last executing test programs: 10.744711051s ago: executing program 1 (id=1717): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x5, &(0x7f0000000200)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000100)='mmap_lock_acquire_returned\x00', r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.numa_stat\x00', 0x275a, 0x0) write(r1, &(0x7f0000000200)="99", 0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x800001, 0x11, r1, 0x0) mount$9p_fd(0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)) 10.574680011s ago: executing program 1 (id=1720): r0 = syz_usb_connect$cdc_ncm(0x0, 0x76, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000402505a1a44000010203010902640002010000000904000001020d0000052406000105240000000d240f0100bd9100000000000006241a00001008241c0000000000090581030002000000090401", @ANYRESOCT], 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$WG_CMD_SET_DEVICE(r1, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000640)=ANY=[@ANYBLOB="5c020000", @ANYRES16, @ANYBLOB="01"], 0x25c}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = socket(0x2, 0x80805, 0x0) epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r8 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r8, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) sendmmsg$inet6(r8, &(0x7f0000007e40)=[{{&(0x7f0000000340)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1=0xe0000010}}, 0x1c, 0x0}}], 0x6c00, 0x0) mkdir(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r4, &(0x7f0000000100)={0x20000014}) sendmmsg$inet_sctp(r2, &(0x7f00000032c0)=[{&(0x7f0000002e40)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000100)="03", 0x1}], 0x1}], 0x1, 0x0) sendmmsg$inet_sctp(r2, &(0x7f00000032c0)=[{0x0, 0x0, &(0x7f00000004c0), 0x0, &(0x7f0000000000)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0xc}}], 0x30}], 0x1, 0x0) 9.051983387s ago: executing program 2 (id=1729): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000002340)=@delchain={0x184, 0x65, 0x0, 0x0, 0x0, {}, [@TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @TCA_RATE={0x6}, @filter_kind_options=@f_route={{0xa}, {0x13c, 0x2, [@TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_POLICE={0x4}, @TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_ACT={0x124, 0x6, [@m_ife={0x80, 0x0, 0x0, 0x0, {{0x8}, {0x58, 0x2, 0x0, 0x1, [@TCA_IFE_TYPE={0x6}, @TCA_IFE_PARMS={0x1c}, @TCA_IFE_METALST={0x14, 0x6, [@IFE_META_TCINDEX={0x4, 0x5, @void}, @IFE_META_SKBMARK={0x8}, @IFE_META_SKBMARK={0x4, 0x1, @void}]}, @TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}, @m_nat={0x2c, 0x0, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc}}}, @m_ctinfo={0x48, 0x0, 0x0, 0x0, {{0xb}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CTINFO_ACT={0x18}]}, {0x4}, {0xc}, {0xc}}}, @m_bpf={0x2c, 0x0, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}}]}, 0x184}}, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x1de) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000280)={0x0, 0x0}) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x400000000010001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000300)={@local, @multicast, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "7f00ef", 0x18, 0x2c, 0x0, @remote, @mcast2, {[], {0x0, 0x0, 0x18, 0x0, @wg=@data={0x4, 0x4}}}}}}}, 0x0) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r3, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) r4 = dup(r3) write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18) unshare(0x20000400) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x0, 0x13, r6, 0x0) r7 = socket$packet(0x11, 0x2, 0x300) r8 = socket$inet(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000080)={'macvlan0\x00', 0x0}) setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f00000004c0)={r9, 0x3, 0x6, @broadcast}, 0x10) setsockopt$packet_add_memb(r7, 0x107, 0x1, &(0x7f00000000c0)={r9, 0x3, 0x6, @random="cea0300a1672"}, 0x10) setsockopt$packet_add_memb(r7, 0x107, 0x1, &(0x7f0000000040)={r9, 0x1, 0x6, @dev}, 0x10) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000001c0)={{r5, 0xffffffffffffffff}, &(0x7f0000000140), &(0x7f0000000180)='%pi6 \x00'}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x8, 0x5, &(0x7f0000000000)=@framed={{}, [@map_val={0x18, 0x0, 0x2, 0x0, r10}]}, &(0x7f0000000040)='syzkaller\x00', 0x8, 0xff7, &(0x7f0000002e00)=""/4087}, 0x90) write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[{@cache_mmap}], [], 0x6b}}) chmod(&(0x7f0000000140)='./file0\x00', 0x0) sendto(0xffffffffffffffff, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) msgget$private(0x0, 0x6f6) 4.79414442s ago: executing program 1 (id=1731): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup(r2) ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000040)={0x3b, 0x0, [{0xc0010140}]}) 4.629897625s ago: executing program 2 (id=1734): r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000440)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x2, 0x0, 0x4, 0x0, @dev, @initdev={0xac, 0x1e, 0x0, 0x0}}}}}) 4.404053083s ago: executing program 2 (id=1737): sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000001680)=[{&(0x7f0000000000)=@in={0x2, 0x0, @loopback}, 0x10, 0x0}], 0x1, 0x0) r0 = socket$inet_sctp(0x2, 0x5, 0x84) sendto$inet(r0, &(0x7f0000000040)="10", 0x1, 0x0, &(0x7f0000000200)={0x2, 0x0, @private=0xa010102}, 0x10) sendto$inet(r0, &(0x7f0000000140)="98", 0x1, 0x0, &(0x7f0000000180)={0x2, 0x0, @rand_addr=0x64010101}, 0x10) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x54) setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000080)={r2}, 0x8) 4.353871415s ago: executing program 1 (id=1738): r0 = io_uring_setup(0x6804, &(0x7f0000000440)) mknod(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002380)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x8000}}) read$FUSE(r1, &(0x7f0000000200)={0x2020, 0x0, 0x0}, 0x2020) open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) write$FUSE_INIT(r1, &(0x7f0000002300)={0x50, 0x0, r2, {0x7, 0x9}}, 0x50) read$FUSE(r1, &(0x7f0000004580)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r1, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r3}, 0x10) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000002280), 0x0, 0x0) dup3(r4, r1, 0x0) open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, &(0x7f0000000300)={0x0, 0x3938700}, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 4.100938324s ago: executing program 0 (id=1741): r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setreuid(0x0, r1) setresuid(r1, 0xee00, 0x0) 4.005723958s ago: executing program 1 (id=1742): socket$nl_rdma(0x10, 0x3, 0x14) madvise(&(0x7f0000003000/0x1000)=nil, 0x7f7884acbfff, 0xd) sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)={0x88, 0x2, 0x0, 0x0, 0x0, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'vlan0\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'gre0\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'bond0\x00'}}]}, 0x88}, 0x1, 0x0, 0x0, 0x8015}, 0x0) r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d3e457201e040b40e73e000000010902120001000000000904", @ANYRESDEC=0x0, @ANYRES16], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000080)={0x24, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) 3.892088966s ago: executing program 0 (id=1743): socket$inet6(0xa, 0x2, 0x0) getgroups(0x0, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x18, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bf8100000000000007080000f8f7ffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000002000000b70500000800000085000000a500000095"], &(0x7f0000000300)='GPL\x00', 0x5, 0x1005, &(0x7f00000003c0)=""/4101}, 0x90) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x6, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="1802000000000000000000000000000085000000230000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0xbf, &(0x7f00000020c0)=""/191}, 0x80) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REG(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000240)={0xe8, r5, 0xd, 0x70bd26, 0x25dfdbfc, {}, [@NL80211_ATTR_REG_RULES={0x94, 0x22, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0xfffffeff}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x5}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0xb1}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x8}]}, {0x2c, 0x0, 0x0, 0x1, [@NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x1}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x7}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x7}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x101}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0xa3}]}, {0x3c, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x8}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x6}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x6}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x8}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x1}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0xbb4}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x6291}]}]}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x33}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x37}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x1}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x5f}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x4a}, @NL80211_ATTR_DFS_REGION={0x5}, @NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'bb\x00'}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x59}]}, 0xe8}, 0x1, 0x0, 0x0, 0x4040080}, 0x800) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r3, r6, 0x25, 0x0, @val=@tcx={@link_id}}, 0x40) syz_emit_ethernet(0x1fc, &(0x7f0000001640)={@link_local, @dev, @void, {@ipv4={0x800, @gre={{0xc, 0x4, 0x2, 0x9, 0x1ee, 0x65, 0x0, 0x3f, 0x2f, 0x0, @remote, @empty, {[@timestamp={0x44, 0x1c, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x6, 0x8, 0x7ff]}]}}, {{0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x880b, 0x5c, 0x3, [], "d2cc0a3105785bc79a31a8d99d73fbcf3c94ec9c391ce190636f4c49619500a165432df6a7657d03ab59b5613d75cea180991b53f929ff2a9bcea95730e93291a670fd0cedc1e0d50724bef8c3d9bebb5b350ee04ceb463b4e4a4717"}, {0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800, [0x30, 0x3f, 0x3]}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [], "8b48e538a2978474e8109d591cdebef6c5f55476ed1aad23f50fa4b87e297e02d60ae6fb0de1b3963c608f871176b2fa7d61cd849933b4ac9c4c109e5fdae7bd3a744646f75cc4c59b43fc896f092ae102f4232bb4f37e320db297a481fba193f21b3f81b7d5949e902793e02246206627a4f71fe1bce46ef7aa1f24b9de14297e98fd25bb1ffdb1f54f3308b35636b95d89a7f925fc783fb4f8641c31a8afbe4ea7386f2c9dc7f4d42be3ce272a25159a64d909be0cc05453c3e375fc08c1f42ccb1066d523cb07140082b6a7e66d22ba9e94fdaffcfb7c9066c55f655078eef8"}, {0x8, 0x88be, 0x1, {{0x1, 0x1, 0x7, 0x2, 0x0, 0x2, 0x6, 0xe6}, 0x1, {0x5}}}, {0x8, 0x22eb, 0x2, {{0x5, 0x2, 0x4, 0x3, 0x1, 0x3, 0x7, 0x4}, 0x2, {0x0, 0x5, 0x2, 0x14, 0x0, 0x1, 0x2, 0x1, 0x1}}}, {0x8, 0x6558, 0x3, "acedca5195967bf0ed671a5f2152e290c47af24bc18f65e8950f3ebd5c334b9d1de6b07901460bbe34f5db3e24ab41177fc85bb8cda6d0"}}}}}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='track_foreign_dirty\x00'}, 0x10) write$cgroup_int(r1, &(0x7f0000000000), 0x12) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_INTERFACE(r7, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000180)={0xfffffffffffffefa, 0x0, 0x2, 0x3, 0x0, {{}, {@void, @void, @val={0xc, 0x99, {0x100, 0x64}}}}, [@NL80211_ATTR_4ADDR={0x5}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}]}, 0x30}}, 0x4008840) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r9 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_VENDOR(r9, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001400)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r8, @ANYBLOB="010000000000000000006700000008000300", @ANYRES32=r10, @ANYBLOB], 0x1c}}, 0x0) 3.792565582s ago: executing program 0 (id=1744): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x5, &(0x7f0000000200)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000100)='mmap_lock_acquire_returned\x00', r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.numa_stat\x00', 0x275a, 0x0) write(r1, &(0x7f0000000200)="99", 0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x800001, 0x11, r1, 0x0) mount$9p_fd(0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)) 3.658817176s ago: executing program 0 (id=1746): r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030031000b12d25a80648c2594f90124fc60100c044002200600053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0) 3.528454013s ago: executing program 0 (id=1748): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x101, 0x7, 0xf, 0x108, 0x1, 0x80000000, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x3, 0x0, 0x9}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0xd, &(0x7f0000000000)=ANY=[@ANYBLOB="180200000000000000f2ffffff000000850000006100000018110000", @ANYRESHEX=0x0, @ANYRES32=r0], &(0x7f0000000080)='GPL\x00', 0x8000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200}, 0x90) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r2, 0x29, 0x33, &(0x7f0000000040)=0x200007b, 0x4) syz_emit_vhci(&(0x7f0000000440)=ANY=[@ANYRESOCT=r1], 0x27) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04ffa11b8e23930d0fe8348ffcef75bce7d9b48f6d960923cbf7a8c346b56201706e851dbb837a90da63a1a184eeadf19bed22369b13d3aabfc7e957c4b853377c27165423ff120df0a404e9ab76c7e0231ec9cc70dcb0179d4b69ba5c9c4f9fd6800966419f3f4a5ce2a688f5071b561bfc99bddc971e072ecaaa12333291f2bdb49c35059d907ce91abc39c6003f6e98cf3252d2858165ae3b67a8f3dc9339a6706880"], 0xa4) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e1f0a0000050000000000fc00ff00d87a970000100010000037ab7d818c7880beaf95677040357bab7d7a05c1bb0aa6aebef67ce4b0c51100f43ed1ed9f97ec6a859d46f82853825b67c84a908adca22e7266dfd4f239a3abbb98f982f6e8d4d652b4cc9d5fdab730c023e7cf262d889069e79c3ea45584d799dfdd019bf9611c91a31edc45c2f064bf78d886991b3c7941edf04673356b94520592b962a1dab9fa4c3c9d49d87496c1ce44b6dec02025820fb3ed3cc93d3d236c016a4253136fc97ff0e7026dc95bd3fc0a8e63f7da4659261c70f15ede"], 0x22) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000740)=ANY=[@ANYBLOB="347fff00b06e824c7fe8d4c9213f8720d98582ee3cbbec606f03a5f82103f2f2fc38a79a0d538a93d28741458edc5ff351533aced799cd22d46c0da5cacfa37c0d30ffb0babe5bbc07f328be368fc3b06d2190d176638175", @ANYRES16=r4, @ANYBLOB="01000000000000000000dfffffff08000300", @ANYRES32=r6, @ANYBLOB="08002600b40900000800a100000000000800270001000000"], 0x34}, 0x1, 0x0, 0x0, 0x4000081}, 0x0) syz_emit_vhci(&(0x7f00000003c0)=ANY=[@ANYBLOB="02c848eb966ca73e8178103abad144d016001200eaff0c0408000000ff0fcf147aff110502000200"], 0x1b) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="b60ffbfaa0119a3e2ff96243b56940e45bb6399c7c04961949cc76"], 0x7) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='freezer.parent_freezing\x00', 0x275a, 0x0) copy_file_range(r7, 0x0, r7, &(0x7f00000001c0), 0x0, 0x0) write$binfmt_script(r7, &(0x7f0000000400), 0x208e24b) syz_emit_vhci(&(0x7f0000000300)=ANY=[@ANYBLOB="02c90012000e000500000600d75b103e5ec84d084e22006cbe39cbdf5a162bd3c260c151db1f854380512e40392c37bee646a45434fab36c5c72d4d08e3238f9083428ce7c2c077ec338923390ac"], 0x17) syz_emit_vhci(0x0, 0xf) readahead(r7, 0x0, 0x5) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x9}}}, 0x7) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f0000001680)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000f0ffffff7a0af0ff0000002079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000010000006a0af2fe0000000085000000a3000000b700000000000000950001000000000000e154cd8445974b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87881c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f85db47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5b787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa99dac06b57479321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f37f3e2c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ac59dda0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c958559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7b9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b9243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d00000020000000ef19349ee7f31abc11c800000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fb4735efbf3411718d6ee7aebf9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da2022f23daec61854f640f701db0276652f6c74f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7e58ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec780f535e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab5009c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eee46eb20c20bb82aa31771cd379ec83554cea5e6539d85b980e358d81f2f2653c4d9818708e27c89b552d7fcd116bce9c764c714c9402c21d181aac59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4100000000000000749efd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b66b6a6f732a91f0e2e9120be61e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000002157a3609b6fd9843ee19ec647249a9375de5858818f3c2432e6ced4380217ac51a84a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8a6c769f952283a1f4e3842edb3d42c8ebc62887aa46e820a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f7f05b47d3e519f1634e8fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd809269f816fa748b20ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3a4a426a996d503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f9289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f05714a1d3ef29acd4d49b62339c10c2ec0dac4728288e78980c1184d8223edbccbf9258b7374e79a1f8bf3fb73c8c6dbb7bbdfc399847a11921f97eba0ea14c4fed9a71eedb97c02461792e3a49dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc30935455f6de5b64bcdfaf8ac04ce96c421e5dbc85e168d3559ab13df98163e39e4065e65a2f43412535d6f7c09830f3a086535bd07820e690d2755768612bb7330a8b285f2585892eaff1889a61ee0c2a6d1831d41805707bb43991d40feb5dd0700"/2726], &(0x7f0000000b80)='GPL\x00', 0x82f, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000040), 0x10}, 0x90) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={r8, 0xc0, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r9 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000), 0x48) r10 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7050000080000a8c5000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000a700000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x24) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={0xffffffffffffffff, 0x108, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 3.472437348s ago: executing program 3 (id=1749): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup(r2) ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000040)={0x3b, 0x0, [{0xc0010140}]}) 3.43729589s ago: executing program 4 (id=1750): r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000180)) ioctl$SG_IO(r0, 0x2285, &(0x7f00000005c0)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000240)="41000000a0b6", 0x0, 0x0, 0x0, 0x0, 0x0}) 3.418289164s ago: executing program 2 (id=1751): pipe(0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$inet_udp(0x2, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x41, &(0x7f0000000000)=0x200, 0x4) setsockopt$inet_tcp_int(r1, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000340)=[@window, @mss, @window, @timestamp, @sack_perm, @timestamp, @timestamp, @sack_perm], 0x8) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRESHEX=r0], 0x40) sendmsg$BATADV_CMD_GET_MESH(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[], 0x24}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendto$inet(r1, &(0x7f00000004c0)="3ce2de4d8d957a8de4e490b6cd03b988d4edef164bd3377aa381b5f50b7ca414516489f78cd7208982e9bde22b2b7c1c7606d565477f3db9d2b077283644c0f27ab52a863a42863e06944e40a0b3c5d21c8cbe102e7f726263f28aef1bc12a069063d4c30e8f329fdb36859be727fbef4314161e5fb5f01ae00a2634d5cdecca2089c62e32f4c919886b2b88d237e287318739bec0364caf15889f38a312ef6621c0f21709a4bf2b16274cf933f6ad8fcc9c2024bc1b4713f650e860f93ae93b2361956b3e80c38c5fd29b5c1b5d7ce67edc856a8dc0ba54cee53de9a48c131389426bd06ec7c695add357934fc0321f0d3d7982e4fe5a0039decc491a663afd02facb08dd9695f854c7b031d9af8bd7350897996b5208b23030cc0feb84570730eaf24b9f2ac05d0feb3be07a29f887095f36f3c8f0e77e45509acd14a5be4a1572dd4cd1231087b830fa03e071571d4abd694710ef140469cf6df8a59839aafe046a5bffb97e5247be901789eafd726ba090337a2c49207e6b900c7e982472e6aac70e5d52ca2c1bab47b1f6d00f9601e2281686c21f770ae96e0ffec4b30496d012fa00958f794cdbd721bd155cae87", 0x109e8, 0x805, 0x0, 0x6) ppoll(&(0x7f0000000080)=[{}], 0x1, 0x0, 0x0, 0x0) 3.348378351s ago: executing program 4 (id=1752): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_int(r1, 0x0, 0x33, &(0x7f0000000000)=0x80000000, 0x4) listen(r1, 0x0) setsockopt$inet_int(r0, 0x0, 0x33, &(0x7f0000000000)=0x80000000, 0x4) listen(r0, 0x0) 2.968364899s ago: executing program 4 (id=1753): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) listen(r1, 0x0) syz_emit_ethernet(0x9e, &(0x7f0000000080)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "101040", 0x68, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x1a, 0xc2, 0x0, 0x0, 0x0, {[@exp_smc={0xfe, 0x6}, @window={0x3, 0x3}, @sack_perm={0x4, 0x2}, @generic={0x8, 0x9, "8bfbd54ae56dd0"}, @generic={0x0, 0xd, "3816eb47eb1bad12f07e50"}, @fastopen={0x22, 0x12, "30ebaa254d6d4f4f0900000000000000"}, @md5sig={0x13, 0x12, "7232407c80067615774fdbb46eb86cc8"}, @generic={0x0, 0x8, "111fad03a743"}, @exp_fastopen={0xfe, 0x4}]}}}}}}}}, 0x0) 2.613165658s ago: executing program 3 (id=1754): socket$inet6(0xa, 0x2, 0x0) getgroups(0x0, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x18, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bf8100000000000007080000f8f7ffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000002000000b70500000800000085000000a500000095"], &(0x7f0000000300)='GPL\x00', 0x5, 0x1005, &(0x7f00000003c0)=""/4101}, 0x90) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x6, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="1802000000000000000000000000000085000000230000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0xbf, &(0x7f00000020c0)=""/191}, 0x80) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REG(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000240)={0xe8, r5, 0xd, 0x70bd26, 0x25dfdbfc, {}, [@NL80211_ATTR_REG_RULES={0x94, 0x22, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0xfffffeff}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x5}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0xb1}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x8}]}, {0x2c, 0x0, 0x0, 0x1, [@NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x1}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x7}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x7}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x101}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0xa3}]}, {0x3c, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x8}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x6}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x6}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x8}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x1}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0xbb4}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x6291}]}]}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x33}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x37}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x1}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x5f}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x4a}, @NL80211_ATTR_DFS_REGION={0x5}, @NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'bb\x00'}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x59}]}, 0xe8}, 0x1, 0x0, 0x0, 0x4040080}, 0x800) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r3, r6, 0x25, 0x0, @val=@tcx={@link_id}}, 0x40) syz_emit_ethernet(0x1fc, &(0x7f0000001640)={@link_local, @dev, @void, {@ipv4={0x800, @gre={{0xc, 0x4, 0x2, 0x9, 0x1ee, 0x65, 0x0, 0x3f, 0x2f, 0x0, @remote, @empty, {[@timestamp={0x44, 0x1c, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x6, 0x8, 0x7ff]}]}}, {{0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x880b, 0x5c, 0x3, [], "d2cc0a3105785bc79a31a8d99d73fbcf3c94ec9c391ce190636f4c49619500a165432df6a7657d03ab59b5613d75cea180991b53f929ff2a9bcea95730e93291a670fd0cedc1e0d50724bef8c3d9bebb5b350ee04ceb463b4e4a4717"}, {0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800, [0x30, 0x3f, 0x3]}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [], "8b48e538a2978474e8109d591cdebef6c5f55476ed1aad23f50fa4b87e297e02d60ae6fb0de1b3963c608f871176b2fa7d61cd849933b4ac9c4c109e5fdae7bd3a744646f75cc4c59b43fc896f092ae102f4232bb4f37e320db297a481fba193f21b3f81b7d5949e902793e02246206627a4f71fe1bce46ef7aa1f24b9de14297e98fd25bb1ffdb1f54f3308b35636b95d89a7f925fc783fb4f8641c31a8afbe4ea7386f2c9dc7f4d42be3ce272a25159a64d909be0cc05453c3e375fc08c1f42ccb1066d523cb07140082b6a7e66d22ba9e94fdaffcfb7c9066c55f655078eef8"}, {0x8, 0x88be, 0x1, {{0x1, 0x1, 0x7, 0x2, 0x0, 0x2, 0x6, 0xe6}, 0x1, {0x5}}}, {0x8, 0x22eb, 0x2, {{0x5, 0x2, 0x4, 0x3, 0x1, 0x3, 0x7, 0x4}, 0x2, {0x0, 0x5, 0x2, 0x14, 0x0, 0x1, 0x2, 0x1, 0x1}}}, {0x8, 0x6558, 0x3, "acedca5195967bf0ed671a5f2152e290c47af24bc18f65e8950f3ebd5c334b9d1de6b07901460bbe34f5db3e24ab41177fc85bb8cda6d0"}}}}}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='track_foreign_dirty\x00'}, 0x10) write$cgroup_int(r1, &(0x7f0000000000), 0x12) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_INTERFACE(r7, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000180)={0xfffffffffffffefa, 0x0, 0x2, 0x3, 0x0, {{}, {@void, @void, @val={0xc, 0x99, {0x100, 0x64}}}}, [@NL80211_ATTR_4ADDR={0x5}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}]}, 0x30}}, 0x4008840) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r9 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_VENDOR(r9, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001400)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r8, @ANYBLOB="010000000000000000006700000008000300", @ANYRES32=r10, @ANYBLOB], 0x1c}}, 0x0) 2.513705926s ago: executing program 0 (id=1755): mount(0x0, &(0x7f0000000140)='./bus\x00', 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) openat$dir(0xffffffffffffff9c, &(0x7f0000002a00)='./file0\x00', 0x0, 0x0) keyctl$KEYCTL_CAPABILITIES(0x1f, &(0x7f0000002180)=""/4089, 0xfffffffffffffd79) sched_setscheduler(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x5, &(0x7f0000000540)=0x40000000010001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) close(0xffffffffffffffff) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x26102, 0xa0) linkat(r0, &(0x7f0000000100)='./file0/file0\x00', r1, &(0x7f0000000280)='./bus\x00', 0x8ffcaea8338f1dd1) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, &(0x7f0000000040)="5766b1b827f600333b09d3748ee7d700", 0x10) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r3 = socket$kcm(0x11, 0x3, 0x0) sendmsg$kcm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000440)}], 0x1}, 0x0) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r4, 0x800448f0, &(0x7f0000000080)={0x0, 0x0, "6b8ee1", 0x1}) syz_usb_connect(0x0, 0x24, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x7) r5 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(r5, 0xc0d05605, &(0x7f00000002c0)={0x1, @pix_mp={0x0, 0x0, 0x52424752, 0x0, 0x0, [{}, {}, {}, {}, {}, {}, {}, {0x800, 0x8}]}}) ioctl$AUTOFS_IOC_ASKUMOUNT(r5, 0x80049370, &(0x7f00000001c0)) ppoll(&(0x7f00000000c0)=[{0xffffffffffffffff, 0x8064}], 0x1, 0x0, 0x0, 0x0) 2.382947855s ago: executing program 4 (id=1756): socket$inet_smc(0x2b, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_xfrm(0x10, 0x3, 0x6) socket(0x2, 0x2, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$alg(0x26, 0x5, 0x0) write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000001040)={0x9, {"a2e3ad21ed0d09f90e3d090987f70e06d038e7ff7fc6e5539b0d5b0e8b099b3f36006e090890e0878f0e1ac6e7f89b334d959b4a9a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d074a0936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0a6193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927eff7f3aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f05004b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee6157eb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de225727aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d78749a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8870b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae8489d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60299473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b00f1000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90d5943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) syz_open_procfs(0x0, &(0x7f00000000c0)='timerslack_ns\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.events\x00', 0x275a, 0x0) socket$netlink(0x10, 0x3, 0x0) pipe(&(0x7f0000000100)) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x1, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="7dbf230d000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a0001"], 0x64}}, 0x0) 2.381062943s ago: executing program 3 (id=1757): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0xc, 0xb, &(0x7f00000000c0)=ANY=[@ANYBLOB="18040000000000000000000000000000180000002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], &(0x7f00000005c0)='GPL\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001040)={r0, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000100)="b9ff03316844268cb89e14f00800", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x4c) 2.170127189s ago: executing program 2 (id=1758): r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030031000b12d25a80648c2594f90124fc60100c044002200600053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0) 2.128050175s ago: executing program 3 (id=1759): r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$inet_mreq(r0, 0x0, 0x20, 0xfffffffffffffffc, &(0x7f0000000780)) 1.995903694s ago: executing program 3 (id=1760): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0xfff) syz_emit_ethernet(0x4a, &(0x7f0000000440)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) syz_emit_ethernet(0x5a, &(0x7f0000000140)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a35f2", 0x24, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, {[@exp_smc={0xfe, 0x6}, @sack={0x5, 0xa, [0x0, 0x0]}]}}}}}}}}, 0x0) 1.994765111s ago: executing program 4 (id=1761): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x2}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000001000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r1}, 0xc) 1.958110818s ago: executing program 2 (id=1762): r0 = openat$dma_heap(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x400, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x0, 0x0, 0x0, 0x0, 0x2}, 0x90) shutdown(0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, 0x0, 0x0, 0x0, 0x0) open(0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5}, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) getrandom(&(0x7f0000000600)=""/274, 0xffffff4f, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) creat(&(0x7f0000000400)='./bus\x00', 0x0) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f00000000c0)={0x3, 0x0, &(0x7f0000000440)=""/234, &(0x7f0000000740)=""/224, &(0x7f0000000000)=""/31, 0x4000}) madvise(&(0x7f0000000000/0x400000)=nil, 0x40001e, 0x15) ioctl$DMA_HEAP_IOCTL_ALLOC(r0, 0x541b, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0) 1.836682804s ago: executing program 3 (id=1763): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ptrace$peeksig(0x4209, r0, &(0x7f00000003c0)={0x1, 0x0, 0x3}, &(0x7f0000019840)=[{}, {}, {}]) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000500)=ANY=[@ANYBLOB="88000000", @ANYRES16=r4, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r5, @ANYBLOB="6b00330080000000ffffffffffff080211"], 0x88}}, 0x0) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)={0x90, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x72, 0x33, @beacon={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x1}, {}, @broadcast}, 0x0, @default, 0x0, @val, @void, @void, @val={0x4, 0x6}, @val={0x6, 0x2}, @val={0x5, 0x7, {0xb7, 0xfa, 0x4, "9508af87"}}, @void, @void, @val={0x3c, 0x4}, @val={0x2d, 0x1a}, @void, @val={0x71, 0x7}, @val={0x76, 0x6, {0x0, 0x0, 0x12}}}}]}, 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) sched_setscheduler(r0, 0x0, &(0x7f0000000200)=0x800004) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r6 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r6, &(0x7f0000000580)=[{&(0x7f0000000640)=""/102396, 0xfffffd6e}, {&(0x7f0000019740)=""/242}], 0x2, 0x0, 0x0) mmap(&(0x7f0000941000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r6) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f00000001c0)={'batadv0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000240)={'batadv_slave_0\x00'}) sendmsg$BATADV_CMD_GET_GATEWAYS(r3, &(0x7f0000000480)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000440)={&(0x7f00000199c0)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES8=0x0, @ANYBLOB="000326bd7000fedbdf250a0000000a0009000180c20000030000050029000000000008002b001f02000008000300", @ANYRES32=r7, @ANYBLOB="1c003400000808000938eedd0a38476d93eebd566adb000600", @ANYBLOB="1fa20136f3698327f631ca1cbe1b74b5b1dcd31aeeece5d5fe7388e02dd710eb07ba92b048d6cc53ca638f615fb2f7d608d14508a5dc1ba861917be5a98db28c81f56539fc696d70610baccb55e753a9b4e419385a8f29c762891c9bb147dd410cef8ee8c268b83340c9f19b37ca50141f6cc7206bb5c415fe607640a6d73fa233aab614b20815b9047f5384e49e793d9643204e7a45206e044712b6952e559d154416972656da85a1df58a5c2fce729e42e0f2d46078eaece3443236cb6fbd87c1852e210808cdb2d310aa28fa335dc18", @ANYBLOB="0800340005000000050033000000000008002b0004130000"], 0x60}, 0x1, 0x0, 0x0, 0x4080}, 0x90) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) 1.792701645s ago: executing program 4 (id=1764): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup(r2) ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000040)={0x3b, 0x0, [{0xc0010140}]}) 0s ago: executing program 1 (id=1765): ioperm(0x0, 0x7, 0x4) keyctl$KEYCTL_MOVE(0x1e, 0x0, 0x0, 0x0, 0x403f9a06f1bb6827) kernel console output (not intermixed with test programs): 184.562332][ T7061] netlink: 20 bytes leftover after parsing attributes in process `syz.0.683'. [ 184.572149][ T7061] netlink: 12 bytes leftover after parsing attributes in process `syz.0.683'. [ 184.582584][ T7061] netlink: 20 bytes leftover after parsing attributes in process `syz.0.683'. [ 184.592487][ T7061] netlink: 12 bytes leftover after parsing attributes in process `syz.0.683'. [ 184.620710][ T7053] kvm: pic: non byte read [ 184.640448][ T7053] kvm: pic: non byte read [ 184.664357][ T7053] kvm: pic: non byte read [ 184.692475][ T7053] kvm: pic: non byte read [ 185.001017][ T7071] UBIFS error (pid: 7071): cannot open "ub ", error -22 [ 185.039630][ T7022] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 185.083726][ T7022] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 185.304142][ T7085] netlink: 20 bytes leftover after parsing attributes in process `syz.0.695'. [ 185.323464][ T7085] netlink: 12 bytes leftover after parsing attributes in process `syz.0.695'. [ 185.332423][ T7085] netlink: 20 bytes leftover after parsing attributes in process `syz.0.695'. [ 185.368119][ T7085] netlink: 12 bytes leftover after parsing attributes in process `syz.0.695'. [ 185.413239][ T25] usb 4-1: USB disconnect, device number 6 [ 186.542593][ T7106] UBIFS error (pid: 7106): cannot open "ub ", error -22 [ 186.553647][ T5618] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 186.610647][ T7099] kvm: pic: non byte read [ 186.634183][ T7099] kvm: pic: non byte read [ 186.654228][ T7099] kvm: pic: non byte read [ 186.663867][ T7099] kvm: pic: non byte read [ 186.775828][ T5618] usb 5-1: Using ep0 maxpacket: 8 [ 186.812143][ T5618] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xFB has invalid wMaxPacketSize 0 [ 186.844458][ T5618] usb 5-1: New USB device found, idVendor=2040, idProduct=0265, bcdDevice= f.71 [ 186.893482][ T5618] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 186.901564][ T5618] usb 5-1: Product: syz [ 186.943498][ T5618] usb 5-1: Manufacturer: syz [ 186.948171][ T5618] usb 5-1: SerialNumber: syz [ 186.975623][ T5618] usb 5-1: config 0 descriptor?? [ 187.158159][ T5618] IPVS: starting estimator thread 0... [ 187.363779][ T7123] IPVS: using max 15 ests per chain, 36000 per kthread [ 187.869705][ T5618] usb 5-1: USB disconnect, device number 6 [ 191.422261][ T7166] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 193.313612][ T5136] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 193.418993][ T7183] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 193.444586][ T7189] netlink: 40 bytes leftover after parsing attributes in process `syz.2.731'. [ 193.473134][ T7183] overlayfs: failed to set xattr on upper [ 193.489692][ T7183] overlayfs: ...falling back to redirect_dir=nofollow. [ 193.535404][ T7183] overlayfs: ...falling back to index=off. [ 193.562607][ T7183] overlayfs: ...falling back to uuid=null. [ 193.578484][ T5136] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 193.639612][ T5136] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 193.705107][ T5136] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 193.777223][ T5136] usb 4-1: New USB device found, idVendor=056a, idProduct=0314, bcdDevice= 0.00 [ 193.796975][ T5136] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 193.842460][ T5136] usb 4-1: config 0 descriptor?? [ 194.073845][ T5200] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 194.327432][ T5200] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7 [ 194.351972][ T5200] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xFF has invalid wMaxPacketSize 0 [ 194.353511][ T25] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 194.391870][ T5136] wacom 0003:056A:0314.0005: unknown main item tag 0x0 [ 194.400132][ T5200] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 194.454297][ T5136] wacom 0003:056A:0314.0005: Unknown device_type for 'HID 056a:0314'. Assuming pen. [ 194.475342][ T5200] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 194.510711][ T5136] wacom 0003:056A:0314.0005: hidraw0: USB HID v0.00 Device [HID 056a:0314] on usb-dummy_hcd.3-1/input0 [ 194.533973][ T5200] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 194.546918][ T25] usb 1-1: New USB device found, idVendor=0c45, idProduct=614a, bcdDevice=e6.af [ 194.570704][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 194.574819][ T5200] usb 5-1: config 0 descriptor?? [ 194.602249][ T5136] input: Wacom Intuos Pro S Pen as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:056A:0314.0005/input/input10 [ 194.604719][ T25] usb 1-1: config 0 descriptor?? [ 194.629143][ T25] gspca_main: sonixj-2.14.0 probing 0c45:614a [ 194.654252][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.661436][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.817689][ T5136] usb 4-1: USB disconnect, device number 7 [ 194.912579][ T7219] netlink: 40 bytes leftover after parsing attributes in process `syz.2.744'. [ 195.098154][ T5200] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 195.357519][ T5200] plantronics 0003:047F:FFFF.0006: No inputs registered, leaving [ 195.374467][ T5200] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 196.475224][ T7203] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 196.483808][ T8] usb 5-1: USB disconnect, device number 7 [ 196.514300][ T7203] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 196.568303][ T7248] netlink: 40 bytes leftover after parsing attributes in process `syz.2.756'. [ 196.713633][ T5090] Bluetooth: hci4: command 0x0406 tx timeout [ 196.713827][ T5086] Bluetooth: hci3: command 0x0406 tx timeout [ 196.759156][ T8] usb 1-1: USB disconnect, device number 5 [ 197.443020][ T7278] netlink: 40 bytes leftover after parsing attributes in process `syz.4.769'. [ 198.048846][ T5136] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 198.132120][ T7306] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 198.263720][ T5136] usb 5-1: Using ep0 maxpacket: 8 [ 198.281666][ T5136] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xFB has invalid wMaxPacketSize 0 [ 198.368006][ T7309] pim6reg0: tun_chr_ioctl cmd 2147767507 [ 198.378736][ T5136] usb 5-1: New USB device found, idVendor=2040, idProduct=0265, bcdDevice= f.71 [ 198.413047][ T5136] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 199.405772][ T5136] usb 5-1: Product: syz [ 199.452832][ T5136] usb 5-1: Manufacturer: syz [ 199.487859][ T5136] usb 5-1: SerialNumber: syz [ 199.762275][ T5136] usb 5-1: config 0 descriptor?? [ 200.502340][ T7326] xt_HMARK: proto mask must be zero with L3 mode [ 200.542860][ T7319] sp0: Synchronizing with TNC [ 200.589588][ T8] usb 5-1: USB disconnect, device number 8 [ 200.814319][ T25] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 201.946280][ T5134] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 201.953899][ T25] usb 4-1: device descriptor read/64, error -71 [ 202.188545][ T5134] usb 2-1: New USB device found, idVendor=093a, idProduct=2626, bcdDevice= d.b4 [ 202.242826][ T5134] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 202.285379][ T25] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 202.572044][ T5134] usb 2-1: config 0 descriptor?? [ 202.593954][ T25] usb 4-1: device descriptor read/64, error -71 [ 202.677071][ T5134] gspca_main: gspca_pac7302-2.14.0 probing 093a:2626 [ 202.798209][ T25] usb usb4-port1: attempt power cycle [ 203.119817][ T29] audit: type=1326 audit(1720226194.737:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7352 comm="syz.2.798" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7e79375bd9 code=0x0 [ 204.077563][ T5134] input: gspca_pac7302 as /devices/platform/dummy_hcd.1/usb2/2-1/input/input13 [ 204.190978][ T7372] binder: 7370:7372 ioctl 40085400 20000180 returned -22 [ 204.214749][ T7372] binder: 7370:7372 ioctl 8982 20000640 returned -22 [ 204.251213][ T7373] input: syz0 as /devices/virtual/input/input14 [ 204.287989][ T8] usb 2-1: USB disconnect, device number 6 [ 204.806961][ T25] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 204.853236][ T25] usb 4-1: Using ep0 maxpacket: 8 [ 205.671734][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xFB has invalid wMaxPacketSize 0 [ 205.702304][ T25] usb 4-1: New USB device found, idVendor=2040, idProduct=0265, bcdDevice= f.71 [ 205.711568][ T25] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 205.720368][ T25] usb 4-1: Product: syz [ 205.733634][ T25] usb 4-1: Manufacturer: syz [ 205.738336][ T25] usb 4-1: SerialNumber: syz [ 205.759579][ T25] usb 4-1: config 0 descriptor?? [ 205.924497][ T7406] netlink: 12 bytes leftover after parsing attributes in process `syz.4.817'. [ 206.501596][ T57] usb 4-1: USB disconnect, device number 10 [ 207.635811][ T5095] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 207.674519][ T5095] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 207.724881][ T5095] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 207.825583][ T5095] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 207.834413][ T5095] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 207.845425][ T5095] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 208.767122][ T5096] syz-executor (5096) used greatest stack depth: 17936 bytes left [ 209.133744][ T5711] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 209.196446][ T7444] pim6reg1: entered promiscuous mode [ 209.214674][ T57] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 209.224400][ T7444] pim6reg1: entered allmulticast mode [ 209.752152][ T5711] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 210.005945][ T5095] Bluetooth: hci5: command tx timeout [ 210.156890][ T5711] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 210.469242][ T57] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 210.494078][ T5711] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 210.528819][ T57] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 210.541852][ T57] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 210.575182][ T57] usb 3-1: Product: syz [ 210.580162][ T57] usb 3-1: Manufacturer: syz [ 210.623850][ T57] usb 3-1: SerialNumber: syz [ 210.931058][ T7467] netlink: 'syz.3.837': attribute type 1 has an invalid length. [ 210.976809][ T7467] netlink: 9352 bytes leftover after parsing attributes in process `syz.3.837'. [ 211.012969][ T7467] netlink: 'syz.3.837': attribute type 1 has an invalid length. [ 211.022107][ T7467] netlink: 12 bytes leftover after parsing attributes in process `syz.3.837'. [ 211.061649][ T7473] netlink: 16 bytes leftover after parsing attributes in process `syz.0.840'. [ 211.121897][ T5711] bridge_slave_1: left allmulticast mode [ 211.128760][ T5711] bridge_slave_1: left promiscuous mode [ 211.140710][ T5711] bridge0: port 2(bridge_slave_1) entered disabled state [ 211.173667][ T5711] bridge_slave_0: left allmulticast mode [ 211.179377][ T5711] bridge_slave_0: left promiscuous mode [ 211.198779][ T5711] bridge0: port 1(bridge_slave_0) entered disabled state [ 211.933484][ T57] cdc_ncm 3-1:1.0: failed to get mac address [ 212.153122][ T5084] Bluetooth: hci5: command tx timeout [ 212.165240][ T57] cdc_ncm 3-1:1.0: bind() failure [ 212.196270][ T57] cdc_ncm 3-1:1.1: probe with driver cdc_ncm failed with error -71 [ 212.210110][ T57] cdc_mbim 3-1:1.1: probe with driver cdc_mbim failed with error -71 [ 212.211694][ T5711] infiniband syz1: set down [ 212.228460][ T57] usbtest 3-1:1.1: probe with driver usbtest failed with error -71 [ 212.258784][ T57] usb 3-1: USB disconnect, device number 5 [ 213.089688][ T5711] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 213.096850][ T62] smc: removing ib device syz1 [ 213.162920][ T5711] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 213.212994][ T5711] bond0 (unregistering): Released all slaves [ 213.408226][ T8] infiniband syz1: ib_query_port failed (-19) [ 213.479894][ T7493] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 213.627400][ T7424] chnl_net:caif_netlink_parms(): no params data found [ 214.202455][ T7512] netlink: 16 bytes leftover after parsing attributes in process `syz.4.851'. [ 214.233915][ T5084] Bluetooth: hci5: command tx timeout [ 214.533232][ T5200] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 214.723582][ T5200] usb 4-1: Using ep0 maxpacket: 32 [ 214.857583][ T5200] usb 4-1: config index 0 descriptor too short (expected 156, got 27) [ 215.242557][ T5200] usb 4-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 215.582762][ T5200] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 215.612005][ T5200] usb 4-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 215.633402][ T5200] usb 4-1: config 0 interface 0 has no altsetting 0 [ 215.671457][ T5200] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 215.699832][ T5200] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 215.723847][ T7424] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.762857][ T5200] usb 4-1: Product: syz [ 215.777158][ T7424] bridge0: port 1(bridge_slave_0) entered disabled state [ 215.812005][ T5200] usb 4-1: Manufacturer: syz [ 215.852542][ T7424] bridge_slave_0: entered allmulticast mode [ 215.860035][ T5200] usb 4-1: SerialNumber: syz [ 216.028033][ T7424] bridge_slave_0: entered promiscuous mode [ 216.070126][ T7424] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.114710][ T5200] usb 4-1: config 0 descriptor?? [ 216.143533][ T7424] bridge0: port 2(bridge_slave_1) entered disabled state [ 216.150903][ T7424] bridge_slave_1: entered allmulticast mode [ 216.224872][ T5200] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 216.273193][ T5200] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 216.308216][ T7424] bridge_slave_1: entered promiscuous mode [ 216.314643][ T5084] Bluetooth: hci5: command tx timeout [ 216.384406][ T5200] usb 4-1: USB disconnect, device number 11 [ 216.519283][ T5200] ldusb 4-1:0.0: LD USB Device #0 now disconnected [ 216.948444][ T7424] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 217.031726][ T7424] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 217.969897][ T7424] team0: Port device team_slave_0 added [ 218.264523][ T7424] team0: Port device team_slave_1 added [ 218.685325][ T7424] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 218.707499][ T7424] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 218.737668][ T7424] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 218.795081][ T7424] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 218.802104][ T7424] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 218.830858][ T7424] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 219.183691][ T25] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 219.192475][ T5138] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 219.204440][ T57] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 219.448993][ T25] usb 3-1: New USB device found, idVendor=093a, idProduct=2626, bcdDevice= d.b4 [ 219.461468][ T5138] usb 4-1: Using ep0 maxpacket: 32 [ 219.513559][ T57] usb 1-1: Using ep0 maxpacket: 8 [ 219.581522][ T5138] usb 4-1: config index 0 descriptor too short (expected 156, got 27) [ 219.664517][ T57] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 219.679631][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 219.785540][ T5138] usb 4-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 219.873679][ T57] usb 1-1: config 0 has no interface number 0 [ 219.893821][ T57] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0xFE has an invalid bInterval 0, changing to 7 [ 219.929225][ T5138] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 219.972784][ T57] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 219.994556][ T25] usb 3-1: config 0 descriptor?? [ 219.999797][ T5138] usb 4-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 220.020248][ T57] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 220.035509][ T25] gspca_main: gspca_pac7302-2.14.0 probing 093a:2626 [ 220.049406][ T5138] usb 4-1: config 0 interface 0 has no altsetting 0 [ 220.059931][ T57] usb 1-1: config 0 descriptor?? [ 220.071056][ T5138] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 220.087807][ T57] iowarrior 1-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 220.098598][ T5138] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 220.109703][ T5138] usb 4-1: Product: syz [ 220.123368][ T5138] usb 4-1: Manufacturer: syz [ 220.143137][ T5138] usb 4-1: SerialNumber: syz [ 220.164050][ T5138] usb 4-1: config 0 descriptor?? [ 220.181994][ T5138] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 220.202269][ T5138] ldusb 4-1:0.0: LD USB Device #1 now attached to major 180 minor 1 [ 220.226118][ T7424] hsr_slave_0: entered promiscuous mode [ 220.286036][ T7424] hsr_slave_1: entered promiscuous mode [ 220.309278][ T7424] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 220.875427][ T7424] Cannot create hsr debugfs directory [ 221.119274][ T8] usb 4-1: USB disconnect, device number 12 [ 221.177194][ T8] ldusb 4-1:0.0: LD USB Device #1 now disconnected [ 221.292633][ T25] input: gspca_pac7302 as /devices/platform/dummy_hcd.2/usb3/3-1/input/input15 [ 221.426347][ T5711] hsr_slave_0: left promiscuous mode [ 221.456910][ T5711] hsr_slave_1: left promiscuous mode [ 221.482104][ T5711] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 221.517193][ T5711] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 221.568147][ T5711] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 221.612229][ T5711] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 221.639356][ T8] usb 3-1: USB disconnect, device number 6 [ 221.834506][ C1] iowarrior 1-1:0.1: iowarrior_callback - usb_submit_urb failed with result -1 [ 221.882634][ T5711] veth1_macvtap: left promiscuous mode [ 221.888448][ T5711] veth0_macvtap: left promiscuous mode [ 221.901887][ T5711] veth1_vlan: left promiscuous mode [ 221.907540][ T5711] veth0_vlan: left promiscuous mode [ 221.994711][ T7618] No such timeout policy "syz0" [ 222.753617][ T5136] usb 1-1: USB disconnect, device number 6 [ 222.767938][ T5136] iowarrior 1-1:0.1: I/O-Warror #0 now disconnected [ 223.295537][ T7634] [U] i [ 223.299028][ T7634] [U] % [ 223.301882][ T7634] [U] VA*L4jn$ [ 224.583610][ T8] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 224.650834][ T5711] team0 (unregistering): Port device team_slave_1 removed [ 224.787208][ T8] usb 5-1: Using ep0 maxpacket: 8 [ 224.798698][ T8] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 224.817857][ T8] usb 5-1: config 0 has no interface number 0 [ 224.851494][ T8] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0xFE has an invalid bInterval 0, changing to 7 [ 224.883997][ T5711] team0 (unregistering): Port device team_slave_0 removed [ 224.904554][ T8] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 224.914639][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 224.953918][ T8] usb 5-1: config 0 descriptor?? [ 224.975558][ T8] iowarrior 5-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 225.213396][ T5136] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 225.424244][ T5136] usb 4-1: Using ep0 maxpacket: 16 [ 225.448874][ T5136] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 225.477992][ T5136] usb 4-1: New USB device found, idVendor=046d, idProduct=0721, bcdDevice=9c.25 [ 225.525766][ T5136] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 225.608088][ T5136] usb 4-1: Product: syz [ 225.612444][ T5136] usb 4-1: Manufacturer: syz [ 225.617693][ T5136] usb 4-1: SerialNumber: syz [ 225.638790][ T5136] usb 4-1: config 0 descriptor?? [ 225.920587][ T5138] usb 4-1: USB disconnect, device number 13 [ 226.172765][ T7639] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 227.727818][ T5138] usb 5-1: USB disconnect, device number 9 [ 227.746451][ T5138] iowarrior 5-1:0.1: I/O-Warror #0 now disconnected [ 228.081118][ T7678] tipc: Started in network mode [ 228.095944][ T7678] tipc: Node identity f0, cluster identity 4711 [ 228.133557][ T7678] tipc: Node number set to 240 [ 228.173657][ T7691] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 228.197666][ T5711] IPVS: stop unused estimator thread 0... [ 228.671195][ T7424] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 228.687388][ T7424] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 228.711002][ T7424] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 228.775545][ T7424] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 228.950405][ T7714] ubi1: attaching mtd0 [ 228.955373][ T7714] ubi1 error: ubi_attach_mtd_dev: bad VID header (12) or data offsets (76) [ 228.977219][ T5136] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 229.928967][ T7424] 8021q: adding VLAN 0 to HW filter on device bond0 [ 229.945606][ T5200] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 229.953142][ T5200] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 229.978574][ T5200] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 229.992757][ T7424] 8021q: adding VLAN 0 to HW filter on device team0 [ 230.000034][ T5200] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 230.017246][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 230.024473][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 230.034172][ T5200] hid-generic 0000:0000:0000.0007: hidraw0: HID v0.00 Device [syz0] on syz0 [ 230.055107][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 230.062291][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 230.083826][ T5136] usb 3-1: Using ep0 maxpacket: 16 [ 230.103915][ T5136] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 230.182624][ T5136] usb 3-1: New USB device found, idVendor=046d, idProduct=0721, bcdDevice=9c.25 [ 230.205032][ T5136] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 230.213096][ T5136] usb 3-1: Product: syz [ 230.238997][ T7424] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 230.263188][ T5136] usb 3-1: Manufacturer: syz [ 230.269336][ T5136] usb 3-1: SerialNumber: syz [ 230.322126][ T5136] usb 3-1: config 0 descriptor?? [ 230.657520][ T25] usb 3-1: USB disconnect, device number 7 [ 230.971349][ T7742] debugfs: Directory 'netdev:nicvf0' with parent 'phy10' already present! [ 231.099542][ T7747] netlink: 20 bytes leftover after parsing attributes in process `syz.3.918'. [ 231.184132][ T7424] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 231.478839][ T7424] veth0_vlan: entered promiscuous mode [ 231.561544][ T7424] veth1_vlan: entered promiscuous mode [ 231.807774][ T7762] ubi1: attaching mtd0 [ 231.812083][ T7762] ubi1 error: ubi_attach_mtd_dev: bad VID header (12) or data offsets (76) [ 231.989168][ T7424] veth0_macvtap: entered promiscuous mode [ 232.868502][ T7424] veth1_macvtap: entered promiscuous mode [ 232.937891][ T7773] netlink: 4 bytes leftover after parsing attributes in process `syz.2.927'. [ 233.766195][ T7781] syz.2.927: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz2,mems_allowed=0-1 [ 233.766770][ T7781] CPU: 0 PID: 7781 Comm: syz.2.927 Not tainted 6.10.0-rc6-syzkaller-00210-gd270dd21bee0 #0 [ 233.766799][ T7781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 233.766818][ T7781] Call Trace: [ 233.766829][ T7781] [ 233.766841][ T7781] dump_stack_lvl+0x241/0x360 [ 233.766888][ T7781] ? __pfx_dump_stack_lvl+0x10/0x10 [ 233.766930][ T7781] ? __pfx__printk+0x10/0x10 [ 233.766971][ T7781] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 233.767007][ T7781] ? cpuset_print_current_mems_allowed+0x31e/0x350 [ 233.767045][ T7781] warn_alloc+0x278/0x410 [ 233.767074][ T7781] ? stack_depot_save_flags+0x6e4/0x830 [ 233.767109][ T7781] ? __vmalloc_node_range_noprof+0x10b/0x1460 [ 233.767144][ T7781] ? __pfx_warn_alloc+0x10/0x10 [ 233.767174][ T7781] ? kasan_save_track+0x3f/0x80 [ 233.767207][ T7781] ? __kasan_kmalloc+0x98/0xb0 [ 233.767242][ T7781] ? xsk_setsockopt+0x598/0x950 [ 233.767272][ T7781] ? do_sock_setsockopt+0x3af/0x720 [ 233.767300][ T7781] ? __sys_setsockopt+0x1ae/0x250 [ 233.767327][ T7781] ? __x64_sys_setsockopt+0xb5/0xd0 [ 233.767355][ T7781] ? do_syscall_64+0xf3/0x230 [ 233.767389][ T7781] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.767434][ T7781] __vmalloc_node_range_noprof+0x130/0x1460 [ 233.767500][ T7781] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 233.767540][ T7781] ? __kasan_kmalloc+0x98/0xb0 [ 233.767574][ T7781] ? xskq_create+0x54/0x170 [ 233.767610][ T7781] vmalloc_user_noprof+0x74/0x80 [ 233.767644][ T7781] ? xskq_create+0xb6/0x170 [ 233.767674][ T7781] xskq_create+0xb6/0x170 [ 233.767708][ T7781] xsk_init_queue+0xa1/0x100 [ 233.767744][ T7781] xsk_setsockopt+0x598/0x950 [ 233.767779][ T7781] ? __pfx_xsk_setsockopt+0x10/0x10 [ 233.767815][ T7781] ? __pfx_lock_acquire+0x10/0x10 [ 233.767841][ T7781] ? __fget_files+0x29/0x470 [ 233.767867][ T7781] ? __pfx_lock_release+0x10/0x10 [ 233.767890][ T7781] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 233.767914][ T7781] ? security_socket_setsockopt+0x87/0xb0 [ 233.767959][ T7781] ? __pfx_xsk_setsockopt+0x10/0x10 [ 233.767989][ T7781] do_sock_setsockopt+0x3af/0x720 [ 233.768028][ T7781] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 233.768056][ T7781] ? __fget_files+0x29/0x470 [ 233.768082][ T7781] ? __fget_files+0x3f6/0x470 [ 233.768120][ T7781] __sys_setsockopt+0x1ae/0x250 [ 233.768157][ T7781] __x64_sys_setsockopt+0xb5/0xd0 [ 233.768191][ T7781] do_syscall_64+0xf3/0x230 [ 233.768226][ T7781] ? clear_bhb_loop+0x35/0x90 [ 233.768264][ T7781] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.768298][ T7781] RIP: 0033:0x7f7e79375bd9 [ 233.768329][ T7781] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 233.768349][ T7781] RSP: 002b:00007f7e7a0d2048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 233.768376][ T7781] RAX: ffffffffffffffda RBX: 00007f7e79504110 RCX: 00007f7e79375bd9 [ 233.768395][ T7781] RDX: 0000000000000002 RSI: 000000000000011b RDI: 000000000000000a [ 233.768411][ T7781] RBP: 00007f7e793e4aa1 R08: 0000000000000020 R09: 0000000000000000 [ 233.768427][ T7781] R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000000 [ 233.768443][ T7781] R13: 000000000000006e R14: 00007f7e79504110 R15: 00007ffcfb454cb8 [ 233.768480][ T7781] [ 233.768491][ T7781] Mem-Info: [ 233.768507][ T7781] active_anon:280 inactive_anon:7481 isolated_anon:0 [ 233.768507][ T7781] active_file:4705 inactive_file:35745 isolated_file:0 [ 233.768507][ T7781] unevictable:768 dirty:241 writeback:0 [ 233.768507][ T7781] slab_reclaimable:8838 slab_unreclaimable:95481 [ 233.768507][ T7781] mapped:17901 shmem:4141 pagetables:850 [ 233.768507][ T7781] sec_pagetables:0 bounce:0 [ 233.768507][ T7781] kernel_misc_reclaimable:0 [ 233.768507][ T7781] free:1401585 free_pcp:2015 free_cma:0 [ 233.768571][ T7781] Node 0 active_anon:1120kB inactive_anon:29924kB active_file:18756kB inactive_file:142980kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:71604kB dirty:964kB writeback:0kB shmem:15028kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10324kB pagetables:3400kB sec_pagetables:0kB all_unreclaimable? no [ 233.768634][ T7781] Node 1 active_anon:0kB inactive_anon:0kB active_file:64kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 233.768692][ T7781] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 233.768758][ T7781] lowmem_reserve[]: 0 2571 2571 0 0 [ 233.768812][ T7781] Node 0 DMA32 free:1645940kB boost:0kB min:35108kB low:43884kB high:52660kB reserved_highatomic:0KB active_anon:1116kB inactive_anon:29792kB active_file:18484kB inactive_file:142928kB unevictable:1536kB writepending:960kB present:3129332kB managed:2659872kB mlocked:0kB bounce:0kB free_pcp:7432kB local_pcp:704kB free_cma:0kB [ 233.768881][ T7781] lowmem_reserve[]: 0 0 0 0 0 [ 233.768939][ T7781] Node 0 Normal free:0kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB active_anon:4kB inactive_anon:32kB active_file:272kB inactive_file:52kB unevictable:0kB writepending:4kB present:1048576kB managed:360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 233.769003][ T7781] lowmem_reserve[]: 0 0 0 0 0 [ 233.769055][ T7781] Node 1 Normal free:3945040kB boost:0kB min:54788kB low:68484kB high:82180kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:64kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194304kB managed:4109120kB mlocked:0kB bounce:0kB free_pcp:752kB local_pcp:752kB free_cma:0kB [ 233.769124][ T7781] lowmem_reserve[]: 0 0 0 0 0 [ 233.769176][ T7781] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 233.769397][ T7781] Node 0 DMA32: 230*4kB (U) 119*8kB (UME) 28*16kB (UME) 239*32kB (UM) 80*64kB (UME) 29*128kB (UME) 34*256kB (UME) 19*512kB (UME) 7*1024kB (UM) 4*2048kB (M) 389*4096kB (UM) = 1645936kB [ 233.769628][ T7781] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 233.769771][ T7781] Node 1 Normal: 1*4kB (U) 6*8kB (U) 11*16kB (U) 7*32kB (U) 3*64kB (UM) 2*128kB (U) 1*256kB (M) 1*512kB (M) 1*1024kB (U) 1*2048kB (U) 962*4096kB (M) = 3945092kB [ 233.770003][ T7781] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 233.770023][ T7781] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 233.770044][ T7781] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 233.770064][ T7781] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 233.770084][ T7781] 44591 total pagecache pages [ 233.770100][ T7781] 0 pages in swap cache [ 233.770110][ T7781] Free swap = 124184kB [ 233.770121][ T7781] Total swap = 124996kB [ 233.770131][ T7781] 2097051 pages RAM [ 233.770142][ T7781] 0 pages HighMem/MovableOnly [ 233.770151][ T7781] 400873 pages reserved [ 233.770161][ T7781] 0 pages cma reserved [ 233.881218][ T7424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 233.881242][ T7424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.881253][ T7424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 233.881266][ T7424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.881277][ T7424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 233.881291][ T7424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.881304][ T7424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 233.881317][ T7424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.882827][ T7424] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 233.895406][ T7424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 233.895428][ T7424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.895438][ T7424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 233.895477][ T7424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.895487][ T7424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 233.895499][ T7424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.895512][ T7424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 233.895524][ T7424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.897140][ T7424] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 233.954807][ T7424] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.954874][ T7424] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.954903][ T7424] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.954928][ T7424] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 234.397836][ T7792] sctp: [Deprecated]: syz.3.930 (pid 7792) Use of struct sctp_assoc_value in delayed_ack socket option. [ 234.397836][ T7792] Use struct sctp_sack_info instead [ 234.491180][ T5711] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 234.491208][ T5711] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 234.603101][ T5711] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 234.603128][ T5711] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 234.679253][ T7800] veth1_macvtap: left promiscuous mode [ 234.734002][ T7801] netlink: 4 bytes leftover after parsing attributes in process `syz.3.932'. [ 235.445463][ T7801] netlink: 72 bytes leftover after parsing attributes in process `syz.3.932'. [ 235.445491][ T7801] A link change request failed with some changes committed already. Interface veth1_macvtap may have been left with an inconsistent configuration, please check. [ 235.848808][ T7825] netlink: 'syz.2.938': attribute type 48 has an invalid length. [ 235.994066][ T25] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 236.219350][ T25] usb 2-1: Using ep0 maxpacket: 8 [ 236.226988][ T25] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 236.246775][ T25] usb 2-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 236.277407][ T25] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 236.297248][ T25] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 236.311184][ T25] usb 2-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 236.333493][ T5091] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 236.341343][ T25] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 236.372128][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 236.408543][ T25] usbtmc 2-1:16.0: bulk endpoints not found [ 236.545530][ T5091] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7 [ 236.562687][ T5091] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xFF has invalid wMaxPacketSize 0 [ 236.588058][ T5091] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 236.654659][ T5091] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 236.703737][ T5091] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 236.741085][ T5091] usb 1-1: config 0 descriptor?? [ 236.973753][ T5136] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 237.185356][ T5136] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 237.209287][ T5091] plantronics 0003:047F:FFFF.0008: No inputs registered, leaving [ 237.214432][ T5136] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 237.244096][ T5136] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 237.255841][ T5091] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 237.262946][ T5136] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 237.333123][ T5136] usb 3-1: config 0 descriptor?? [ 237.720303][ T7888] netlink: 56 bytes leftover after parsing attributes in process `syz.4.953'. [ 237.770137][ T5136] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 237.781748][ T5136] plantronics 0003:047F:FFFF.0009: No inputs registered, leaving [ 237.820210][ T5136] plantronics 0003:047F:FFFF.0009: hiddev1,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 238.008785][ T5138] usb 3-1: USB disconnect, device number 8 [ 238.261627][ T5091] usb 1-1: USB disconnect, device number 7 [ 239.006006][ T7922] No such timeout policy "syz0" [ 239.682352][ T57] usb 2-1: USB disconnect, device number 7 [ 241.553599][ T5136] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 241.748893][ T7971] can0: slcan on ptm0. [ 241.763374][ T5136] usb 1-1: Using ep0 maxpacket: 8 [ 242.611464][ T5136] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 242.640298][ T5136] usb 1-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 242.693507][ T5136] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 242.708890][ T5136] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 242.720767][ T5136] usb 1-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 242.749626][ T5136] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 242.777683][ T5136] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 242.856230][ T5136] usbtmc 1-1:16.0: bulk endpoints not found [ 243.004472][ T7960] can0 (unregistered): slcan off ptm0. [ 244.947911][ T8042] netlink: 'syz.2.998': attribute type 2 has an invalid length. [ 244.995162][ T8042] netlink: 'syz.2.998': attribute type 1 has an invalid length. [ 245.999776][ T8077] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 246.035395][ T8077] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 246.226061][ T5134] usb 1-1: USB disconnect, device number 8 [ 246.766314][ T8105] cannot load conntrack support for proto=3 [ 246.826157][ T8108] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 246.839410][ T8108] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 248.335351][ T8140] veth1_macvtap: left promiscuous mode [ 248.371663][ T8140] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1034'. [ 248.396748][ T8140] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1034'. [ 248.428665][ T8140] A link change request failed with some changes committed already. Interface veth1_macvtap may have been left with an inconsistent configuration, please check. [ 248.518136][ T29] audit: type=1800 audit(1720226240.137:24): pid=8143 uid=0 auid=9 ses=3 subj=_ op=collect_data cause=failed(directio) comm="syz.4.1035" name="bus" dev="overlay" ino=1259 res=0 errno=0 [ 248.826243][ T8151] cannot load conntrack support for proto=3 [ 252.303704][ T5135] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 252.467993][ T5095] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 252.480672][ T5095] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 252.498861][ T5095] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 252.506221][ T5135] usb 2-1: Using ep0 maxpacket: 8 [ 252.512968][ T5095] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 252.521100][ T5095] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 252.532005][ T5135] usb 2-1: New USB device found, idVendor=05ac, idProduct=7b38, bcdDevice=df.5c [ 252.541288][ T5095] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 252.548540][ T5135] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 252.559752][ T5135] usb 2-1: config 0 descriptor?? [ 252.570354][ T5135] hub 2-1:0.0: bad descriptor, ignoring hub [ 252.582325][ T5135] hub 2-1:0.0: probe with driver hub failed with error -5 [ 252.590375][ T5135] ipheth 2-1:0.0: Unable to find alternate settings interface [ 252.706072][ T5711] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.885811][ T5711] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.954448][ T5200] usb 2-1: USB disconnect, device number 8 [ 253.068064][ T5711] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.218651][ T5711] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.848310][ T5711] bridge_slave_1: left allmulticast mode [ 253.864100][ T5711] bridge_slave_1: left promiscuous mode [ 253.869933][ T5711] bridge0: port 2(bridge_slave_1) entered disabled state [ 253.933635][ T5711] bridge_slave_0: left allmulticast mode [ 253.941991][ T5711] bridge_slave_0: left promiscuous mode [ 253.964260][ T5711] bridge0: port 1(bridge_slave_0) entered disabled state [ 254.648868][ T5095] Bluetooth: hci3: command tx timeout [ 254.756835][ T5711] bridge0 (unregistering): left allmulticast mode [ 255.135270][ T5711] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 255.158751][ T5711] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 255.179554][ T5711] bond0 (unregistering): Released all slaves [ 255.398095][ T8214] chnl_net:caif_netlink_parms(): no params data found [ 255.523761][ T5138] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 255.785254][ T5138] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 255.815955][ T5138] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 255.845549][ T5138] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 255.869130][ T5138] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 255.886217][ T8276] netlink: 'syz.3.1086': attribute type 12 has an invalid length. [ 255.897304][ T5138] usb 3-1: config 0 descriptor?? [ 255.933009][ T8276] netlink: 'syz.3.1086': attribute type 29 has an invalid length. [ 255.943533][ T8276] netlink: 'syz.3.1086': attribute type 2 has an invalid length. [ 255.989392][ T8276] netlink: 'syz.3.1086': attribute type 2 has an invalid length. [ 256.024755][ T8276] netlink: 'syz.3.1086': attribute type 1 has an invalid length. [ 256.053857][ T8276] netlink: 'syz.3.1086': attribute type 37 has an invalid length. [ 256.068106][ T8276] netlink: 'syz.3.1086': attribute type 2 has an invalid length. [ 256.081084][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.088845][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.126301][ T8276] bridge0: port 1(bridge_slave_0) entered disabled state [ 256.366248][ T5138] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 256.380325][ T5138] plantronics 0003:047F:FFFF.000A: No inputs registered, leaving [ 256.395560][ T5138] plantronics 0003:047F:FFFF.000A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 256.725815][ T8302] netlink: 'syz.0.1093': attribute type 1 has an invalid length. [ 256.733413][ T5095] Bluetooth: hci3: command tx timeout [ 256.743386][ T8302] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1093'. [ 256.806822][ T8214] bridge0: port 1(bridge_slave_0) entered blocking state [ 256.864236][ T5138] usb 3-1: USB disconnect, device number 9 [ 256.877983][ T8214] bridge0: port 1(bridge_slave_0) entered disabled state [ 256.895672][ T8214] bridge_slave_0: entered allmulticast mode [ 256.934303][ T8214] bridge_slave_0: entered promiscuous mode [ 256.985251][ T8214] bridge0: port 2(bridge_slave_1) entered blocking state [ 257.002707][ T8214] bridge0: port 2(bridge_slave_1) entered disabled state [ 257.022460][ T8214] bridge_slave_1: entered allmulticast mode [ 257.054995][ T8214] bridge_slave_1: entered promiscuous mode [ 257.061233][ T8306] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1094'. [ 257.101234][ T5711] hsr_slave_0: left promiscuous mode [ 257.147316][ T5711] hsr_slave_1: left promiscuous mode [ 257.189406][ T5711] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 257.213422][ T5711] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 257.242795][ T5711] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 257.273931][ T5711] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 257.352742][ T5711] veth1_macvtap: left promiscuous mode [ 257.397111][ T5711] veth0_macvtap: left promiscuous mode [ 257.402875][ T5711] veth1_vlan: left promiscuous mode [ 257.441016][ T5711] veth0_vlan: left promiscuous mode [ 257.786159][ T5711] pim6reg (unregistering): left allmulticast mode [ 258.115737][ T8334] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1102'. [ 258.580492][ T8340] erofs: (device loop2): erofs_read_superblock: cannot find valid erofs superblock [ 258.821470][ T5095] Bluetooth: hci3: command tx timeout [ 259.411171][ T5711] team0 (unregistering): Port device team_slave_1 removed [ 259.514561][ T5711] team0 (unregistering): Port device team_slave_0 removed [ 260.599231][ T8214] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 260.668186][ T8214] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 260.860338][ T8214] team0: Port device team_slave_0 added [ 260.873958][ T5095] Bluetooth: hci3: command tx timeout [ 260.890010][ T8214] team0: Port device team_slave_1 added [ 260.924645][ T8357] usb usb7: usbfs: process 8357 (syz.0.1109) did not claim interface 2 before use [ 261.156724][ T8214] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 261.197434][ T8214] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 261.295077][ T8214] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 261.354100][ T8214] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 261.361096][ T8214] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 261.464961][ T8214] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 261.844999][ T8214] hsr_slave_0: entered promiscuous mode [ 261.881212][ T8214] hsr_slave_1: entered promiscuous mode [ 262.220651][ T8401] netlink: 'syz.1.1123': attribute type 12 has an invalid length. [ 262.242837][ T8401] netlink: 'syz.1.1123': attribute type 29 has an invalid length. [ 262.283509][ T8401] netlink: 'syz.1.1123': attribute type 2 has an invalid length. [ 262.291305][ T8401] netlink: 'syz.1.1123': attribute type 2 has an invalid length. [ 262.323635][ T8401] netlink: 'syz.1.1123': attribute type 1 has an invalid length. [ 262.348779][ T8401] netlink: 'syz.1.1123': attribute type 37 has an invalid length. [ 262.366056][ T8401] netlink: 'syz.1.1123': attribute type 2 has an invalid length. [ 262.380690][ T8401] bridge0: port 1(bridge_slave_0) entered disabled state [ 263.222855][ T8423] geneve2: entered promiscuous mode [ 263.249718][ T8423] geneve2: entered allmulticast mode [ 264.040228][ T8457] erofs: (device loop2): erofs_read_superblock: cannot find valid erofs superblock [ 264.901838][ T8214] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 264.945476][ T8214] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 265.015257][ T8214] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 265.086530][ T8214] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 265.346880][ T8484] geneve2: entered promiscuous mode [ 265.381692][ T8484] geneve2: entered allmulticast mode [ 265.573216][ T8486] can0: slcan on ptm0. [ 265.667564][ T8214] 8021q: adding VLAN 0 to HW filter on device bond0 [ 265.955036][ T8498] erofs: (device loop2): erofs_read_superblock: cannot find valid erofs superblock [ 266.709801][ T8214] 8021q: adding VLAN 0 to HW filter on device team0 [ 267.747026][ T5138] bridge0: port 1(bridge_slave_0) entered blocking state [ 267.754351][ T5138] bridge0: port 1(bridge_slave_0) entered forwarding state [ 267.793974][ T5138] bridge0: port 2(bridge_slave_1) entered blocking state [ 267.801180][ T5138] bridge0: port 2(bridge_slave_1) entered forwarding state [ 267.934182][ T8481] can0 (unregistered): slcan off ptm0. [ 268.882414][ T8214] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 268.960930][ T8551] vivid-002: disconnect [ 268.995583][ T8545] vivid-002: reconnect [ 269.551701][ T8577] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 269.559608][ T8577] IPv6: NLM_F_CREATE should be set when creating new route [ 269.566964][ T8577] IPv6: NLM_F_CREATE should be set when creating new route [ 269.573843][ T8] usb 1-1: new full-speed USB device number 9 using dummy_hcd [ 269.656151][ T8577] Bluetooth: MGMT ver 1.22 [ 269.685949][ T8577] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 269.806700][ T8] usb 1-1: config index 0 descriptor too short (expected 35577, got 27) [ 269.815456][ T8] usb 1-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 269.854914][ T8] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 269.874829][ T8] usb 1-1: config 1 has no interface number 0 [ 269.881686][ T8] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 269.925039][ T5134] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 269.933719][ T8214] veth0_vlan: entered promiscuous mode [ 269.949365][ T8] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 255, setting to 64 [ 269.986877][ T8214] veth1_vlan: entered promiscuous mode [ 269.992499][ T8] usb 1-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 270.009710][ T8] usb 1-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 270.030027][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 270.077169][ T8566] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 270.098678][ T8] snd_usb_pod 1-1:1.1: Line 6 Pocket POD found [ 270.106112][ T8596] vivid-003: disconnect [ 270.118257][ T8214] veth0_macvtap: entered promiscuous mode [ 270.130034][ T8592] vivid-003: reconnect [ 270.140058][ T5134] usb 3-1: Using ep0 maxpacket: 32 [ 270.147427][ T8214] veth1_macvtap: entered promiscuous mode [ 270.155719][ T5134] usb 3-1: config 7 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 270.196419][ T5134] usb 3-1: config 7 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 270.202009][ T8214] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 270.234313][ T8214] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 270.234362][ T5134] usb 3-1: config 7 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 270.252265][ T8214] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 270.265281][ T5134] usb 3-1: config 7 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 270.309525][ T5134] usb 3-1: config 7 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 270.317745][ T8214] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 270.347641][ T8566] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 270.365830][ T5134] usb 3-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00 [ 270.376154][ T8] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now attached [ 270.376529][ T5134] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 270.394060][ T8214] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 270.443653][ T8214] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 270.471965][ T8214] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 270.503471][ T8214] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 270.526917][ T8214] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 270.534802][ T8597] bridge_slave_0: vlans aren't supported yet for dev_uc|mc_add() [ 270.582645][ T5136] usb 1-1: USB disconnect, device number 9 [ 270.591533][ T5136] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now disconnected [ 270.710387][ T8214] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 270.761688][ T8214] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 270.788704][ T8214] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 270.823045][ T8214] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 270.839694][ T8214] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 270.852385][ T8214] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 270.886174][ T8214] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 270.898178][ T5134] ntrig 0003:1B96:000A.000B: hidraw0: USB HID v0.00 Device [HID 1b96:000a] on usb-dummy_hcd.2-1/input0 [ 270.911802][ T8214] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 270.926937][ T8214] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 270.988090][ T8214] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 271.003560][ T8214] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 271.023714][ T8214] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 271.032594][ T8214] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 271.173682][ T5134] usb 3-1: USB disconnect, device number 10 [ 271.252196][ T5711] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 271.311448][ T5711] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 271.418036][ T1041] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 271.437841][ T1041] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 271.692884][ T8629] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 271.700207][ T8629] IPv6: NLM_F_CREATE should be set when creating new route [ 271.707569][ T8629] IPv6: NLM_F_CREATE should be set when creating new route [ 271.799648][ T8629] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 271.833956][ T5134] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 272.048043][ T5134] usb 4-1: New USB device found, idVendor=30c9, idProduct=0093, bcdDevice=18.c6 [ 272.083334][ T5134] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 272.111909][ T5134] usb 4-1: Product: syz [ 272.146620][ T5134] usb 4-1: Manufacturer: syz [ 272.191631][ T5134] usb 4-1: SerialNumber: syz [ 272.267749][ T29] audit: type=1326 audit(1720226263.887:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8641 comm="syz.4.1194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f79fcd75bd9 code=0x7ffc0000 [ 272.284254][ T5134] usb 4-1: config 0 descriptor?? [ 272.333023][ T5134] usb 4-1: Found UVC 0.00 device syz (30c9:0093) [ 272.343433][ T29] audit: type=1326 audit(1720226263.907:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8641 comm="syz.4.1194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f79fcd75bd9 code=0x7ffc0000 [ 272.367951][ C0] vkms_vblank_simulate: vblank timer overrun [ 272.368430][ T5134] usb 4-1: No valid video chain found. [ 272.435178][ T8650] Context (ID=0x0) not attached to queue pair (handle=0x4d3:0x0) [ 273.093445][ T29] audit: type=1326 audit(1720226263.917:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8641 comm="syz.4.1194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=97 compat=0 ip=0x7f79fcd75bd9 code=0x7ffc0000 [ 273.114789][ C0] vkms_vblank_simulate: vblank timer overrun [ 273.215475][ T29] audit: type=1326 audit(1720226263.917:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8641 comm="syz.4.1194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f79fcd75bd9 code=0x7ffc0000 [ 273.313429][ T8] usb 2-1: new full-speed USB device number 9 using dummy_hcd [ 273.490865][ T8666] netlink: 'syz.0.1202': attribute type 29 has an invalid length. [ 273.503907][ T5135] usb 4-1: USB disconnect, device number 14 [ 273.539307][ T8] usb 2-1: config index 0 descriptor too short (expected 35577, got 27) [ 273.558758][ T8] usb 2-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 273.573624][ T8] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 273.582884][ T8] usb 2-1: config 1 has no interface number 0 [ 273.589268][ T8] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 273.601006][ T8] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 255, setting to 64 [ 273.624614][ T8] usb 2-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 273.653386][ T8] usb 2-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 273.680968][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 273.711637][ T8652] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 273.739526][ T8] snd_usb_pod 2-1:1.1: Line 6 Pocket POD found [ 273.903423][ T29] audit: type=1326 audit(1720226265.517:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8680 comm="syz.4.1208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f79fcd75bd9 code=0x7ffc0000 [ 273.971630][ T29] audit: type=1326 audit(1720226265.517:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8680 comm="syz.4.1208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f79fcd75bd9 code=0x7ffc0000 [ 274.012176][ T8652] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 274.071514][ T8] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now attached [ 274.117838][ T29] audit: type=1326 audit(1720226265.547:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8680 comm="syz.4.1208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=97 compat=0 ip=0x7f79fcd75bd9 code=0x7ffc0000 [ 274.204249][ T29] audit: type=1326 audit(1720226265.547:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8680 comm="syz.4.1208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f79fcd75bd9 code=0x7ffc0000 [ 274.236627][ T29] audit: type=1326 audit(1720226265.547:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8680 comm="syz.4.1208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f79fcd75bd9 code=0x7ffc0000 [ 274.358119][ T5134] usb 2-1: USB disconnect, device number 9 [ 274.394725][ T5134] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now disconnected [ 274.546611][ T8699] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1213'. [ 274.728342][ T8705] netlink: 'syz.2.1215': attribute type 29 has an invalid length. [ 274.963540][ T8713] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1218'. [ 275.783475][ T8] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 275.795968][ T5136] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 275.869690][ T8754] Bluetooth: MGMT ver 1.22 [ 275.930883][ T8752] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported [ 276.013616][ T5136] usb 5-1: Using ep0 maxpacket: 8 [ 276.035128][ T8] usb 4-1: New USB device found, idVendor=30c9, idProduct=0093, bcdDevice=18.c6 [ 276.057585][ T5136] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 276.077240][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 276.103950][ T5136] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 276.125378][ T8] usb 4-1: Product: syz [ 276.137123][ T8] usb 4-1: Manufacturer: syz [ 276.141776][ T8] usb 4-1: SerialNumber: syz [ 276.177662][ T5136] usb 5-1: config 0 descriptor?? [ 276.195123][ T8] usb 4-1: config 0 descriptor?? [ 276.224297][ T8] usb 4-1: Found UVC 0.00 device syz (30c9:0093) [ 276.243393][ T8] usb 4-1: No valid video chain found. [ 277.714210][ T8782] Zero length message leads to an empty skb [ 278.038993][ T8789] ubi1: attaching mtd0 [ 278.043514][ T8789] ubi1 error: ubi_attach_mtd_dev: bad VID header (12) or data offsets (76) [ 278.170746][ T5136] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 278.368915][ T5136] asix 5-1:0.0: probe with driver asix failed with error -71 [ 278.705710][ T5136] usb 5-1: USB disconnect, device number 10 [ 279.157940][ T29] audit: type=1326 audit(1720226270.767:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8798 comm="syz.4.1245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f79fcd75bd9 code=0x7ffc0000 [ 279.179443][ C0] vkms_vblank_simulate: vblank timer overrun [ 279.215400][ T5136] usb 4-1: USB disconnect, device number 15 [ 279.240849][ T29] audit: type=1326 audit(1720226270.767:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8798 comm="syz.4.1245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f79fcd75bd9 code=0x7ffc0000 [ 279.262398][ C0] vkms_vblank_simulate: vblank timer overrun [ 279.292839][ T8802] xt_TPROXY: Can be used only with -p tcp or -p udp [ 279.343764][ T29] audit: type=1326 audit(1720226270.777:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8798 comm="syz.4.1245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f79fcd75bd9 code=0x7ffc0000 [ 279.365169][ C0] vkms_vblank_simulate: vblank timer overrun [ 279.421175][ T29] audit: type=1326 audit(1720226270.777:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8798 comm="syz.4.1245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f79fcd75bd9 code=0x7ffc0000 [ 279.477209][ T29] audit: type=1326 audit(1720226270.777:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8798 comm="syz.4.1245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f79fcd75bd9 code=0x7ffc0000 [ 279.498628][ C0] vkms_vblank_simulate: vblank timer overrun [ 279.540064][ T29] audit: type=1326 audit(1720226270.777:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8798 comm="syz.4.1245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f79fcd75bd9 code=0x7ffc0000 [ 279.597939][ T29] audit: type=1326 audit(1720226270.777:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8798 comm="syz.4.1245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f79fcd75bd9 code=0x7ffc0000 [ 279.689063][ T29] audit: type=1326 audit(1720226270.777:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8798 comm="syz.4.1245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f79fcd75bd9 code=0x7ffc0000 [ 279.796178][ T29] audit: type=1326 audit(1720226270.777:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8798 comm="syz.4.1245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f79fcd75bd9 code=0x7ffc0000 [ 279.827780][ T29] audit: type=1326 audit(1720226270.777:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8798 comm="syz.4.1245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f79fcd75bd9 code=0x7ffc0000 [ 280.869999][ T8850] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported [ 281.321321][ T8865] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1267'. [ 281.824155][ T8883] IPVS: length: 176 != 8 [ 282.232920][ T8898] lo speed is unknown, defaulting to 1000 [ 282.262275][ T8898] lo speed is unknown, defaulting to 1000 [ 282.287761][ T8898] lo speed is unknown, defaulting to 1000 [ 282.326151][ T8898] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 282.371824][ T8898] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 282.523683][ T8898] lo speed is unknown, defaulting to 1000 [ 282.541832][ T8898] lo speed is unknown, defaulting to 1000 [ 282.550127][ T8898] lo speed is unknown, defaulting to 1000 [ 282.565840][ T8898] lo speed is unknown, defaulting to 1000 [ 282.577643][ T8898] lo speed is unknown, defaulting to 1000 [ 282.689919][ T25] kernel write not supported for file /dsp (pid: 25 comm: kworker/1:0) [ 282.888105][ T8916] IPVS: length: 176 != 8 [ 283.161345][ T8930] netlink: 16126 bytes leftover after parsing attributes in process `syz.2.1294'. [ 283.190421][ T8930] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.1294'. [ 283.391117][ T8946] mmap: syz.4.1301 (8946) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 283.562937][ T8951] IPVS: length: 176 != 8 [ 284.876971][ T5711] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 284.888141][ T5136] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 284.897710][ T8] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 284.914330][ T5135] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 285.103901][ T8] usb 3-1: Using ep0 maxpacket: 8 [ 285.123583][ T8] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 285.152256][ T8] usb 3-1: config 179 has no interface number 0 [ 285.165967][ T8] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 285.185009][ T8] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 285.214926][ T5091] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 285.223024][ T8] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 285.241918][ T8] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 285.254761][ T8] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 285.272622][ T8] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 285.285903][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 285.363585][ T8992] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 285.443958][ T8] xpad 3-1:179.65: probe with driver xpad failed with error -5 [ 285.616446][ T8] usb 3-1: USB disconnect, device number 11 [ 285.874763][ T9019] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1331'. [ 286.250456][ T5091] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 286.491096][ T9044] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1342'. [ 286.556501][ T9044] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1342'. [ 287.271534][ T9069] IPVS: Error connecting to the multicast addr [ 287.279366][ T5091] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 287.287590][ T5136] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 287.764527][ T9086] binder: 9084:9086 ioctl c018620c 0 returned -14 [ 288.267539][ T29] kauditd_printk_skb: 49 callbacks suppressed [ 288.267559][ T29] audit: type=1326 audit(1720226279.887:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9103 comm="syz.3.1364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc128975bd9 code=0x7ffc0000 [ 288.318039][ T5091] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 288.358326][ T29] audit: type=1326 audit(1720226279.887:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9103 comm="syz.3.1364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc128975bd9 code=0x7ffc0000 [ 288.406573][ T29] audit: type=1326 audit(1720226279.937:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9103 comm="syz.3.1364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc128975bd9 code=0x7ffc0000 [ 288.484717][ T9108] xt_TPROXY: Can be used only with -p tcp or -p udp [ 288.485784][ T29] audit: type=1326 audit(1720226279.937:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9103 comm="syz.3.1364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc128975bd9 code=0x7ffc0000 [ 288.594008][ T29] audit: type=1326 audit(1720226279.937:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9103 comm="syz.3.1364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc128975bd9 code=0x7ffc0000 [ 288.688918][ T29] audit: type=1326 audit(1720226279.947:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9103 comm="syz.3.1364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc128975bd9 code=0x7ffc0000 [ 288.715017][ T5136] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 288.763562][ T29] audit: type=1326 audit(1720226279.947:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9103 comm="syz.3.1364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc128975bd9 code=0x7ffc0000 [ 288.824596][ T29] audit: type=1326 audit(1720226279.947:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9103 comm="syz.3.1364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc128975bd9 code=0x7ffc0000 [ 288.929951][ T29] audit: type=1326 audit(1720226279.957:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9103 comm="syz.3.1364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fc128975bd9 code=0x7ffc0000 [ 289.010109][ T29] audit: type=1326 audit(1720226279.957:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9103 comm="syz.3.1364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc128975bd9 code=0x7ffc0000 [ 289.357318][ T5711] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 289.913779][ T1041] net_ratelimit: 1 callbacks suppressed [ 289.913800][ T1041] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 289.933778][ T5200] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 289.994164][ T1041] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 290.005015][ T5135] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 290.043460][ T5135] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 290.167503][ T5200] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7 [ 290.200390][ T5200] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xFF has invalid wMaxPacketSize 0 [ 290.218745][ T5200] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 290.281805][ T5200] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 290.322003][ T5200] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 290.352390][ T9137] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1376'. [ 290.375292][ T5200] usb 4-1: config 0 descriptor?? [ 290.394551][ T9136] netlink: 172 bytes leftover after parsing attributes in process `syz.4.1377'. [ 290.639633][ T5711] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 290.667860][ T25] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 290.684028][ T5136] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 290.703526][ T5135] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 290.820771][ T5200] plantronics 0003:047F:FFFF.000C: unknown main item tag 0x0 [ 290.851082][ T5200] plantronics 0003:047F:FFFF.000C: No inputs registered, leaving [ 290.881237][ T5200] plantronics 0003:047F:FFFF.000C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 290.896298][ T5135] usb 1-1: Using ep0 maxpacket: 8 [ 290.910796][ T5135] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 290.942701][ T5135] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 290.979257][ T5135] usb 1-1: New USB device found, idVendor=04d8, idProduct=f372, bcdDevice= 0.00 [ 291.037960][ T5135] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 291.080881][ T5134] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 291.145424][ T5135] usb 1-1: config 0 descriptor?? [ 291.273848][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 291.917232][ T2460] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 292.354295][ T5200] usb 4-1: reset high-speed USB device number 16 using dummy_hcd [ 292.472761][ T5135] hid-led 0003:04D8:F372.000D: hidraw1: USB HID v0.00 Device [HID 04d8:f372] on usb-dummy_hcd.0-1/input0 [ 292.660108][ T5135] hid-led 0003:04D8:F372.000D: Greynut Luxafor initialized [ 293.608951][ T5135] usb 1-1: USB disconnect, device number 10 [ 293.623151][ T928] leds luxafor1:blue:led5: Setting an LED's brightness failed (-38) [ 293.633345][ T928] leds luxafor1:green:led5: Setting an LED's brightness failed (-38) [ 293.644309][ T5618] leds luxafor1:red:led5: Setting an LED's brightness failed (-38) [ 293.653941][ T5618] leds luxafor1:blue:led4: Setting an LED's brightness failed (-38) [ 293.663636][ T928] leds luxafor1:green:led4: Setting an LED's brightness failed (-38) [ 293.673098][ T928] leds luxafor1:red:led4: Setting an LED's brightness failed (-38) [ 293.685263][ T9172] IPVS: Error connecting to the multicast addr [ 293.703387][ T928] leds luxafor1:blue:led3: Setting an LED's brightness failed (-38) [ 293.723121][ T928] leds luxafor1:green:led3: Setting an LED's brightness failed (-38) [ 293.729090][ T9173] netlink: 172 bytes leftover after parsing attributes in process `syz.0.1389'. [ 293.771058][ T928] leds luxafor1:red:led3: Setting an LED's brightness failed (-38) [ 293.815506][ T928] leds luxafor1:blue:led2: Setting an LED's brightness failed (-38) [ 293.883750][ T5618] leds luxafor1:green:led2: Setting an LED's brightness failed (-38) [ 293.927184][ T5618] leds luxafor1:red:led2: Setting an LED's brightness failed (-38) [ 294.012381][ T5618] leds luxafor1:blue:led1: Setting an LED's brightness failed (-38) [ 294.042979][ T5618] leds luxafor1:green:led1: Setting an LED's brightness failed (-38) [ 294.091873][ T8] usb 4-1: USB disconnect, device number 16 [ 294.113460][ T5618] leds luxafor1:red:led1: Setting an LED's brightness failed (-38) [ 294.137410][ T5618] leds luxafor1:blue:led0: Setting an LED's brightness failed (-38) [ 294.196470][ T5618] leds luxafor1:green:led0: Setting an LED's brightness failed (-38) [ 294.254309][ T5618] leds luxafor1:red:led0: Setting an LED's brightness failed (-38) [ 295.115280][ T2460] net_ratelimit: 10 callbacks suppressed [ 295.115303][ T2460] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 295.444454][ T5134] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 295.726631][ T9215] __find_get_block_slow() failed. block=144115188075855872, b_blocknr=0, b_state=0x00106019, b_size=4096, device sda1 blocksize: 4096 [ 295.768053][ T2460] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 295.780901][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 295.792359][ T5618] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 295.800720][ T9215] grow_buffers: requested out-of-range block 144115188075855872 for device sda1 [ 295.804226][ T5135] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 295.852245][ T9215] EXT4-fs warning (device sda1): ext4_resize_fs:2018: can't read last block, resize aborted [ 295.886641][ T9208] kvm: MONITOR instruction emulated as NOP! [ 295.939383][ T9208] kvm: kvm [9206]: vcpu0, guest rIP: 0x14b Unhandled WRMSR(0x11e) = 0x0 [ 296.388607][ T9235] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 296.395690][ T9235] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 296.405677][ T2460] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 296.415802][ T5135] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 296.429150][ T5618] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 296.445615][ T9239] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 296.474151][ T5134] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 296.485539][ T9235] vhci_hcd vhci_hcd.0: Device attached [ 296.533113][ T9239] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 296.598527][ T9235] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 296.620183][ T9235] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 296.644190][ T8] vhci_hcd: vhci_device speed not set [ 296.655884][ T9235] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 296.671461][ T9235] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 296.713679][ T8] usb 9-1: new full-speed USB device number 2 using vhci_hcd [ 296.714533][ T9235] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 296.790580][ T9235] vhci_hcd vhci_hcd.0: port 0 already used [ 296.857119][ T9236] vhci_hcd: connection reset by peer [ 296.872189][ T2460] vhci_hcd: stop threads [ 296.885085][ T2460] vhci_hcd: release socket [ 296.935994][ T2460] vhci_hcd: disconnect device [ 297.435255][ T9260] (unnamed net_device) (uninitialized): (slave bond_slave_1): Device is not our slave [ 297.444996][ T9260] (unnamed net_device) (uninitialized): option active_slave: invalid value (bond_slave_1) [ 300.823664][ T5135] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 300.874198][ T11] net_ratelimit: 5 callbacks suppressed [ 300.874218][ T11] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 300.874569][ T1041] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 300.896376][ T5091] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 300.906530][ T5200] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 300.923813][ T5618] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 301.033407][ T5135] usb 1-1: Using ep0 maxpacket: 8 [ 301.040821][ T5135] usb 1-1: config 179 has an invalid interface number: 65 but max is 0 [ 301.054519][ T5135] usb 1-1: config 179 has no interface number 0 [ 301.071224][ T5135] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 301.114813][ T5135] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 301.151860][ T5135] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 301.178612][ T5135] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 301.198301][ T5135] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 301.215873][ T5135] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 301.264118][ T5135] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 301.336140][ T9273] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 301.361789][ T5135] xpad 1-1:179.65: probe with driver xpad failed with error -5 [ 301.515477][ T11] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 301.830071][ T5135] usb 1-1: USB disconnect, device number 11 [ 301.838438][ T8] vhci_hcd: vhci_device speed not set [ 301.924389][ T5091] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 302.154499][ T1041] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 302.168164][ T25] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 302.181488][ T5618] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 304.484899][ T9329] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1442'. [ 304.774643][ T9322] netlink: 'syz.0.1442': attribute type 8 has an invalid length. [ 305.413455][ T5200] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 305.665837][ T5200] usb 3-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 305.709227][ T5200] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 305.761755][ T5200] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 305.788314][ T5200] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 305.812195][ T5200] usb 3-1: Product: చ [ 305.849609][ T5200] usb 3-1: Manufacturer: 她蕋멳龜ؔ됛ꦆ뗮齔㗘మᆤ幽埍瀷쬎룱窛퍽黱覝轤㴓犂讯࣍䉙녒ⶇ扚邆镻㢗濇蕃鐍혣☲밉庙랸袰৽夂憬芣稐录빬旟깿ꦇ婞㘳௴ﺋ࣊绾鸓ᬪ哴s [ 305.878796][ T5200] usb 3-1: SerialNumber: 抡֨顼쐼⃉ꝫ㧨㙘ܓ슪ꀡ⚃⶟墔蓼༣鴾Ꚑ儧홳ڋ쪗鸎 [ 306.001756][ T1041] net_ratelimit: 4 callbacks suppressed [ 306.001776][ T1041] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 306.254430][ T5200] usb 3-1: 0:2 : does not exist [ 306.306137][ T5200] usb 3-1: USB disconnect, device number 12 [ 306.634653][ T1041] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 306.744954][ T5611] udevd[5611]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 306.766111][ T5135] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 306.775595][ T5200] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 306.852467][ T9359] syz.4.1451[9359] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 306.853465][ T9359] syz.4.1451[9359] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 306.925452][ T5091] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 307.281457][ T5711] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 307.300360][ T51] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 307.783319][ T5091] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 307.929280][ T5711] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 307.945477][ T5135] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 307.959616][ T5200] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 307.983953][ T5091] usb 2-1: Using ep0 maxpacket: 8 [ 308.012713][ T5091] usb 2-1: config 179 has an invalid interface number: 65 but max is 0 [ 308.048855][ T5091] usb 2-1: config 179 has no interface number 0 [ 308.073486][ T5091] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 308.097627][ T5091] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 308.119637][ T5091] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 308.161466][ T5091] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 308.203190][ T5091] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 308.233802][ T5091] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 308.255171][ T5091] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 308.276076][ T9361] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 308.289997][ T5091] xpad 2-1:179.65: probe with driver xpad failed with error -5 [ 308.516446][ T9373] kvm: kvm [9371]: vcpu0, guest rIP: 0x14b Unhandled WRMSR(0x11e) = 0x0 [ 308.676186][ T5091] usb 2-1: USB disconnect, device number 10 [ 310.212400][ T9407] ebt_among: wrong size: 1048 against expected 1006634004, rounded to 1006634008 [ 310.291336][ T9411] syz.2.1465[9411] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 310.292144][ T9411] syz.2.1465[9411] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 311.475481][ T5138] net_ratelimit: 3 callbacks suppressed [ 311.475504][ T5138] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 311.754274][ T5711] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 312.304717][ T9429] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 312.334893][ T9429] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 312.353851][ T9429] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 312.383660][ T9429] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 312.394752][ T5135] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 312.404022][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 312.423623][ T9429] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 312.443322][ T9429] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 312.465600][ T9429] Cannot find add_set index 0 as target [ 312.659503][ T5711] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 312.862109][ T5711] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 313.371992][ T5711] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 313.628635][ T9448] VFS: could not find a valid V7 on nullb0. [ 313.698738][ T5711] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 313.808621][ T5084] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 313.818378][ T5084] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 313.828777][ T5084] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 313.882534][ T5084] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 313.968772][ T5084] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 313.977933][ T5084] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 314.081460][ T9451] lo speed is unknown, defaulting to 1000 [ 314.143629][ T5091] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 315.039221][ T5091] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 315.129484][ T5091] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 315.163857][ T5091] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 315.183319][ T5091] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 315.191710][ T5711] bridge_slave_1: left allmulticast mode [ 315.202198][ T5091] usb 1-1: config 0 descriptor?? [ 315.223690][ T5711] bridge_slave_1: left promiscuous mode [ 315.233650][ T5711] bridge0: port 2(bridge_slave_1) entered disabled state [ 315.324657][ T5711] bridge_slave_0: left allmulticast mode [ 315.334775][ T5711] bridge_slave_0: left promiscuous mode [ 315.354798][ T5711] bridge0: port 1(bridge_slave_0) entered disabled state [ 315.373894][ T9466] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1494'. [ 315.426900][ T9466] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1494'. [ 315.552910][ T5084] Bluetooth: hci5: sending frame failed (-49) [ 315.562238][ T5095] Bluetooth: hci5: Entering manufacturer mode failed (-49) [ 316.078518][ T5095] Bluetooth: hci4: command tx timeout [ 316.311114][ T9479] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 316.877410][ T2460] net_ratelimit: 6 callbacks suppressed [ 316.877431][ T2460] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 317.123883][ T5084] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 317.146007][ T5084] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 317.155661][ T5084] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 317.175314][ T5084] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 317.185921][ T5084] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 317.195439][ T5084] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 317.282230][ T5711] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 317.350475][ T5711] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 317.416583][ T5711] bond0 (unregistering): Released all slaves [ 317.518167][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.524662][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.132942][ T9486] lo speed is unknown, defaulting to 1000 [ 318.153602][ T5084] Bluetooth: hci4: command tx timeout [ 318.177131][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 318.359758][ T5091] usbhid 1-1:0.0: can't add hid device: -71 [ 318.390772][ T5091] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 318.426793][ T5091] usb 1-1: USB disconnect, device number 12 [ 319.104957][ T9499] lo speed is unknown, defaulting to 1000 [ 319.120898][ T9451] chnl_net:caif_netlink_parms(): no params data found [ 319.284882][ T5084] Bluetooth: hci0: command tx timeout [ 319.868800][ T5711] hsr_slave_0: left promiscuous mode [ 319.888712][ T5711] hsr_slave_1: left promiscuous mode [ 319.901839][ T5711] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 319.918393][ T5711] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 319.942854][ T5711] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 319.962561][ T5711] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 320.001653][ T5711] veth1_macvtap: left promiscuous mode [ 320.023688][ T5711] veth0_macvtap: left promiscuous mode [ 320.043814][ T5711] veth1_vlan: left promiscuous mode [ 320.080660][ T5711] veth0_vlan: left promiscuous mode [ 320.233450][ T5084] Bluetooth: hci4: command tx timeout [ 320.518034][ T9536] kvm: kvm [9535]: vcpu0, guest rIP: 0x14b Unhandled WRMSR(0x11e) = 0x0 [ 320.917214][ T5711] team0 (unregistering): Port device team_slave_1 removed [ 320.982599][ T5711] team0 (unregistering): Port device team_slave_0 removed [ 321.354835][ T5084] Bluetooth: hci0: command tx timeout [ 321.716873][ T9545] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1514'. [ 321.732649][ T9545] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1514'. [ 321.858964][ T9486] chnl_net:caif_netlink_parms(): no params data found [ 321.883537][ T9451] bridge0: port 1(bridge_slave_0) entered blocking state [ 321.911584][ T9451] bridge0: port 1(bridge_slave_0) entered disabled state [ 321.919980][ T9451] bridge_slave_0: entered allmulticast mode [ 321.937917][ T9451] bridge_slave_0: entered promiscuous mode [ 321.993743][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 322.118316][ T9451] bridge0: port 2(bridge_slave_1) entered blocking state [ 322.153707][ T9451] bridge0: port 2(bridge_slave_1) entered disabled state [ 322.173573][ T9451] bridge_slave_1: entered allmulticast mode [ 322.205901][ T9451] bridge_slave_1: entered promiscuous mode [ 322.313661][ T5084] Bluetooth: hci4: command tx timeout [ 322.387177][ T9451] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 322.487770][ T9451] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 322.709494][ T9451] team0: Port device team_slave_0 added [ 322.767566][ T9451] team0: Port device team_slave_1 added [ 323.015095][ T9451] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 323.022116][ T9451] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 323.096189][ T9451] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 323.177803][ T9486] bridge0: port 1(bridge_slave_0) entered blocking state [ 323.209605][ T9486] bridge0: port 1(bridge_slave_0) entered disabled state [ 323.223848][ T9486] bridge_slave_0: entered allmulticast mode [ 323.255233][ T9486] bridge_slave_0: entered promiscuous mode [ 323.280597][ T9451] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 323.298425][ T9451] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 323.335523][ T9451] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 323.375025][ T9486] bridge0: port 2(bridge_slave_1) entered blocking state [ 323.382396][ T9486] bridge0: port 2(bridge_slave_1) entered disabled state [ 323.403491][ T9486] bridge_slave_1: entered allmulticast mode [ 323.420609][ T9486] bridge_slave_1: entered promiscuous mode [ 323.441366][ T5084] Bluetooth: hci0: command tx timeout [ 323.516777][ T5711] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 323.710806][ T5711] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 323.744488][ T9486] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 323.816327][ T9486] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 323.933389][ T928] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 323.933872][ T11] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 323.960109][ T5711] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 324.062080][ T9451] hsr_slave_0: entered promiscuous mode [ 324.076277][ T9451] hsr_slave_1: entered promiscuous mode [ 324.095552][ T9451] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 324.105919][ T9451] Cannot create hsr debugfs directory [ 324.159333][ T9597] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1525'. [ 324.169128][ T9597] openvswitch: netlink: IP tunnel attribute has 3040 unknown bytes. [ 324.973541][ T928] usb 5-1: Using ep0 maxpacket: 32 [ 325.001053][ T9486] team0: Port device team_slave_0 added [ 325.002169][ T928] usb 5-1: New USB device found, idVendor=0ace, idProduct=2011, bcdDevice= 1.01 [ 325.045920][ T928] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 325.069159][ T928] usb 5-1: Product: syz [ 325.078467][ T928] usb 5-1: Manufacturer: syz [ 325.082049][ T9602] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 325.092747][ T928] usb 5-1: SerialNumber: syz [ 325.096218][ T5711] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 325.108246][ T9602] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 325.123193][ T9602] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 325.134540][ T928] usb 5-1: config 0 descriptor?? [ 325.155375][ T9602] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 325.174549][ T928] usb-storage 5-1:0.0: USB Mass Storage device detected [ 325.202943][ T928] usb-storage 5-1:0.0: device ignored [ 325.229631][ T9602] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 325.243936][ T9602] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 325.245057][ T9486] team0: Port device team_slave_1 added [ 325.304937][ T9602] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 325.455695][ T5091] usb 5-1: USB disconnect, device number 11 [ 325.516854][ T9486] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 325.524236][ T5084] Bluetooth: hci0: command tx timeout [ 325.548554][ T9486] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 325.626082][ T9486] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 325.747815][ T9486] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 325.783290][ T9486] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 325.865914][ T9486] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 326.108808][ T9486] hsr_slave_0: entered promiscuous mode [ 326.121151][ T9486] hsr_slave_1: entered promiscuous mode [ 326.132974][ T9486] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 326.141063][ T9486] Cannot create hsr debugfs directory [ 326.233721][ T5091] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 326.373599][ T5711] bridge_slave_1: left allmulticast mode [ 326.389193][ T5711] bridge_slave_1: left promiscuous mode [ 326.400949][ T5711] bridge0: port 2(bridge_slave_1) entered disabled state [ 326.442536][ T5711] bridge_slave_0: left allmulticast mode [ 326.448478][ T5711] bridge_slave_0: left promiscuous mode [ 326.456049][ T5091] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 326.462026][ T5711] bridge0: port 1(bridge_slave_0) entered disabled state [ 326.493372][ T5091] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 326.514022][ T5091] usb 4-1: too many endpoints for config 1 interface 1 altsetting 48: 49, using maximum allowed: 30 [ 326.538602][ T5091] usb 4-1: config 1 interface 1 altsetting 48 has 0 endpoint descriptors, different from the interface descriptor's value: 49 [ 326.567217][ T5091] usb 4-1: config 1 interface 1 has no altsetting 0 [ 326.619337][ T5091] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 326.640399][ T5091] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 326.665816][ T5091] usb 4-1: Product: syz [ 326.670043][ T5091] usb 4-1: Manufacturer: syz [ 326.693818][ T5091] usb 4-1: SerialNumber: syz [ 326.726841][ T5091] usb 4-1: selecting invalid altsetting 1 [ 326.738806][ T5091] usb 4-1: selecting invalid altsetting 0 [ 326.755846][ T5091] usb 4-1: selecting invalid altsetting 0 [ 326.773384][ T5091] cdc_ncm 4-1:1.0: bind() failure [ 327.198780][ T1041] net_ratelimit: 31 callbacks suppressed [ 327.198801][ T1041] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 328.229649][ T11] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 328.238399][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 328.251015][ T51] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 329.052139][ T2460] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 329.402420][ T5091] usb 4-1: selecting invalid altsetting 0 [ 329.408430][ T5091] usbtest 4-1:1.1: probe with driver usbtest failed with error -22 [ 329.422705][ T5091] usb 4-1: USB disconnect, device number 17 [ 329.537215][ T9645] Dead loop on virtual device ipvlan1, fix it urgently! [ 329.638628][ T9645] syz.3.1538 (9645) used greatest stack depth: 8824 bytes left [ 330.801991][ T5711] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 330.842651][ T5711] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 330.889103][ T5711] bond0 (unregistering): Released all slaves [ 331.203741][ T9656] 9pnet_fd: Insufficient options for proto=fd [ 332.887979][ T2460] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 332.888037][ C1] Dead loop on virtual device ipvlan1, fix it urgently! [ 333.101354][ T5711] hsr_slave_0: left promiscuous mode [ 333.136801][ T5711] hsr_slave_1: left promiscuous mode [ 333.175558][ T5711] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 333.188908][ T5711] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 333.209787][ T5711] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 333.221019][ T5711] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 333.297010][ T5711] veth1_macvtap: left promiscuous mode [ 333.302605][ T5711] veth0_macvtap: left promiscuous mode [ 333.316147][ T5711] veth1_vlan: left promiscuous mode [ 333.325019][ T5711] veth0_vlan: left promiscuous mode [ 333.513973][ T11] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 333.613696][ T9716] netlink: 'syz.4.1558': attribute type 1 has an invalid length. [ 333.648245][ T9716] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1558'. [ 333.686064][ T9716] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1558'. [ 334.018679][ T9722] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 334.029128][ T9722] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 334.043603][ T9722] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 334.065579][ T9722] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 334.154949][ T51] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 334.163454][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 334.215345][ T9722] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 334.250979][ T5711] team0 (unregistering): Port device team_slave_1 removed [ 334.327091][ T5711] team0 (unregistering): Port device team_slave_0 removed [ 336.410020][ T9486] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 336.564981][ T9486] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 336.665326][ T9486] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 336.759573][ T9486] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 337.000541][ T9754] syz.4.1567[9754] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 337.001611][ T9754] syz.4.1567[9754] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 339.016030][ T12] net_ratelimit: 35 callbacks suppressed [ 339.016053][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 339.050127][ T2460] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 339.265076][ T9451] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 339.328409][ T9451] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 339.390639][ T29] kauditd_printk_skb: 37 callbacks suppressed [ 339.390662][ T29] audit: type=1326 audit(1720226331.007:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9758 comm="syz.3.1572" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc128975bd9 code=0x0 [ 339.422855][ T9451] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 339.451024][ T9451] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 339.915560][ T5711] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 339.924054][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 340.704134][ T2460] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 340.892186][ T9451] 8021q: adding VLAN 0 to HW filter on device bond0 [ 340.951695][ T9486] 8021q: adding VLAN 0 to HW filter on device bond0 [ 341.060273][ T9451] 8021q: adding VLAN 0 to HW filter on device team0 [ 341.076894][ T9486] 8021q: adding VLAN 0 to HW filter on device team0 [ 341.110189][ T5134] bridge0: port 1(bridge_slave_0) entered blocking state [ 341.117490][ T5134] bridge0: port 1(bridge_slave_0) entered forwarding state [ 341.162153][ T9789] kvm: emulating exchange as write [ 341.176866][ T5135] bridge0: port 1(bridge_slave_0) entered blocking state [ 341.184170][ T5135] bridge0: port 1(bridge_slave_0) entered forwarding state [ 341.208930][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 341.216148][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 341.266284][ T5134] bridge0: port 2(bridge_slave_1) entered blocking state [ 341.273538][ T5134] bridge0: port 2(bridge_slave_1) entered forwarding state [ 341.283426][ T5091] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 341.473459][ T5091] usb 4-1: Using ep0 maxpacket: 16 [ 341.482848][ T5091] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 341.520402][ T5091] usb 4-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 341.537683][ T5091] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 341.570073][ T5091] usb 4-1: config 0 descriptor?? [ 341.794228][ T9812] 9pnet_fd: Insufficient options for proto=fd [ 342.165994][ T9486] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 342.200501][ T9451] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 342.272028][ T9792] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 342.304983][ T9792] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 342.392408][ T9486] veth0_vlan: entered promiscuous mode [ 342.395016][ T5091] hid-generic 0003:0158:0100.000E: unknown main item tag 0x1 [ 342.432214][ T5091] hid-generic 0003:0158:0100.000E: unexpected long global item [ 342.442489][ T9451] veth0_vlan: entered promiscuous mode [ 342.454438][ T5091] hid-generic 0003:0158:0100.000E: probe with driver hid-generic failed with error -22 [ 342.499171][ T9486] veth1_vlan: entered promiscuous mode [ 342.533164][ T9451] veth1_vlan: entered promiscuous mode [ 342.593834][ T8] usb 4-1: USB disconnect, device number 18 [ 342.763968][ T9486] veth0_macvtap: entered promiscuous mode [ 342.785565][ T9486] veth1_macvtap: entered promiscuous mode [ 342.837896][ T9451] veth0_macvtap: entered promiscuous mode [ 342.882220][ T9486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 342.913902][ T9486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 342.940103][ T9486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 342.952235][ T9486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 342.963778][ T9486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 342.976035][ T9486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 342.995631][ T9486] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 343.030353][ T9451] veth1_macvtap: entered promiscuous mode [ 343.087760][ T9486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 343.138210][ T9486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 343.165682][ T9486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 343.186460][ T9486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 343.197554][ T9486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 343.208378][ T9486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 343.221122][ T9486] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 343.266186][ T9451] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 343.293340][ T9451] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 343.313588][ T9451] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 343.327977][ T9451] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 343.340703][ T9451] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 343.354855][ T9451] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 343.367243][ T9451] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 343.383401][ T9451] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 343.406731][ T9451] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 343.456080][ T9486] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 343.489668][ T9486] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 343.514291][ T9486] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 343.523138][ T9486] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 343.579091][ T9451] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 343.632981][ T9451] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 343.685525][ T9451] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 343.721292][ T9451] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 343.732574][ T9451] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 343.750774][ T9451] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 343.763317][ T9451] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 343.790040][ T9451] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 343.815960][ T9451] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 343.849327][ T9451] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 343.859872][ T9451] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 343.893357][ T9451] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 343.907840][ T9451] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 344.057024][ T928] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 344.190397][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 344.207645][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 344.280722][ T928] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 344.311407][ T928] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 344.346890][ T928] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 344.382261][ T928] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 344.394471][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 344.422825][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 344.428306][ T2460] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 344.445989][ T928] usb 5-1: config 0 descriptor?? [ 344.470532][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 344.474434][ T2460] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 344.592221][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 344.608338][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 345.076921][ T6261] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 346.546791][ T1041] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 346.555085][ T1041] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 346.563513][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 347.332145][ T9936] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1612'. [ 348.093710][ T9934] orangefs_mount: mount request failed with -4 [ 348.103992][ T9959] netlink: 'syz.0.1618': attribute type 1 has an invalid length. [ 348.126399][ T29] audit: type=1326 audit(1720226339.737:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9944 comm="syz.1.1616" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f29df575bd9 code=0x0 [ 348.334788][ T9965] Invalid option length (0) for dns_resolver key [ 348.717944][ T928] usbhid 5-1:0.0: can't add hid device: -71 [ 348.734240][ T928] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 348.786153][ T928] usb 5-1: USB disconnect, device number 12 [ 348.836979][ T9974] netlink: 252 bytes leftover after parsing attributes in process `syz.2.1622'. [ 349.898539][T10021] netlink: 'syz.4.1637': attribute type 1 has an invalid length. [ 349.945450][ T9993] orangefs_mount: mount request failed with -4 [ 350.003577][ T5618] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 350.171691][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 350.235988][ T5618] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 350.277681][T10027] netlink: 252 bytes leftover after parsing attributes in process `syz.0.1638'. [ 350.297209][ T5618] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 350.348494][ T5618] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 350.385474][ T5618] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 350.478064][ T5618] usb 2-1: config 0 descriptor?? [ 351.030305][ T6261] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 351.595433][ T2460] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 352.134080][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 352.142600][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 353.511392][T10064] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1648'. [ 353.590075][T10066] netlink: 252 bytes leftover after parsing attributes in process `syz.3.1651'. [ 353.949911][T10073] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1652'. [ 354.173441][ T25] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 355.595705][ T25] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 355.630970][ T25] usb 3-1: New USB device found, idVendor=1435, idProduct=0828, bcdDevice=ed.b3 [ 355.654825][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 355.655040][T10088] PKCS7: Unknown OID: [4] 0.0.4.0.7489 [ 355.694772][ T25] usb 3-1: config 0 descriptor?? [ 355.719418][ T25] usb 3-1: Could not find all expected endpoints [ 355.726109][T10088] PKCS7: Only support pkcs7_signedData type [ 355.929668][ T1041] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 356.007575][ T5091] usb 3-1: USB disconnect, device number 13 [ 356.209652][ T5618] usbhid 2-1:0.0: can't add hid device: -71 [ 356.244799][ T5618] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 356.280512][ T5618] usb 2-1: USB disconnect, device number 11 [ 356.298908][T10102] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 356.558783][ T2460] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 356.973371][T10116] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1669'. [ 357.198082][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 358.009881][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 358.018345][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 358.059136][T10122] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1671'. [ 358.309099][T10132] netlink: 'syz.0.1676': attribute type 11 has an invalid length. [ 358.765429][T10148] netlink: 'syz.0.1682': attribute type 1 has an invalid length. [ 359.886571][T10159] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1685'. [ 360.058819][ T29] audit: type=1326 audit(1720226351.677:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10164 comm="syz.1.1688" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f29df575bd9 code=0x0 [ 362.684630][ T35] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 362.695564][ T1041] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 362.960644][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 363.300544][T10207] netlink: 'syz.2.1704': attribute type 1 has an invalid length. [ 363.597137][ T35] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 363.605635][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 363.886435][T10239] netlink: 'syz.2.1718': attribute type 4 has an invalid length. [ 363.903290][ T5618] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 363.919680][T10239] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1718'. [ 364.106179][ T5618] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 364.125000][ T5618] usb 5-1: config 1 interface 1 altsetting 1 has a duplicate endpoint with address 0x82, skipping [ 364.162440][ T5618] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 364.180378][ T5618] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 364.213540][ T5618] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 364.221597][ T5618] usb 5-1: Product: syz [ 364.237074][ T5618] usb 5-1: Manufacturer: syz [ 364.241725][ T5618] usb 5-1: SerialNumber: syz [ 364.323586][ T928] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 364.550158][ T928] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 364.562265][ T928] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 364.643840][T10262] syz.2.1725: attempt to access beyond end of device [ 364.643840][T10262] nbd2: rw=0, sector=0, nr_sectors = 8 limit=0 [ 365.362170][ T5618] cdc_ncm 5-1:1.0: failed GET_NTB_PARAMETERS [ 365.368573][ T928] usb 2-1: too many endpoints for config 1 interface 1 altsetting 48: 49, using maximum allowed: 30 [ 365.379567][ T5618] cdc_ncm 5-1:1.0: bind() failure [ 365.389132][ T5618] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found [ 365.396148][ T928] usb 2-1: config 1 interface 1 altsetting 48 has 0 endpoint descriptors, different from the interface descriptor's value: 49 [ 365.413315][ T8] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 365.422623][ T5618] cdc_ncm 5-1:1.1: bind() failure [ 365.439073][ T928] usb 2-1: config 1 interface 1 has no altsetting 0 [ 365.447861][ T5618] usb 5-1: USB disconnect, device number 13 [ 365.515198][ T928] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 365.544966][ T928] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 365.580571][ T928] usb 2-1: Product: syz [ 365.593728][ T928] usb 2-1: Manufacturer: syz [ 365.603034][ T928] usb 2-1: SerialNumber: syz [ 365.623496][ T8] usb 1-1: Using ep0 maxpacket: 32 [ 365.639468][ T8] usb 1-1: config 0 has an invalid interface number: 48 but max is 0 [ 365.653103][ T928] usb 2-1: selecting invalid altsetting 1 [ 365.671495][ T8] usb 1-1: config 0 has no interface number 0 [ 365.686944][ T928] usb 2-1: selecting invalid altsetting 0 [ 365.697876][ T8] usb 1-1: too many endpoints for config 0 interface 48 altsetting 48: 48, using maximum allowed: 30 [ 365.710742][ T928] usb 2-1: selecting invalid altsetting 0 [ 365.719035][ T928] cdc_ncm 2-1:1.0: bind() failure [ 365.734864][ T8] usb 1-1: config 0 interface 48 altsetting 48 has 0 endpoint descriptors, different from the interface descriptor's value: 48 [ 365.752713][ T8] usb 1-1: config 0 interface 48 has no altsetting 0 [ 365.772346][T10269] macvlan0: entered promiscuous mode [ 365.796492][ T8] usb 1-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 365.820163][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 365.867262][ T8] usb 1-1: config 0 descriptor?? [ 366.129323][ T8] usb 1-1: string descriptor 0 read error: -71 [ 366.148632][ T8] gspca_main: sunplus-2.14.0 probing 041e:400b [ 366.160367][ T8] gspca_sunplus: reg_w_riv err -71 [ 369.579686][ T11] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 369.588526][ T5711] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 369.602448][ T1041] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 369.618154][ T62] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 369.626866][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 369.698682][ T928] usb 2-1: selecting invalid altsetting 0 [ 369.710683][ T8] sunplus 1-1:0.48: probe with driver sunplus failed with error -71 [ 369.713855][T10269] macvlan0: left promiscuous mode [ 369.720875][ T928] usbtest 2-1:1.1: probe with driver usbtest failed with error -22 [ 369.735786][ T8] usb 1-1: USB disconnect, device number 13 [ 369.747856][ T928] usb 2-1: USB disconnect, device number 12 [ 369.887061][T10278] netlink: 'syz.0.1732': attribute type 4 has an invalid length. [ 369.928920][T10278] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.1732'. [ 370.437326][T10299] dummy0: entered promiscuous mode [ 370.456062][T10299] vlan2: entered promiscuous mode [ 370.477467][T10299] vlan2: entered allmulticast mode [ 370.505640][T10299] dummy0: entered allmulticast mode [ 370.527214][T10299] dummy0: left allmulticast mode [ 370.550888][T10299] dummy0: left promiscuous mode [ 370.904777][T10313] netlink: 'syz.0.1746': attribute type 4 has an invalid length. [ 370.922892][T10313] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.1746'. [ 370.932534][ T8] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 371.143314][ T8] usb 2-1: Using ep0 maxpacket: 32 [ 371.163049][ T8] usb 2-1: config 0 has an invalid interface number: 48 but max is 0 [ 371.202241][ T8] usb 2-1: config 0 has no interface number 0 [ 371.222512][ T8] usb 2-1: too many endpoints for config 0 interface 48 altsetting 48: 48, using maximum allowed: 30 [ 371.257887][ T8] usb 2-1: config 0 interface 48 altsetting 48 has 0 endpoint descriptors, different from the interface descriptor's value: 48 [ 371.410119][ T8] usb 2-1: config 0 interface 48 has no altsetting 0 [ 371.611735][ T8] usb 2-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 371.789424][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 372.024623][ T8] usb 2-1: config 0 descriptor?? [ 372.058345][T10330] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 372.225868][T10336] dummy0: entered promiscuous mode [ 372.231158][T10336] vlan2: entered promiscuous mode [ 372.242263][ T8] usb 2-1: string descriptor 0 read error: -71 [ 372.268728][T10336] vlan2: entered allmulticast mode [ 372.271365][ T8] gspca_main: sunplus-2.14.0 probing 041e:400b [ 372.282519][T10336] dummy0: entered allmulticast mode [ 372.299823][T10336] dummy0: left allmulticast mode [ 372.313807][T10336] dummy0: left promiscuous mode [ 372.328334][ T8] gspca_sunplus: reg_w_riv err -71 [ 372.343933][ T8] sunplus 2-1:0.48: probe with driver sunplus failed with error -71 [ 372.375967][ T8] usb 2-1: USB disconnect, device number 13 [ 372.433616][T10342] netlink: 'syz.2.1758': attribute type 4 has an invalid length. [ 372.456306][T10342] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1758'. [ 372.654290][T10345] sp0: Synchronizing with TNC [ 374.563455][ T5084] ================================================================== [ 374.571568][ T5084] BUG: KASAN: slab-use-after-free in hci_cmd_timeout+0x1d9/0x1e0 [ 374.579302][ T5084] Read of size 2 at addr ffff88807a970178 by task kworker/u9:2/5084 [ 374.587286][ T5084] [ 374.589780][ T5084] CPU: 1 PID: 5084 Comm: kworker/u9:2 Not tainted 6.10.0-rc6-syzkaller-00210-gd270dd21bee0 #0 [ 374.600109][ T5084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 374.610175][ T5084] Workqueue: hci0 hci_cmd_timeout [ 374.615307][ T5084] Call Trace: [ 374.618586][ T5084] [ 374.621614][ T5084] dump_stack_lvl+0x241/0x360 [ 374.626315][ T5084] ? __pfx_dump_stack_lvl+0x10/0x10 [ 374.631958][ T5084] ? __pfx__printk+0x10/0x10 [ 374.636556][ T5084] ? _printk+0xd5/0x120 [ 374.640716][ T5084] ? __virt_addr_valid+0x183/0x520 [ 374.645834][ T5084] ? __virt_addr_valid+0x183/0x520 [ 374.650949][ T5084] print_report+0x169/0x550 [ 374.655550][ T5084] ? __virt_addr_valid+0x183/0x520 [ 374.660669][ T5084] ? __virt_addr_valid+0x183/0x520 [ 374.665810][ T5084] ? __virt_addr_valid+0x44e/0x520 [ 374.670943][ T5084] ? __phys_addr+0xba/0x170 [ 374.675471][ T5084] ? hci_cmd_timeout+0x1d9/0x1e0 [ 374.680429][ T5084] kasan_report+0x143/0x180 [ 374.684953][ T5084] ? hci_cmd_timeout+0x1d9/0x1e0 [ 374.689926][ T5084] ? process_scheduled_works+0x945/0x1830 [ 374.695645][ T5084] hci_cmd_timeout+0x1d9/0x1e0 [ 374.700441][ T5084] ? process_scheduled_works+0x945/0x1830 [ 374.706176][ T5084] process_scheduled_works+0xa2c/0x1830 [ 374.711732][ T5084] ? __pfx_process_scheduled_works+0x10/0x10 [ 374.717721][ T5084] ? assign_work+0x364/0x3d0 [ 374.722321][ T5084] worker_thread+0x86d/0xd50 [ 374.726929][ T5084] ? __kthread_parkme+0x169/0x1d0 [ 374.731990][ T5084] ? __pfx_worker_thread+0x10/0x10 [ 374.737109][ T5084] kthread+0x2f0/0x390 [ 374.741207][ T5084] ? __pfx_worker_thread+0x10/0x10 [ 374.746341][ T5084] ? __pfx_kthread+0x10/0x10 [ 374.750959][ T5084] ret_from_fork+0x4b/0x80 [ 374.755422][ T5084] ? __pfx_kthread+0x10/0x10 [ 374.760024][ T5084] ret_from_fork_asm+0x1a/0x30 [ 374.764899][ T5084] [ 374.767918][ T5084] [ 374.770240][ T5084] Allocated by task 5084: [ 374.774566][ T5084] kasan_save_track+0x3f/0x80 [ 374.779343][ T5084] __kasan_slab_alloc+0x66/0x80 [ 374.784381][ T5084] kmem_cache_alloc_noprof+0x135/0x2a0 [ 374.789851][ T5084] skb_clone+0x20c/0x390 [ 374.794121][ T5084] hci_cmd_work+0x29e/0x670 [ 374.798633][ T5084] process_scheduled_works+0xa2c/0x1830 [ 374.804630][ T5084] worker_thread+0x86d/0xd50 [ 374.809247][ T5084] kthread+0x2f0/0x390 [ 374.813326][ T5084] ret_from_fork+0x4b/0x80 [ 374.817762][ T5084] ret_from_fork_asm+0x1a/0x30 [ 374.822550][ T5084] [ 374.824880][ T5084] The buggy address belongs to the object at ffff88807a970140 [ 374.824880][ T5084] which belongs to the cache skbuff_head_cache of size 240 [ 374.839467][ T5084] The buggy address is located 56 bytes inside of [ 374.839467][ T5084] freed 240-byte region [ffff88807a970140, ffff88807a970230) [ 374.853192][ T5084] [ 374.855523][ T5084] The buggy address belongs to the physical page: [ 374.861947][ T5084] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7a970 [ 374.870718][ T5084] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 374.877852][ T5084] page_type: 0xffffefff(slab) [ 374.882971][ T5084] raw: 00fff00000000000 ffff888018aa9780 ffffea0000ab39c0 dead000000000002 [ 374.891647][ T5084] raw: 0000000000000000 00000000000c000c 00000001ffffefff 0000000000000000 [ 374.900229][ T5084] page dumped because: kasan: bad access detected [ 374.906670][ T5084] page_owner tracks the page as allocated [ 374.912394][ T5084] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 5068, tgid 5068 (syz-executor), ts 286114896523, free_ts 286114715202 [ 374.933255][ T5084] post_alloc_hook+0x1f3/0x230 [ 374.938217][ T5084] get_page_from_freelist+0x2e4c/0x2f10 [ 374.943788][ T5084] __alloc_pages_noprof+0x256/0x6c0 [ 374.949013][ T5084] alloc_slab_page+0x5f/0x120 [ 374.953793][ T5084] allocate_slab+0x5a/0x2f0 [ 374.958408][ T5084] ___slab_alloc+0xcd1/0x14b0 [ 374.963097][ T5084] __slab_alloc+0x58/0xa0 [ 374.967439][ T5084] kmem_cache_alloc_noprof+0x1c1/0x2a0 [ 374.972906][ T5084] skb_clone+0x20c/0x390 [ 374.977160][ T5084] dev_queue_xmit_nit+0x419/0xc10 [ 374.982191][ T5084] dev_hard_start_xmit+0x15f/0x7e0 [ 374.987396][ T5084] sch_direct_xmit+0x2b6/0x5f0 [ 374.992167][ T5084] __dev_queue_xmit+0x1a24/0x3d30 [ 374.997197][ T5084] ip_finish_output2+0xd41/0x1380 [ 375.002235][ T5084] __ip_queue_xmit+0x118c/0x1b70 [ 375.007181][ T5084] __tcp_transmit_skb+0x2557/0x3b80 [ 375.012391][ T5084] page last free pid 5068 tgid 5068 stack trace: [ 375.018726][ T5084] free_unref_page+0xd19/0xea0 [ 375.024196][ T5084] poll_freewait+0x202/0x250 [ 375.028794][ T5084] do_select+0x1786/0x1900 [ 375.033230][ T5084] core_sys_select+0x6f4/0x910 [ 375.038008][ T5084] __se_sys_pselect6+0x319/0x3f0 [ 375.043046][ T5084] do_syscall_64+0xf3/0x230 [ 375.047562][ T5084] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 375.053469][ T5084] [ 375.055795][ T5084] Memory state around the buggy address: [ 375.061429][ T5084] ffff88807a970000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 375.069496][ T5084] ffff88807a970080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc [ 375.077585][ T5084] >ffff88807a970100: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 375.085645][ T5084] ^ [ 375.093706][ T5084] ffff88807a970180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 375.101765][ T5084] ffff88807a970200: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc [ 375.109874][ T5084] ================================================================== [ 375.127864][ T5084] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 375.135105][ T5084] CPU: 1 PID: 5084 Comm: kworker/u9:2 Not tainted 6.10.0-rc6-syzkaller-00210-gd270dd21bee0 #0 [ 375.145370][ T5084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 375.155451][ T5084] Workqueue: hci0 hci_cmd_timeout [ 375.160522][ T5084] Call Trace: [ 375.163819][ T5084] [ 375.166772][ T5084] dump_stack_lvl+0x241/0x360 [ 375.171490][ T5084] ? __pfx_dump_stack_lvl+0x10/0x10 [ 375.176719][ T5084] ? __pfx__printk+0x10/0x10 [ 375.181500][ T5084] ? preempt_schedule+0xe1/0xf0 [ 375.186361][ T5084] ? vscnprintf+0x5d/0x90 [ 375.190727][ T5084] panic+0x349/0x860 [ 375.194661][ T5084] ? check_panic_on_warn+0x21/0xb0 [ 375.200253][ T5084] ? __pfx_panic+0x10/0x10 [ 375.204720][ T5084] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 375.210741][ T5084] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 375.217122][ T5084] ? print_report+0x502/0x550 [ 375.221929][ T5084] check_panic_on_warn+0x86/0xb0 [ 375.226905][ T5084] ? hci_cmd_timeout+0x1d9/0x1e0 [ 375.231879][ T5084] end_report+0x77/0x160 [ 375.236296][ T5084] kasan_report+0x154/0x180 [ 375.240871][ T5084] ? hci_cmd_timeout+0x1d9/0x1e0 [ 375.245869][ T5084] ? process_scheduled_works+0x945/0x1830 [ 375.251634][ T5084] hci_cmd_timeout+0x1d9/0x1e0 [ 375.256448][ T5084] ? process_scheduled_works+0x945/0x1830 [ 375.262289][ T5084] process_scheduled_works+0xa2c/0x1830 [ 375.267887][ T5084] ? __pfx_process_scheduled_works+0x10/0x10 [ 375.273988][ T5084] ? assign_work+0x364/0x3d0 [ 375.278611][ T5084] worker_thread+0x86d/0xd50 [ 375.283238][ T5084] ? __kthread_parkme+0x169/0x1d0 [ 375.288296][ T5084] ? __pfx_worker_thread+0x10/0x10 [ 375.293436][ T5084] kthread+0x2f0/0x390 [ 375.297542][ T5084] ? __pfx_worker_thread+0x10/0x10 [ 375.302685][ T5084] ? __pfx_kthread+0x10/0x10 [ 375.307300][ T5084] ret_from_fork+0x4b/0x80 [ 375.311728][ T5084] ? __pfx_kthread+0x10/0x10 [ 375.316337][ T5084] ret_from_fork_asm+0x1a/0x30 [ 375.321150][ T5084] [ 375.324490][ T5084] Kernel Offset: disabled [ 375.328820][ T5084] Rebooting in 86400 seconds..