0x3, 0x492, 0xda, 0xffa, 0x3, 0x7, 0x0, 0x5, 0x1, 0x4695, 0xffff, 0xfffffffe, 0x0, 0x2, 0x80, 0x5, 0xfffff450, 0x8894, 0x5, 0xd5c, 0x3, 0x2, 0x7dbccc2a, 0x1, 0x7ff, 0x6, 0x8, 0x7, 0xe, 0x6, 0x6120, 0x40000000, 0x5, 0xebae, 0x7ff, 0x3, 0x8, 0x60000000, 0xffffffff, 0x6, 0x80000001, 0x1, 0x7f, 0x101, 0x80000001, 0x9, 0x7f, 0x3, 0xfffffffa, 0x2, 0x9, 0x420fc7dc, 0x5, 0x8000, 0x0, 0xfff, 0x3, 0x762, 0x4, 0x0, 0x7fff, 0x4, 0x7ff, 0xfffffffe, 0x8000, 0x3, 0xbb, 0xfff, 0x8, 0x26db, 0xffffffff, 0x1, 0x2, 0x7fff, 0xc721, 0x100, 0x1364fb13, 0x2, 0x5, 0xffff, 0x2990, 0x2, 0x8, 0x80, 0x400, 0x7ff, 0x5, 0x7, 0x4d1c, 0x8001, 0xfffffeff, 0x6, 0x8000, 0x4, 0xd, 0xbd0b, 0x2, 0x6, 0x4, 0xfffffffc, 0xa1cb, 0x3ff, 0x1, 0x7, 0x7, 0x8, 0x1, 0xffff0c9d, 0x40000000, 0x9, 0x10000, 0x8, 0x6, 0x9, 0x6, 0xffffffff, 0xa278]}, @TCA_POLICE_RATE64={0xc, 0x8, 0x90}]}]}}, @TCA_RATE={0x6, 0x5, {0x5, 0x4}}]}, 0x1ef4}, 0x1, 0x0, 0x0, 0x10}, 0x0) 1.115582226s ago: executing program 0 (id=2593): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x305200, 0x0) close(r4) r5 = socket$unix(0x1, 0x1, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xb}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0xa, 0x7f61, 0xfffffffd, 0xc5, 0xe23, 0x1, 0x1, 0x7fff, 0x1}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20008001}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x80000, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffe6, 0xb}, {0xffe0, 0xc}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x7ff, 0x8}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="f1ff00004ec6"}) 1.08242303s ago: executing program 3 (id=2594): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) (async) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) r0 = openat$yama_ptrace_scope(0xffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$F2FS_IOC_RESIZE_FS(r0, 0x4008f510, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) (async) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB], 0x2a, 0x0) r4 = add_key(&(0x7f0000000140)='encrypted\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe) (async) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000001540)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x81}, 0x10) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000840)={0x0, 0x8}, 0x8) (async) keyctl$read(0xb, r4, &(0x7f0000000240)=""/112, 0x349b7f55) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$netlink(r6, 0x10e, 0x5, &(0x7f0000000040)=""/162, &(0x7f0000000100)=0xa2) (async) r7 = gettid() bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x6, [@var={0x4, 0x0, 0x0, 0xe, 0x3}, @func={0x1, 0x0, 0x0, 0x12}, @ptr={0x0, 0x0, 0x0, 0x2, 0x2}]}, {0x0, [0x2e, 0x0, 0x0, 0x61]}}, 0x0, 0x46}, 0x28) (async) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc)) (async) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0) (async) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) 1.017497394s ago: executing program 4 (id=2595): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="516bcbd892d0718592b5eec6247bfc2b8bd23670016c3b038b4e1800"/38], &(0x7f0000000000)='syzkaller\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newlink={0x44, 0x10, 0x403, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x3, 0x0, 0x0, 0x48110}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_OKEY={0x8, 0x5, 0x200}, @IFLA_GRE_LOCAL={0x8, 0x6, @broadcast}]}}}]}, 0x44}}, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000000c0)=0xf) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$TCFLSH(r4, 0x400455c8, 0x2) ioctl$TIOCSETD(r4, 0x5412, &(0x7f00000002c0)=0x5) ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000280)=0xc0) ioctl$SG_GET_PACK_ID(r4, 0x227c, &(0x7f0000000140)) r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1) sendmsg$NFC_CMD_FW_DOWNLOAD(r1, &(0x7f0000002ec0)={0x0, 0x0, &(0x7f0000002e80)={&(0x7f0000002e00)={0x28, r5, 0xba960a2220112c19, 0x70bd2c, 0x25dfdbff, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_FIRMWARE_NAME={0x9, 0x14, '#).-!'}]}, 0x28}, 0x1, 0x0, 0x0, 0x100040c0}, 0x80) 156.425107ms ago: executing program 5 (id=2596): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mkdir(&(0x7f0000000140)='./file1\x00', 0x89) mount(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='tmpfs\x00', 0x8, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000280)='./file1\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) recvmmsg(r0, &(0x7f0000002c00)=[{{0x0, 0x0, 0x0}, 0x8794}, {{0x0, 0x0, 0x0}, 0x6}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000000)=""/205, 0xcd}, {&(0x7f0000000340)=""/257, 0x101}, {&(0x7f0000000b40)=""/4109, 0x100d}, {&(0x7f0000000a40)=""/243, 0xf3}, {&(0x7f0000000700)=""/170, 0xaa}], 0x5}, 0x80000000}], 0x4, 0x0, 0x0) 0s ago: executing program 3 (id=2597): r0 = socket$l2tp6(0xa, 0x2, 0x73) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x40, &(0x7f0000000100)=0x10, 0x4) write$proc_mixer(0xffffffffffffffff, 0x0, 0xe4) io_setup(0x4, &(0x7f0000000000)) socket(0x10, 0x3, 0x0) r1 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3) setsockopt$sock_timeval(r1, 0x1, 0x42, 0x0, 0x0) socket$can_raw(0x1d, 0x3, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'bond0\x00'}) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) lsm_get_self_attr(0x64, 0xffffffffffffffff, &(0x7f0000000040)=0xfffffffffffffdb1, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) add_key$fscrypt_v1(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000001c40)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @sched_cls}, 0x94) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000240)=0x100000001, 0x59) connect$inet6(r3, &(0x7f0000000200)={0xa, 0xffff, 0x0, @loopback}, 0x1c) sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x4, 0x6, 0x101, 0x0, 0x0, {0x7, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x28000010) socketpair$unix(0x1, 0x1, 0x0, 0x0) r4 = syz_open_dev$vim2m(&(0x7f0000000a40), 0x9, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r4, 0xc0405602, &(0x7f0000000a80)={0x4000, 0xd, 0x0, "134600cea4dd512d97d4188cbf770637bc747721f37af54dd1dc03030096c337"}) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000040), 0x4) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=@ipv6_getaddrlabel={0x30, 0x4a, 0x1, 0x70bd2a, 0x25dfdbfd, {0xa, 0x0, 0x80, 0x0, 0x0, 0x222ac00}, [@IFAL_ADDRESS={0x14, 0x1, @mcast1}]}, 0x30}}, 0x800) setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_256={{0x304}, "0002002000", "07f217bd74511e465bbbd5de01000000f9044677d4d588363d63af84db44be59", "00f8ff00", "8ce63ecbc640735f"}, 0x38) kernel console output (not intermixed with test programs): onfig: (err=-110) [ 1011.766146][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1011.782820][T13914] netlink: 'syz.0.2202': attribute type 10 has an invalid length. [ 1011.806443][ T5922] gs_usb 3-1:0.0: probe with driver gs_usb failed with error -110 [ 1011.894565][T13914] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2202'. [ 1011.910178][T13914] bond0: entered promiscuous mode [ 1011.917979][T13914] bond_slave_0: entered promiscuous mode [ 1011.926465][T13914] bond_slave_1: entered promiscuous mode [ 1011.934795][T13914] bridge_slave_1: entered promiscuous mode [ 1011.949794][T13914] bond0: entered allmulticast mode [ 1011.967709][T13914] bond_slave_0: entered allmulticast mode [ 1011.982734][T13914] bond_slave_1: entered allmulticast mode [ 1011.998373][T13914] bridge_slave_1: entered allmulticast mode [ 1013.004481][T13914] team0: Port device bond0 removed [ 1013.030561][T13914] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 1013.154567][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1013.166476][ T5922] usb 3-1: USB disconnect, device number 56 [ 1013.456378][T13924] (syz.0.2204,13924,0):dlmfs_mkdir:421 ERROR: invalid domain name for directory. [ 1013.475455][T13922] openvswitch: netlink: VXLAN extension message has 45 unknown bytes. [ 1013.755004][ T5947] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1013.873387][ T5922] usb 3-1: new high-speed USB device number 57 using dummy_hcd [ 1014.254374][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1014.293199][ T5922] usb 3-1: Using ep0 maxpacket: 16 [ 1014.503192][ T9769] usb 1-1: new high-speed USB device number 48 using dummy_hcd [ 1014.766500][ T5922] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1014.783652][ T5922] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1014.801161][ T5922] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1014.822406][ T5922] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1014.844893][T13919] [U] ^C [ 1014.864006][ T5947] usb 5-1: new high-speed USB device number 50 using dummy_hcd [ 1014.960119][ T5922] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1014.994235][ T5922] usb 3-1: config 0 descriptor?? [ 1015.009114][ T5947] usb 5-1: device descriptor read/64, error -71 [ 1015.053162][ T9769] usb 1-1: Using ep0 maxpacket: 8 [ 1015.062705][ T9769] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1015.076439][ T9769] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1015.090488][ T9769] usb 1-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0x76, changing to 0x6 [ 1015.106831][ T9769] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x6 has an invalid bInterval 100, changing to 10 [ 1015.127493][ T9769] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 24936, setting to 1024 [ 1015.152347][ T9769] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1015.163161][ T9769] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1015.200754][T13936] QAT: Invalid ioctl 1073935638 [ 1015.207697][ T9769] hub 1-1:1.0: bad descriptor, ignoring hub [ 1015.207731][ T9769] hub 1-1:1.0: probe with driver hub failed with error -5 [ 1015.230887][ T9769] cdc_wdm 1-1:1.0: skipping garbage [ 1015.262260][ T9769] cdc_wdm 1-1:1.0: skipping garbage [ 1015.274749][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1015.289958][ T9769] cdc_wdm 1-1:1.0: probe with driver cdc_wdm failed with error -22 [ 1015.294983][ T5947] usb 5-1: new high-speed USB device number 51 using dummy_hcd [ 1015.476567][ T5947] usb 5-1: device descriptor read/64, error -71 [ 1015.537362][T13939] overlay: ./file0 is not a directory [ 1015.625533][ T5947] usb usb5-port1: attempt power cycle [ 1016.313744][ T9769] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1016.318497][ T5947] usb 5-1: new high-speed USB device number 52 using dummy_hcd [ 1016.352146][ T5922] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0 [ 1016.377071][ T5947] usb 5-1: device descriptor read/8, error -71 [ 1016.450949][ T36] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1016.461484][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1016.493100][ T9769] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1016.517983][ T5922] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0 [ 1016.592290][ T5922] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0 [ 1016.623970][ T5947] usb 5-1: new high-speed USB device number 53 using dummy_hcd [ 1016.785991][ T9] usb 1-1: USB disconnect, device number 48 [ 1016.795766][ T5947] usb 5-1: device descriptor read/8, error -71 [ 1016.821135][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1016.902127][ T5922] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0 [ 1016.918603][T11615] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1016.929866][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1016.955703][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1016.978526][ T5968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1017.004332][ T5947] usb usb5-port1: unable to enumerate USB device [ 1017.049101][T13940] could not allocate digest TFM handle crct10dif-arm64-ce [ 1017.121808][ T5922] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0 [ 1017.186621][ T5922] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0 [ 1017.236497][ T5922] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0 [ 1017.252920][ T5922] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0 [ 1017.265271][ T5922] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0 [ 1017.277218][ T5922] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0 [ 1017.290182][ T5922] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0 [ 1017.316079][ T5922] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0 [ 1017.329622][ T5922] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0 [ 1017.467874][T13962] vivid-004: disconnect [ 1017.479285][T13958] vivid-004: reconnect [ 1018.374964][T13963] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2213'. [ 1018.593467][ T24] usb 2-1: new high-speed USB device number 57 using dummy_hcd [ 1019.022037][ T5922] microsoft 0003:045E:07DA.000B: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 1019.106544][ T5922] microsoft 0003:045E:07DA.000B: no inputs found [ 1019.166472][ T5922] microsoft 0003:045E:07DA.000B: could not initialize ff, continuing anyway [ 1019.178209][ T24] usb 2-1: Using ep0 maxpacket: 8 [ 1019.228054][ T24] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1019.366703][T13976] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2214'. [ 1019.778905][ T5922] usb 3-1: USB disconnect, device number 57 [ 1019.798493][ T24] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1019.833144][ T24] usb 2-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0x76, changing to 0x6 [ 1019.932656][ T24] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x6 has an invalid bInterval 100, changing to 10 [ 1019.942090][T13972] fido_id[13972]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 1020.016870][ T24] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 24936, setting to 1024 [ 1020.158321][ T24] usb 2-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1020.174018][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1020.242753][ T24] hub 2-1:1.0: bad descriptor, ignoring hub [ 1020.868488][ T24] hub 2-1:1.0: probe with driver hub failed with error -5 [ 1020.881072][ T24] cdc_wdm 2-1:1.0: skipping garbage [ 1020.887856][ T24] cdc_wdm 2-1:1.0: skipping garbage [ 1020.900079][ T24] cdc_wdm 2-1:1.0: probe with driver cdc_wdm failed with error -22 [ 1021.113767][ T5922] net_ratelimit: 7 callbacks suppressed [ 1021.113791][ T5922] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1021.895670][ T24] usb 2-1: USB disconnect, device number 57 [ 1022.118317][T11615] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1022.138514][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1022.157493][ T5922] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1022.740236][ T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1022.771448][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1022.806261][ T5947] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1023.205155][ T5922] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1024.314551][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1024.631623][T14007] FAULT_INJECTION: forcing a failure. [ 1024.631623][T14007] name failslab, interval 1, probability 0, space 0, times 0 [ 1024.652540][T14007] CPU: 0 UID: 0 PID: 14007 Comm: syz.1.2222 Not tainted 6.16.0-rc7-syzkaller-00105-g2942242dde89 #0 PREEMPT(full) [ 1024.652571][T14007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1024.652585][T14007] Call Trace: [ 1024.652598][T14007] [ 1024.652610][T14007] dump_stack_lvl+0x189/0x250 [ 1024.652642][T14007] ? __pfx____ratelimit+0x10/0x10 [ 1024.652660][T14007] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1024.652678][T14007] ? __pfx__printk+0x10/0x10 [ 1024.652703][T14007] ? __pfx___might_resched+0x10/0x10 [ 1024.652721][T14007] ? fs_reclaim_acquire+0x7d/0x100 [ 1024.652744][T14007] should_fail_ex+0x414/0x560 [ 1024.652766][T14007] should_failslab+0xa8/0x100 [ 1024.652785][T14007] __kmalloc_noprof+0xcb/0x4f0 [ 1024.652800][T14007] ? kfree+0x4d/0x440 [ 1024.652824][T14007] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1024.652850][T14007] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1024.652873][T14007] ? tomoyo_domain+0xda/0x130 [ 1024.652899][T14007] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1024.652916][T14007] tomoyo_path_number_perm+0x1e8/0x5a0 [ 1024.652936][T14007] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1024.652959][T14007] ? rcu_is_watching+0x15/0xb0 [ 1024.652983][T14007] ? __lock_acquire+0xab9/0xd20 [ 1024.653025][T14007] ? __fget_files+0x2a/0x420 [ 1024.653061][T14007] ? __fget_files+0x2a/0x420 [ 1024.653084][T14007] ? __fget_files+0x3a0/0x420 [ 1024.653107][T14007] ? __fget_files+0x2a/0x420 [ 1024.653137][T14007] security_file_ioctl+0xcb/0x2d0 [ 1024.653165][T14007] __se_sys_ioctl+0x47/0x170 [ 1024.653200][T14007] do_syscall_64+0xfa/0x3b0 [ 1024.653228][T14007] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1024.653248][T14007] ? asm_sysvec_call_function_single+0x1a/0x20 [ 1024.653270][T14007] ? clear_bhb_loop+0x60/0xb0 [ 1024.653297][T14007] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1024.653319][T14007] RIP: 0033:0x7fe59ed8e9a9 [ 1024.653339][T14007] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1024.653358][T14007] RSP: 002b:00007fe59fba2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1024.653382][T14007] RAX: ffffffffffffffda RBX: 00007fe59efb6080 RCX: 00007fe59ed8e9a9 [ 1024.653398][T14007] RDX: 0000200000000100 RSI: 00000000c06864a1 RDI: 0000000000000009 [ 1024.653413][T14007] RBP: 00007fe59fba2090 R08: 0000000000000000 R09: 0000000000000000 [ 1024.653427][T14007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1024.653441][T14007] R13: 0000000000000000 R14: 00007fe59efb6080 R15: 00007ffc79fe7e68 [ 1024.653474][T14007] [ 1025.011895][T14007] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1025.649686][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1025.671479][T14004] xt_CT: No such helper "syz0" [ 1026.176694][T14020] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2225'. [ 1026.812747][T14019] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2224'. [ 1027.265164][ T9] net_ratelimit: 1 callbacks suppressed [ 1027.265190][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1027.286004][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1027.309432][T14004] [U] ^C [ 1027.524882][ T5947] usb 2-1: new high-speed USB device number 58 using dummy_hcd [ 1027.738785][ T5947] usb 2-1: Using ep0 maxpacket: 16 [ 1027.960169][T14029] netlink: 136 bytes leftover after parsing attributes in process `syz.0.2227'. [ 1027.975173][ T1092] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1027.988626][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1028.008657][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1028.166712][ T5947] usb 2-1: config 0 interface 0 altsetting 3 endpoint 0x81 has an invalid bInterval 32, changing to 9 [ 1028.220083][ T5947] usb 2-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1028.278727][ T5947] usb 2-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1028.455416][ T5947] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1028.490304][ T3558] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1028.505523][ T5922] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1028.542446][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1028.598999][ T5947] usb 2-1: New USB device found, idVendor=0b05, idProduct=17e0, bcdDevice= 0.00 [ 1028.721615][ T5947] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1028.966611][ T5947] usb 2-1: config 0 descriptor?? [ 1029.033295][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1029.077228][ T5947] usb 2-1: can't set config #0, error -71 [ 1029.189813][ T5947] usb 2-1: USB disconnect, device number 58 [ 1029.367222][T14045] vivid-003: disconnect [ 1030.075138][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1030.314313][T14095] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2238'. [ 1030.645979][T14043] vivid-003: reconnect [ 1031.175552][T14095] vlan3: entered promiscuous mode [ 1031.185052][T14095] bridge0: entered promiscuous mode [ 1031.522140][T14095] vlan3: entered allmulticast mode [ 1031.591627][ T5947] IPVS: starting estimator thread 0... [ 1031.597240][T14095] bridge0: entered allmulticast mode [ 1031.766048][T14106] IPVS: using max 26 ests per chain, 62400 per kthread [ 1031.784146][ T5908] usb 1-1: new full-speed USB device number 49 using dummy_hcd [ 1031.963599][ T5908] usb 1-1: device descriptor read/64, error -71 [ 1032.233220][ T5908] usb 1-1: new full-speed USB device number 50 using dummy_hcd [ 1032.403378][ T5908] usb 1-1: device descriptor read/64, error -71 [ 1032.421566][T14116] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2242'. [ 1032.588953][ T5908] usb usb1-port1: attempt power cycle [ 1032.824514][ T9] usb 4-1: new high-speed USB device number 79 using dummy_hcd [ 1032.928193][T14119] xt_CT: No such helper "syz0" [ 1033.005111][ T9] usb 4-1: Using ep0 maxpacket: 16 [ 1033.226751][ T24] net_ratelimit: 3 callbacks suppressed [ 1033.226768][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1033.257651][ T9] usb 4-1: config 0 interface 0 altsetting 3 endpoint 0x81 has an invalid bInterval 32, changing to 9 [ 1033.313151][ T5908] usb 1-1: new full-speed USB device number 51 using dummy_hcd [ 1033.317892][ T9] usb 4-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1033.345317][ T9] usb 4-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1033.355603][ T5908] usb 1-1: device descriptor read/8, error -71 [ 1033.362648][ C0] vkms_vblank_simulate: vblank timer overrun [ 1033.398721][ T9] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1033.431211][ T9] usb 4-1: New USB device found, idVendor=0b05, idProduct=17e0, bcdDevice= 0.00 [ 1033.489731][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1033.547175][ T9] usb 4-1: config 0 descriptor?? [ 1033.594775][T14061] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1033.606785][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1033.631988][ T5922] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1033.693814][ T5908] usb 1-1: new full-speed USB device number 52 using dummy_hcd [ 1033.743999][ T5908] usb 1-1: device descriptor read/8, error -71 [ 1033.787989][ T9] usbhid 4-1:0.0: can't add hid device: -71 [ 1033.857179][ T9] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 1033.874225][ T5908] usb usb1-port1: unable to enumerate USB device [ 1033.938847][ T9] usb 4-1: USB disconnect, device number 79 [ 1033.963997][T14119] [U] ^C [ 1034.235609][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1034.252581][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1034.271640][ T5947] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1034.635439][ T5922] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1035.214446][ T9] usb 4-1: new high-speed USB device number 80 using dummy_hcd [ 1035.436855][ T9] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1035.474494][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1035.535452][ T9] usb 4-1: config 0 descriptor?? [ 1035.641414][ T9] cp210x 4-1:0.0: cp210x converter detected [ 1035.706984][ T5922] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1036.554553][ T9] usb 4-1: cp210x converter now attached to ttyUSB0 [ 1036.598711][ T9] usb 4-1: USB disconnect, device number 80 [ 1036.622924][ T9] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1036.647084][ T9] cp210x 4-1:0.0: device disconnected [ 1036.735210][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1036.746381][T14149] netlink: 'syz.0.2251': attribute type 7 has an invalid length. [ 1038.059019][T14158] sch_tbf: burst 480 is lower than device lo mtu (65550) ! [ 1038.318939][T14155] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1038.797193][ T5908] net_ratelimit: 3 callbacks suppressed [ 1038.797217][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1039.262083][T14168] batadv0: entered promiscuous mode [ 1039.292560][T14168] vlan3: entered promiscuous mode [ 1039.361055][T14059] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1039.401263][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1039.425320][ T5922] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1039.640405][T14171] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2257'. [ 1040.314261][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1040.421709][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1040.438291][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1040.481316][ T5922] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1040.494771][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1041.513580][ T5922] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1043.511921][T14203] FAULT_INJECTION: forcing a failure. [ 1043.511921][T14203] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1043.566436][T14203] CPU: 1 UID: 0 PID: 14203 Comm: syz.2.2264 Not tainted 6.16.0-rc7-syzkaller-00105-g2942242dde89 #0 PREEMPT(full) [ 1043.566473][T14203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1043.566489][T14203] Call Trace: [ 1043.566499][T14203] [ 1043.566510][T14203] dump_stack_lvl+0x189/0x250 [ 1043.566542][T14203] ? __pfx____ratelimit+0x10/0x10 [ 1043.566569][T14203] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1043.566598][T14203] ? __pfx__printk+0x10/0x10 [ 1043.566641][T14203] should_fail_ex+0x414/0x560 [ 1043.566671][T14203] strncpy_from_user+0x36/0x290 [ 1043.566720][T14203] getname_flags+0xf3/0x540 [ 1043.566752][T14203] user_path_at+0x24/0x60 [ 1043.566786][T14203] __se_sys_mount_setattr+0x1b8/0x2f0 [ 1043.566825][T14203] ? __pfx___se_sys_mount_setattr+0x10/0x10 [ 1043.566852][T14203] ? rcu_is_watching+0x15/0xb0 [ 1043.566884][T14203] ? do_syscall_64+0xbe/0x3b0 [ 1043.566908][T14203] ? __x64_sys_mount_setattr+0x20/0xc0 [ 1043.566940][T14203] do_syscall_64+0xfa/0x3b0 [ 1043.566963][T14203] ? lockdep_hardirqs_on+0x9c/0x150 [ 1043.566988][T14203] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1043.567011][T14203] ? clear_bhb_loop+0x60/0xb0 [ 1043.567039][T14203] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1043.567062][T14203] RIP: 0033:0x7fea8a98e9a9 [ 1043.567082][T14203] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1043.567103][T14203] RSP: 002b:00007fea8b85a038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ba [ 1043.567128][T14203] RAX: ffffffffffffffda RBX: 00007fea8abb5fa0 RCX: 00007fea8a98e9a9 [ 1043.567146][T14203] RDX: 0000000000008000 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1043.567162][T14203] RBP: 00007fea8b85a090 R08: 0000000000000020 R09: 0000000000000000 [ 1043.567177][T14203] R10: 0000200000000140 R11: 0000000000000246 R12: 0000000000000001 [ 1043.567192][T14203] R13: 0000000000000000 R14: 00007fea8abb5fa0 R15: 00007ffd15e373b8 [ 1043.567226][T14203] [ 1043.844464][ T24] net_ratelimit: 2 callbacks suppressed [ 1043.844488][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1043.946291][ T5922] usb 1-1: new high-speed USB device number 53 using dummy_hcd [ 1044.139466][ T5922] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 1044.155471][ T5922] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0 [ 1044.183348][ T5922] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1044.213295][ T5922] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 1044.268440][ T5922] usb 1-1: New USB device found, idVendor=1199, idProduct=b000, bcdDevice=e5.38 [ 1044.293320][ T5922] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1044.345999][ T5922] usb 1-1: Product: syz [ 1044.351581][ T5922] usb 1-1: Manufacturer: syz [ 1044.366167][ T5922] usb 1-1: SerialNumber: syz [ 1044.440319][T14211] serio: Serial port pts0 [ 1044.485596][T14212] netlink: 'syz.2.2268': attribute type 2 has an invalid length. [ 1044.514798][T14212] netlink: 119 bytes leftover after parsing attributes in process `syz.2.2268'. [ 1044.648737][ T5922] usb 1-1: config 0 descriptor?? [ 1044.853789][T14109] syz.1.2241 (14109): drop_caches: 1 [ 1044.873717][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1045.123996][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1045.489213][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1045.502363][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1045.522817][ T5922] usb 1-1: USB disconnect, device number 53 [ 1046.069775][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1046.085913][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1046.101519][ T5947] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1046.402367][ T5947] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1046.668876][ T5922] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1047.255984][T14233] netdevsim netdevsim0: Firmware load for '../file0' refused, path contains '..' component [ 1047.303156][ T5908] usb 5-1: new high-speed USB device number 54 using dummy_hcd [ 1048.252337][T14233] Falling back ldisc for ptm0. [ 1048.993182][ T5908] usb 5-1: device descriptor read/all, error -71 [ 1049.120647][T13067] net_ratelimit: 1 callbacks suppressed [ 1049.120670][T13067] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1049.274083][ T5922] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1049.550371][T14010] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1049.567930][T14010] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1049.568501][T14263] netlink: 'syz.4.2281': attribute type 10 has an invalid length. [ 1049.599352][T14010] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1049.626305][T14010] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1049.651822][T14010] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1050.317211][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1050.481046][T14256] wg1 speed is unknown, defaulting to 1000 [ 1050.481826][ T5908] wg1 speed is unknown, defaulting to 1000 [ 1050.538322][T14275] fuse: Bad value for 'fd' [ 1050.549613][ T5908] syz0: Port: 1 Link DOWN [ 1050.621618][T14275] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2283'. [ 1050.636150][ T6528] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1050.650844][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1050.671579][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1050.686615][T14275] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2283'. [ 1050.711338][T14060] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1050.729617][T14060] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 1051.517286][T14275] gretap1: entered promiscuous mode [ 1051.527847][T14088] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1051.541318][ T5922] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1052.341165][T13067] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1052.349303][T14010] Bluetooth: hci5: command tx timeout [ 1052.378246][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1052.480534][T14060] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1052.524376][ T24] usb 1-1: new high-speed USB device number 54 using dummy_hcd [ 1052.530432][T14060] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 1052.689370][T14060] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1052.706644][ T24] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1052.722573][T14060] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 1052.750506][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1052.787403][ T24] usb 1-1: config 0 descriptor?? [ 1053.007447][ T24] cp210x 1-1:0.0: cp210x converter detected [ 1053.099705][T14060] bridge0: port 3(netdevsim0) entered disabled state [ 1053.160964][T14060] bridge0: port 3(netdevsim0) entered disabled state [ 1053.210068][ T24] cp210x 1-1:0.0: failed to get vendor val 0x370b size 1: -71 [ 1053.520825][ T24] cp210x 1-1:0.0: querying part number failed [ 1054.524488][T14010] Bluetooth: hci5: command tx timeout [ 1054.536705][ T24] usb 1-1: cp210x converter now attached to ttyUSB0 [ 1054.548579][ T24] usb 1-1: USB disconnect, device number 54 [ 1054.561662][ T24] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1054.571225][ T24] cp210x 1-1:0.0: device disconnected [ 1054.634239][T13886] net_ratelimit: 1 callbacks suppressed [ 1054.634260][T13886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1055.161606][T14060] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1055.188848][T14060] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 1055.205735][ T5908] usb 5-1: new high-speed USB device number 56 using dummy_hcd [ 1055.356522][ T5947] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1055.585946][ T5908] usb 5-1: Using ep0 maxpacket: 8 [ 1055.607316][ T5908] usb 5-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77 [ 1055.624995][ T5908] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1055.882450][ T5922] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1056.050946][ T5908] usb 5-1: Product: syz [ 1056.152029][ T5908] usb 5-1: Manufacturer: syz [ 1056.581831][ T5947] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1056.621754][T11315] Bluetooth: hci5: command tx timeout [ 1056.631137][ T24] usb 4-1: new high-speed USB device number 81 using dummy_hcd [ 1056.655661][ T5908] usb 5-1: SerialNumber: syz [ 1056.664239][T14069] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1056.681375][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1056.720381][T13886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1056.823956][ T5908] usb 5-1: config 0 descriptor?? [ 1056.867377][ T5908] usb 5-1: can't set config #0, error -71 [ 1056.880178][T14256] chnl_net:caif_netlink_parms(): no params data found [ 1056.890553][ T24] usb 4-1: Using ep0 maxpacket: 8 [ 1056.910206][ T5908] usb 5-1: USB disconnect, device number 56 [ 1056.925119][ T24] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1056.952397][T14060] bridge_slave_1: left allmulticast mode [ 1056.960656][ T24] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1056.970788][T14060] bridge_slave_1: left promiscuous mode [ 1056.985748][T14060] bridge0: port 2(bridge_slave_1) entered disabled state [ 1057.002036][ T24] usb 4-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0x76, changing to 0x6 [ 1057.034533][ T24] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x6 has an invalid bInterval 100, changing to 10 [ 1057.092919][ T24] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 24936, setting to 1024 [ 1057.154492][T14060] bridge_slave_0: left allmulticast mode [ 1057.166284][ T24] usb 4-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1057.169706][T14060] bridge_slave_0: left promiscuous mode [ 1057.188594][T14060] bridge0: port 1(bridge_slave_0) entered disabled state [ 1057.199091][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1057.934821][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1057.957758][T14088] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1057.974933][T13067] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1057.980357][ T24] hub 4-1:1.0: bad descriptor, ignoring hub [ 1057.998073][ T24] hub 4-1:1.0: probe with driver hub failed with error -5 [ 1058.008907][ T24] cdc_wdm 4-1:1.0: skipping garbage [ 1058.015466][ T24] cdc_wdm 4-1:1.0: skipping garbage [ 1058.021267][ T24] cdc_wdm 4-1:1.0: probe with driver cdc_wdm failed with error -22 [ 1058.098984][T14338] input: syz0 as /devices/virtual/input/input30 [ 1058.634689][T11315] Bluetooth: hci5: command tx timeout [ 1058.774261][T13067] usb 5-1: new low-speed USB device number 57 using dummy_hcd [ 1058.934146][T13067] usb 5-1: Invalid ep0 maxpacket: 16 [ 1059.029470][T14060] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1059.047573][T14060] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1059.060370][T14060] bond0 (unregistering): Released all slaves [ 1059.075967][T13067] usb 5-1: new low-speed USB device number 58 using dummy_hcd [ 1059.234467][T13067] usb 5-1: Invalid ep0 maxpacket: 16 [ 1059.248878][T13067] usb usb5-port1: attempt power cycle [ 1059.392192][T14060] bond1 (unregistering): Released all slaves [ 1059.432750][T14331] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1059.455503][T14331] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1059.499482][ T24] usb 4-1: USB disconnect, device number 81 [ 1059.624257][T14328] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1059.624466][T13067] usb 5-1: new low-speed USB device number 59 using dummy_hcd [ 1059.685227][T13067] usb 5-1: Invalid ep0 maxpacket: 16 [ 1059.704871][T14345] lo: entered allmulticast mode [ 1059.723545][T14060] : left promiscuous mode [ 1059.824536][T13067] usb 5-1: new low-speed USB device number 60 using dummy_hcd [ 1059.839812][T14328] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1059.862446][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1059.862685][T14343] lo: left allmulticast mode [ 1059.908602][T13067] usb 5-1: Invalid ep0 maxpacket: 16 [ 1059.934726][T13067] usb usb5-port1: unable to enumerate USB device [ 1059.998570][ T24] net_ratelimit: 2 callbacks suppressed [ 1059.998593][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1060.052906][T14060] : left promiscuous mode [ 1060.079522][T14256] bridge0: port 1(bridge_slave_0) entered blocking state [ 1060.093720][T14256] bridge0: port 1(bridge_slave_0) entered disabled state [ 1060.123319][T14256] bridge_slave_0: entered allmulticast mode [ 1060.144492][T14256] bridge_slave_0: entered promiscuous mode [ 1060.248169][T14328] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1060.278902][T14256] bridge0: port 2(bridge_slave_1) entered blocking state [ 1060.287510][T14256] bridge0: port 2(bridge_slave_1) entered disabled state [ 1060.298612][T14256] bridge_slave_1: entered allmulticast mode [ 1060.311075][T14256] bridge_slave_1: entered promiscuous mode [ 1060.711142][T14328] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1060.818250][T14256] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1060.934806][T14256] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1060.968853][T14364] netlink: 'syz.0.2305': attribute type 10 has an invalid length. [ 1061.044264][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1061.054668][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1061.087624][T14256] team0: Port device team_slave_0 added [ 1061.147011][T14060] hsr_slave_0: left promiscuous mode [ 1061.175758][T14060] hsr_slave_1: left promiscuous mode [ 1061.193139][T14060] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1061.202490][T14060] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1061.227854][T14060] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1061.248438][T14060] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1061.308888][T14369] fuse: Bad value for 'rootmode' [ 1061.342820][T14060] veth1_macvtap: left promiscuous mode [ 1061.364208][T14060] veth0_macvtap: left promiscuous mode [ 1061.378244][T14060] veth1_vlan: left promiscuous mode [ 1061.390480][T14060] veth0_vlan: left promiscuous mode [ 1062.081745][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1062.394439][T14062] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1062.406599][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1062.416314][ T9769] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1063.141362][T14060] team0 (unregistering): Port device team_slave_1 removed [ 1063.236814][T14060] team0 (unregistering): Port device team_slave_0 removed [ 1063.443605][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1063.692767][ T6013] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1063.704677][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1064.137243][T14256] team0: Port device team_slave_1 added [ 1064.358061][T14256] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1064.382858][T14256] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1064.448380][T14256] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1064.466118][T14256] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1064.478696][T14256] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1064.544182][T14256] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1064.647332][T14328] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1065.076575][T14394] netlink: 'syz.4.2313': attribute type 10 has an invalid length. [ 1065.522375][T14394] bond0: (slave netdevsim0): Enslaving as an active interface with a down link [ 1065.532235][T13886] net_ratelimit: 2 callbacks suppressed [ 1065.532254][T13886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1065.594503][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1065.662220][T14328] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1065.926978][T14256] hsr_slave_0: entered promiscuous mode [ 1065.956162][T14256] hsr_slave_1: entered promiscuous mode [ 1065.986351][T14256] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1066.049443][T14256] Cannot create hsr debugfs directory [ 1066.128849][T14328] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1066.212413][T14328] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1066.481874][ T9] usb 5-1: new high-speed USB device number 61 using dummy_hcd [ 1066.623500][T13886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1066.647984][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 1066.660570][ T9] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1066.741172][T14060] IPVS: stop unused estimator thread 0... [ 1066.764651][ T9] usb 5-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 1066.824381][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1066.840900][ T9] usb 5-1: Product: syz [ 1066.846485][T13067] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1066.859235][ T9] usb 5-1: Manufacturer: syz [ 1066.867146][ T9] usb 5-1: SerialNumber: syz [ 1066.880544][ T9] usb 5-1: config 0 descriptor?? [ 1066.887429][T14408] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1066.895346][T14408] IPv6: NLM_F_CREATE should be set when creating new route [ 1066.903380][T14408] IPv6: NLM_F_CREATE should be set when creating new route [ 1066.910680][T14408] FAULT_INJECTION: forcing a failure. [ 1066.910680][T14408] name failslab, interval 1, probability 0, space 0, times 0 [ 1066.923795][T14408] CPU: 0 UID: 0 PID: 14408 Comm: syz.2.2318 Not tainted 6.16.0-rc7-syzkaller-00105-g2942242dde89 #0 PREEMPT(full) [ 1066.923827][T14408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1066.923842][T14408] Call Trace: [ 1066.923852][T14408] [ 1066.923863][T14408] dump_stack_lvl+0x189/0x250 [ 1066.923894][T14408] ? __pfx____ratelimit+0x10/0x10 [ 1066.923919][T14408] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1066.923944][T14408] ? __pfx__printk+0x10/0x10 [ 1066.923989][T14408] should_fail_ex+0x414/0x560 [ 1066.924018][T14408] should_failslab+0xa8/0x100 [ 1066.924046][T14408] kmem_cache_alloc_noprof+0x73/0x3c0 [ 1066.924068][T14408] ? fib6_add_1+0x714/0x1460 [ 1066.924102][T14408] fib6_add_1+0x714/0x1460 [ 1066.924147][T14408] fib6_add+0x572/0x18a0 [ 1066.924192][T14408] ? __pfx_fib6_add+0x10/0x10 [ 1066.924229][T14408] ? ip6_route_add+0xc9/0x1b0 [ 1066.924263][T14408] ip6_route_add+0xde/0x1b0 [ 1066.924297][T14408] inet6_rtm_newroute+0x1cf/0x18c0 [ 1066.924331][T14408] ? nlmon_xmit+0xb0/0x100 [ 1066.924357][T14408] ? kmem_cache_free+0x18f/0x400 [ 1066.924384][T14408] ? __pfx_inet6_rtm_newroute+0x10/0x10 [ 1066.924412][T14408] ? __local_bh_enable_ip+0x12d/0x1c0 [ 1066.924436][T14408] ? lockdep_hardirqs_on+0x9c/0x150 [ 1066.924462][T14408] ? __local_bh_enable_ip+0x12d/0x1c0 [ 1066.924485][T14408] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 1066.924514][T14408] ? __dev_queue_xmit+0x27e/0x3a70 [ 1066.924538][T14408] ? __dev_queue_xmit+0x27e/0x3a70 [ 1066.924558][T14408] ? __dev_queue_xmit+0x27e/0x3a70 [ 1066.924582][T14408] ? __dev_queue_xmit+0x1cd7/0x3a70 [ 1066.924634][T14408] ? __pfx_inet6_rtm_newroute+0x10/0x10 [ 1066.924659][T14408] rtnetlink_rcv_msg+0x7cc/0xb70 [ 1066.924693][T14408] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 1066.924730][T14408] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1066.924756][T14408] ? ref_tracker_free+0x63a/0x7d0 [ 1066.924778][T14408] ? __copy_skb_header+0xa7/0x550 [ 1066.924802][T14408] ? __pfx_ref_tracker_free+0x10/0x10 [ 1066.924826][T14408] ? __skb_clone+0x63/0x7a0 [ 1066.924856][T14408] netlink_rcv_skb+0x208/0x470 [ 1066.924890][T14408] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1066.924921][T14408] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1066.924966][T14408] ? netlink_deliver_tap+0x2e/0x1b0 [ 1066.924997][T14408] ? netlink_deliver_tap+0x2e/0x1b0 [ 1066.925034][T14408] netlink_unicast+0x75c/0x8e0 [ 1066.925075][T14408] netlink_sendmsg+0x805/0xb30 [ 1066.925119][T14408] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1066.925161][T14408] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1066.925183][T14408] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1066.925217][T14408] __sock_sendmsg+0x219/0x270 [ 1066.925249][T14408] ____sys_sendmsg+0x52d/0x830 [ 1066.925290][T14408] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1066.925335][T14408] ? import_iovec+0x74/0xa0 [ 1066.925372][T14408] ___sys_sendmsg+0x21f/0x2a0 [ 1066.925410][T14408] ? __pfx____sys_sendmsg+0x10/0x10 [ 1066.925482][T14408] ? __fget_files+0x2a/0x420 [ 1066.925505][T14408] ? __fget_files+0x3a0/0x420 [ 1066.925538][T14408] __sys_sendmmsg+0x227/0x430 [ 1066.925576][T14408] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1066.925607][T14408] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 1066.925658][T14408] ? ksys_write+0x22a/0x250 [ 1066.925682][T14408] ? __pfx_ksys_write+0x10/0x10 [ 1066.925701][T14408] ? rcu_is_watching+0x15/0xb0 [ 1066.925741][T14408] __x64_sys_sendmmsg+0xa0/0xc0 [ 1066.925779][T14408] do_syscall_64+0xfa/0x3b0 [ 1066.925803][T14408] ? lockdep_hardirqs_on+0x9c/0x150 [ 1066.925826][T14408] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1066.925848][T14408] ? clear_bhb_loop+0x60/0xb0 [ 1066.925874][T14408] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1066.925895][T14408] RIP: 0033:0x7fea8a98e9a9 [ 1066.925915][T14408] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1066.925936][T14408] RSP: 002b:00007fea8b85a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1066.925960][T14408] RAX: ffffffffffffffda RBX: 00007fea8abb5fa0 RCX: 00007fea8a98e9a9 [ 1066.925976][T14408] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000003 [ 1066.925990][T14408] RBP: 00007fea8b85a090 R08: 0000000000000000 R09: 0000000000000000 [ 1066.926003][T14408] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1066.926016][T14408] R13: 0000000000000000 R14: 00007fea8abb5fa0 R15: 00007ffd15e373b8 [ 1066.926051][T14408] [ 1067.441725][T14408] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1067.449109][T14408] IPv6: NLM_F_CREATE should be set when creating new route [ 1067.456417][T14408] IPv6: NLM_F_CREATE should be set when creating new route [ 1067.463885][T14408] IPv6: NLM_F_CREATE should be set when creating new route [ 1067.582320][T14256] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1067.611597][T14256] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1067.624999][T14256] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1067.638501][T14256] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1067.673797][T13886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1068.127378][T13886] usb 4-1: new high-speed USB device number 82 using dummy_hcd [ 1068.158864][T11615] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1068.187201][ T5947] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1068.197155][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1068.303397][T13886] usb 4-1: Using ep0 maxpacket: 32 [ 1068.323309][T13886] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1068.377799][T14419] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1068.389694][T14419] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1069.175990][ T9] gs_usb 5-1:0.0: Couldn't get device config: (err=-110) [ 1069.206657][ T9] gs_usb 5-1:0.0: probe with driver gs_usb failed with error -110 [ 1069.275124][ T9769] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1069.332505][T14421] netlink: 'syz.2.2319': attribute type 10 has an invalid length. [ 1069.362184][T13886] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 1069.375915][T13886] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1069.386282][T13886] usb 4-1: Product: syz [ 1069.392798][T13886] usb 4-1: Manufacturer: syz [ 1069.402866][T13886] usb 4-1: SerialNumber: syz [ 1069.445099][T14080] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1069.470484][T14421] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1069.486649][T13886] usb 4-1: config 0 descriptor?? [ 1069.504898][T14421] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 1069.525147][T14422] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1069.620342][T14422] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1069.772261][T14422] bond0: (slave batadv0): Releasing backup interface [ 1070.398742][T14256] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1070.517180][ T24] usb 5-1: USB disconnect, device number 61 [ 1070.518032][T14256] 8021q: adding VLAN 0 to HW filter on device team0 [ 1070.670458][T11615] bridge0: port 1(bridge_slave_0) entered blocking state [ 1070.679149][T11615] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1070.801824][T13886] gs_usb 4-1:0.0: Couldn't get device config: (err=-110) [ 1070.960339][T13886] gs_usb 4-1:0.0: probe with driver gs_usb failed with error -110 [ 1071.305915][T11615] bridge0: port 2(bridge_slave_1) entered blocking state [ 1071.313513][T11615] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1071.576548][T14432] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2321'. [ 1071.626197][T13886] net_ratelimit: 10 callbacks suppressed [ 1071.626222][T13886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1071.880165][T14432] vlan3: entered promiscuous mode [ 1071.916179][T14432] vlan3: entered allmulticast mode [ 1071.927136][T14428] netlink: 'syz.0.2320': attribute type 7 has an invalid length. [ 1072.158165][T14256] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1072.214019][T14256] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1072.548738][ T5947] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1073.515920][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1073.679881][T14449] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2324'. [ 1073.803237][T13886] usb 5-1: new high-speed USB device number 62 using dummy_hcd [ 1073.974049][T13886] usb 5-1: Using ep0 maxpacket: 8 [ 1074.030559][T13886] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1074.152676][T13886] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1074.174639][T13886] usb 5-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0x76, changing to 0x6 [ 1074.220016][T13886] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x6 has an invalid bInterval 100, changing to 10 [ 1074.264174][T13886] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 24936, setting to 1024 [ 1074.264209][ T5947] usb 3-1: new high-speed USB device number 58 using dummy_hcd [ 1074.285455][T13886] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1074.316790][T13886] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1074.364892][T13886] hub 5-1:1.0: bad descriptor, ignoring hub [ 1074.422113][T13886] hub 5-1:1.0: probe with driver hub failed with error -5 [ 1074.450495][ T5947] usb 3-1: Using ep0 maxpacket: 16 [ 1074.459676][ T5947] usb 3-1: config 0 interface 0 altsetting 3 endpoint 0x81 has an invalid bInterval 32, changing to 9 [ 1074.474634][T13886] cdc_wdm 5-1:1.0: skipping garbage [ 1074.479948][T13886] cdc_wdm 5-1:1.0: skipping garbage [ 1074.511803][T14256] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1074.525427][T13886] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22 [ 1074.529736][ T5947] usb 3-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1074.584750][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1074.651656][ T5908] usb 4-1: USB disconnect, device number 82 [ 1074.689678][ T5947] usb 3-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1074.705264][ T5947] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1074.711976][ T5947] usb 3-1: New USB device found, idVendor=0b05, idProduct=17e0, bcdDevice= 0.00 [ 1074.793903][ T5947] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1074.867714][ T5947] usb 3-1: config 0 descriptor?? [ 1075.195463][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1075.662938][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1075.744424][T13886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1075.873228][ T5908] usb 5-1: USB disconnect, device number 62 [ 1075.901870][T14256] veth0_vlan: entered promiscuous mode [ 1076.454640][T14256] veth1_vlan: entered promiscuous mode [ 1076.554676][ T5947] usbhid 3-1:0.0: can't add hid device: -71 [ 1076.568656][ T5947] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 1076.584601][ T5947] usb 3-1: USB disconnect, device number 58 [ 1077.001633][T14256] veth0_macvtap: entered promiscuous mode [ 1077.001649][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1077.116510][T14256] veth1_macvtap: entered promiscuous mode [ 1077.148754][T14256] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1077.172039][T14256] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1077.199597][T14256] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1077.199677][T14256] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1077.199707][T14256] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1077.199735][T14256] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1078.285669][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1078.523092][ T5908] usb 1-1: new high-speed USB device number 55 using dummy_hcd [ 1079.134382][T13067] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1079.311815][ T5908] usb 1-1: Using ep0 maxpacket: 8 [ 1079.342067][ T5908] usb 1-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77 [ 1079.356436][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1079.369692][ T5908] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1079.382046][ T5908] usb 1-1: Product: syz [ 1079.387215][ T5908] usb 1-1: Manufacturer: syz [ 1079.393759][ T5908] usb 1-1: SerialNumber: syz [ 1079.404204][ T5908] usb 1-1: config 0 descriptor?? [ 1079.409335][T14080] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1079.453139][ T5908] gspca_main: sq905-2.14.0 probing 2770:9120 [ 1079.469811][T14080] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1079.562043][ T6013] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1079.590527][ T6013] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1079.881205][ T9] kernel write not supported for file /input/event2 (pid: 9 comm: kworker/0:0) [ 1079.898482][ T10] usb 3-1: new high-speed USB device number 59 using dummy_hcd [ 1080.012248][T14516] bridge_slave_0: left allmulticast mode [ 1080.019767][T14516] bridge_slave_0: left promiscuous mode [ 1080.028915][T14516] bridge0: port 1(bridge_slave_0) entered disabled state [ 1080.035977][ T5908] gspca_sq905: sq905_command: usb_control_msg failed (-110) [ 1080.036068][ T5908] sq905 1-1:0.0: probe with driver sq905 failed with error -110 [ 1080.250334][T14515] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1080.849597][T13067] usb 1-1: USB disconnect, device number 55 [ 1080.875123][ T10] usb 3-1: Using ep0 maxpacket: 32 [ 1080.889642][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1080.941690][ T10] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1080.950920][T14516] bridge_slave_1: left allmulticast mode [ 1080.959123][T14516] bridge_slave_1: left promiscuous mode [ 1080.976883][T14516] bridge0: port 2(bridge_slave_1) entered disabled state [ 1081.019918][ T10] usb 3-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 1081.038382][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1081.068050][ T10] usb 3-1: Product: syz [ 1081.177489][ T10] usb 3-1: Manufacturer: syz [ 1081.188595][ T10] usb 3-1: SerialNumber: syz [ 1081.472752][T14516] bond0: (slave bond_slave_0): Releasing backup interface [ 1081.509609][ T10] usb 3-1: config 0 descriptor?? [ 1081.687004][T14525] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2339'. [ 1081.709438][T14516] bond0: (slave bond_slave_1): Releasing backup interface [ 1081.913578][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1082.214572][ T5968] usb 1-1: new high-speed USB device number 56 using dummy_hcd [ 1082.356058][ T5947] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1082.572965][T14516] team0: Port device team_slave_0 removed [ 1082.650892][T14516] team0: Port device team_slave_1 removed [ 1082.680006][T14516] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1082.694638][ T5968] usb 1-1: Using ep0 maxpacket: 16 [ 1082.706043][T14516] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1082.715730][ T5968] usb 1-1: config 0 interface 0 altsetting 3 endpoint 0x81 has an invalid bInterval 32, changing to 9 [ 1082.736154][T14516] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1082.746033][ T5968] usb 1-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1082.758150][T14516] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1082.767850][ T5968] usb 1-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1082.816154][ T5968] usb 1-1: config 0 interface 0 has no altsetting 0 [ 1082.843130][ T5908] usb 4-1: new high-speed USB device number 83 using dummy_hcd [ 1082.876675][ T10] gs_usb 3-1:0.0: Couldn't get device config: (err=-110) [ 1082.891450][ T10] gs_usb 3-1:0.0: probe with driver gs_usb failed with error -110 [ 1082.901680][ T5968] usb 1-1: New USB device found, idVendor=0b05, idProduct=17e0, bcdDevice= 0.00 [ 1082.949459][ T5968] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1082.963519][ T5922] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1083.003357][ T5908] usb 4-1: device descriptor read/64, error -71 [ 1083.040439][ T5968] usb 1-1: config 0 descriptor?? [ 1083.283659][ T5908] usb 4-1: new high-speed USB device number 84 using dummy_hcd [ 1083.286141][ T5968] usbhid 1-1:0.0: can't add hid device: -71 [ 1083.328268][ T5968] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 1083.366437][ T5968] usb 1-1: USB disconnect, device number 56 [ 1083.463183][ T5908] usb 4-1: device descriptor read/64, error -71 [ 1083.595282][ T5908] usb usb4-port1: attempt power cycle [ 1083.983222][ T5908] usb 4-1: new high-speed USB device number 85 using dummy_hcd [ 1084.007557][ T5922] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1084.752860][ T5908] usb 4-1: device descriptor read/8, error -71 [ 1084.794977][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1085.033319][ T5922] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1085.434635][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1086.076168][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1087.545154][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1087.608768][ T5968] usb 3-1: USB disconnect, device number 59 [ 1088.373122][ T5908] usb 4-1: new high-speed USB device number 87 using dummy_hcd [ 1088.806156][ T5968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1088.844965][ T5922] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1089.018379][ T5908] usb 4-1: Using ep0 maxpacket: 8 [ 1089.048797][ T5908] usb 4-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77 [ 1089.093241][ T5908] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1089.124720][ T5908] usb 4-1: Product: syz [ 1089.164570][ T5908] usb 4-1: Manufacturer: syz [ 1089.192268][ T5908] usb 4-1: SerialNumber: syz [ 1089.215770][ T5908] usb 4-1: config 0 descriptor?? [ 1089.235267][ T5908] gspca_main: sq905-2.14.0 probing 2770:9120 [ 1089.755498][ T5908] gspca_sq905: sq905_command: usb_control_msg failed (-110) [ 1089.806423][T14591] netlink: 'syz.5.2354': attribute type 10 has an invalid length. [ 1089.919217][T14591] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1090.004876][T14591] team0: Port device bond0 added [ 1090.184759][ T5908] sq905 4-1:0.0: probe with driver sq905 failed with error -110 [ 1090.268284][T14597] IPVS: sync thread started: state = MASTER, mcast_ifn = geneve0, syncid = 10802, id = 0 [ 1091.666009][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1091.690420][ T5908] usb 4-1: USB disconnect, device number 87 [ 1091.998651][ T5947] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1092.742015][ T5922] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1093.754161][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1093.787695][T14607] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2358'. [ 1093.889946][T14610] FAULT_INJECTION: forcing a failure. [ 1093.889946][T14610] name failslab, interval 1, probability 0, space 0, times 0 [ 1093.939179][T14610] CPU: 1 UID: 0 PID: 14610 Comm: syz.3.2357 Not tainted 6.16.0-rc7-syzkaller-00105-g2942242dde89 #0 PREEMPT(full) [ 1093.939214][T14610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1093.939233][T14610] Call Trace: [ 1093.939243][T14610] [ 1093.939255][T14610] dump_stack_lvl+0x189/0x250 [ 1093.939287][T14610] ? __pfx____ratelimit+0x10/0x10 [ 1093.939312][T14610] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1093.939337][T14610] ? __pfx__printk+0x10/0x10 [ 1093.939370][T14610] ? __pfx___might_resched+0x10/0x10 [ 1093.939396][T14610] ? fs_reclaim_acquire+0x7d/0x100 [ 1093.939428][T14610] should_fail_ex+0x414/0x560 [ 1093.939458][T14610] should_failslab+0xa8/0x100 [ 1093.939484][T14610] __kmalloc_noprof+0xcb/0x4f0 [ 1093.939505][T14610] ? tomoyo_mount_permission+0x27a/0x970 [ 1093.939536][T14610] ? tomoyo_encode+0x28b/0x550 [ 1093.939569][T14610] tomoyo_encode+0x28b/0x550 [ 1093.939602][T14610] ? tomoyo_mount_permission+0x27a/0x970 [ 1093.939631][T14610] tomoyo_mount_permission+0x331/0x970 [ 1093.939667][T14610] ? __pfx_tomoyo_mount_permission+0x10/0x10 [ 1093.939760][T14610] security_sb_mount+0xec/0x350 [ 1093.939797][T14610] path_mount+0xbc/0xfe0 [ 1093.939820][T14610] ? user_path_at+0x44/0x60 [ 1093.939849][T14610] ? kmem_cache_free+0x18f/0x400 [ 1093.939882][T14610] __se_sys_mount+0x317/0x410 [ 1093.939915][T14610] ? __pfx___se_sys_mount+0x10/0x10 [ 1093.939939][T14610] ? rcu_is_watching+0x15/0xb0 [ 1093.939970][T14610] ? do_syscall_64+0xbe/0x3b0 [ 1093.940001][T14610] ? __x64_sys_mount+0x20/0xc0 [ 1093.940030][T14610] do_syscall_64+0xfa/0x3b0 [ 1093.940054][T14610] ? lockdep_hardirqs_on+0x9c/0x150 [ 1093.940078][T14610] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1093.940102][T14610] ? clear_bhb_loop+0x60/0xb0 [ 1093.940130][T14610] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1093.940151][T14610] RIP: 0033:0x7fa4e938e9a9 [ 1093.940171][T14610] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1093.940191][T14610] RSP: 002b:00007fa4e71f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1093.940215][T14610] RAX: ffffffffffffffda RBX: 00007fa4e95b5fa0 RCX: 00007fa4e938e9a9 [ 1093.940233][T14610] RDX: 0000200000000080 RSI: 00002000000000c0 RDI: 0000000000000000 [ 1093.940247][T14610] RBP: 00007fa4e71f6090 R08: 0000200000000900 R09: 0000000000000000 [ 1093.940262][T14610] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1093.940276][T14610] R13: 0000000000000000 R14: 00007fa4e95b5fa0 R15: 00007ffe047b49e8 [ 1093.940311][T14610] [ 1094.395952][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1094.538896][ T5947] usb 3-1: new high-speed USB device number 60 using dummy_hcd [ 1094.543509][T14619] netlink: 'syz.0.2363': attribute type 10 has an invalid length. [ 1094.555052][ T5908] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 1094.646664][T14619] netlink: 'syz.0.2363': attribute type 2 has an invalid length. [ 1094.666345][T14619] netlink: 'syz.0.2363': attribute type 1 has an invalid length. [ 1094.718940][ T5947] usb 3-1: Using ep0 maxpacket: 32 [ 1094.733461][ T5908] usb 6-1: Using ep0 maxpacket: 32 [ 1094.738845][ T5947] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1094.751807][ T5908] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1094.758616][ T5947] usb 3-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 1094.767733][ T5908] usb 6-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 1094.787179][ T5908] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1094.791347][ T5947] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1094.808969][ T5968] usb 5-1: new high-speed USB device number 63 using dummy_hcd [ 1094.811166][ T5908] usb 6-1: Product: syz [ 1094.818226][ T10] usb 4-1: new high-speed USB device number 88 using dummy_hcd [ 1094.831413][ T5908] usb 6-1: Manufacturer: syz [ 1094.842457][ T5908] usb 6-1: SerialNumber: syz [ 1094.849089][ T9769] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1094.853881][ T5947] usb 3-1: Product: syz [ 1094.871681][ T5947] usb 3-1: Manufacturer: syz [ 1094.883506][ T5908] usb 6-1: config 0 descriptor?? [ 1094.896788][ T5947] usb 3-1: SerialNumber: syz [ 1094.924826][ T5947] usb 3-1: config 0 descriptor?? [ 1094.993847][ T5968] usb 5-1: Using ep0 maxpacket: 16 [ 1095.006052][ T10] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1095.034859][ T10] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1095.042144][T13067] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1095.064746][ T10] usb 4-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.00 [ 1095.077914][ T5968] usb 5-1: unable to get BOS descriptor or descriptor too short [ 1095.094417][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1095.121468][ T5968] usb 5-1: config 108 has an invalid interface number: 14 but max is 0 [ 1095.132103][ T5968] usb 5-1: config 108 has no interface number 0 [ 1095.141446][ T10] usb 4-1: config 0 descriptor?? [ 1095.164607][ T5968] usb 5-1: config 108 interface 14 altsetting 6 endpoint 0x5 has invalid maxpacket 512, setting to 64 [ 1095.195131][ T5968] usb 5-1: config 108 interface 14 has no altsetting 0 [ 1095.207591][ T5968] usb 5-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=d8.65 [ 1095.221151][ T5968] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1095.232376][ T5968] usb 5-1: Product: ဇ [ 1095.238372][ T5968] usb 5-1: Manufacturer: О [ 1095.244586][ T5968] usb 5-1: SerialNumber: Р [ 1095.523720][T14623] netlink: 'syz.4.2364': attribute type 1 has an invalid length. [ 1095.532430][T14623] netlink: 'syz.4.2364': attribute type 1 has an invalid length. [ 1095.565552][T14623] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1095.583648][T14623] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1095.598794][T14622] trusted_key: encrypted_key: keyword 'update' not allowed when called from .instantiate method [ 1095.740584][ T5968] usb 5-1: USB disconnect, device number 63 [ 1096.235478][ T5947] gs_usb 3-1:0.0: Couldn't get device config: (err=-110) [ 1096.299703][ T5947] gs_usb 3-1:0.0: probe with driver gs_usb failed with error -110 [ 1096.484693][ T5922] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1096.499132][ T5908] gs_usb 6-1:0.0: Couldn't get device config: (err=-110) [ 1096.509353][ T5908] gs_usb 6-1:0.0: probe with driver gs_usb failed with error -110 [ 1096.509974][T14629] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1096.530505][T14629] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1096.546630][ T10] input: HID 054c:03d5 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:054C:03D5.000C/input/input32 [ 1096.784471][ T10] sony 0003:054C:03D5.000C: input,hidraw0: USB HID v0.00 Joystick [HID 054c:03d5] on usb-dummy_hcd.3-1/input0 [ 1096.849607][ T10] usb 4-1: USB disconnect, device number 88 [ 1097.350151][T14639] netlink: 324 bytes leftover after parsing attributes in process `syz.0.2366'. [ 1097.760134][ T5922] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1097.769696][ T5968] usb 3-1: USB disconnect, device number 60 [ 1097.894340][T14635] fido_id[14635]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 1098.144323][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1098.846552][ T5922] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1099.281290][ T5922] usb 6-1: USB disconnect, device number 2 [ 1099.343904][T13067] usb 4-1: new high-speed USB device number 89 using dummy_hcd [ 1099.351845][ T10] usb 5-1: new high-speed USB device number 64 using dummy_hcd [ 1099.704761][ T10] usb 5-1: Using ep0 maxpacket: 32 [ 1099.710160][T13067] usb 4-1: Using ep0 maxpacket: 8 [ 1099.729116][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 1099.749778][T13067] usb 4-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77 [ 1099.776595][T13067] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1099.787294][ T10] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 0 [ 1099.821441][T13067] usb 4-1: Product: syz [ 1099.831782][ T10] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 1099.842690][T13067] usb 4-1: Manufacturer: syz [ 1099.856630][ T10] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 1099.876378][T13067] usb 4-1: SerialNumber: syz [ 1099.891271][T13067] usb 4-1: config 0 descriptor?? [ 1099.901831][ T10] usb 5-1: Product: syz [ 1099.914569][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1099.951677][ T10] usb 5-1: Manufacturer: syz [ 1099.979991][T13067] gspca_main: sq905-2.14.0 probing 2770:9120 [ 1099.988095][ T10] usb 5-1: SerialNumber: syz [ 1100.011548][ T10] usb 5-1: config 0 descriptor?? [ 1100.027622][ T10] hub 5-1:0.0: bad descriptor, ignoring hub [ 1100.037044][ T10] hub 5-1:0.0: probe with driver hub failed with error -5 [ 1100.144409][T14651] block nbd0: shutting down sockets [ 1100.265009][T14649] x_tables: duplicate underflow at hook 4 [ 1100.393994][ T5908] usb 5-1: USB disconnect, device number 64 [ 1100.514082][T13067] gspca_sq905: sq905_command: usb_control_msg failed (-110) [ 1100.535670][T13067] sq905 4-1:0.0: probe with driver sq905 failed with error -110 [ 1100.841833][T14669] overlayfs: failed to resolve './file0': -2 [ 1100.964803][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1101.315310][ T5908] usb 4-1: USB disconnect, device number 89 [ 1101.350887][T13067] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1101.444029][T14674] openvswitch: netlink: VXLAN extension message has 45 unknown bytes. [ 1101.853500][T14680] ntfs3(nullb0): Primary boot signature is not NTFS. [ 1101.864226][T14680] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 1102.118839][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1102.250941][T14687] netlink: 76 bytes leftover after parsing attributes in process `syz.4.2379'. [ 1102.292316][T14687] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2379'. [ 1102.348302][T14687] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2379'. [ 1103.194497][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1103.350701][T14698] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2381'. [ 1104.170388][ T5889] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1104.186405][ T10] usb 4-1: new high-speed USB device number 90 using dummy_hcd [ 1104.862236][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1104.925689][T13067] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1105.313922][ T10] usb 4-1: Using ep0 maxpacket: 16 [ 1105.325943][ T10] usb 4-1: config 0 interface 0 altsetting 3 endpoint 0x81 has an invalid bInterval 32, changing to 9 [ 1105.370005][ T10] usb 4-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1105.613639][ T10] usb 4-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1105.690961][T14723] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1106.504970][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1106.511636][ T10] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1106.513997][ T24] usb 5-1: new high-speed USB device number 65 using dummy_hcd [ 1106.640474][ T10] usb 4-1: New USB device found, idVendor=0b05, idProduct=17e0, bcdDevice= 0.00 [ 1106.677273][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1106.715126][ T24] usb 5-1: Using ep0 maxpacket: 16 [ 1106.752448][ T10] usb 4-1: config 0 descriptor?? [ 1106.759947][ T24] usb 5-1: config 0 has an invalid interface number: 8 but max is 0 [ 1106.787607][ T24] usb 5-1: config 0 has no interface number 0 [ 1106.806237][ T10] usb 4-1: can't set config #0, error -71 [ 1106.823923][ T24] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1106.851083][ T10] usb 4-1: USB disconnect, device number 90 [ 1106.871040][ T24] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 1106.964564][ T24] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 1107.025733][ T24] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 1107.083357][ T24] usb 5-1: Product: syz [ 1107.093085][ T24] usb 5-1: SerialNumber: syz [ 1107.107935][ T24] usb 5-1: config 0 descriptor?? [ 1107.116464][ T24] cm109 5-1:0.8: invalid payload size 0, expected 4 [ 1107.150661][ T24] input: CM109 USB driver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.8/input/input33 [ 1107.371196][ C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1107.381479][ C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1107.388703][ C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1107.394627][ T10] usb 4-1: new high-speed USB device number 91 using dummy_hcd [ 1107.396792][ C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1107.412635][ C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1107.420446][ C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1107.427671][ C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1107.434864][ C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1107.442289][ C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1107.450768][ C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1107.462576][ T24] usb 5-1: USB disconnect, device number 65 [ 1107.469094][ C1] cm109 5-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 1107.497760][ T24] cm109 5-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 1107.577053][ T9769] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1107.678400][ T10] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1107.711229][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1107.737303][ T10] usb 4-1: Product: syz [ 1107.742931][ T10] usb 4-1: Manufacturer: syz [ 1107.761634][ T10] usb 4-1: SerialNumber: syz [ 1107.810390][ T10] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1107.994393][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1108.066446][T13067] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1108.137993][T14740] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2393'. [ 1108.933472][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1109.028531][ C0] usb 4-1: ath9k_htc: invalid pkt_len (ff31) [ 1109.055553][T14747] netlink: 'syz.4.2394': attribute type 10 has an invalid length. [ 1109.370820][T13067] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 1109.501230][T13067] ath9k_htc: Failed to initialize the device [ 1109.541610][T13067] usb 4-1: ath9k_htc: USB layer deinitialized [ 1109.725789][T14733] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2392'. [ 1109.794604][T14753] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2392'. [ 1109.960952][ T24] usb 4-1: USB disconnect, device number 91 [ 1110.003637][ T9769] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1110.205620][T14756] netlink: 'syz.5.2396': attribute type 10 has an invalid length. [ 1110.285765][T14756] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1110.348387][T14756] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 1111.369283][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1111.386366][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1111.412343][T14758] bond0: (slave batadv0): Releasing backup interface [ 1111.525180][T14769] vlan3: entered promiscuous mode [ 1111.724829][T14769] vlan3: entered allmulticast mode [ 1111.803110][T14769] hsr_slave_1: entered allmulticast mode [ 1111.853198][T14771] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 1111.855436][T14770] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2400'. [ 1112.075743][T14773] netlink: 152 bytes leftover after parsing attributes in process `syz.0.2399'. [ 1112.333103][ T24] usb 3-1: new high-speed USB device number 61 using dummy_hcd [ 1112.408298][ T9769] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1112.515561][ T24] usb 3-1: Using ep0 maxpacket: 16 [ 1112.529224][T14788] tmpfs: Bad value for 'mpol' [ 1112.532152][T14786] netlink: 136 bytes leftover after parsing attributes in process `syz.3.2403'. [ 1112.537283][T14788] netlink: 'syz.4.2404': attribute type 58 has an invalid length. [ 1112.555264][T14788] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2404'. [ 1112.563171][ T24] usb 3-1: config 0 interface 0 altsetting 3 endpoint 0x81 has an invalid bInterval 32, changing to 9 [ 1112.575107][T14786] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. [ 1112.655741][ T24] usb 3-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1112.691663][ T24] usb 3-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1112.751317][ T24] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1112.793166][ T24] usb 3-1: New USB device found, idVendor=0b05, idProduct=17e0, bcdDevice= 0.00 [ 1112.813396][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1112.853274][ T24] usb 3-1: config 0 descriptor?? [ 1113.441784][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1113.752513][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1114.776056][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1114.798331][T13067] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1115.171341][ T24] usbhid 3-1:0.0: can't add hid device: -71 [ 1115.189702][ T24] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 1115.229424][ T24] usb 3-1: USB disconnect, device number 61 [ 1115.303183][ T9769] usb 1-1: new high-speed USB device number 57 using dummy_hcd [ 1115.962407][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1116.103108][ T9769] usb 1-1: Using ep0 maxpacket: 8 [ 1116.206625][ T9769] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1116.223795][ T9769] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1116.234464][ T9769] usb 1-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0x76, changing to 0x6 [ 1116.242676][T14813] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1116.246669][ T9769] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x6 has an invalid bInterval 100, changing to 10 [ 1116.246708][ T9769] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 24936, setting to 1024 [ 1116.439714][T14816] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1117.020089][ T9769] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1117.039000][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1117.049484][ T9769] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1117.061254][ T9769] usb 1-1: can't set config #1, error -71 [ 1117.108681][ T9769] usb 1-1: USB disconnect, device number 57 [ 1117.123690][T14814] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1117.852129][T13067] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1118.040919][T14828] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2413'. [ 1118.085797][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1118.384400][T13067] usb 4-1: new high-speed USB device number 92 using dummy_hcd [ 1118.545275][T13067] usb 4-1: Using ep0 maxpacket: 16 [ 1118.568866][T13067] usb 4-1: config 0 interface 0 altsetting 3 endpoint 0x81 has an invalid bInterval 32, changing to 9 [ 1118.592684][T13067] usb 4-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1118.608422][T13067] usb 4-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1118.630180][T13067] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1118.640853][T13067] usb 4-1: New USB device found, idVendor=0b05, idProduct=17e0, bcdDevice= 0.00 [ 1118.654470][T13067] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1118.692718][T13067] usb 4-1: config 0 descriptor?? [ 1118.986133][T14849] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1118.996896][T14849] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1120.632612][ T9769] net_ratelimit: 215 callbacks suppressed [ 1120.632637][ T9769] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1121.283748][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1121.640724][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1121.649976][ T5968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1121.711933][ T9769] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1121.787272][T14861] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2422'. [ 1121.813106][ T5908] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 1122.043190][ T5922] usb 5-1: new high-speed USB device number 66 using dummy_hcd [ 1122.052357][ T5908] usb 6-1: Using ep0 maxpacket: 8 [ 1122.092403][ T5908] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1122.155722][ T5908] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1122.200193][ T5908] usb 6-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0x76, changing to 0x6 [ 1122.267790][ T5908] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x6 has an invalid bInterval 100, changing to 10 [ 1122.289216][ T5922] usb 5-1: Using ep0 maxpacket: 16 [ 1122.331431][ T5922] usb 5-1: config 0 interface 0 altsetting 3 endpoint 0x81 has an invalid bInterval 32, changing to 9 [ 1122.351552][ T5908] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 24936, setting to 1024 [ 1122.390936][ T5922] usb 5-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1122.426005][ T5908] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1122.458233][ T5922] usb 5-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1122.701211][ T5908] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1122.725361][ T10] usb 3-1: new low-speed USB device number 62 using dummy_hcd [ 1122.739763][ T9769] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1123.613660][ T5922] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1123.911932][ T5908] usb 6-1: can't set config #1, error -71 [ 1123.917121][T13067] usbhid 4-1:0.0: can't add hid device: -32 [ 1123.940898][ T9769] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1123.944777][T13067] usbhid 4-1:0.0: probe with driver usbhid failed with error -32 [ 1124.675597][ T10] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1124.685839][ T10] usb 3-1: config 16 has no interfaces? [ 1124.692264][ T10] usb 3-1: language id specifier not provided by device, defaulting to English [ 1124.715463][ T5968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1124.732838][ T5922] usb 5-1: New USB device found, idVendor=0b05, idProduct=17e0, bcdDevice= 0.00 [ 1124.747297][ T10] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1124.785069][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1124.785087][ T5908] usb 6-1: USB disconnect, device number 3 [ 1124.858889][ T5922] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1125.068088][ T9769] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1125.104855][ T10] usb 3-1: USB disconnect, device number 62 [ 1125.440105][ T5922] usb 5-1: config 0 descriptor?? [ 1125.578266][ T9769] usb 4-1: USB disconnect, device number 92 [ 1126.115718][T14907] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1126.781940][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1127.754002][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1128.450866][ T9769] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1128.863113][ T5908] usb 4-1: new high-speed USB device number 93 using dummy_hcd [ 1128.999050][ T5922] usb 5-1: can't set config #0, error -71 [ 1129.047475][ T5922] usb 5-1: USB disconnect, device number 66 [ 1129.083356][ T5908] usb 4-1: Using ep0 maxpacket: 8 [ 1129.090668][ T5908] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1129.121457][ T5908] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1129.161360][ T5908] usb 4-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0x76, changing to 0x6 [ 1129.180530][ T5908] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x6 has an invalid bInterval 100, changing to 10 [ 1129.194862][T14942] FAULT_INJECTION: forcing a failure. [ 1129.194862][T14942] name failslab, interval 1, probability 0, space 0, times 0 [ 1129.195227][ T5908] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 24936, setting to 1024 [ 1129.230297][ T5908] usb 4-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1129.399239][ T5908] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1129.452505][T14942] CPU: 1 UID: 0 PID: 14942 Comm: syz.4.2441 Not tainted 6.16.0-rc7-syzkaller-00105-g2942242dde89 #0 PREEMPT(full) [ 1129.452530][T14942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1129.452541][T14942] Call Trace: [ 1129.452549][T14942] [ 1129.452556][T14942] dump_stack_lvl+0x189/0x250 [ 1129.452580][T14942] ? __pfx____ratelimit+0x10/0x10 [ 1129.452598][T14942] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1129.452616][T14942] ? __pfx__printk+0x10/0x10 [ 1129.452641][T14942] ? __pfx___might_resched+0x10/0x10 [ 1129.452659][T14942] ? fs_reclaim_acquire+0x7d/0x100 [ 1129.452683][T14942] should_fail_ex+0x414/0x560 [ 1129.452704][T14942] should_failslab+0xa8/0x100 [ 1129.452723][T14942] __kmalloc_noprof+0xcb/0x4f0 [ 1129.452737][T14942] ? kfree+0x4d/0x440 [ 1129.452760][T14942] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1129.452785][T14942] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1129.452808][T14942] ? tomoyo_domain+0xda/0x130 [ 1129.452842][T14942] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1129.452859][T14942] tomoyo_path_number_perm+0x1e8/0x5a0 [ 1129.452879][T14942] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1129.452909][T14942] ? __lock_acquire+0xab9/0xd20 [ 1129.452943][T14942] ? __fget_files+0x2a/0x420 [ 1129.452966][T14942] ? __fget_files+0x2a/0x420 [ 1129.452988][T14942] ? __fget_files+0x3a0/0x420 [ 1129.453011][T14942] ? __fget_files+0x2a/0x420 [ 1129.453039][T14942] security_file_ioctl+0xcb/0x2d0 [ 1129.453067][T14942] __se_sys_ioctl+0x47/0x170 [ 1129.453104][T14942] do_syscall_64+0xfa/0x3b0 [ 1129.453130][T14942] ? lockdep_hardirqs_on+0x9c/0x150 [ 1129.453154][T14942] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1129.453177][T14942] ? clear_bhb_loop+0x60/0xb0 [ 1129.453205][T14942] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1129.453227][T14942] RIP: 0033:0x7f0eac98e9a9 [ 1129.453248][T14942] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1129.453270][T14942] RSP: 002b:00007f0ead775038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1129.453294][T14942] RAX: ffffffffffffffda RBX: 00007f0eacbb5fa0 RCX: 00007f0eac98e9a9 [ 1129.453312][T14942] RDX: 0000200000000040 RSI: 0000000000008916 RDI: 0000000000000003 [ 1129.453328][T14942] RBP: 00007f0ead775090 R08: 0000000000000000 R09: 0000000000000000 [ 1129.453343][T14942] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1129.453357][T14942] R13: 0000000000000000 R14: 00007f0eacbb5fa0 R15: 00007ffe5d006688 [ 1129.453392][T14942] [ 1129.703545][ T5908] hub 4-1:1.0: bad descriptor, ignoring hub [ 1129.709728][ T5908] hub 4-1:1.0: probe with driver hub failed with error -5 [ 1129.717949][ T5908] cdc_wdm 4-1:1.0: skipping garbage [ 1129.723595][ T5908] cdc_wdm 4-1:1.0: skipping garbage [ 1129.729942][ T5908] cdc_wdm 4-1:1.0: probe with driver cdc_wdm failed with error -22 [ 1129.776428][T14942] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1129.888875][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1130.861342][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1130.887558][ T5889] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1130.953490][ T5922] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1130.964457][ T5968] usb 4-1: USB disconnect, device number 93 [ 1131.815125][ T10] usb 5-1: new full-speed USB device number 67 using dummy_hcd [ 1132.003766][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1132.034116][ T10] usb 5-1: device descriptor read/64, error -71 [ 1132.289459][ T10] usb 5-1: new full-speed USB device number 68 using dummy_hcd [ 1132.379608][T14970] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1132.391313][T14970] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1132.402439][T14970] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1132.412644][T14970] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1132.474470][ T10] usb 5-1: device descriptor read/64, error -71 [ 1132.584215][ T10] usb usb5-port1: attempt power cycle [ 1133.533972][T14982] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1133.698498][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1133.910005][ T10] usb 5-1: new full-speed USB device number 69 using dummy_hcd [ 1134.032517][ T5889] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1134.348055][ T10] usb 5-1: device descriptor read/8, error -71 [ 1134.706922][T14992] ntfs3(nullb0): Primary boot signature is not NTFS. [ 1134.714507][T14992] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 1134.753323][ T9769] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1135.702131][T15000] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2454'. [ 1136.282276][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1137.069948][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1137.343108][ T5908] usb 4-1: new high-speed USB device number 94 using dummy_hcd [ 1137.364167][ T5922] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1138.174909][ T5908] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1138.174946][ T5908] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1138.189822][ T5908] usb 4-1: config 0 descriptor?? [ 1138.203869][ T5908] cp210x 4-1:0.0: cp210x converter detected [ 1138.582674][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1139.225432][T15028] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1139.594808][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1139.630667][T15030] overlayfs: missing 'lowerdir' [ 1140.198556][ T5968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1140.258407][ T5908] cp210x 4-1:0.0: failed to get vendor val 0x370b size 1: -71 [ 1140.313128][ T5908] cp210x 4-1:0.0: querying part number failed [ 1140.355458][ T5908] usb 4-1: cp210x converter now attached to ttyUSB0 [ 1140.759841][ T5968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1140.884567][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1140.894255][ T5908] usb 4-1: USB disconnect, device number 94 [ 1140.902300][T14059] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1141.152471][T15040] ntfs3(nullb0): Primary boot signature is not NTFS. [ 1141.163158][T15040] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 1141.176620][ T9769] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1141.185778][ T5889] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1141.186503][ T5908] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1141.226100][T15037] netlink: 'syz.0.2463': attribute type 7 has an invalid length. [ 1141.262507][ T5908] cp210x 4-1:0.0: device disconnected [ 1143.273360][ T5908] net_ratelimit: 1 callbacks suppressed [ 1143.273383][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1143.319640][ T5968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1143.990173][T15057] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1143.999535][T11315] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 1144.450856][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1145.527900][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1145.695033][T15079] futex_wake_op: syz.5.2473 tries to shift op by 144; fix this program [ 1146.548685][T14069] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1146.563547][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1146.698343][ T5889] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1146.708094][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1146.719145][T13067] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1147.006525][T15095] overlayfs: missing 'lowerdir' [ 1147.933262][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1148.272035][T15103] netlink: 'syz.2.2479': attribute type 10 has an invalid length. [ 1148.445203][T15103] 8021q: adding VLAN 0 to HW filter on device team0 [ 1148.689537][T15103] bond0: (slave team0): Enslaving as an active interface with an up link [ 1148.963131][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1149.304125][T15110] ntfs3(nullb0): Primary boot signature is not NTFS. [ 1149.313139][T15110] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 1149.848545][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1150.044778][T15115] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1150.218347][ T9769] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1151.898613][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1152.034237][ T10] usb 1-1: new high-speed USB device number 58 using dummy_hcd [ 1152.256305][ T10] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1152.282623][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1152.284787][T15135] sp0: Synchronizing with TNC [ 1152.315363][ T10] usb 1-1: config 0 descriptor?? [ 1152.483942][ T5968] usb 3-1: new high-speed USB device number 63 using dummy_hcd [ 1152.567818][ T10] cp210x 1-1:0.0: cp210x converter detected [ 1153.465681][ T5889] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1153.475728][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1153.508776][ T10] cp210x 1-1:0.0: failed to get vendor val 0x370b size 1: -71 [ 1153.523854][ T10] cp210x 1-1:0.0: querying part number failed [ 1153.547247][ T10] usb 1-1: cp210x converter now attached to ttyUSB0 [ 1153.555934][ T5968] usb 3-1: Using ep0 maxpacket: 8 [ 1153.571996][ T5968] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1153.588619][ T10] usb 1-1: USB disconnect, device number 58 [ 1153.600824][ T5968] usb 3-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e [ 1153.624431][ T5968] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1153.634807][ T5968] usb 3-1: Product: syz [ 1153.639049][ T5968] usb 3-1: Manufacturer: syz [ 1153.650824][ T10] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1153.677335][ T5968] usb 3-1: SerialNumber: syz [ 1153.687217][ T10] cp210x 1-1:0.0: device disconnected [ 1153.721398][ T5968] usb 3-1: config 0 descriptor?? [ 1153.756557][ T5968] snd_usb_toneport 3-1:0.0: Line 6 TonePort UX2 found [ 1153.873118][ T5908] usb 5-1: new high-speed USB device number 71 using dummy_hcd [ 1153.945596][ T5968] snd_usb_toneport 3-1:0.0: set_interface failed [ 1153.953793][ T9769] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 1153.956194][ T5968] snd_usb_toneport 3-1:0.0: Line 6 TonePort UX2 now disconnected [ 1153.970108][ T5968] snd_usb_toneport 3-1:0.0: probe with driver snd_usb_toneport failed with error -71 [ 1153.985666][ T5968] usb 3-1: USB disconnect, device number 63 [ 1154.013351][ T24] usb 4-1: new high-speed USB device number 95 using dummy_hcd [ 1154.023838][ T5908] usb 5-1: Using ep0 maxpacket: 8 [ 1154.047353][ T5908] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 1154.055962][ T5908] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1154.067102][ T5908] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1154.077697][ T5908] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 1154.089312][ T5908] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 1154.100523][ T5908] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1154.115108][ T9769] usb 6-1: Using ep0 maxpacket: 32 [ 1154.123422][ T5908] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1154.135778][ T5908] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1154.146565][ T9769] usb 6-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1154.163168][ T9769] usb 6-1: config 0 interface 0 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1154.189699][ T5908] usbtmc 5-1:16.0: probe with driver usbtmc failed with error -22 [ 1154.200624][ T9769] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1154.200789][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1154.218438][ T9769] usb 6-1: New USB device found, idVendor=28de, idProduct=1205, bcdDevice= 0.00 [ 1154.232728][ T9769] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1154.241301][ T24] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 1154.259757][ T24] usb 4-1: New USB device found, idVendor=045e, idProduct=0445, bcdDevice=df.97 [ 1154.271425][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1154.281065][ T9769] usb 6-1: config 0 descriptor?? [ 1154.287141][ T24] usb 4-1: Product: syz [ 1154.291745][ T24] usb 4-1: Manufacturer: syz [ 1154.301943][ T24] usb 4-1: SerialNumber: syz [ 1154.322709][ T24] usb 4-1: config 0 descriptor?? [ 1154.423114][T13886] usb 3-1: new full-speed USB device number 64 using dummy_hcd [ 1154.553740][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1154.665097][T13886] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x1 has invalid maxpacket 1024, setting to 1023 [ 1154.690365][T13886] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1154.755582][T13886] usb 3-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e [ 1154.797843][T13886] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1154.919096][T13886] usb 3-1: Product: syz [ 1154.928081][T13886] usb 3-1: Manufacturer: syz [ 1154.953509][T15152] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1154.965264][T13886] usb 3-1: SerialNumber: syz [ 1155.026082][ T9769] hid-steam 0003:28DE:1205.000D: unknown main item tag 0x0 [ 1155.079504][T15152] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1155.090805][T13886] usb 3-1: config 0 descriptor?? [ 1155.099801][ T9769] hid-steam 0003:28DE:1205.000D: unknown main item tag 0x0 [ 1155.102606][T15152] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1155.124904][T15152] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1155.129673][T13886] snd_usb_toneport 3-1:0.0: Line 6 TonePort UX2 found [ 1155.152451][ T9769] hid-steam 0003:28DE:1205.000D: : USB HID v0.00 Device [HID 28de:1205] on usb-dummy_hcd.5-1/input0 [ 1155.223529][ T9769] hid-steam 0003:28DE:1205.000D: Steam Controller 'XXXXXXXXXX' connected [ 1155.255818][ T9769] input: Steam Deck as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:28DE:1205.000D/input/input34 [ 1155.309243][T13886] snd_usb_toneport 3-1:0.0: set_interface failed [ 1155.324577][T13886] snd_usb_toneport 3-1:0.0: Line 6 TonePort UX2 now disconnected [ 1155.334225][ T9769] input: Steam Deck Motion Sensors as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:28DE:1205.000D/input/input35 [ 1155.353945][T13886] snd_usb_toneport 3-1:0.0: probe with driver snd_usb_toneport failed with error -71 [ 1155.395084][T13886] usb 3-1: USB disconnect, device number 64 [ 1155.430745][ T9769] hid-steam 0003:28DE:1205.000E: unknown main item tag 0x0 [ 1155.444344][ T9769] hid-steam 0003:28DE:1205.000E: unknown main item tag 0x0 [ 1155.461031][ T9769] hid-steam 0003:28DE:1205.000E: hidraw0: USB HID v0.00 Device [HID 28de:1205] on usb-dummy_hcd.5-1/input0 [ 1155.535393][T15152] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1155.585580][T15152] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1155.786515][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1156.394654][ T5968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1156.421987][ T24] usb 4-1: USB disconnect, device number 95 [ 1156.428179][ T5908] usb 6-1: reset high-speed USB device number 4 using dummy_hcd [ 1156.621526][T13886] usb 5-1: USB disconnect, device number 71 [ 1156.665759][ T5968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1156.860712][T15180] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1157.309844][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1158.264310][ T9769] usb 6-1: USB disconnect, device number 4 [ 1158.295691][T13886] usb 5-1: new high-speed USB device number 72 using dummy_hcd [ 1159.063209][T13886] usb 5-1: Using ep0 maxpacket: 8 [ 1159.106491][T15192] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2502'. [ 1159.343462][T13886] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 1159.365024][T13886] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 1159.382309][ T5922] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1159.799975][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1160.350566][T13886] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1160.363210][T13886] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1160.374827][T13886] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1160.403342][ T5922] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1160.500994][T13886] usb 5-1: unable to read config index 1 descriptor/start: -71 [ 1160.517965][ T9769] hid-steam 0003:28DE:1205.000D: Steam Controller 'XXXXXXXXXX' disconnected [ 1160.576212][T15205] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2505'. [ 1161.008945][T13886] usb 5-1: can't read configurations, error -71 [ 1161.366179][T15215] fuse: Bad value for 'max_read' [ 1161.442922][ T5922] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1162.251404][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1162.270367][T15220] netlink: 'syz.5.2510': attribute type 7 has an invalid length. [ 1162.283403][T15220] : entered promiscuous mode [ 1162.599776][T13886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1163.871316][T13886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1164.896309][ T9769] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1165.395420][ T5889] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1166.174487][ T10] usb 4-1: new high-speed USB device number 96 using dummy_hcd [ 1166.185598][ T5968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1166.325484][ T9769] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1166.376769][ T10] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1166.472616][ T10] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1166.528512][ T10] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1166.670873][T15283] netlink: 'syz.4.2525': attribute type 7 has an invalid length. [ 1166.798563][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1166.842380][T15267] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1167.220911][ T10] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 1167.420210][ T9769] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1167.746045][T15289] netlink: 'syz.3.2524': attribute type 20 has an invalid length. [ 1167.867461][T15289] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1167.884555][T15289] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1168.474823][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1168.489033][ T9769] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1169.516564][ T9769] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1169.652121][ T10] usb 4-1: USB disconnect, device number 96 [ 1169.670442][T15299] netlink: 'syz.4.2529': attribute type 10 has an invalid length. [ 1170.474388][T15315] netlink: 'syz.3.2534': attribute type 21 has an invalid length. [ 1170.563716][T13886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1171.000626][T15319] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2535'. [ 1171.514707][ T5968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1171.553251][T13886] usb 4-1: new high-speed USB device number 97 using dummy_hcd [ 1171.593910][ T5922] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1171.666988][T15325] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2537'. [ 1171.713355][T13886] usb 4-1: Using ep0 maxpacket: 16 [ 1171.747848][T13886] usb 4-1: config 0 interface 0 altsetting 3 endpoint 0x81 has an invalid bInterval 32, changing to 9 [ 1172.146215][T13886] usb 4-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1172.207135][T13886] usb 4-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1172.269778][T13886] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1172.299760][T13886] usb 4-1: New USB device found, idVendor=0b05, idProduct=17e0, bcdDevice= 0.00 [ 1172.313473][T13886] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1172.337653][T13886] usb 4-1: config 0 descriptor?? [ 1172.473333][ T5922] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1172.556209][T13886] usbhid 4-1:0.0: can't add hid device: -71 [ 1172.583968][T13886] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 1172.820353][T15334] FAULT_INJECTION: forcing a failure. [ 1172.820353][T15334] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1172.861882][T15334] CPU: 0 UID: 0 PID: 15334 Comm: syz.4.2540 Not tainted 6.16.0-rc7-syzkaller-00105-g2942242dde89 #0 PREEMPT(full) [ 1172.861918][T15334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1172.861930][T15334] Call Trace: [ 1172.861941][T15334] [ 1172.861949][T15334] dump_stack_lvl+0x189/0x250 [ 1172.861972][T15334] ? irqentry_exit+0x74/0x90 [ 1172.861991][T15334] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1172.862015][T15334] ? dump_stack+0x9/0x20 [ 1172.862036][T15334] should_fail_ex+0x414/0x560 [ 1172.862062][T15334] _copy_from_user+0x2d/0xb0 [ 1172.862086][T15334] __sys_connect+0x123/0x440 [ 1172.862111][T15334] ? __pfx___sys_connect+0x10/0x10 [ 1172.862150][T15334] __x64_sys_connect+0x7a/0x90 [ 1172.862173][T15334] do_syscall_64+0xfa/0x3b0 [ 1172.862192][T15334] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1172.862208][T15334] ? asm_sysvec_call_function_single+0x1a/0x20 [ 1172.862224][T15334] ? clear_bhb_loop+0x60/0xb0 [ 1172.862243][T15334] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1172.862258][T15334] RIP: 0033:0x7f0eac98e9a9 [ 1172.862273][T15334] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1172.862287][T15334] RSP: 002b:00007f0ead733038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 1172.862306][T15334] RAX: ffffffffffffffda RBX: 00007f0eacbb6160 RCX: 00007f0eac98e9a9 [ 1172.862318][T15334] RDX: 0000000000000010 RSI: 0000200000000140 RDI: 0000000000000007 [ 1172.862329][T15334] RBP: 00007f0ead733090 R08: 0000000000000000 R09: 0000000000000000 [ 1172.862339][T15334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1172.862349][T15334] R13: 0000000000000000 R14: 00007f0eacbb6160 R15: 00007ffe5d006688 [ 1172.862372][T15334] [ 1173.083395][T13886] usb 4-1: USB disconnect, device number 97 [ 1173.085344][T15333] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2540'. [ 1173.100975][T15333] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2540'. [ 1173.310984][T13886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1173.593140][ T5922] usb 1-1: new high-speed USB device number 59 using dummy_hcd [ 1173.733391][T13886] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 1173.755195][ T5922] usb 1-1: Using ep0 maxpacket: 8 [ 1173.874171][ T5922] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1173.923107][T13886] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1174.360247][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1174.474671][ T5922] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1174.501440][T15344] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2544'. [ 1174.508217][T13886] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 1174.543468][ T5922] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 1174.558541][T11315] Bluetooth: hci5: command 0x0406 tx timeout [ 1174.587797][T13886] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1174.605974][ T5922] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 1174.648135][T13886] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 1174.664268][ T5922] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1174.697175][ T30] audit: type=1326 audit(1753458584.892:1510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15347 comm="syz.4.2546" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0eac98e9a9 code=0x0 [ 1174.720945][T13886] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 1174.739688][ T5922] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1174.759508][ T5922] hub 1-1:1.0: bad descriptor, ignoring hub [ 1174.767014][ T5968] usb 4-1: new high-speed USB device number 98 using dummy_hcd [ 1174.774056][T13886] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1174.790620][ T5922] hub 1-1:1.0: probe with driver hub failed with error -5 [ 1174.798460][T13886] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1174.813747][ T5922] cdc_wdm 1-1:1.0: skipping garbage [ 1174.821523][T13886] usb 6-1: Product: syz [ 1174.830168][ T5922] cdc_wdm 1-1:1.0: skipping garbage [ 1174.836398][T13886] usb 6-1: Manufacturer: syz [ 1174.861802][ T5922] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 1174.872479][T13886] cdc_wdm 6-1:1.0: skipping garbage [ 1174.881120][T13886] cdc_wdm 6-1:1.0: skipping garbage [ 1174.893065][ T5922] cdc_wdm 1-1:1.0: Unknown control protocol [ 1174.919096][T13886] cdc_wdm 6-1:1.0: cdc-wdm1: USB WDM device [ 1174.940410][ T5968] usb 4-1: Using ep0 maxpacket: 16 [ 1174.940759][T13886] cdc_wdm 6-1:1.0: Unknown control protocol [ 1174.966518][ T5968] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1174.996168][T15336] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1175.004491][ T5968] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1175.015317][T15336] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1175.058466][ T5968] usb 4-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00 [ 1175.071599][ T5968] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1175.114616][ T5968] usb 4-1: config 0 descriptor?? [ 1175.123238][T13886] usb 6-1: USB disconnect, device number 5 [ 1175.236239][T15364] netlink: 'syz.4.2549': attribute type 10 has an invalid length. [ 1175.434571][ T5922] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1175.514875][ T5889] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1175.545791][T15336] usb 1-1: reset high-speed USB device number 59 using dummy_hcd [ 1175.580284][ T5968] playstation 0003:054C:05C4.000F: hidraw0: USB HID v0.00 Device [HID 054c:05c4] on usb-dummy_hcd.3-1/input0 [ 1175.722675][ T5889] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1175.741396][T15336] usb 1-1: device firmware changed [ 1175.816133][ T10] usb 1-1: USB disconnect, device number 59 [ 1175.826958][T15336] cdc_wdm 1-1:1.0: Error autopm - -16 [ 1175.877685][ T5968] playstation 0003:054C:05C4.000F: Failed to retrieve feature with reportID 18: -71 [ 1175.932131][ T5968] playstation 0003:054C:05C4.000F: Failed to retrieve DualShock4 pairing info: -71 [ 1175.946876][ T5968] playstation 0003:054C:05C4.000F: Failed to get MAC address from DualShock4 [ 1175.958899][ T5968] playstation 0003:054C:05C4.000F: Failed to create dualshock4. [ 1175.981195][ T5968] playstation 0003:054C:05C4.000F: probe with driver playstation failed with error -71 [ 1176.033774][ T10] usb 1-1: new high-speed USB device number 60 using dummy_hcd [ 1176.046295][T15361] netlink: 'syz.4.2549': attribute type 2 has an invalid length. [ 1176.066097][T15361] netlink: 'syz.4.2549': attribute type 1 has an invalid length. [ 1176.066365][ T5968] usb 4-1: USB disconnect, device number 98 [ 1176.203149][T13886] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 1176.214614][ T10] usb 1-1: Using ep0 maxpacket: 8 [ 1176.227193][ T10] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1176.267463][ T10] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1176.277962][ T10] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 1176.294258][ T10] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 1176.307543][ T10] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1176.320559][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1176.371195][ T10] usb 1-1: can't set config #1, error -71 [ 1176.398445][T13886] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1176.408492][ T10] usb 1-1: USB disconnect, device number 60 [ 1176.426498][T13886] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 1176.447699][T13886] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1176.473921][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1176.494610][T13886] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 1176.533171][T13886] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 1177.143212][T13886] usb 6-1: string descriptor 0 read error: -71 [ 1177.179957][T13886] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1177.220901][T13886] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1177.246132][T15376] netlink: 'syz.3.2551': attribute type 10 has an invalid length. [ 1177.273127][T13886] usb 6-1: can't set config #1, error -71 [ 1177.298989][T15379] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1177.315721][T13886] usb 6-1: USB disconnect, device number 6 [ 1177.330143][T15379] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1177.513250][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1178.554628][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1178.657533][T13886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1179.203263][T15392] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1179.212287][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1179.943328][T13886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1180.055797][ T5968] hid-generic 0000:0004:0000.0010: unknown main item tag 0x0 [ 1180.074496][ T5968] hid-generic 0000:0004:0000.0010: unknown main item tag 0x0 [ 1180.092467][ T5968] hid-generic 0000:0004:0000.0010: unknown main item tag 0x0 [ 1180.141738][ T5968] hid-generic 0000:0004:0000.0010: hidraw0: HID v0.00 Device [syz0] on syz0 [ 1180.994744][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1181.069214][T15398] fido_id[15398]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 1181.117289][T15409] FAULT_INJECTION: forcing a failure. [ 1181.117289][T15409] name failslab, interval 1, probability 0, space 0, times 0 [ 1181.175139][T15409] CPU: 1 UID: 0 PID: 15409 Comm: syz.4.2560 Not tainted 6.16.0-rc7-syzkaller-00105-g2942242dde89 #0 PREEMPT(full) [ 1181.175174][T15409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1181.175189][T15409] Call Trace: [ 1181.175198][T15409] [ 1181.175209][T15409] dump_stack_lvl+0x189/0x250 [ 1181.175241][T15409] ? __pfx____ratelimit+0x10/0x10 [ 1181.175266][T15409] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1181.175292][T15409] ? __pfx__printk+0x10/0x10 [ 1181.175329][T15409] ? __pfx___might_resched+0x10/0x10 [ 1181.175352][T15409] ? fs_reclaim_acquire+0x7d/0x100 [ 1181.175396][T15409] should_fail_ex+0x414/0x560 [ 1181.175425][T15409] ? file_tty_write+0x2a8/0x990 [ 1181.175453][T15409] should_failslab+0xa8/0x100 [ 1181.175480][T15409] __kvmalloc_node_noprof+0x161/0x5f0 [ 1181.175505][T15409] ? file_tty_write+0x2a8/0x990 [ 1181.175540][T15409] file_tty_write+0x2a8/0x990 [ 1181.175581][T15409] do_iter_readv_writev+0x56b/0x7f0 [ 1181.175610][T15409] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 1181.175641][T15409] ? bpf_lsm_file_permission+0x9/0x20 [ 1181.175667][T15409] ? security_file_permission+0x75/0x290 [ 1181.175695][T15409] ? rw_verify_area+0x258/0x650 [ 1181.175734][T15409] vfs_writev+0x31a/0x960 [ 1181.175767][T15409] ? __lock_acquire+0xab9/0xd20 [ 1181.175791][T15409] ? __pfx_vfs_writev+0x10/0x10 [ 1181.175836][T15409] ? __fget_files+0x2a/0x420 [ 1181.175869][T15409] ? __fget_files+0x3a0/0x420 [ 1181.175892][T15409] ? __fget_files+0x2a/0x420 [ 1181.175928][T15409] do_writev+0x14d/0x2d0 [ 1181.175960][T15409] ? __pfx_do_writev+0x10/0x10 [ 1181.175985][T15409] ? rcu_is_watching+0x15/0xb0 [ 1181.176017][T15409] ? do_syscall_64+0xbe/0x3b0 [ 1181.176049][T15409] do_syscall_64+0xfa/0x3b0 [ 1181.176073][T15409] ? lockdep_hardirqs_on+0x9c/0x150 [ 1181.176098][T15409] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1181.176121][T15409] ? clear_bhb_loop+0x60/0xb0 [ 1181.176149][T15409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1181.176177][T15409] RIP: 0033:0x7f0eac98e9a9 [ 1181.176198][T15409] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1181.176219][T15409] RSP: 002b:00007f0ead775038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1181.176243][T15409] RAX: ffffffffffffffda RBX: 00007f0eacbb5fa0 RCX: 00007f0eac98e9a9 [ 1181.176261][T15409] RDX: 0000000000000001 RSI: 0000200000000340 RDI: 0000000000000003 [ 1181.176276][T15409] RBP: 00007f0ead775090 R08: 0000000000000000 R09: 0000000000000000 [ 1181.176291][T15409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1181.176305][T15409] R13: 0000000000000000 R14: 00007f0eacbb5fa0 R15: 00007ffe5d006688 [ 1181.176342][T15409] [ 1181.594650][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1181.849033][T15427] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2562'. [ 1182.807477][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1182.898459][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1183.917060][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1184.215497][T15434] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1184.633876][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1184.964510][T13886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1185.254107][T15459] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1185.263759][T15459] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1185.272869][T15459] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1185.282641][T15459] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1186.489037][T13886] net_ratelimit: 2301 callbacks suppressed [ 1186.489062][T13886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1186.987221][T15485] ntfs3(nullb0): Primary boot signature is not NTFS. [ 1186.996913][T15485] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 1187.550021][T15489] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2581'. [ 1187.611352][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1187.894487][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1187.895689][T15483] netlink: 'syz.5.2578': attribute type 1 has an invalid length. [ 1188.006779][T15494] ntfs3(nullb0): Primary boot signature is not NTFS. [ 1188.016587][T15494] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 1188.661121][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1189.547341][T11615] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1189.562184][T13886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1189.571414][ T5922] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1189.970057][T15506] evm: overlay not supported [ 1190.813147][T13886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1191.034087][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1191.093335][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1191.758299][T15525] FAULT_INJECTION: forcing a failure. [ 1191.758299][T15525] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1191.809710][T15525] CPU: 0 UID: 0 PID: 15525 Comm: syz.4.2590 Not tainted 6.16.0-rc7-syzkaller-00105-g2942242dde89 #0 PREEMPT(full) [ 1191.809745][T15525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1191.809759][T15525] Call Trace: [ 1191.809768][T15525] [ 1191.809779][T15525] dump_stack_lvl+0x189/0x250 [ 1191.809812][T15525] ? __pfx____ratelimit+0x10/0x10 [ 1191.809838][T15525] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1191.809872][T15525] ? __pfx__printk+0x10/0x10 [ 1191.809901][T15525] ? __might_fault+0xb0/0x130 [ 1191.809935][T15525] should_fail_ex+0x414/0x560 [ 1191.809965][T15525] _copy_from_user+0x2d/0xb0 [ 1191.809996][T15525] __sys_bpf+0x1ed/0x860 [ 1191.810031][T15525] ? __pfx___sys_bpf+0x10/0x10 [ 1191.810078][T15525] ? ksys_write+0x22a/0x250 [ 1191.810103][T15525] ? __pfx_ksys_write+0x10/0x10 [ 1191.810122][T15525] ? rcu_is_watching+0x15/0xb0 [ 1191.810155][T15525] __x64_sys_bpf+0x7c/0x90 [ 1191.810186][T15525] do_syscall_64+0xfa/0x3b0 [ 1191.810211][T15525] ? lockdep_hardirqs_on+0x9c/0x150 [ 1191.810234][T15525] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1191.810257][T15525] ? clear_bhb_loop+0x60/0xb0 [ 1191.810285][T15525] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1191.810308][T15525] RIP: 0033:0x7f0eac98e9a9 [ 1191.810328][T15525] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1191.810348][T15525] RSP: 002b:00007f0ead775038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1191.810372][T15525] RAX: ffffffffffffffda RBX: 00007f0eacbb5fa0 RCX: 00007f0eac98e9a9 [ 1191.810389][T15525] RDX: 000000000000006d RSI: 00002000000000c0 RDI: 0000000000000005 [ 1191.810404][T15525] RBP: 00007f0ead775090 R08: 0000000000000000 R09: 0000000000000000 [ 1191.810418][T15525] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1191.810431][T15525] R13: 0000000000000000 R14: 00007f0eacbb5fa0 R15: 00007ffe5d006688 [ 1191.810464][T15525] [ 1192.142426][T13886] net_ratelimit: 2 callbacks suppressed [ 1192.142449][T13886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1193.203812][T13886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1193.369409][T15545] Oops: general protection fault, probably for non-canonical address 0xdffffc000000005f: 0000 [#1] SMP KASAN PTI [ 1193.381396][T15545] KASAN: null-ptr-deref in range [0x00000000000002f8-0x00000000000002ff] [ 1193.389873][T15545] CPU: 0 UID: 0 PID: 15545 Comm: syz.4.2595 Not tainted 6.16.0-rc7-syzkaller-00105-g2942242dde89 #0 PREEMPT(full) [ 1193.403401][T15545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1193.418841][T15545] RIP: 0010:h5_recv+0x146/0x8d0 [ 1193.424179][T15545] Code: 18 48 c1 ea 03 48 89 54 24 28 48 89 d8 48 c1 e8 03 48 89 44 24 50 44 89 64 24 14 48 b8 00 00 00 00 00 fc ff df 48 8b 4c 24 30 <80> 3c 01 00 74 08 4c 89 ef e8 1c 6d c9 f9 4d 8b 65 00 31 ff 4c 89 [ 1193.444963][T15545] RSP: 0018:ffffc90003f8fc40 EFLAGS: 00010202 [ 1193.451071][T15545] RAX: dffffc0000000000 RBX: 00000000000002e8 RCX: 000000000000005f [ 1193.459266][T15545] RDX: 000000000000005e RSI: 0000000000000001 RDI: 0000000000000000 [ 1193.467260][T15545] RBP: ffffc90003f8fd60 R08: ffff88802730f01f R09: 1ffff11004e61e03 [ 1193.475261][T15545] R10: dffffc0000000000 R11: ffffffff88569e90 R12: 0000000000000001 [ 1193.483363][T15545] R13: 00000000000002f8 R14: ffff88802730f010 R15: ffffc90003f8fe00 [ 1193.491366][T15545] FS: 00007f0ead7546c0(0000) GS:ffff888125c57000(0000) knlGS:0000000000000000 [ 1193.500875][T15545] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1193.507490][T15545] CR2: 00007f0ead753f98 CR3: 0000000079220000 CR4: 00000000003526f0 [ 1193.515500][T15545] Call Trace: [ 1193.518842][T15545] [ 1193.521809][T15545] ? __pfx_h5_recv+0x10/0x10 [ 1193.526435][T15545] ? rcu_read_lock_any_held+0xb3/0x120 [ 1193.531936][T15545] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 1193.537865][T15545] ? tty_audit_push+0x7c/0x250 [ 1193.543106][T15545] hci_uart_tty_receive+0x194/0x220 [ 1193.548339][T15545] ? __pfx_hci_uart_tty_receive+0x10/0x10 [ 1193.554208][T15545] tiocsti+0x23c/0x2c0 [ 1193.558771][T15545] ? __pfx_tiocsti+0x10/0x10 [ 1193.563515][T15545] ? __fget_files+0x2a/0x420 [ 1193.568438][T15545] ? __fget_files+0x3a0/0x420 [ 1193.573165][T15545] ? __fget_files+0x2a/0x420 [ 1193.577783][T15545] tty_ioctl+0x626/0xde0 [ 1193.582199][T15545] ? __pfx_tty_ioctl+0x10/0x10 [ 1193.587727][T15545] __se_sys_ioctl+0xfc/0x170 [ 1193.592359][T15545] do_syscall_64+0xfa/0x3b0 [ 1193.597068][T15545] ? lockdep_hardirqs_on+0x9c/0x150 [ 1193.603077][T15545] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1193.609349][T15545] ? clear_bhb_loop+0x60/0xb0 [ 1193.614319][T15545] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1193.620243][T15545] RIP: 0033:0x7f0eac98e9a9 [ 1193.624684][T15545] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1193.644322][T15545] RSP: 002b:00007f0ead754038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1193.652771][T15545] RAX: ffffffffffffffda RBX: 00007f0eacbb6080 RCX: 00007f0eac98e9a9 [ 1193.660855][T15545] RDX: 00002000000002c0 RSI: 0000000000005412 RDI: 0000000000000006 [ 1193.669292][T15545] RBP: 00007f0eaca10d69 R08: 0000000000000000 R09: 0000000000000000 [ 1193.677314][T15545] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1193.685307][T15545] R13: 0000000000000001 R14: 00007f0eacbb6080 R15: 00007ffe5d006688 [ 1193.693334][T15545] [ 1193.696390][T15545] Modules linked in: [ 1193.702333][T15545] ---[ end trace 0000000000000000 ]--- [ 1193.734223][T15545] RIP: 0010:h5_recv+0x146/0x8d0 [ 1193.739357][T15545] Code: 18 48 c1 ea 03 48 89 54 24 28 48 89 d8 48 c1 e8 03 48 89 44 24 50 44 89 64 24 14 48 b8 00 00 00 00 00 fc ff df 48 8b 4c 24 30 <80> 3c 01 00 74 08 4c 89 ef e8 1c 6d c9 f9 4d 8b 65 00 31 ff 4c 89 [ 1193.768556][T15541] syzkaller0: entered promiscuous mode [ 1193.775640][T15541] syzkaller0: entered allmulticast mode [ 1193.786583][T15545] RSP: 0018:ffffc90003f8fc40 EFLAGS: 00010202 [ 1193.792865][T15545] RAX: dffffc0000000000 RBX: 00000000000002e8 RCX: 000000000000005f [ 1193.802705][T15545] RDX: 000000000000005e RSI: 0000000000000001 RDI: 0000000000000000 [ 1193.812340][T15545] RBP: ffffc90003f8fd60 R08: ffff88802730f01f R09: 1ffff11004e61e03 [ 1193.826424][T15545] R10: dffffc0000000000 R11: ffffffff88569e90 R12: 0000000000000001 [ 1193.838239][T15545] R13: 00000000000002f8 R14: ffff88802730f010 R15: ffffc90003f8fe00 [ 1193.850283][T15545] FS: 00007f0ead7546c0(0000) GS:ffff888125c57000(0000) knlGS:0000000000000000 [ 1193.861239][T15545] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1193.873143][T15545] CR2: 0000200000002ec0 CR3: 0000000079220000 CR4: 00000000003526f0 [ 1193.881551][T15545] Kernel panic - not syncing: Fatal exception [ 1193.888018][T15545] Kernel Offset: disabled [ 1193.892360][T15545] Rebooting in 86400 seconds..