last executing test programs: 5.886191963s ago: executing program 1 (id=3890): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)={0x90, r1, 0x5, 0x70bd2a, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x54, 0xe, {{{0x0, 0x0, 0x8, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, {0xff}, @device_b, @device_a, @from_mac, {0x4, 0x3}}, 0x2, @random, 0xa082, @val, @val, @val={0x3, 0x1, 0x4}, @val={0x4, 0x6, {0x0, 0x2, 0xc, 0xff56}}, @val={0x6, 0x2, 0x46}, @void, @val={0x25, 0x3, {0x0, 0x0, 0xf5}}, @val={0x2a, 0x1, {0x1}}, @void, @void, @val={0x72, 0x6}, @val={0x71, 0x7, {0x1, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x2, 0x4}}, @void}}, @NL80211_ATTR_BEACON_TAIL={0x8, 0xf, [@supported_rates={0x1, 0x2, [{0x18, 0x1}, {0x1, 0x1}]}]}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8, 0xc, @random=0x101}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x90}, 0x1, 0x0, 0x0, 0x20004090}, 0x0) 5.544475534s ago: executing program 4 (id=3892): sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x404c000) r0 = socket(0x10, 0x803, 0x0) recvmmsg(r0, &(0x7f0000000e00)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000e80)=""/152, 0x98}], 0x1}, 0x8}], 0x1, 0x2000, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x321}, {&(0x7f0000000280)=""/85, 0x21}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000580)=""/106, 0x659}, {&(0x7f0000000980)=""/73, 0xd}, {&(0x7f0000000200)=""/77, 0x69}, {&(0x7f00000007c0)=""/141, 0xc4}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}, 0x5}], 0x4000000000003b4, 0x2000, &(0x7f0000003700)={0x77359400}) 4.373804165s ago: executing program 0 (id=3899): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) r3 = getpid() r4 = syz_pidfd_open(r3, 0x0) setns(r4, 0x24020000) r5 = syz_clone(0x16040000, 0x0, 0x0, 0x0, 0x0, 0x0) r6 = syz_pidfd_open(r5, 0x0) setns(r6, 0x10000000) 3.884225018s ago: executing program 2 (id=3903): r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, 0x0, 0x40810) recvmsg$kcm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000001c0)=""/180, 0xb4}, {&(0x7f0000001500)=""/4096, 0x1000}], 0x2}, 0x40) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a80)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @masq={{0x9}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3cd2e7b3d6526bf5}}}, 0x68}}, 0x0) r2 = socket$kcm(0x2, 0x3, 0x84) sendmsg$inet(r2, &(0x7f0000001000)={&(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10, &(0x7f0000000080)=[{&(0x7f0000001640)="5346f7f8", 0x20}], 0x1, &(0x7f0000000580)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @loopback}}}], 0x20}, 0x0) 3.850142339s ago: executing program 2 (id=3904): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x4000, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xcc}}, 0x2000810) 3.782199901s ago: executing program 2 (id=3905): r0 = socket$kcm(0x11, 0x200000000000002, 0x300) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001540)=ANY=[@ANYBLOB="bf16000000000000b7070000000100004870000000000000500000000000000095000000000000002ba728041598fbd30cb599e83d24a3aa81d36bb3019c13bd23212fb56fa54f2641d8b02c3815e79c1414eb07eae6f0711e6bd917487960717142fa9ea4318123f602000000000080de89e661168c1886d0d4d94f204e34ff65c26e278ef5b915395b19284a1a4bc72fbc1626e3a2a2ad358061d0ae0209e62f51ee988e6ea604ce974a22a550d6f97080980400003e05df3ceb9f1feae5737ecaa80a666963c474c2a100c788b277beee1cbf9b0a4d3881dcc7b1b85f3c3d44aeaccd3641110bec4e90a6341965c39e4b3431abe802f5ab3e89cf6c662ed4048d3b3e22278d00ce00000000d3a02762c2951257b85802189d74005d2a1bcf9436e192e23fd275985bf31b714f000bcab6fcd610f25f5888000000003f11afc9bd08c6ebfbb89432fb465bc52f49129b9b6150e320c9901de2ebb9000000018e3095c4c5c7a156cec33a667dccaff950ca1e5efdd4c968dacf81baa3a509b1041d06f6b0097c430481824a3f4fddd3c643f630ba175d876defd3541772f26e27c44cfdb2d85d6d29983e830a9cdd79837b3468e8c67a571d0a017c100344c52a570dd39877dfb2ff1ae66e1ce917474b2e650ae630afd086004c4a56c6cce6e51723257c872c5255f20100000000000000f041b665ab21372c8d8b7bac5b5c784d20a4a24d8dbd75062e1daef9dead619cc6e7baa72707157791c3d2a286ffb8d35452bb5d36c2a8682bf7ecbd53f950ef4709ec01e230d2f53594ef4839c6130c4c13a0cca84b9935f771fd49e480cd9d48aeb12b1d6acabd38a817bcd222614d1f62734d679039a97d2b74f9e8e997ccd314000f7477137f4e8e7025123e783df8b8a17e3aa9fe1f662aef87a065b03cfb65b4dfe4f1b56e1f23128d743753a1de172d683d5892ce9414a1d98ea93e3d35dbb6c23b90cf36e83b8a434a97d09343d7f83079ccb02e69d384146056d125cfa788237874dd42dae334bda042819a2aa24dba1c25be2794448b4f63483026b5e34d44705b76ef29241adab0dd7d68bf975e02069f6f2425e1bc97a3d588085f16bef63a06578d4f5de7bfb6aaa75f16996d536256c02284cb1d3a6fb8cae87691fae365a70c3fc69e1565bba8dd8a8ca049f798abe646f738bebd69413afc9d8a5edd7aaa000000000000001e6c2f2a287c5278a218dbfaffffff00a14db5cfa6819eb1d39c48cfdc80d215c9e16e0c4736c819363154cca4e2f89800d18c89d7f46f679df6c9e2952ae1ebfd0ca88368ee6ce139e8b5822c22cf2e9dde943d34c432e1001171792c65986146666a5490928441f47e0fe5eac41824ca1fd0eb71aa243c88d5480efd8329d9a733d8f9ffffff5f912ac4e34bf6ea8a86da707b03bddb491ba0cc98f6be92c50008a2b50025419d1476c73132ca7ca26ce8a7e3ffb700f09e157f9b844051f1a642aca9ff98c9036471ccff0522903e7bcf62e18f7696bbc280b95e8e0d6fd5644b0ebde3a95b06548862de809d3dae3cccf109f7c78e8479a345e800000000000000000000009455bf417627ce723a5d9103706aba69279500bb82f6b5a3ddc0bd9856712945b70c75ce5b722578820820d010d7a3cffc99fc647d0b82ef26ab708c0b19ed144be51c3b398f0e6bb7a30006000000cba12953d58cff0f0378740fe6662f377b97d8e7cdb047acd083d3cd3856476a60a49ad127ba6570bafc2bbcf9ee721fd9cb467ff071e5604fbf0491245c0000007d932d7a64de4c4aa433fc0840aff7c47da3a4c6966d0000000000000000f6bfbae29e8a6e2a889f6ef6869d82d6bd73eb76b65c7a35a54a4a6b8ad4600e3a972a0bb5971a5f16590b0a03dafa3fd1118765cc8ab9fccf3b51c41a339f200f2fa33006910a679a9ae0187b4d750c4bd244cb0cbfd23b265f4d4da448a7a0d19c5e430a31609dfa2dde267551467eb6475293dd7012cc449009981f22820e57a0eff234ccfe21d7a2302e000669753d3c3432cc14ee1abe724adb6b5431befedd3e22971118f0e21aed1823cb7dde8212a8531bd9691dd4cc6a370e9eb56b3d790b98f2bd0db1e5de6a146597b2cbb7103040d2a39d7965d34df524b760ab92efcce7dd1574052c735935bf6a752c015c7f5ffee9ff66e5dd2866b15b6e0d17618cb1f5c1ee4b051f47db7aa110f499f840a5c965443d725556351ee25fe09f69494b053678dcadcf02e063dff2fa4bef1ac3bbbebe6c74d71ec3b23e29895eff1d1017024fe3e8cc759b05785adc346b7ffd05963f92c1d0d7d90ba878ad89e490f3e29ac51d30632869a534418f916bf6fe8167827a8e6c8f8b391c822805cb0adf1b8bd6947ff208753eb0d208ce14f7b206b2e02c21e963abc5ceb735c1b3c46b0a843de52a903375dfb663a8d8ee9c2b2705c1a81d9d3b9656b219c8cd99c9cafcd0d0540884d97aecb19983fc6af29ab44a82aff9cba921192c665b877af6539bdb1b567f481ba07982e7ad758f4e1eac69e7e88a63960975f490e161e371ec8534791e3b61c685d900a9c0839208356b53750e76fcc3c2d1bddcbd83897921414d0c02e8188f3df79ea2a5c5444004830e6cb227ca1bdafb977c00000000003a417193b8c5d793687335a930867094fd6a78218218e04b705ec62f1608cb569b81914e68f175b392af6bc4fd2121d7fd276af2c97a441b56e7a0687d98b8e76d8d0d231e4fe00be1de76bd19cc12e2bd938eb681ed6bc951c1b4f7c51af59eea4d40c6000000000200778a677b72786311153271a3313da02645e11761699e4d04ac86dd14ff7b9a10d3fa74696fe3953a5b7706bf5d1faba4b18808d9cb0e9db696dec4e0820ee4028d7225a2c9c427cf64cbde6fba056b2006b7a37c1181d530fb865e235cd302f3b4071ee5237ada986b9e5e3144bf479f277f10656ad3744037ccc9c63685a6f1109d2ea73773d3635f61497f1fa1ea4a16f601800bf3e59141fbf05a96113320c445f9ba8596970d5254727e804fbd99ccefb7c09269dd2c5c25e56e169ac15980f3f85f7ca36dd5950ef5b64fd46f123311829534a82940994199b3cf7a8fabea9930952f5da9b909c1946e55289f668c423fcbb31ae91864c882313151741a67538c9689dc8ecc9903c7041e5c0704e2fa55a756487517a7445cbd9e3f5175e41c0000000000000000000a000000bf98efd587fffe326f474b0b089c017b16c0062cbce96f5adebec52a79f9363909842f79c50a1520be46d87003137e4c5031f00123e812a5e37cd52c9eb7336281cb8c6ce9934b157d7875a70eaf103cb3938e2361c51cd1eab8a26b232acf6bf0ab829c26dab637538b2eb1420d812d2b80c777710ba0f18e4661681aa218d9ba54023ab4305d77eb15611ae2545835e9d30e9f6d4fb43a291c69545a1eea0f8720431132d8549f99bf6c5cb060da70cbb59d0a000000000034d083fc37d2449f72de0cbea4bc1dc89c136cdbc504f849d5502d77a95c7bfff4cd9c03058d0d4d07ea64824f1acf2b39389f675f39d01719cdbab3f1ce10609c8d7b3e37cb99b41da5e485a441b6a103549f55ab09dc98767763d1f2fafd45bb7d2b40050d1f8292f4d9ec6d0000000000003932062290f4996fdd55b06023437e9e2072daf7f5d82f6f1b5b89a41134f4dc2e65bb11272fdf8c8141f41d6160b3d8b6ecd16d14267f61b4881adee7f07f3d6af5ae79e16fe2c3f55ac7a6392d2e1d9b4286b6c3e1f5a76b85ed6e1f0000c67e6c5fcdc8c39381be4799b8cb2d08b8262c807dd755e22b801162381aa9d1af2bbc9cfd497585337eac408b8475b47a392a10cae349160f128e5f873a58064eb400c36a90624f6aed398a215e9ce64522ab249f67c38a656d32ecff5cdb2b039c4abf349d2c0f88a42e9189bbfa7f5cf35b6e7ef8f9d33163b7ea875583e3aec4714c9c4ca3ecb04f2720237615a28bf310b58ffa2a103216fdcc8c2d8f5d55e5e7ebf147105272aaae56e86d856b3cf79a3f7306436762dd1a08ce873e07cebc7892ec6f9f696da38feed3dc0001500e34adae1ba89a32bad2af9030f840f1ba46cdadd5cbacc59352c290f55d971b65953533668c25f21d8d62d849e9058eaa97c63491568887548f668cdbca2abf01a361a0b64d8b523e669da350e3ec7445dfbf366b0b3bc5e76824a1e43eaaeca70db90f2fa39596443447671933079a24fe3681ad9ac361f71ac279a688f10a1cc4df1112105edebc5e3bbc394c8305ab129ca2dfb9b7c5e9d097bd01b495cccefddce569117f7f5d6a6270ff0f0f4c371029ca8489571b55841bf3dd003bc81460eee57ceb3c33f4e9300b0144fe040cf5fcfcbb616c2070237881afdb314cecd1623f3e55ab8b7627fa1be349145a8d6313cbc790eefe2020138e82fb9d351be4ddcbcc9bc048dd3db5828d16baec6e07a007f0030f34ea3cfd524d6fa1d45da5641d6c94e1d3ae7fba1c85035d2a60ef1696e0d96aa1c60019f73ae0aa6113cd66ef26b5777337c26e1461405d86fdf091edd526f25cada439bb3609ed5c35ab60a539ade786bd6004d0ea3edbd6c4da0d8e8be8c771c8c8a0b07d9859e04adb18964dcce9bce546074c26dffbc2df372a016e8c845d4257000000000000000000000000000000000000f29657697d9c2b132b2dc2f5ea5122836582a7e85fe2bc166f17aefd9d861de0191f5277d4a3b5afb6f23d9eea2459f7844606e1202768d83c24cc791bde44a448022bbfa571fe029a7b2d5152639ee283894ab6168992ff0acc01b39a078f285ce615351f262019586eb9447bb3eaffd7b53d8f37ca6c5f1027dd5b7592996c8a7789ba108979cc9ad07ed86682843e2eaa855dd01443ee6ffde1811f10039d5d14458177096e15cc4d8f2582a1bea5ccb9f10f615c87c441dc50a244bc138a1cae9868c3079bafe69769000000000000000000e99b63029d219cd3545a8426b56554a9f265d3557eefb3602894507c256cb8ee9ebadfecb6afeb84ba757bfa8d00a5af0dd6aa1e8144ef8ef04410d52204c335408941b8eccc5c734cc6a05247142ed647f89bcb5c043acfb382b9cc918bc3cdc368983157851cdf678800aa7eb2a6cbc12c7ae23bc88b8f10223ab2a093429f3f6965bc5af0114cf6f246e891e20ecaad7059866506c3000000000c3230e901e885b7a4a36bdfdb5ce7a2e5807a0f4c1d461d1243fccf51b875b49490cd7d044e7a1e1a4c013fae1f070a8a37ab90da2efc6c875b3aab34b75a252072691fc97bef0fed8ee597ab83bb53f89c36bc2ee3ad54904542f66dc94132df75fc9944882d6f2e13b7057e0000000000000000000000000000000000001b726c0ccd24000000000000cfd2f4d005578b9ed06e1c41ef3b411066739de953d39b968caaca15"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000000)=r1, 0x4) r2 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r2, 0x107, 0xf, &(0x7f0000000000), 0x4) sendmsg$kcm(r2, &(0x7f0000000040)={&(0x7f0000001340)=@hci={0x1f, 0x0, 0x12}, 0x80, &(0x7f0000000140)=[{&(0x7f00000006c0)="62043c009e0101000001ad2f1eafbcf706e12b30087f5c582d26116642c47a5f8786ee601e65ab3c06d4b8bf4a81cb3e247345af215542f41ddf82f618438a34f90186cee8441e2305e495d04ad68ab8fef69df82de6456fbb48b63f60c9c9097be968ea872c4801e5d0711b4373c7224ed7a9cbd49d40f82bdb6afc0036824be26fc96e49a70e90797e6caa1b38ddacb3cb2b3eac7c068a185b644582f25edfa3d6a46e2a894ca809a422a6a29bd7145bb6e7992570484d6a710292ea0c3f97b7cbff701684b13c5593262534a7af9eab48f2ca2d74d9a4de33", 0xda}, {&(0x7f0000000c00)="294f28dfe56d2c8ba23606bc7ecd1f634665cb5bed07bac5684da6eb21da1d6926910c5a0c653b0106869a804dd2a44ce42557b2e32e2bd367e9d01a5e7380cc4fc8e7c9044cc4115b978ca7427d749beaefdf2e48b369cb169ad7b1ced26bb161297c7e56a3e83e91b379c179017f8b4657d1b22eca6bca33036d33e1a684059c53cea91ca6637ac780ab2bcfc22a666cd4e5876f11e9aee4724b7cb59731c97e70ebd7f7483994eb07de2f3c6a9448c3206cff6d290b433f331c2399e99ee3bdecf5689eddc3e549966c1106a933bbc47b65ca6e9d7efbee6e3b1dbe87313111e85336d6890002db17751b6044f964dc90ea466f90856112be7f0a54b39a3f66cc4c39544300093158af39cdde429f50d8c750", 0x114}, {&(0x7f0000000a40)="0a985d7879f1bbff16c7d66e33657e452299fd0ef8c2afda588eb05891b7da030e01452a7986bea19b59c98dc2996c0ea09604d00ea48336d0c813d83025aca8623a5915ddddce2c11c5e374f2e0f387d2398fe0b899ff60dc7a73addcf253cf32aafbe2b9f90799e7fc583bdd9b564697ba988080270bdceb4714219a2d4c229fffb0d86fb286e3553a8b3ac02badc66ada5fceabe5f63c79da96e641a45901128063d6e1e31b11bcfbc3e70bd3c8c6c0be9f653f977f16", 0xfff0}, {&(0x7f0000000840)="6f4720baeb54", 0x6}], 0x4}, 0x0) 3.733665004s ago: executing program 1 (id=3906): socket$nl_route(0x10, 0x3, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) openat$audio(0xffffff9c, 0x0, 0x402, 0x0) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x10) r3 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x0, @fd, 0x0, 0x20000000, 0x801e, 0x0, 0x1, {0x1}}) r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SCSI_IOCTL_GET_PCI(r4, 0x5393, &(0x7f0000000000)) syz_open_dev$video(0x0, 0x20000000005, 0x8100) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r3, 0xc4c85512, &(0x7f0000000280)={{0x6, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x0, 0x0, 0x40000000000, 0xffffffffffffffff, 0xffffffefffffffff, 0x0, 0x4, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfffffeffbfffffff, 0x0, 0x0, 0x0, 0x3, 0x80000000, 0x3, 0x0, 0x0, 0x4, 0x0, 0x6, 0xffffffffffffffff, 0x40, 0x0, 0xfffffffffffffffd, 0x7fffffff, 0xb, 0x6, 0x0, 0x0, 0x0, 0x9, 0x0, 0x10000, 0x1000, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xb, 0x10000, 0x7785, 0x0, 0x4, 0x4, 0x8, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x80000000000, 0x0, 0x4, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x1000000000, 0x0, 0x80000000000000, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x2, 0x0, 0x100, 0x81, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x2, 0x100000000000, 0x0, 0x3, 0x2, 0x0, 0x7, 0xc0c0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xffffffffffeffffc, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x80]}) r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000240), r2) sendmsg$TIPC_CMD_SHOW_PORTS(r2, &(0x7f0000000800)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000780)={0x1c, r5, 0x1, 0x70bd2a, 0x25dfdbff, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x20000010) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xe, &(0x7f0000000080)=0x800002, 0x4) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x550, 0x40, 0x1800, 0x0, 0xd968d5b908ac0cde, 0x0, {0x0, 0x8}, {0x350}, {0xf4ef}, {0x0, 0x0, 0xffe}, 0x1, 0x100, 0x0, 0xd614, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x4, 0x0, 0xb}) socket$nl_generic(0x10, 0x3, 0x10) sendto$rxrpc(0xffffffffffffffff, 0x0, 0x0, 0x20000000, &(0x7f0000000100)=@in6={0x21, 0x3, 0x2, 0x7, {0xa, 0x4e23, 0xe34, @local, 0x9}}, 0x24) socket$nl_route(0x10, 0x3, 0x0) 3.678472572s ago: executing program 4 (id=3908): socket$inet(0x2, 0x4000000000000001, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) close(0x3) openat$cgroup_subtree(r0, &(0x7f0000000200), 0x2, 0x0) r1 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xbbe8, 0x0, 0x0, 0xbfdffffc}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x8001}}) io_uring_enter(r1, 0x2b93, 0xf9d0, 0x22, 0x0, 0x0) 3.58535459s ago: executing program 2 (id=3909): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) mknodat$null(0xffffffffffffffff, 0x0, 0x8000, 0x103) r3 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r3, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) setsockopt$inet_msfilter(r3, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a010100000004"], 0x57) r4 = socket$netlink(0x10, 0x3, 0x0) writev(r4, &(0x7f00000003c0)=[{&(0x7f0000000380)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fdd411efc40800040000000000000000", 0x39}], 0x1) writev(r4, &(0x7f00000001c0)=[{&(0x7f0000000400)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000200000000000006040000000000f93132", 0x39}], 0x1) setsockopt$inet_mreqsrc(r3, 0x0, 0x28, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc) 3.377641422s ago: executing program 4 (id=3910): accept$alg(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e21, 0x3, @ipv4={'\x00', '\xff\xff', @loopback}, 0x4}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f0000000000)=0x7fffffff, 0x4) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x659, @empty, 0xff}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x80, 0x0, 0x0) recvmsg(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=""/29, 0x1d}, 0x100e2) 3.196564484s ago: executing program 4 (id=3911): r0 = gettid() timer_create(0x1, &(0x7f0000000800)={0x0, 0x21, 0x4, @tid=r0}, &(0x7f0000000000)) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x3ed4, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9) timer_settime(0x0, 0x1, &(0x7f0000000040), 0x0) r1 = memfd_create(&(0x7f0000000380)='\x9d#\x00\xe6Z\x00\xafq%\xa5\x83\xa6\xb5\x00\x8dy\xf3\xb2\xe6b \x00\x00\x00\x00\x00\x00\x01\x00\x00\xf7\xffg\xf5\x12oP\xfe\xe6\xd2SLR\xa1\x00\x00\x17\x1f$^\xe1\x00\x00\x00\x00\x00\x00\a\xff;\xeb\xf1\xd0\xce\xe5\x19\x12\b\x01\xd9\xae>/\x05\x00\x00\x00\x15\x00\x00\x00\xa1\xa2\xe0g\x98\xbf*\xdcc\x12.\xb7\xbe`\'\xcb\xb6\xaf\xdc\xa0D\x93.\xf25\x957\xec\xfb\xe6|\\\xe4h\xfc\x14\x05\x00\xfd\xc7\x00\x00\x00\x00\x91\x98\x15\xec\xdb\xaa\t9\x11\xb4h$&0\xdd\x19\x86\x90\xbe\xd7\xdc\n\xcbC\x15\xfcp\x11\xdai\f{a?\xd0\xe1{\x84\xb5\x82q\x19\xacS\x88|\x99\xfd\x9eS\x80\xcb\x14G\xfa\xff\xff\xff\xff\xff\xff\xff\xcd\xf0%\x97!\xba\xe3J\xc2t\x96\xf8\xb1\xd2\x16\x8e-k\x12\xdf\xb9\xb6Pr\xd4\xb5X\\\xdbD\n\x03G\x00\x04\x00\x00\xbc\xac\x18\xba\xce\xb3%QF\x03\b\x9dh\xcb)\xf4f\x12[\xf9\r\t\xef{h\xb0\xc0:\x8f|\x8f\x06\xf8T\x826`M\x11\x1c\xb0*8\v\x1e\xcf\x03\xd3\xe8,?P\xac\x86\x13b\xa8D\x0f\x93\xab\x1c\x11\x00\xc5\x8d\x82\x9c\xd6B[\xc9\x00\xf5]\x81\xf3\xfd\x06M\xbe\xf9\xba$v\x8e\x9e\xef\xbc\x86f)\x01\xba\xdb\x9em\xe9\"\x03\x933P\x9b\xcc\x9b\f\xa7\x8f9\x988\tgC\xbc\xe0\xc5\xf4\xe0E%\xd9\xd8w\x00k\x042Y\xd9\xc5\xe59\xa95\xd1m\xd8hCuZYi\x10D\xb9\xe6\xff\x04K%yH\xe5\xf4\x8b\x03Ca8\x1e\xe9\\#\xf8O\fw\xd9\xf5cF\xcc\x1a2ex\xb4\x0fi$\x97\x81.\x02\x04m\xfbT2\xd4\"\x1e\xf0\x16\x0f\x97\xe6j}J\xca\xb8)f\xd5\xfd>\x9bU\xb0\x03Zt0\xc0b\xad\xef@o\xc1\xd6\x17T\f\xc30\xe2\x89\xf6L\x1b1\x9c\t\xa7\x80\x1b:\xbb\x04\xd7\xd1\x06\xa0\xe9\xbah\xb6\xb2\xea/{Q\xca\x14\x13\x9ajWt\xc9\xecd\r\xd5)\x1d\xaf\n\xc0\xc1\x1d}DY\x95&\xe7\xf4U\xff\xcd&\a\x9f\x1bg\xe5|~\xc1\xc5n\x12%ur\xa1\x9e`\xc2\x01\b,\x18\xaf\xccD\xdeag\xc6\xf3\xd6\x94\x9d\xae\x8bl\xee\x7fu\xe5bu\x84\x04\xb3@\xa1\xf7\xc6\x13\xf9I\xfa\x12\xfc\x96\",aT\xfd\"\x01\x92\xb1\xbf\x8a\x15\x88\xfd\x8f\x88\x87\x82\x9c:L\xd2\xb8\xfa5\x066\x82\xf3_LUr\xfa\xd2\x99d \x97c9G\x99\xe3\xcc$\x96cu\x97\xe7\xc7a\tm\xe8F\xc7j\xf8\x98\x81\xe7\xf7\xab3F\xf4\x83Mav\xd21\v\x99HG\xdfx\x1cPl\t#\xc1\x8e\xddW\x00'/679, 0x7) fallocate(r1, 0x0, 0x8, 0x2) 3.119093674s ago: executing program 0 (id=3912): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e21, 0x3, @ipv4={'\x00', '\xff\xff', @loopback}, 0x4}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f0000000000)=0x7fffffff, 0x4) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x659, @empty, 0xff}, 0x1c) recvmsg(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x100e2) 2.88471292s ago: executing program 0 (id=3913): r0 = socket$kcm(0xa, 0x2, 0x0) sendmsg$sock(r0, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0) 2.744552547s ago: executing program 4 (id=3914): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) shutdown(r0, 0x1) bind$inet6(r0, &(0x7f0000000500)={0xa, 0x2, 0x0, @empty}, 0x1c) listen(r0, 0x7ff) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r1, &(0x7f0000000340)="fb", 0x1, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) 2.539063028s ago: executing program 0 (id=3915): r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x40810) recvmsg$kcm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000001c0)=""/180, 0xb4}, {&(0x7f0000001500)=""/4096, 0x1000}], 0x2}, 0x40) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a80)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @masq={{0x9}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3cd2e7b3d6526bf5}}}, 0x68}}, 0x0) r2 = socket$kcm(0x2, 0x3, 0x84) sendmsg$inet(r2, &(0x7f0000001000)={&(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10, &(0x7f0000000080)=[{&(0x7f0000001640)="5346f7f8", 0x20}], 0x1, &(0x7f0000000580)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @loopback}}}], 0x20}, 0x0) 2.274693242s ago: executing program 4 (id=3916): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) syz_usb_connect(0x3, 0x24, &(0x7f0000000480)=ANY=[@ANYBLOB="120110012bcad14047050373ba71010203010902"], 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, 0x0, 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r2, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000098000/0x1000)=nil, 0x1000, 0x23edb0095d38f17, 0x20010, 0xffffffffffffffff, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x11c, &(0x7f0000000000)=0x1ff, 0x0, 0x4) mq_open(0x0, 0x42, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) arch_prctl$ARCH_REQ_XCOMP_GUEST_PERM(0x1024, 0x1000000000006) r7 = socket$rds(0x15, 0x5, 0x0) ioctl$sock_SIOCSIFBR(r7, 0x8941, &(0x7f00000001c0)=@get={0x1, &(0x7f0000000840)=""/248, 0x1}) 2.217904119s ago: executing program 0 (id=3917): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xbf5ce000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f00000002c0)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(r3, &(0x7f00000021c0)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r3, &(0x7f0000000080)={0x50, 0x0, r4, {0x7, 0x29, 0x9, 0xffffffff9080edc4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x9}}, 0x50) syz_fuse_handle_req(r3, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006380)={0x20, 0x0, 0x0, {0x0, 0x1c}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setfsgid(r5) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000018c0)=ANY=[@ANYBLOB="0a000000d2cf00"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000180), 0x3, r6}, 0x38) r7 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_int(r7, 0x0, 0x33, &(0x7f0000000040)=0x80000001, 0x4) listen(r7, 0x0) r8 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_int(r8, 0x0, 0x33, &(0x7f0000000000)=0x80000000, 0x4) listen(r8, 0x3) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000380)={r6, &(0x7f0000001940), &(0x7f00000002c0)=""/187}, 0x20) 2.00614737s ago: executing program 1 (id=3918): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_JOIN_OCB(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x24, r1, 0x1, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1590}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000004}, 0x448d0) 1.741146579s ago: executing program 3 (id=3920): socket$nl_route(0x10, 0x3, 0x0) socket(0x40000000015, 0x5, 0x0) syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0) r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00') openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) r1 = openat$kvm(0x0, &(0x7f00000000c0), 0x800, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r3, 0xc048aeca, &(0x7f0000000080)) 1.510248999s ago: executing program 3 (id=3921): r0 = fsopen(&(0x7f00000003c0)='tracefs\x00', 0x1) close_range(r0, 0xffffffffffffffff, 0x0) 1.400238797s ago: executing program 3 (id=3922): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB, @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r4) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)=@newqdisc={0x70, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x7, 0xffffffff, 0x3}}}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x2, 0x3, 0x7, 0xfffffeaf, 0x1, 0x4, 0x2}}, {0x4}}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x40488c1}, 0x0) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 1.319043248s ago: executing program 2 (id=3923): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e21, 0x3, @ipv4={'\x00', '\xff\xff', @loopback}, 0x4}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f0000000000)=0x7fffffff, 0x4) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x659, @empty, 0xff}, 0x1c) recvmsg(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x100e2) 1.188405949s ago: executing program 2 (id=3924): set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0x7) bpf$MAP_CREATE(0x0, 0x0, 0x50) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) syz_open_dev$video(0x0, 0xd, 0x0) r3 = socket$kcm(0x2, 0x200000000000001, 0x106) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000180)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0) bind$alg(r4, &(0x7f00000006c0)={0x26, 'hash\x00', 0x0, 0x0, 'blake2b-160\x00'}, 0x58) sendmsg$inet(r3, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x34004811) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000000100000024000180060005004e230000060001000200000008000300ac1414aa0800060001"], 0x38}, 0x1, 0x0, 0x0, 0x4000011}, 0x4c080) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000c00)=ANY=[@ANYBLOB="14000000", @ANYRES16=r6, @ANYBLOB="010028bd7000fcdbdf2504"], 0x14}}, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000280)={'wlan1\x00'}) sendmsg$NL80211_CMD_NEW_INTERFACE(r7, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) 732.118475ms ago: executing program 1 (id=3925): syz_usb_connect(0x0, 0x1cb, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000240)={@val={0x8, 0x800}, @val={0x3, 0x0, 0x0, 0x0, 0x14}, @ipv4=@generic={{0x5, 0x4, 0x1, 0x2b, 0x41, 0x68, 0x0, 0x60, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast}, "11f3305280f125e6e11a9314b296b53b5d25867c0a8c27b6478984da4eb57d56be4ee0efb45c215a64d718cb6f"}}, 0x4f) 567.93038ms ago: executing program 3 (id=3926): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) ioctl$sock_SIOCBRDELBR(r0, 0x89a2, &(0x7f0000000000)='bridge0\x00') 416.631813ms ago: executing program 3 (id=3927): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000002c80)={0xa, 0x14e24}, 0x1c) connect$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c) recvmmsg(r0, &(0x7f0000009f80)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000b80)=""/4096, 0x1000}], 0x1}, 0x2}, {{0x0, 0x0, 0x0}, 0x8}], 0x2, 0x21, 0x0) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) 246.173161ms ago: executing program 0 (id=3928): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)={0x90, r1, 0x5, 0x70bd2a, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x54, 0xe, {{{0x0, 0x0, 0x8, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, {0xff}, @device_b, @device_a, @from_mac, {0x4, 0x3}}, 0x2, @random, 0xa082, @val, @val, @val={0x3, 0x1, 0x4}, @val={0x4, 0x6, {0x0, 0x2, 0xc, 0xff56}}, @val={0x6, 0x2, 0x46}, @void, @val={0x25, 0x3, {0x0, 0x0, 0xf5}}, @val={0x2a, 0x1, {0x1}}, @void, @void, @val={0x72, 0x6}, @val={0x71, 0x7, {0x1, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x2, 0x4}}, @void}}, @NL80211_ATTR_BEACON_TAIL={0x8, 0xf, [@supported_rates={0x1, 0x2, [{0x18, 0x1}, {0x1, 0x1}]}]}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8, 0xc, @random=0x101}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x90}, 0x1, 0x0, 0x0, 0x20004090}, 0x0) 235.450464ms ago: executing program 3 (id=3929): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_procfs(0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x3, 0x5, 0xf, 0x0, 0x2, 0x8, 0x8, 0xb31a, 0x3}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14) sendmsg$nl_route_sched(r2, &(0x7f0000006280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000740)=@newtaction={0x98, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x6a00}, [{0x84, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x80d, 0x0, 0x10000000, 0x5, 0x4}, 0x1, r4}}]}, {0x0, 0xa}, {0xc}, {0xc, 0x8, {0x2}}}}, @m_mpls={0x30, 0x2, 0x0, 0x0, {{0x9}, {0x1}, {0x4}, {0xc}, {0xc}}}]}]}, 0x98}, 0x1, 0x0, 0x0, 0x4008001}, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r5, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e24, 0x2, @empty, 0xcac2d78a}}, 0x0, 0x0, 0x43, 0x0, "ee8b0e650926a96ecc136e7fb980e989db9e8bf9b93129488f651a8de213eb94cd46e19d9c65a018444a131f4da58ae36556dd38ea6c029607462029add09240005c6776267517308a3d40aa1c788df6"}, 0xd8) connect$inet6(r5, 0x0, 0x0) setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r5, 0x11a, 0x1, &(0x7f00000001c0)=@ccm_128={{0x303}, "3d186e85f3a07d09", "a373047e6878fdb57fc2596912f8bdfd", "27edd157", "3684fa3381fd0182"}, 0x28) ioctl$int_in(r5, 0x5421, &(0x7f0000000140)=0x1) writev(r5, &(0x7f0000000080)=[{&(0x7f00000002c0)="ec", 0xfdef}], 0x1) close(r5) socket$tipc(0x1e, 0x5, 0x0) socket$tipc(0x1e, 0x5, 0x0) 48.568378ms ago: executing program 1 (id=3930): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000800)=0x400a, 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r0, &(0x7f0000000c80)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000540)="040e8f45fffdf50e4c7910c171b127c3cab890c81f614f27ade83b96cd6c4447059d829c0b000069ef24d84f082556fd1b43f878a65dcc23ad409d4ef51c5a36900c2a406d10a6a499793d7a2e03661510116d87dc79356005e01c7474b76cacaf8136be8cda811a39567f643c0612dc5d7cf19330c281bb05c1f040dd51aea0dc4d2afa3e4aaa6c38bce4cfaeb276b0da6be9d57fe307968e93f2e878", 0x9d}, {&(0x7f0000000840)="57c4451b3c7c75655c57ffb8dccde119b54a69a485415fd700812b78ca50a3e54c8889a100a7f82a7f53238a20b00bd47bc39e1db1b3e2694f378c94e9184aa53cc6032a2783db559dba2208439229a2bae2e355ebfe4f7563f0579056d94e75e1c33b5b68fe4cf4a85b48558a56b4e4076d56e10087c6ec2b3c50ea02951bbb8d8b36197ed4e2fcb1cf8686dffe5f3f9a3e9f565daa2ea6c783c11ef3f63dc91a0e66add12776e48fab54a2494e4fadc2ef", 0xb2}, {&(0x7f0000000a80)="7827d3e65741740426d89147d59fd333d253aded53fa8a969a0f05177236c017d4a616e2c81a0e06caf88f55f46992a594ecd5ba2c71a70b5e9002e3dcdb3bf067e087ad62c4b02c7c8345cc901abc0d990e0dfe9a5efccffccd163c7e4c10683fe57ad5eff3fc73d8e5878410b52606538f56778aef3e7fae1a0c4f64506cc6815e23929bea0316b3e35cc28e017fa57e5fe08ee8feb3718f6859119a51aa97bbeea8ec9c9afa7c9c8fe96023e7649b5e412642c78972184b9e7cb5a81b05c6f85bd24c01fa3c417c", 0xc9}], 0x3}}], 0x1, 0x4000000) 0s ago: executing program 1 (id=3931): socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$RDMA_NLDEV_CMD_SYS_SET(0xffffffffffffffff, 0x0, 0x40844) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x78, 0x802) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000040)={0x7, 0x6576, 0x3}) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r2, 0x100000000) kernel console output (not intermixed with test programs): evice number 75 [ 801.119186][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 801.163434][T15943] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2697'. [ 801.243672][ T50] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 801.253160][ T50] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 801.368198][T15950] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 801.521412][ T89] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 801.529916][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 801.560708][T15953] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2700'. [ 801.978499][T15974] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2709'. [ 802.018135][T15976] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 802.177225][ T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 802.258756][T15987] netlink: 'syz.4.2714': attribute type 10 has an invalid length. [ 802.266669][T15987] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2714'. [ 802.606633][T16004] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2723'. [ 802.654545][ T89] IPVS: starting estimator thread 0... [ 802.747959][T16008] IPVS: using max 29 ests per chain, 69600 per kthread [ 802.883626][T16019] netlink: 'syz.1.2730': attribute type 10 has an invalid length. [ 802.898266][T16019] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2730'. [ 803.149486][T16029] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2734'. [ 803.191089][T16029] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2734'. [ 803.215888][T16032] veth0_vlan: entered allmulticast mode [ 803.284777][T16032] ªªªªªª: renamed from vlan0 [ 803.892389][ T5902] IPVS: starting estimator thread 0... [ 803.905181][T16074] netlink: 'syz.0.2754': attribute type 10 has an invalid length. [ 803.916077][T16074] bridge0: port 1(batadv0) entered blocking state [ 803.923367][T16074] bridge0: port 1(batadv0) entered disabled state [ 803.997006][T16073] IPVS: using max 25 ests per chain, 60000 per kthread [ 804.357853][ T13] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 804.367400][ T13] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 805.128695][T16106] __nla_validate_parse: 2 callbacks suppressed [ 805.128725][T16106] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2769'. [ 805.160465][T16110] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2770'. [ 805.277294][ T24] net_ratelimit: 12 callbacks suppressed [ 805.277314][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 805.672435][T16136] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2782'. [ 806.119697][T16158] IPVS: dh: FWM 3 0x00000003 - no destination available [ 806.137209][ C0] IPVS: dh: FWM 3 0x00000003 - no destination available [ 806.145298][T16158] IPVS: dh: FWM 3 0x00000003 - no destination available [ 806.157633][ T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 806.166307][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 806.177130][ C0] IPVS: dh: FWM 3 0x00000003 - no destination available [ 806.264288][T16165] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2797'. [ 806.317107][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 806.448181][T16170] tipc: Enabled bearer , priority 0 [ 806.482099][T16170] syzkaller0: entered promiscuous mode [ 806.507881][T16170] syzkaller0: entered allmulticast mode [ 806.544720][T16170] tipc: Resetting bearer [ 806.573403][T16168] tipc: Resetting bearer [ 806.618142][T16168] tipc: Disabling bearer [ 807.363593][ T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 807.397982][ T30] kauditd_printk_skb: 30 callbacks suppressed [ 807.398000][ T30] audit: type=1326 audit(1760753820.227:981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16195 comm="syz.0.2809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f033598efc9 code=0x7ffc0000 [ 807.440906][ T30] audit: type=1326 audit(1760753820.267:982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16195 comm="syz.0.2809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f033598efc9 code=0x7ffc0000 [ 807.464639][ T30] audit: type=1326 audit(1760753820.267:983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16195 comm="syz.0.2809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f033598efc9 code=0x7ffc0000 [ 807.535151][ T30] audit: type=1326 audit(1760753820.267:984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16195 comm="syz.0.2809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f033598efc9 code=0x7ffc0000 [ 807.560042][ T30] audit: type=1326 audit(1760753820.297:985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16195 comm="syz.0.2809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f033598efc9 code=0x7ffc0000 [ 807.597083][ T5902] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 807.628291][ T30] audit: type=1326 audit(1760753820.297:986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16195 comm="syz.0.2809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f033598efc9 code=0x7ffc0000 [ 807.677289][ T30] audit: type=1326 audit(1760753820.297:987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16195 comm="syz.0.2809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f033598efc9 code=0x7ffc0000 [ 807.767356][ T30] audit: type=1326 audit(1760753820.317:988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16195 comm="syz.0.2809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=99 compat=0 ip=0x7f033598efc9 code=0x7ffc0000 [ 807.839640][ T30] audit: type=1326 audit(1760753820.317:989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16195 comm="syz.0.2809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f033598efc9 code=0x7ffc0000 [ 807.913193][ T30] audit: type=1326 audit(1760753820.317:990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16195 comm="syz.0.2809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f033598efc9 code=0x7ffc0000 [ 808.728355][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.734709][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 809.602090][T16265] netlink: 72 bytes leftover after parsing attributes in process `syz.0.2825'. [ 810.447183][ C0] net_ratelimit: 45 callbacks suppressed [ 810.447207][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 810.599312][ T5828] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 810.647226][ T5902] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 810.655595][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 811.219586][T16295] netlink: 'syz.0.2849': attribute type 10 has an invalid length. [ 811.243633][T16295] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2849'. [ 811.357062][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 811.696301][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 811.918676][ T9993] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 811.927250][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 811.936251][T16321] netlink: 'syz.2.2861': attribute type 10 has an invalid length. [ 811.965289][T16321] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2861'. [ 812.013190][T16321] batadv0: entered promiscuous mode [ 812.027047][T16321] batadv0: entered allmulticast mode [ 812.037501][T16321] bridge0: port 4(batadv0) entered blocking state [ 812.054445][T16321] bridge0: port 4(batadv0) entered disabled state [ 812.068598][ T7787] batman_adv: batadv0: IGMP Querier appeared [ 812.074608][ T7787] batman_adv: batadv0: MLD Querier appeared [ 812.684804][T16345] bridge0: port 3(syz_tun) entered blocking state [ 812.691440][T16345] bridge0: port 3(syz_tun) entered forwarding state [ 812.774719][T16345] 8021q: adding VLAN 0 to HW filter on device team0 [ 812.794768][T16345] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 812.896959][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 814.220801][ T30] kauditd_printk_skb: 27 callbacks suppressed [ 814.220819][ T30] audit: type=1326 audit(1760753827.047:1018): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16371 comm="syz.1.2882" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2f938efc9 code=0x7ffc0000 [ 814.280398][ T30] audit: type=1326 audit(1760753827.047:1019): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16371 comm="syz.1.2882" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2f938efc9 code=0x7ffc0000 [ 814.360886][ T30] audit: type=1326 audit(1760753827.047:1020): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16371 comm="syz.1.2882" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe2f938efc9 code=0x7ffc0000 [ 814.388537][ T30] audit: type=1326 audit(1760753827.047:1021): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16371 comm="syz.1.2882" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2f938efc9 code=0x7ffc0000 [ 814.429336][ T30] audit: type=1326 audit(1760753827.047:1022): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16371 comm="syz.1.2882" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2f938efc9 code=0x7ffc0000 [ 814.507320][ T30] audit: type=1326 audit(1760753827.047:1023): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16371 comm="syz.1.2882" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe2f938efc9 code=0x7ffc0000 [ 814.599037][ T30] audit: type=1326 audit(1760753827.047:1024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16371 comm="syz.1.2882" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2f938efc9 code=0x7ffc0000 [ 814.667264][ T30] audit: type=1326 audit(1760753827.057:1025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16371 comm="syz.1.2882" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2f938efc9 code=0x7ffc0000 [ 814.771370][ T30] audit: type=1326 audit(1760753827.057:1026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16371 comm="syz.1.2882" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe2f938efc9 code=0x7ffc0000 [ 814.850278][ T30] audit: type=1326 audit(1760753827.057:1027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16371 comm="syz.1.2882" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2f938efc9 code=0x7ffc0000 [ 814.940972][ T43] IPVS: starting estimator thread 0... [ 815.048120][T16397] IPVS: using max 30 ests per chain, 72000 per kthread [ 815.110388][ T5831] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 815.122267][ T5831] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 815.133159][ T5831] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 815.141680][ T5831] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 815.151058][ T5831] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 815.187368][ T5832] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 815.200229][ T5832] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 815.213506][ T5832] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 815.221717][ T5832] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 815.230889][ T5832] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 815.575233][T16426] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2904'. [ 815.757518][ T12] net_ratelimit: 29 callbacks suppressed [ 815.757532][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 816.003178][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 816.557078][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 816.722731][ T89] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 816.731483][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 816.830277][T16445] netlink: 'syz.2.2912': attribute type 10 has an invalid length. [ 817.043552][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 817.279319][ T5832] Bluetooth: hci0: command tx timeout [ 817.396688][T16445] batadv0: left allmulticast mode [ 817.403073][T16445] batadv0: left promiscuous mode [ 817.410698][T16445] bridge0: port 4(batadv0) entered disabled state [ 817.446761][T16445] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 817.458719][T16445] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 817.467616][ T9993] bond0: (slave batadv0): interface is now down [ 817.487740][ T13] bond0: (slave batadv0): interface is now down [ 817.517411][ T13] bond0: (slave batadv0): interface is now down [ 817.538541][ T9993] bond0: (slave batadv0): interface is now down [ 817.560621][ T36] bond0: (slave batadv0): interface is now down [ 817.597273][ T36] bond0: (slave batadv0): interface is now down [ 817.627290][ T36] bond0: (slave batadv0): interface is now down [ 817.647112][ T12] bond0: (slave batadv0): interface is now down [ 817.673961][ T36] bond0: (slave batadv0): interface is now down [ 817.677450][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 817.688766][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 817.697339][ T9993] bond0: (slave batadv0): interface is now down [ 817.703851][ T89] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 817.712316][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 817.725829][ T13] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 817.757016][ T36] bond0: (slave batadv0): interface is now down [ 817.777866][ T9993] bond0: (slave batadv0): interface is now down [ 817.797094][ T36] bond0: (slave batadv0): interface is now down [ 817.817031][ T9993] bond0: (slave batadv0): interface is now down [ 817.837227][ T36] bond0: (slave batadv0): interface is now down [ 817.859106][ T9993] bond0: (slave batadv0): interface is now down [ 817.870945][ T13] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 817.882921][ T9993] bond0: (slave batadv0): interface is now down [ 817.908160][ T9993] bond0: (slave batadv0): interface is now down [ 817.923432][ T9993] bond0: now running without any active interface! [ 817.986523][ T13] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 818.119947][ T13] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 818.503275][T16414] chnl_net:caif_netlink_parms(): no params data found [ 818.546378][ T13] bridge0: port 3(batadv0) entered disabled state [ 818.562677][T16474] netlink: 29264 bytes leftover after parsing attributes in process `syz.4.2919'. [ 818.598537][ T13] bridge_slave_1: left promiscuous mode [ 818.607198][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 818.625229][ T13] bridge_slave_0: left allmulticast mode [ 818.633564][ T13] bridge_slave_0: left promiscuous mode [ 818.640886][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 818.709958][ T13] bond_slave_0: left promiscuous mode [ 818.715778][ T13] bond_slave_1: left promiscuous mode [ 819.356965][ T5832] Bluetooth: hci0: command tx timeout [ 819.640257][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 819.655502][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 819.669257][ T13] bond0 (unregistering): Released all slaves [ 819.692781][ T13] bond1 (unregistering): Released all slaves [ 819.859737][ T13] tipc: Disabling bearer [ 819.868221][ T13] tipc: Left network mode [ 820.435625][T16503] netlink: 220 bytes leftover after parsing attributes in process `syz.4.2926'. [ 820.715039][T16514] netlink: 29264 bytes leftover after parsing attributes in process `syz.4.2929'. [ 821.202509][ T24] net_ratelimit: 12 callbacks suppressed [ 821.202529][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 821.436979][ T5832] Bluetooth: hci0: command tx timeout [ 821.519050][ T9993] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 821.937934][T16532] IPVS: dh: FWM 3 0x00000003 - no destination available [ 822.244733][ T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 822.304206][T16541] netlink: 29264 bytes leftover after parsing attributes in process `syz.2.2939'. [ 822.667340][T16527] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2932'. [ 822.680512][T16527] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2932'. [ 822.690041][T16527] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2932'. [ 822.703421][T16527] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2932'. [ 822.713561][T16527] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2932'. [ 822.722906][T16527] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2932'. [ 822.781291][ T89] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 822.809692][ T5902] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 822.819416][ T89] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 822.828087][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 822.871622][ T5902] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 822.893928][ T5902] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 823.019101][T16414] bridge0: port 1(bridge_slave_0) entered blocking state [ 823.030111][T16414] bridge0: port 1(bridge_slave_0) entered disabled state [ 823.039095][T16414] bridge_slave_0: entered allmulticast mode [ 823.047182][T16414] bridge_slave_0: entered promiscuous mode [ 823.081907][ T13] hsr_slave_0: left promiscuous mode [ 823.102690][ T13] hsr_slave_1: left promiscuous mode [ 823.113470][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 823.123303][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 823.143303][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 823.153342][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 823.204638][ T13] veth1_macvtap: left promiscuous mode [ 823.223619][ T13] veth0_macvtap: left promiscuous mode [ 823.230181][ T13] veth1_vlan: left promiscuous mode [ 823.236807][ T13] veth0_vlan: left promiscuous mode [ 823.517064][ T5832] Bluetooth: hci0: command tx timeout [ 824.526309][ T13] team0 (unregistering): Port device team_slave_1 removed [ 824.582867][ T13] team0 (unregistering): Port device team_slave_0 removed [ 825.297121][T16414] bridge0: port 2(bridge_slave_1) entered blocking state [ 825.304440][T16414] bridge0: port 2(bridge_slave_1) entered disabled state [ 825.314704][T16414] bridge_slave_1: entered allmulticast mode [ 825.326474][T16414] bridge_slave_1: entered promiscuous mode [ 825.419901][T16414] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 825.463185][T16414] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 825.716603][T16414] team0: Port device team_slave_0 added [ 825.758877][T16414] team0: Port device team_slave_1 added [ 825.996012][T16414] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 826.022743][T16414] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 826.091446][T16414] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 826.124667][T16601] __nla_validate_parse: 72 callbacks suppressed [ 826.124687][T16601] netlink: 29264 bytes leftover after parsing attributes in process `syz.4.2959'. [ 826.149058][T16414] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 826.176509][T16414] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 826.260997][T16414] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 826.358074][ T13] IPVS: stop unused estimator thread 0... [ 826.402751][ T43] net_ratelimit: 12 callbacks suppressed [ 826.402770][ T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 826.565626][T16414] hsr_slave_0: entered promiscuous mode [ 826.598117][T16414] hsr_slave_1: entered promiscuous mode [ 826.628139][T16414] debugfs: 'hsr0' already exists in 'hsr' [ 826.633937][T16414] Cannot create hsr debugfs directory [ 826.770229][T16618] netlink: 116 bytes leftover after parsing attributes in process `syz.0.2955'. [ 827.277682][ T9993] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 827.285832][ T9993] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 827.294317][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 827.442754][ T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 828.109631][ T30] kauditd_printk_skb: 24 callbacks suppressed [ 828.109649][ T30] audit: type=1326 audit(1760753840.937:1052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16638 comm="syz.4.2965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53ff58efc9 code=0x7ffc0000 [ 828.192869][ T30] audit: type=1326 audit(1760753840.937:1053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16638 comm="syz.4.2965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53ff58efc9 code=0x7ffc0000 [ 828.274621][ T30] audit: type=1326 audit(1760753840.967:1054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16638 comm="syz.4.2965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=120 compat=0 ip=0x7f53ff58efc9 code=0x7ffc0000 [ 828.335868][ T30] audit: type=1326 audit(1760753840.967:1055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16638 comm="syz.4.2965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53ff58efc9 code=0x7ffc0000 [ 828.377001][ T30] audit: type=1326 audit(1760753840.967:1056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16638 comm="syz.4.2965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53ff58efc9 code=0x7ffc0000 [ 828.482485][ T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 828.832873][T16414] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 828.854704][T16414] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 828.879090][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 828.887551][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 828.911802][T16414] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 828.935069][T16414] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 829.001122][T16657] netlink: 29264 bytes leftover after parsing attributes in process `syz.3.2970'. [ 829.198515][ T9993] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 829.206943][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 829.225064][T16414] 8021q: adding VLAN 0 to HW filter on device bond0 [ 829.290713][T16414] 8021q: adding VLAN 0 to HW filter on device team0 [ 829.357949][ T9993] bridge0: port 1(bridge_slave_0) entered blocking state [ 829.365162][ T9993] bridge0: port 1(bridge_slave_0) entered forwarding state [ 829.391838][T16677] TCP: TCP_TX_DELAY enabled [ 829.404495][ T9993] bridge0: port 2(bridge_slave_1) entered blocking state [ 829.411797][ T9993] bridge0: port 2(bridge_slave_1) entered forwarding state [ 829.661679][T16414] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 829.862113][T16414] veth0_vlan: entered promiscuous mode [ 829.910497][T16414] veth1_vlan: entered promiscuous mode [ 830.023561][T16694] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb [ 830.047884][T16694] tipc: Enabled bearer , priority 10 [ 830.088193][T16414] veth0_macvtap: entered promiscuous mode [ 830.127080][T16414] veth1_macvtap: entered promiscuous mode [ 830.183055][T16701] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2979'. [ 830.225724][T16414] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 830.273030][T16414] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 830.314909][ T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 830.331842][ T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 830.372208][ T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 830.415220][ T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 830.498901][T16708] netlink: 29124 bytes leftover after parsing attributes in process `syz.2.2980'. [ 830.635130][ T9993] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 830.665916][ T9993] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 830.737223][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 830.753378][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 830.836983][ T89] usb 5-1: new high-speed USB device number 71 using dummy_hcd [ 830.967603][T16719] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2983'. [ 831.007205][ T89] usb 5-1: Using ep0 maxpacket: 32 [ 831.019715][ T89] usb 5-1: unable to get BOS descriptor or descriptor too short [ 831.052292][ T89] usb 5-1: config 9 has an invalid interface number: 138 but max is 0 [ 831.067101][ T89] usb 5-1: config 9 has no interface number 0 [ 831.086619][ T89] usb 5-1: config 9 interface 138 has no altsetting 0 [ 831.110669][ T89] usb 5-1: New USB device found, idVendor=0856, idProduct=ac16, bcdDevice=f6.ea [ 831.129738][ T89] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 831.144751][ T89] usb 5-1: Product: syz [ 831.157211][ T89] usb 5-1: Manufacturer: syz [ 831.164118][ T89] usb 5-1: SerialNumber: syz [ 831.167425][ T24] tipc: Node number set to 2742535740 [ 831.577298][ C1] net_ratelimit: 11 callbacks suppressed [ 831.577317][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 831.606399][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 831.615549][ T89] ftdi_sio 5-1:9.138: FTDI USB Serial Device converter detected [ 831.649501][ T89] ftdi_sio ttyUSB0: unknown device type: 0xf6ea [ 831.922883][ T89] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 831.931251][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 832.107179][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 832.265153][ T5831] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 832.274503][ T5831] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 832.282998][ T5831] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 832.291232][ T5831] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 832.299099][ T5831] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 832.454480][T16755] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2990'. [ 832.642752][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 832.666031][ T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 832.851412][T16767] netlink: 29124 bytes leftover after parsing attributes in process `syz.1.2992'. [ 832.870480][ T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 832.995803][ T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 833.025275][ T30] audit: type=1326 audit(1760753845.847:1057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16774 comm="syz.1.2994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f442298efc9 code=0x7ffc0000 [ 833.049074][ T9993] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 833.094268][ T30] audit: type=1326 audit(1760753845.847:1058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16774 comm="syz.1.2994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f442298efc9 code=0x7ffc0000 [ 833.117855][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 833.153747][ T30] audit: type=1326 audit(1760753845.847:1059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16774 comm="syz.1.2994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f442298efc9 code=0x7ffc0000 [ 833.177058][ T30] audit: type=1326 audit(1760753845.847:1060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16774 comm="syz.1.2994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f442298efc9 code=0x7ffc0000 [ 833.210395][ T30] audit: type=1326 audit(1760753845.847:1061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16774 comm="syz.1.2994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f442298efc9 code=0x7ffc0000 [ 833.234736][ T30] audit: type=1326 audit(1760753845.847:1062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16774 comm="syz.1.2994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f442298efc9 code=0x7ffc0000 [ 833.257921][ T12] bond0: (slave netdevsim0): Releasing backup interface [ 833.269707][ T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 833.286184][ T30] audit: type=1326 audit(1760753845.847:1063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16774 comm="syz.1.2994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f442298efc9 code=0x7ffc0000 [ 833.377078][T16786] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 833.392854][T16786] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 833.404730][ T30] audit: type=1326 audit(1760753845.847:1064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16774 comm="syz.1.2994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f442298efc9 code=0x7ffc0000 [ 833.486402][ T30] audit: type=1326 audit(1760753845.847:1065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16774 comm="syz.1.2994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f442298efc9 code=0x7ffc0000 [ 833.543751][T16753] chnl_net:caif_netlink_parms(): no params data found [ 833.567056][ T30] audit: type=1326 audit(1760753845.847:1066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16774 comm="syz.1.2994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f442298efc9 code=0x7ffc0000 [ 833.592281][ T12] bridge_slave_1: left allmulticast mode [ 833.616919][ T12] bridge_slave_1: left promiscuous mode [ 833.622954][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 833.634449][ T30] audit: type=1326 audit(1760753845.847:1067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16774 comm="syz.1.2994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f442298efc9 code=0x7ffc0000 [ 833.674423][ T12] bridge_slave_0: left allmulticast mode [ 833.687344][ T30] audit: type=1326 audit(1760753845.847:1068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16774 comm="syz.1.2994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f442298efc9 code=0x7ffc0000 [ 833.693754][ T12] bridge_slave_0: left promiscuous mode [ 833.728404][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 834.399224][ T5832] Bluetooth: hci3: command tx timeout [ 834.534527][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 834.546106][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 834.589853][ T12] bond0 (unregistering): Released all slaves [ 834.604507][ T9] usb 5-1: USB disconnect, device number 71 [ 834.612066][ T9] ftdi_sio 5-1:9.138: device disconnected [ 834.862971][ T12] tipc: Left network mode [ 835.022663][T16817] netlink: 29124 bytes leftover after parsing attributes in process `syz.4.3003'. [ 835.124339][T16753] bridge0: port 1(bridge_slave_0) entered blocking state [ 835.137856][T16753] bridge0: port 1(bridge_slave_0) entered disabled state [ 835.148667][T16753] bridge_slave_0: entered allmulticast mode [ 835.173673][T16753] bridge_slave_0: entered promiscuous mode [ 835.203635][T16753] bridge0: port 2(bridge_slave_1) entered blocking state [ 835.237072][T16753] bridge0: port 2(bridge_slave_1) entered disabled state [ 835.244324][T16753] bridge_slave_1: entered allmulticast mode [ 835.271039][T16753] bridge_slave_1: entered promiscuous mode [ 835.624102][T16753] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 835.745533][ T12] hsr_slave_0: left promiscuous mode [ 835.783513][ T12] hsr_slave_1: left promiscuous mode [ 835.801419][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 835.816135][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 835.829183][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 835.844451][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 835.898950][ T12] veth1_macvtap: left promiscuous mode [ 835.904677][ T12] veth0_macvtap: left promiscuous mode [ 835.914911][T16853] netlink: 29124 bytes leftover after parsing attributes in process `syz.0.3014'. [ 835.916492][ T12] veth1_vlan: left promiscuous mode [ 835.934353][ T12] veth0_vlan: left promiscuous mode [ 836.481694][ T5832] Bluetooth: hci3: command tx timeout [ 836.623413][ T12] team0 (unregistering): Port device team_slave_1 removed [ 836.675974][ T12] team0 (unregistering): Port device team_slave_0 removed [ 836.807638][ T24] net_ratelimit: 49 callbacks suppressed [ 836.807656][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 836.880081][ T89] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 836.888579][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 837.186805][T16753] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 837.277185][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 837.308943][T16870] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 837.321373][T16870] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 837.347182][T16870] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 837.359054][T16870] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 837.367558][T16870] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 837.375760][T16870] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 837.455467][T16753] team0: Port device team_slave_0 added [ 837.467798][T16753] team0: Port device team_slave_1 added [ 837.590158][T16753] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 837.599443][T16753] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 837.655198][T16753] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 837.674180][T16882] netlink: 29124 bytes leftover after parsing attributes in process `syz.0.3024'. [ 837.677658][T16753] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 837.691086][T16753] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 837.730058][T16753] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 837.892497][T16891] bridge0: entered promiscuous mode [ 837.901088][T16891] bridge0: port 4(vlan2) entered blocking state [ 837.907781][T16891] bridge0: port 4(vlan2) entered disabled state [ 837.914507][T16891] vlan2: entered allmulticast mode [ 837.921040][T16891] bridge0: entered allmulticast mode [ 837.930612][T16891] vlan2: left allmulticast mode [ 837.935613][T16891] bridge0: left allmulticast mode [ 837.943740][T16891] bridge0: left promiscuous mode [ 837.972794][T16753] hsr_slave_0: entered promiscuous mode [ 837.982132][T16753] hsr_slave_1: entered promiscuous mode [ 837.989226][T16753] debugfs: 'hsr0' already exists in 'hsr' [ 837.995109][T16753] Cannot create hsr debugfs directory [ 838.022298][ T12] IPVS: stop unused estimator thread 0... [ 838.539851][ T30] kauditd_printk_skb: 34 callbacks suppressed [ 838.539869][ T30] audit: type=1326 audit(1760753851.367:1103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16916 comm="syz.2.3033" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f610038efc9 code=0x7ffc0000 [ 838.557220][ T5832] Bluetooth: hci3: command tx timeout [ 838.577292][ T30] audit: type=1326 audit(1760753851.397:1104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16916 comm="syz.2.3033" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f610038efc9 code=0x7ffc0000 [ 838.604048][ T30] audit: type=1326 audit(1760753851.427:1105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16916 comm="syz.2.3033" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f610038efc9 code=0x7ffc0000 [ 838.645060][ T30] audit: type=1326 audit(1760753851.427:1106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16916 comm="syz.2.3033" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f610038efc9 code=0x7ffc0000 [ 838.688849][ T30] audit: type=1326 audit(1760753851.427:1107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16916 comm="syz.2.3033" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f610038efc9 code=0x7ffc0000 [ 838.721843][ T30] audit: type=1326 audit(1760753851.467:1108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16916 comm="syz.2.3033" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f610038efc9 code=0x7ffc0000 [ 838.759391][ T30] audit: type=1326 audit(1760753851.467:1109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16916 comm="syz.2.3033" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f610038efc9 code=0x7ffc0000 [ 838.824835][ T30] audit: type=1326 audit(1760753851.467:1110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16916 comm="syz.2.3033" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f610038efc9 code=0x7ffc0000 [ 838.882848][ T30] audit: type=1326 audit(1760753851.467:1111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16916 comm="syz.2.3033" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f610038efc9 code=0x7ffc0000 [ 838.927502][ T30] audit: type=1326 audit(1760753851.467:1112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16916 comm="syz.2.3033" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f610038efc9 code=0x7ffc0000 [ 838.957935][T16926] netlink: 29124 bytes leftover after parsing attributes in process `syz.4.3037'. [ 839.067895][T16933] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3038'. [ 839.155453][T16933] ip6gre1: entered allmulticast mode [ 839.357961][T16753] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 839.382449][T16753] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 839.433256][T16753] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 839.493918][T16753] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 839.728177][ T24] hid-generic 0001:0009:0001.0011: item fetching failed at offset 0/1 [ 839.744062][ T24] hid-generic 0001:0009:0001.0011: probe with driver hid-generic failed with error -22 [ 839.762538][T16753] 8021q: adding VLAN 0 to HW filter on device bond0 [ 839.822265][T16753] 8021q: adding VLAN 0 to HW filter on device team0 [ 839.854641][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 839.861852][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 839.908141][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 839.915434][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 840.074977][T16753] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 840.180983][T16753] veth0_vlan: entered promiscuous mode [ 840.210836][T16753] veth1_vlan: entered promiscuous mode [ 840.282987][T16753] veth0_macvtap: entered promiscuous mode [ 840.295697][T16978] netlink: 29124 bytes leftover after parsing attributes in process `syz.0.3049'. [ 840.325848][T16753] veth1_macvtap: entered promiscuous mode [ 840.373362][T16753] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 840.410852][T16753] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 840.487262][ T9993] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 840.532922][ T9993] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 840.556301][ T9993] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 840.599641][ T9993] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 840.639097][ T5832] Bluetooth: hci3: command tx timeout [ 840.776682][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 840.805152][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 840.871995][ T9993] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 840.895486][ T9993] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 841.101329][T17000] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2986'. [ 841.113378][T17001] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3051'. [ 842.004982][ T5828] net_ratelimit: 27 callbacks suppressed [ 842.005003][ T5828] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 842.101278][ T5831] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 842.110811][ T5831] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 842.121198][ T5831] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 842.134371][ T5831] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 842.144578][ T5831] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 842.203331][T17024] tipc: Started in network mode [ 842.213993][T17024] tipc: Node identity c2cff8e25d46, cluster identity 4711 [ 842.231818][T17024] tipc: Enabled bearer , priority 0 [ 842.279158][T17024] tipc: Resetting bearer [ 842.287920][T17023] tipc: Disabling bearer [ 842.477231][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 842.601609][T17025] chnl_net:caif_netlink_parms(): no params data found [ 842.829747][T17025] bridge0: port 1(bridge_slave_0) entered blocking state [ 842.838501][T17025] bridge0: port 1(bridge_slave_0) entered disabled state [ 842.845986][T17025] bridge_slave_0: entered allmulticast mode [ 842.887775][T17025] bridge_slave_0: entered promiscuous mode [ 842.913766][T17025] bridge0: port 2(bridge_slave_1) entered blocking state [ 842.926151][T17025] bridge0: port 2(bridge_slave_1) entered disabled state [ 842.945672][T17025] bridge_slave_1: entered allmulticast mode [ 842.961394][T17025] bridge_slave_1: entered promiscuous mode [ 843.044562][ T5828] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 843.114752][T17025] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 843.130011][T17025] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 843.180039][T17025] team0: Port device team_slave_0 added [ 843.188881][T17025] team0: Port device team_slave_1 added [ 843.277997][ T9] usb 1-1: new high-speed USB device number 76 using dummy_hcd [ 843.322559][T17025] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 843.322578][T17025] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 843.322600][T17025] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 843.326450][T17025] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 843.435844][T17025] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 843.435880][T17025] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 843.463515][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 843.477703][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 843.477763][ T9] usb 1-1: New USB device found, idVendor=048d, idProduct=ce50, bcdDevice= 0.00 [ 843.477787][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 843.482606][ T9] usb 1-1: config 0 descriptor?? [ 843.517130][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 843.629856][T17025] hsr_slave_0: entered promiscuous mode [ 843.688068][T17025] hsr_slave_1: entered promiscuous mode [ 843.698833][T17025] debugfs: 'hsr0' already exists in 'hsr' [ 843.704650][T17025] Cannot create hsr debugfs directory [ 843.704748][ T9] usbhid 1-1:0.0: can't add hid device: -71 [ 843.718283][ T9] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 843.759013][ T9] usb 1-1: USB disconnect, device number 76 [ 843.921529][ T60] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 844.077255][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 844.085461][ T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 844.093676][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 844.180408][T17025] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 844.237145][ T5832] Bluetooth: hci1: command tx timeout [ 844.328992][T17025] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 844.412185][T17025] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 844.508551][T17025] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 844.558479][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 844.724166][T17025] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 844.735487][T17025] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 844.747623][T17025] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 844.761658][T17025] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 844.928251][T17025] 8021q: adding VLAN 0 to HW filter on device bond0 [ 844.967965][T17025] 8021q: adding VLAN 0 to HW filter on device team0 [ 844.983016][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 844.990273][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 845.019537][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 845.026915][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 845.089487][T17025] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 845.127158][ T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 845.145411][T17025] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 845.293910][T17025] veth0_vlan: entered promiscuous mode [ 845.314456][T17025] veth1_vlan: entered promiscuous mode [ 845.383908][T17025] veth0_macvtap: entered promiscuous mode [ 845.416047][T17025] veth1_macvtap: entered promiscuous mode [ 845.465016][T17025] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 845.486056][T17025] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 845.509192][ T60] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 845.522325][ T60] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 845.535494][ T60] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 845.550529][ T60] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 845.648084][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 845.656031][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 845.667099][ T43] usb 4-1: new high-speed USB device number 68 using dummy_hcd [ 845.703520][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 845.712786][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 845.817215][ T43] usb 4-1: Using ep0 maxpacket: 32 [ 845.818729][T17111] tipc: Started in network mode [ 845.829120][T17111] tipc: Node identity 32d27f8b33e8, cluster identity 4711 [ 845.836480][T17111] tipc: Enabled bearer , priority 0 [ 845.844823][ T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 845.853848][T17111] tipc: Resetting bearer [ 845.866034][T17110] tipc: Disabling bearer [ 845.866658][ T43] usb 4-1: New USB device found, idVendor=048d, idProduct=ce50, bcdDevice= 0.00 [ 845.881595][ T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 845.894539][ T43] usb 4-1: config 0 descriptor?? [ 846.109738][ T43] usbhid 4-1:0.0: can't add hid device: -71 [ 846.120452][ T43] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 846.136386][ T43] usb 4-1: USB disconnect, device number 68 [ 846.317742][ T5832] Bluetooth: hci1: command tx timeout [ 846.889693][ T5831] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 846.899785][ T5831] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 846.908449][ T5831] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 846.918926][ T5831] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 846.927714][ T5831] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 846.995381][T10965] bridge0: port 3(syz_tun) entered disabled state [ 847.015551][T10965] syz_tun (unregistering): left allmulticast mode [ 847.022777][T10965] syz_tun (unregistering): left promiscuous mode [ 847.031250][T10965] bridge0: port 3(syz_tun) entered disabled state [ 847.117755][ T5902] net_ratelimit: 7 callbacks suppressed [ 847.117781][ T5902] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 847.132234][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 847.205071][ T5828] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 847.492226][T17131] chnl_net:caif_netlink_parms(): no params data found [ 847.677260][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 847.696946][ T5828] usb 5-1: new high-speed USB device number 72 using dummy_hcd [ 847.730455][T17131] bridge0: port 1(bridge_slave_0) entered blocking state [ 847.738674][T17131] bridge0: port 1(bridge_slave_0) entered disabled state [ 847.746068][T17131] bridge_slave_0: entered allmulticast mode [ 847.754153][T17131] bridge_slave_0: entered promiscuous mode [ 847.764392][T17131] bridge0: port 2(bridge_slave_1) entered blocking state [ 847.772192][T17131] bridge0: port 2(bridge_slave_1) entered disabled state [ 847.781049][T17131] bridge_slave_1: entered allmulticast mode [ 847.797968][T17131] bridge_slave_1: entered promiscuous mode [ 847.857042][ T5828] usb 5-1: Using ep0 maxpacket: 32 [ 847.868567][ T5828] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 847.897899][ T5828] usb 5-1: New USB device found, idVendor=048d, idProduct=ce50, bcdDevice= 0.00 [ 847.910722][T17131] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 847.920605][ T5828] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 847.937943][T17131] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 847.950187][ T5828] usb 5-1: config 0 descriptor?? [ 848.007248][ T30] kauditd_printk_skb: 16 callbacks suppressed [ 848.007265][ T30] audit: type=1326 audit(1760753860.837:1129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17167 comm="syz.3.3115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f066cb8efc9 code=0x7ffc0000 [ 848.053014][ T30] audit: type=1326 audit(1760753860.837:1130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17167 comm="syz.3.3115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f066cb8efc9 code=0x7ffc0000 [ 848.077558][ T30] audit: type=1326 audit(1760753860.837:1131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17167 comm="syz.3.3115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f066cb8efc9 code=0x7ffc0000 [ 848.105872][T17131] team0: Port device team_slave_0 added [ 848.125854][T17131] team0: Port device team_slave_1 added [ 848.128834][ T30] audit: type=1326 audit(1760753860.837:1132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17167 comm="syz.3.3115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f066cb8efc9 code=0x7ffc0000 [ 848.172177][ T5828] usbhid 5-1:0.0: can't add hid device: -71 [ 848.183228][ T5828] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 848.184654][ T30] audit: type=1326 audit(1760753860.837:1133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17167 comm="syz.3.3115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f066cb8efc9 code=0x7ffc0000 [ 848.223296][ T30] audit: type=1326 audit(1760753860.837:1134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17167 comm="syz.3.3115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f066cb8efc9 code=0x7ffc0000 [ 848.225034][ T5828] usb 5-1: USB disconnect, device number 72 [ 848.252699][ T30] audit: type=1326 audit(1760753860.837:1135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17167 comm="syz.3.3115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f066cb8efc9 code=0x7ffc0000 [ 848.276282][ T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 848.280353][ T30] audit: type=1326 audit(1760753860.837:1136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17167 comm="syz.3.3115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f066cb8efc9 code=0x7ffc0000 [ 848.342210][ T30] audit: type=1326 audit(1760753860.837:1137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17167 comm="syz.3.3115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f066cb8efc9 code=0x7ffc0000 [ 848.371297][ T30] audit: type=1326 audit(1760753860.837:1138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17167 comm="syz.3.3115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f066cb8efc9 code=0x7ffc0000 [ 848.379676][T17131] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 848.402993][ T5832] Bluetooth: hci1: command tx timeout [ 848.414133][T17131] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 848.433004][T17175] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3118'. [ 848.450090][T17131] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 848.463517][T17131] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 848.470959][T17131] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 848.498659][T17131] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 848.569404][T17131] hsr_slave_0: entered promiscuous mode [ 848.579105][T17131] hsr_slave_1: entered promiscuous mode [ 848.594404][T17131] debugfs: 'hsr0' already exists in 'hsr' [ 848.637867][T17131] Cannot create hsr debugfs directory [ 848.717185][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 848.862464][T17185] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3122'. [ 848.957260][ T36] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 848.959567][ T5832] Bluetooth: hci5: command tx timeout [ 848.977391][T17131] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 849.092956][T17131] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 849.230408][T17131] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 849.278384][ T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 849.348344][T17131] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 849.751445][T17131] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 849.759032][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 849.808003][T17131] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 849.835938][T17131] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 849.862287][T17131] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 849.967997][ T5828] usb 5-1: new high-speed USB device number 73 using dummy_hcd [ 850.130031][ T5828] usb 5-1: Using ep0 maxpacket: 32 [ 850.154883][ T5828] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 850.178344][ T89] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 850.180693][ T5828] usb 5-1: New USB device found, idVendor=048d, idProduct=ce50, bcdDevice= 0.00 [ 850.226591][ T5828] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 850.262341][T17131] 8021q: adding VLAN 0 to HW filter on device bond0 [ 850.271516][ T5828] usb 5-1: config 0 descriptor?? [ 850.314737][T17131] 8021q: adding VLAN 0 to HW filter on device team0 [ 850.361625][ T9993] bridge0: port 1(bridge_slave_0) entered blocking state [ 850.368855][ T9993] bridge0: port 1(bridge_slave_0) entered forwarding state [ 850.421746][ T9993] bridge0: port 2(bridge_slave_1) entered blocking state [ 850.428970][ T9993] bridge0: port 2(bridge_slave_1) entered forwarding state [ 850.479274][ T5832] Bluetooth: hci1: command tx timeout [ 850.504249][ T5828] usbhid 5-1:0.0: can't add hid device: -71 [ 850.557874][ T5828] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 850.560216][T17131] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 850.615088][ T5828] usb 5-1: USB disconnect, device number 73 [ 850.700010][T17218] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3133'. [ 850.778177][T17131] veth0_vlan: entered promiscuous mode [ 850.836762][T17131] veth1_vlan: entered promiscuous mode [ 850.985610][T17131] veth0_macvtap: entered promiscuous mode [ 851.021015][T17131] veth1_macvtap: entered promiscuous mode [ 851.037840][ T5832] Bluetooth: hci5: command tx timeout [ 851.073908][T17131] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 851.089193][T17224] input: syz1 as /devices/virtual/input/input65 [ 851.136293][T17131] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 851.177127][ T9993] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 851.218340][ T9993] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 851.235528][ T9993] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 851.250093][ T9993] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 851.382324][ T9993] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 851.413186][ T9993] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 851.496034][ T9993] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 851.516614][ T9993] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 851.668848][T17238] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3143'. [ 852.397309][ T43] net_ratelimit: 7 callbacks suppressed [ 852.397329][ T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 852.666074][T17260] netlink: 'syz.2.3148': attribute type 4 has an invalid length. [ 852.759559][T17261] netlink: 'syz.2.3148': attribute type 4 has an invalid length. [ 852.878253][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 853.117318][ T5832] Bluetooth: hci5: command tx timeout [ 853.151832][ T5831] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 853.162197][ T5831] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 853.172141][ T5831] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 853.180437][ T5831] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 853.188367][ T5831] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 853.208904][ T5902] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 853.217340][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 853.437823][ T5828] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 853.453106][ T60] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 853.600446][ T60] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 853.731692][ T60] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 853.900834][ T60] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 853.917396][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 854.082832][ T50] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 854.266702][T17263] chnl_net:caif_netlink_parms(): no params data found [ 854.340066][ T60] bridge0: port 1(batadv0) entered disabled state [ 854.481515][ T5828] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 854.957106][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 855.197812][ T5832] Bluetooth: hci5: command tx timeout [ 855.285381][ T5832] Bluetooth: hci2: command tx timeout [ 855.333369][T17328] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3175'. [ 855.517462][ T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 855.658274][ T60] bond0 (unregistering): Released all slaves [ 855.854318][ T60] tipc: Left network mode [ 855.888072][T17263] bridge0: port 1(bridge_slave_0) entered blocking state [ 855.898293][T17263] bridge0: port 1(bridge_slave_0) entered disabled state [ 855.905550][T17263] bridge_slave_0: entered allmulticast mode [ 855.929015][T17263] bridge_slave_0: entered promiscuous mode [ 855.949694][T17263] bridge0: port 2(bridge_slave_1) entered blocking state [ 855.967355][T17263] bridge0: port 2(bridge_slave_1) entered disabled state [ 855.974613][T17263] bridge_slave_1: entered allmulticast mode [ 855.982871][T17263] bridge_slave_1: entered promiscuous mode [ 856.197648][T17263] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 856.279127][T17263] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 856.534323][T17263] team0: Port device team_slave_0 added [ 856.589684][T17263] team0: Port device team_slave_1 added [ 856.751310][T17385] binder: 17384:17385 ioctl c018620b 200000000080 returned -14 [ 857.034441][T17263] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 857.063525][T17263] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 857.159381][T17263] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 857.217668][ T60] hsr_slave_0: left promiscuous mode [ 857.236347][ T60] hsr_slave_1: left promiscuous mode [ 857.276056][ T60] veth1_macvtap: left promiscuous mode [ 857.282637][T17407] af_packet: tpacket_rcv: packet too big, clamped from 1 to 4294967272. macoff=96 [ 857.294789][ T60] veth0_macvtap: left promiscuous mode [ 857.301171][ T60] veth1_vlan: left promiscuous mode [ 857.372077][ T5832] Bluetooth: hci2: command tx timeout [ 857.611381][ T43] net_ratelimit: 9 callbacks suppressed [ 857.611398][ T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 858.077171][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 858.640662][ T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 858.982118][T17452] netlink: 168 bytes leftover after parsing attributes in process `syz.1.3219'. [ 859.117172][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 859.289809][ T5902] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 859.297970][ T50] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 859.306111][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 859.333392][T17263] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 859.340572][T17263] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 859.370358][T17263] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 859.397712][T17462] netlink: 1 bytes leftover after parsing attributes in process `syz.2.3223'. [ 859.436955][ T5832] Bluetooth: hci2: command tx timeout [ 859.658774][T17263] hsr_slave_0: entered promiscuous mode [ 859.678472][ T5901] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 859.694691][T17263] hsr_slave_1: entered promiscuous mode [ 859.715055][T17263] debugfs: 'hsr0' already exists in 'hsr' [ 859.728108][T17263] Cannot create hsr debugfs directory [ 860.030528][ T60] IPVS: stop unused estimator thread 0... [ 860.157091][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 860.227860][ T43] usb 4-1: new high-speed USB device number 69 using dummy_hcd [ 860.400071][T17505] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3237'. [ 860.409138][ T43] usb 4-1: Using ep0 maxpacket: 8 [ 860.424184][ T43] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 860.439760][ T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 860.447973][ T43] usb 4-1: Product: syz [ 860.452244][ T43] usb 4-1: Manufacturer: syz [ 860.461160][ T43] usb 4-1: SerialNumber: syz [ 860.469817][ T43] usb 4-1: config 0 descriptor?? [ 860.515171][T17505] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3237'. [ 860.687707][ T43] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 860.717372][ T5828] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 860.752996][T17263] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 860.779455][T17263] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 860.807275][T17263] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 860.826004][T17263] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 861.063550][T17263] 8021q: adding VLAN 0 to HW filter on device bond0 [ 861.147389][T17263] 8021q: adding VLAN 0 to HW filter on device team0 [ 861.184500][ T50] bridge0: port 1(bridge_slave_0) entered blocking state [ 861.191731][ T50] bridge0: port 1(bridge_slave_0) entered forwarding state [ 861.215554][ T7787] bridge0: port 2(bridge_slave_1) entered blocking state [ 861.222776][ T7787] bridge0: port 2(bridge_slave_1) entered forwarding state [ 861.293789][ T43] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 861.319762][T17263] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 861.340226][ T43] usb 4-1: USB disconnect, device number 69 [ 861.445169][T17263] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 861.517276][ T5832] Bluetooth: hci2: command tx timeout [ 861.594122][T17263] veth0_vlan: entered promiscuous mode [ 861.643656][T17263] veth1_vlan: entered promiscuous mode [ 861.723737][T17263] veth0_macvtap: entered promiscuous mode [ 861.771679][T17263] veth1_macvtap: entered promiscuous mode [ 861.833220][T17263] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 861.885643][T17263] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 861.941260][ T36] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 861.960347][ T36] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 862.012918][ T36] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 862.047020][ T36] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 862.268353][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 862.301571][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 862.443084][ T7787] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 862.468161][ T7787] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 862.797266][ T5901] net_ratelimit: 7 callbacks suppressed [ 862.797284][ T5901] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 863.277244][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 863.556225][T17607] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3261'. [ 863.594087][T17607] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3261'. [ 863.606689][T17607] macvlan0: entered allmulticast mode [ 863.621990][T17607] veth1_vlan: entered allmulticast mode [ 863.837545][ T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 864.317115][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 864.877298][ T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 865.038030][ T36] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 865.046208][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 865.357117][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 865.365278][ T89] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 865.373851][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 866.221110][T17669] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3280'. [ 866.251969][T17669] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3280'. [ 866.667622][ T30] kauditd_printk_skb: 5 callbacks suppressed [ 866.667638][ T30] audit: type=1800 audit(1760753879.487:1144): pid=17684 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3286" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 867.715934][T17718] tipc: Enabled bearer , priority 0 [ 867.744828][T17718] tipc: Resetting bearer [ 867.771604][T17717] tipc: Disabling bearer [ 867.998380][ T43] net_ratelimit: 8 callbacks suppressed [ 867.998394][ T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 868.095902][T17728] netlink: 'syz.2.3304': attribute type 12 has an invalid length. [ 868.125828][T17728] netlink: 'syz.2.3304': attribute type 29 has an invalid length. [ 868.187118][T17728] netlink: 148 bytes leftover after parsing attributes in process `syz.2.3304'. [ 868.218302][T17728] netlink: 59 bytes leftover after parsing attributes in process `syz.2.3304'. [ 868.407398][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 868.415746][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 868.477179][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 868.900216][T17749] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3313'. [ 869.039344][ T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 869.517918][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 869.715811][T17788] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3328'. [ 870.077143][ T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 870.107076][ T9] usb 3-1: new high-speed USB device number 80 using dummy_hcd [ 870.161451][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.167906][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 870.281212][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 870.320156][ T9] usb 3-1: config 0 has an invalid interface number: 85 but max is 0 [ 870.347679][ T9] usb 3-1: config 0 has no interface number 0 [ 870.363095][ T9] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 870.388796][ T9] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x82 has invalid wMaxPacketSize 0 [ 870.399338][ T9] usb 3-1: config 0 interface 85 has no altsetting 0 [ 870.410629][ T9] usb 3-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 870.427016][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 870.454224][ T9] usb 3-1: Product: syz [ 870.467029][ T9] usb 3-1: Manufacturer: syz [ 870.486945][ T9] usb 3-1: SerialNumber: syz [ 870.529924][ T9] usb 3-1: config 0 descriptor?? [ 870.557149][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 870.596722][ T5832] Bluetooth: hci2: unexpected event 0x05 length: 6 > 4 [ 870.799052][ T7787] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 870.955463][ T9] appletouch 3-1:0.85: Failed to request geyser raw mode [ 870.977491][ T9] appletouch 3-1:0.85: probe with driver appletouch failed with error -5 [ 870.996085][ T9] usb 3-1: USB disconnect, device number 80 [ 871.105492][T17816] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3337'. [ 871.117141][ T5828] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 871.240584][T17820] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3339'. [ 871.871262][T17842] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3348'. [ 872.378932][ T9] usb 3-1: new high-speed USB device number 81 using dummy_hcd [ 872.557398][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 872.570791][ T9] usb 3-1: config 0 has an invalid interface number: 12 but max is 0 [ 872.590845][ T9] usb 3-1: config 0 has no interface number 0 [ 872.601928][ T9] usb 3-1: config 0 interface 12 has no altsetting 0 [ 872.625128][ T9] usb 3-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 872.642550][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 872.670332][ T9] usb 3-1: Product: syz [ 872.704498][ T9] usb 3-1: Manufacturer: syz [ 872.709651][ T9] usb 3-1: SerialNumber: syz [ 872.744480][ T9] usb 3-1: config 0 descriptor?? [ 872.771565][ T9] f81534 3-1:0.12: required endpoints missing [ 872.916039][T17864] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3482940618 (6965881236 ns) > initial count (504378442 ns). Using initial count to start timer. [ 873.197370][ T43] net_ratelimit: 7 callbacks suppressed [ 873.197390][ T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 873.677200][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 874.237446][ T5828] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 874.477125][ T5902] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 874.485540][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 874.577082][ T5828] usb 2-1: new high-speed USB device number 66 using dummy_hcd [ 874.717103][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 874.730636][ T5828] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 874.749017][ T5828] usb 2-1: config 0 has no interface number 0 [ 874.764619][ T5828] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 874.774454][T17912] pimreg: entered allmulticast mode [ 874.783317][T17912] pimreg: left allmulticast mode [ 874.785932][ T5828] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 874.808211][ T5828] usb 2-1: config 0 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 874.822501][ T5828] usb 2-1: New USB device found, idVendor=28bd, idProduct=0042, bcdDevice= 0.00 [ 874.832037][ T5828] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 874.847872][ T5828] usb 2-1: config 0 descriptor?? [ 875.182274][ T5901] usb 3-1: USB disconnect, device number 81 [ 875.288064][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 875.296818][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 875.305208][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 875.385704][ T30] audit: type=1326 audit(1760753888.207:1145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17924 comm="syz.3.3382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f066cb8efc9 code=0x7ffc0000 [ 875.482172][ T5828] input: HID 28bd:0042 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.1/0003:28BD:0042.0012/input/input67 [ 875.507056][ T30] audit: type=1326 audit(1760753888.237:1146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17924 comm="syz.3.3382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f066cb8efc9 code=0x7ffc0000 [ 875.585403][ T30] audit: type=1326 audit(1760753888.247:1147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17924 comm="syz.3.3382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=267 compat=0 ip=0x7f066cb8efc9 code=0x7ffc0000 [ 875.623660][ T30] audit: type=1326 audit(1760753888.247:1148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17924 comm="syz.3.3382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f066cb8efc9 code=0x7ffc0000 [ 875.656005][ T5828] uclogic 0003:28BD:0042.0012: input,hidraw0: USB HID v0.00 Keypad [HID 28bd:0042] on usb-dummy_hcd.1-1/input1 [ 875.704088][ T5828] usb 2-1: USB disconnect, device number 66 [ 875.741261][ T30] audit: type=1326 audit(1760753888.247:1149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17924 comm="syz.3.3382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f066cb8efc9 code=0x7ffc0000 [ 875.764152][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 875.943450][T17938] fido_id[17938]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 876.016520][T17948] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3392'. [ 876.262317][T17954] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3394'. [ 878.397239][ T5901] net_ratelimit: 9 callbacks suppressed [ 878.397260][ T5901] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 878.877215][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 879.217312][ T5901] usb 2-1: new high-speed USB device number 67 using dummy_hcd [ 879.350421][T18043] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3431'. [ 879.372013][T18043] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3431'. [ 879.399152][ T5901] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 879.421189][ T5901] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 879.434472][ T5901] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 879.444700][ T5828] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 879.462399][T18049] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3434'. [ 879.480737][ T5901] usb 2-1: config 0 descriptor?? [ 879.503748][ T5901] pwc: Askey VC010 type 2 USB webcam detected. [ 879.522367][ T24] usb 5-1: new high-speed USB device number 74 using dummy_hcd [ 879.578074][T18054] syzkaller0: entered promiscuous mode [ 879.583725][T18054] syzkaller0: entered allmulticast mode [ 879.686958][ T24] usb 5-1: Using ep0 maxpacket: 8 [ 879.700988][ T24] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 879.727209][ T24] usb 5-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config [ 879.748689][ T24] usb 5-1: config 179 has no interface number 0 [ 879.756443][ T24] usb 5-1: config 179 interface 65 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 23 [ 879.785053][ T24] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 879.797825][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 879.902391][ T5901] pwc: recv_control_msg error -32 req 02 val 2b00 [ 879.917106][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 879.937483][ T5901] pwc: recv_control_msg error -32 req 02 val 2700 [ 879.967879][ T5901] pwc: recv_control_msg error -32 req 02 val 2c00 [ 879.977410][ T5901] pwc: recv_control_msg error -32 req 04 val 1000 [ 880.006982][ T5901] pwc: recv_control_msg error -32 req 04 val 1300 [ 880.024384][ T5901] pwc: recv_control_msg error -32 req 04 val 1400 [ 880.036333][ T24] usb 5-1: USB disconnect, device number 74 [ 880.040230][T18068] CIFS: iocharset name too long [ 880.060541][ T5901] pwc: recv_control_msg error -32 req 02 val 2000 [ 880.071245][ T5901] pwc: recv_control_msg error -32 req 02 val 2100 [ 880.081063][ T5901] pwc: recv_control_msg error -32 req 04 val 1500 [ 880.092378][ T5901] pwc: recv_control_msg error -32 req 02 val 2500 [ 880.111911][ T5901] pwc: recv_control_msg error -32 req 02 val 2400 [ 880.127179][ T5901] pwc: recv_control_msg error -32 req 02 val 2600 [ 880.147899][ T5901] pwc: recv_control_msg error -32 req 02 val 2900 [ 880.359760][ T5901] pwc: recv_control_msg error -71 req 04 val 1100 [ 880.370571][ T5901] pwc: recv_control_msg error -71 req 04 val 1200 [ 880.412450][ T5901] pwc: Registered as video103. [ 880.437621][ T5901] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input68 [ 880.475073][ T5901] usb 2-1: USB disconnect, device number 67 [ 880.502250][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 880.587312][ T89] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 880.595654][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 880.957100][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 881.517855][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 881.530455][T18124] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 881.530455][T18124] The task syz.1.3466 (18124) triggered the difference, watch for misbehavior. [ 881.997082][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 883.597646][ T24] net_ratelimit: 5 callbacks suppressed [ 883.597666][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 883.611394][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 883.619739][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 884.077193][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 884.593074][T18239] ip6tnl1: entered promiscuous mode [ 884.611503][T18239] ip6tnl1: entered allmulticast mode [ 884.647137][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 884.879457][ T5902] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 884.888131][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 885.117126][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 885.677653][ T5901] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 885.741967][ T50] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 885.859005][ T50] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 885.989840][ T50] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 886.152026][ T50] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 886.158032][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 886.532960][ T50] bridge_slave_1: left allmulticast mode [ 886.565645][ T50] bridge_slave_1: left promiscuous mode [ 886.577314][ T50] bridge0: port 2(bridge_slave_1) entered disabled state [ 886.627471][ T50] bridge_slave_0: left allmulticast mode [ 886.633151][ T50] bridge_slave_0: left promiscuous mode [ 886.657550][ T50] bridge0: port 1(bridge_slave_0) entered disabled state [ 887.366112][ T5831] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 887.378893][ T5831] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 887.387497][ T5831] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 887.396572][ T5831] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 887.405145][ T5831] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 887.860959][ T50] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 887.883926][ T50] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 887.909350][ T50] bond0 (unregistering): Released all slaves [ 888.057781][ T50] tipc: Left network mode [ 888.620207][ T50] hsr_slave_0: left promiscuous mode [ 888.636484][ T50] hsr_slave_1: left promiscuous mode [ 888.645723][ T50] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 888.654930][ T50] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 888.663537][ T50] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 888.674061][ T50] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 888.710222][ T50] veth1_macvtap: left promiscuous mode [ 888.716065][ T50] veth0_macvtap: left promiscuous mode [ 888.726378][ T50] veth1_vlan: left allmulticast mode [ 888.732876][ T7787] net_ratelimit: 7 callbacks suppressed [ 888.732893][ T7787] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 888.747364][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 888.757777][ T50] veth1_vlan: left promiscuous mode [ 888.763674][ T50] veth0_vlan: left promiscuous mode [ 888.801187][ T5828] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 889.250690][ T50] team0 (unregistering): Port device team_slave_1 removed [ 889.277195][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 889.300452][ T50] team0 (unregistering): Port device team_slave_0 removed [ 889.517085][ T5832] Bluetooth: hci0: command tx timeout [ 889.837151][ T5901] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 889.963260][T18287] chnl_net:caif_netlink_parms(): no params data found [ 890.317165][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 890.534742][T18287] bridge0: port 1(bridge_slave_0) entered blocking state [ 890.567161][T18287] bridge0: port 1(bridge_slave_0) entered disabled state [ 890.585425][T18287] bridge_slave_0: entered allmulticast mode [ 890.611496][T18287] bridge_slave_0: entered promiscuous mode [ 890.651346][T18287] bridge0: port 2(bridge_slave_1) entered blocking state [ 890.696633][T18287] bridge0: port 2(bridge_slave_1) entered disabled state [ 890.704269][T18287] bridge_slave_1: entered allmulticast mode [ 890.715549][T18287] bridge_slave_1: entered promiscuous mode [ 890.800806][T18370] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3552'. [ 890.877206][ T5901] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 890.913537][T18287] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 890.953579][T18372] syzkaller0: entered promiscuous mode [ 890.965812][T18372] syzkaller0: entered allmulticast mode [ 890.990352][T18287] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 891.117722][T18287] team0: Port device team_slave_0 added [ 891.199392][T18287] team0: Port device team_slave_1 added [ 891.357139][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 891.359035][T18287] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 891.376625][T18287] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 891.439800][T18287] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 891.473084][T18287] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 891.495933][T18287] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 891.557939][T18287] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 891.597319][ T5832] Bluetooth: hci0: command tx timeout [ 891.609635][T18410] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3564'. [ 891.653630][T18287] hsr_slave_0: entered promiscuous mode [ 891.660586][T18287] hsr_slave_1: entered promiscuous mode [ 891.668996][T18287] debugfs: 'hsr0' already exists in 'hsr' [ 891.674901][T18287] Cannot create hsr debugfs directory [ 891.919284][ T5828] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 891.980281][T18424] syzkaller0: entered promiscuous mode [ 891.996077][T18424] syzkaller0: entered allmulticast mode [ 892.397165][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 892.949366][ T5828] usb 3-1: new high-speed USB device number 82 using dummy_hcd [ 893.118959][ T5828] usb 3-1: device descriptor read/64, error -71 [ 893.302629][T18287] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 893.357151][ T5828] usb 3-1: new high-speed USB device number 83 using dummy_hcd [ 893.372763][T18287] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 893.449824][T18287] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 893.507139][ T5828] usb 3-1: device descriptor read/64, error -71 [ 893.530682][T18287] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 893.638414][ T5828] usb usb3-port1: attempt power cycle [ 893.677080][ T5832] Bluetooth: hci0: command tx timeout [ 893.719414][T18481] syzkaller0: entered promiscuous mode [ 893.736139][T18481] syzkaller0: entered allmulticast mode [ 893.843354][ T9993] net_ratelimit: 3 callbacks suppressed [ 893.843371][ T9993] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 893.857468][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 893.909082][T18498] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3591'. [ 893.931609][T18498] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3591'. [ 893.997323][ T5828] usb 3-1: new high-speed USB device number 84 using dummy_hcd [ 894.006530][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 894.047568][ T5828] usb 3-1: device descriptor read/8, error -71 [ 894.141169][T18287] 8021q: adding VLAN 0 to HW filter on device bond0 [ 894.206315][T18507] netlink: 'syz.3.3593': attribute type 25 has an invalid length. [ 894.239778][T18287] 8021q: adding VLAN 0 to HW filter on device team0 [ 894.300492][ T5828] usb 3-1: new high-speed USB device number 85 using dummy_hcd [ 894.347834][ T5828] usb 3-1: device descriptor read/8, error -71 [ 894.360148][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 894.367447][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 894.457520][ T5828] usb usb3-port1: unable to enumerate USB device [ 894.477360][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 894.485536][ T50] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 894.494013][ T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 894.502143][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 894.510251][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 894.524738][ T9993] bridge0: port 2(bridge_slave_1) entered blocking state [ 894.531908][ T9993] bridge0: port 2(bridge_slave_1) entered forwarding state [ 894.562631][T18515] netlink: 'syz.4.3597': attribute type 10 has an invalid length. [ 894.771443][T18520] syzkaller0: entered promiscuous mode [ 894.791230][T18520] syzkaller0: entered allmulticast mode [ 894.838412][T18287] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 895.040878][ T5828] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 895.406983][ T5828] usb 4-1: new full-speed USB device number 70 using dummy_hcd [ 895.517326][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 895.617443][ T5828] usb 4-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 895.627694][ T5828] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 895.666236][ T5828] usb 4-1: config 0 descriptor?? [ 895.757436][ T5832] Bluetooth: hci0: command tx timeout [ 895.763953][T18544] netlink: 'syz.4.3606': attribute type 10 has an invalid length. [ 895.830913][T18544] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 895.999798][T18287] veth0_vlan: entered promiscuous mode [ 896.036808][T18287] veth1_vlan: entered promiscuous mode [ 896.077205][ T5888] usb 1-1: new high-speed USB device number 77 using dummy_hcd [ 896.149661][T18287] veth0_macvtap: entered promiscuous mode [ 896.225340][T18287] veth1_macvtap: entered promiscuous mode [ 896.263337][ T5888] usb 1-1: config 0 has an invalid interface number: 117 but max is 0 [ 896.285981][ T5888] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 896.313635][T18287] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 896.337407][ T5888] usb 1-1: config 0 has no interface number 0 [ 896.361401][T18287] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 896.371207][ T5888] usb 1-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 896.402545][ T5888] usb 1-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 896.425862][ T60] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 896.429547][ T5888] usb 1-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 896.453924][ T60] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 896.462930][ T5888] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 896.471289][ T5888] usb 1-1: Product: syz [ 896.501025][ T5888] usb 1-1: Manufacturer: syz [ 896.505668][ T5888] usb 1-1: SerialNumber: syz [ 896.510999][ T60] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 896.520176][ T24] usb 5-1: new full-speed USB device number 75 using dummy_hcd [ 896.539786][ T60] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 896.550150][ T5888] usb 1-1: config 0 descriptor?? [ 896.690320][ T24] usb 5-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 896.710204][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 896.737182][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 896.755754][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 896.777783][ T24] usb 5-1: config 0 descriptor?? [ 896.860214][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 896.880302][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 897.212336][T18582] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3617'. [ 897.239308][T18582] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3617'. [ 897.273059][T18584] netlink: 80 bytes leftover after parsing attributes in process `syz.2.3618'. [ 897.914764][T18603] netlink: 'syz.1.3623': attribute type 12 has an invalid length. [ 897.930203][T18603] netlink: 'syz.1.3623': attribute type 29 has an invalid length. [ 897.940474][T18603] netlink: 148 bytes leftover after parsing attributes in process `syz.1.3623'. [ 897.952953][ T5828] pegasus 4-1:0.0: setup Pegasus II specific registers [ 897.971949][ T9] usb 1-1: USB disconnect, device number 77 [ 898.788886][T18628] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3629'. [ 898.814551][T18628] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3629'. [ 898.931863][T18634] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3632'. [ 898.958934][ T13] net_ratelimit: 6 callbacks suppressed [ 898.958952][ T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 899.020607][ T24] pegasus 5-1:0.0: setup Pegasus II specific registers [ 899.037404][T18640] netlink: 'syz.1.3634': attribute type 12 has an invalid length. [ 899.057472][T18640] netlink: 'syz.1.3634': attribute type 29 has an invalid length. [ 899.065314][T18640] netlink: 148 bytes leftover after parsing attributes in process `syz.1.3634'. [ 899.198342][ T9968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 899.395238][ T5828] pegasus 4-1:0.0: can't locate MII phy, using default [ 899.456350][ T5828] pegasus 4-1:0.0: eth1, ELECOM USB Ethernet LD-USB20, 46:f3:2c:00:3c:1e [ 899.482622][ T5828] usb 4-1: USB disconnect, device number 70 [ 899.637479][ T89] usb 2-1: new high-speed USB device number 68 using dummy_hcd [ 899.677076][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 899.807026][ T89] usb 2-1: Using ep0 maxpacket: 16 [ 899.831613][ T89] usb 2-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 899.855874][ T89] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 899.871478][ T89] usb 2-1: Product: syz [ 899.885807][ T89] usb 2-1: Manufacturer: syz [ 899.893070][ T89] usb 2-1: SerialNumber: syz [ 899.927737][ T89] usb 2-1: config 0 descriptor?? [ 899.947987][ T89] ssu100 2-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 900.062520][T18670] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3642'. [ 900.081956][ T24] pegasus 5-1:0.0: can't locate MII phy, using default [ 900.125755][T18670] bridge0: port 1(bridge_slave_0) entered disabled state [ 900.150130][ T89] ssu100 2-1:0.0: probe with driver ssu100 failed with error -32 [ 900.246060][ T5828] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 900.254800][ T7787] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 900.263175][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 900.277480][ T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 900.285787][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 900.328729][T18670] bridge_slave_0 (unregistering): left allmulticast mode [ 900.346383][T18670] bridge_slave_0 (unregistering): left promiscuous mode [ 900.355913][T18670] bridge0: port 1(bridge_slave_0) entered disabled state [ 900.458464][ T24] pegasus 5-1:0.0: eth1, ELECOM USB Ethernet LD-USB20, 82:2b:60:0e:df:20 [ 900.488018][ T24] usb 5-1: USB disconnect, device number 75 [ 900.513854][T18676] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3643'. [ 900.667921][T18682] tipc: Enabling of bearer rejected, failed to enable media [ 900.678103][T18682] syzkaller0: entered promiscuous mode [ 900.683595][T18682] syzkaller0: entered allmulticast mode [ 900.717104][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 901.277270][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 901.491320][T18718] kvm_intel: kvm [18717]: vcpu0, guest rIP: 0x0 Unhandled WRMSR(0x1d9) = 0xf407 [ 901.503728][T18718] kvm_intel: kvm [18717]: vcpu0, guest rIP: 0x0 Unhandled WRMSR(0x1d9) = 0xf407 [ 901.514272][T18718] kvm_intel: kvm [18717]: vcpu0, guest rIP: 0x0 Unhandled WRMSR(0x1d9) = 0xf407 [ 901.541596][T18718] kvm_intel: kvm [18717]: vcpu0, guest rIP: 0x0 Unhandled WRMSR(0x1d9) = 0xf407 [ 901.557047][ T24] usb 3-1: new high-speed USB device number 86 using dummy_hcd [ 901.570140][T18718] kvm_intel: kvm [18717]: vcpu0, guest rIP: 0x0 Unhandled WRMSR(0x1d9) = 0xf407 [ 901.579811][T18718] kvm_intel: kvm [18717]: vcpu0, guest rIP: 0x0 Unhandled WRMSR(0x1d9) = 0xf407 [ 901.592415][T18718] kvm_intel: kvm [18717]: vcpu0, guest rIP: 0x0 Unhandled WRMSR(0x1d9) = 0xf407 [ 901.605341][T18718] kvm_intel: kvm [18717]: vcpu0, guest rIP: 0x0 Unhandled WRMSR(0x1d9) = 0xf407 [ 901.615416][T18718] kvm_intel: kvm [18717]: vcpu0, guest rIP: 0x0 Unhandled WRMSR(0x1d9) = 0xf407 [ 901.625106][T18718] kvm_intel: kvm [18717]: vcpu0, guest rIP: 0x0 Unhandled WRMSR(0x1d9) = 0xf407 [ 901.721931][ T24] usb 3-1: config 0 has no interfaces? [ 901.734494][ T24] usb 3-1: New USB device found, idVendor=0582, idProduct=008d, bcdDevice=7a.ac [ 901.750386][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 901.769401][ T24] usb 3-1: Product: syz [ 901.778075][ T24] usb 3-1: Manufacturer: syz [ 901.789134][ T24] usb 3-1: SerialNumber: syz [ 901.806198][ T24] usb 3-1: config 0 descriptor?? [ 902.030817][ T24] usb 3-1: USB disconnect, device number 86 [ 902.370360][T18746] __nla_validate_parse: 1 callbacks suppressed [ 902.370380][T18746] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3670'. [ 902.375969][ T5888] usb 2-1: USB disconnect, device number 68 [ 902.999867][T18775] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3682'. [ 903.597861][T18789] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3687'. [ 903.917549][ T5831] Bluetooth: hci0: command 0x0405 tx timeout [ 904.397960][ T24] net_ratelimit: 7 callbacks suppressed [ 904.397978][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 904.717972][ T50] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 904.877147][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 905.280144][T18854] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3715'. [ 905.361659][ T7787] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 905.369934][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 905.388304][ T89] usb 4-1: new high-speed USB device number 71 using dummy_hcd [ 905.461006][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 905.499004][T18860] pim6reg1: entered promiscuous mode [ 905.511614][T18860] pim6reg1: entered allmulticast mode [ 905.570949][ T89] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 905.599198][ T89] usb 4-1: config 0 interface 0 has no altsetting 0 [ 905.626828][ T89] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 905.659197][ T89] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 905.684967][ T89] usb 4-1: Product: syz [ 905.694211][ T89] usb 4-1: Manufacturer: syz [ 905.703312][ T89] usb 4-1: SerialNumber: syz [ 905.719119][ T89] usb 4-1: config 0 descriptor?? [ 905.740746][ T89] usb 4-1: selecting invalid altsetting 0 [ 905.807032][ T24] usb 1-1: new high-speed USB device number 78 using dummy_hcd [ 905.917118][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 905.999833][ T5831] Bluetooth: hci0: command 0x0405 tx timeout [ 905.999908][ T7787] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 906.014363][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 906.040655][ T24] usb 1-1: New USB device found, idVendor=0856, idProduct=ac31, bcdDevice=93.1e [ 906.092557][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 906.155645][ T24] usb 1-1: Product: syz [ 906.177074][ T24] usb 1-1: Manufacturer: syz [ 906.217060][ T9] usb 4-1: USB disconnect, device number 71 [ 906.285275][ T24] usb 1-1: SerialNumber: syz [ 906.315535][T18873] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 906.316262][ T24] usb 1-1: config 0 descriptor?? [ 906.360145][ T43] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 906.387677][ T43] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 906.477329][ T5828] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 906.670417][T18872] netlink: 'syz.3.3713': attribute type 10 has an invalid length. [ 907.072606][ T24] mos7840 1-1:0.0: required endpoints missing [ 907.088613][ T24] usb 1-1: USB disconnect, device number 78 [ 907.153103][T18890] netlink: 300 bytes leftover after parsing attributes in process `syz.1.3725'. [ 907.189285][T18890] netlink: 300 bytes leftover after parsing attributes in process `syz.1.3725'. [ 907.449102][ T24] IPVS: starting estimator thread 0... [ 907.537041][T18898] IPVS: using max 50 ests per chain, 120000 per kthread [ 907.689729][T18904] bridge_slave_0: left allmulticast mode [ 907.695639][T18904] bridge_slave_0: left promiscuous mode [ 907.713001][T18904] bridge0: port 1(bridge_slave_0) entered disabled state [ 907.774360][T18904] bridge_slave_1: left allmulticast mode [ 907.783644][T18904] bridge_slave_1: left promiscuous mode [ 907.790830][T18904] bridge0: port 2(bridge_slave_1) entered disabled state [ 907.809667][T18904] bond0: (slave bond_slave_0): Releasing backup interface [ 907.832572][T18904] bond0: (slave bond_slave_1): Releasing backup interface [ 907.865971][T18904] team0: Port device team_slave_0 removed [ 907.882577][ T7787] wlan1: send auth to 08:02:11:00:00:00 (try 2/3) [ 907.899051][T18904] team0: Port device team_slave_1 removed [ 907.914149][T18904] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 907.925967][T18904] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 907.947549][T18904] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 907.955169][T18904] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 908.047185][ T7787] wlan1: send auth to 08:02:11:00:00:00 (try 3/3) [ 908.120185][T18912] tipc: Enabling of bearer rejected, failed to enable media [ 908.173672][T18915] syzkaller0: entered promiscuous mode [ 908.217520][ T60] wlan1: authentication with 08:02:11:00:00:00 timed out [ 908.227283][T18915] syzkaller0: entered allmulticast mode [ 908.797400][ T5888] usb 4-1: new high-speed USB device number 72 using dummy_hcd [ 908.989484][ T5888] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 909.018341][ T5888] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 909.033919][ T5888] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 909.044535][ T5888] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 909.130669][T18930] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 909.160331][ T5888] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 909.597204][ T5828] net_ratelimit: 6 callbacks suppressed [ 909.597224][ T5828] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 910.077130][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 910.478938][ T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 910.510336][ T30] audit: type=1326 audit(1760753923.337:1150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18964 comm="syz.0.3756" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7efcd518efc9 code=0x0 [ 910.637146][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 911.117952][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 911.126282][ T7787] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 911.135387][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 911.497069][ T24] usb 5-1: new high-speed USB device number 76 using dummy_hcd [ 911.663323][ T24] usb 5-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 911.701302][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 911.709530][ T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 911.755520][ T24] usb 5-1: Product: syz [ 911.760807][ T9993] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 911.769140][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 911.818603][ T24] usb 5-1: Manufacturer: syz [ 911.823454][ T24] usb 5-1: SerialNumber: syz [ 911.841812][ T24] usb 5-1: config 0 descriptor?? [ 911.866610][ T24] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 912.083955][ T9] usb 4-1: USB disconnect, device number 72 [ 912.408220][ T24] gspca_sunplus: reg_r err -71 [ 912.417378][ T24] sunplus 5-1:0.0: probe with driver sunplus failed with error -71 [ 912.490997][ T24] usb 5-1: USB disconnect, device number 76 [ 912.717006][ T9] usb 4-1: new high-speed USB device number 73 using dummy_hcd [ 912.773343][T19013] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 912.882531][ T9] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 912.904386][ T9] usb 4-1: config 0 interface 0 has no altsetting 0 [ 912.959031][ T9] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 912.999768][ T9] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 913.020774][ T9] usb 4-1: Product: syz [ 913.031231][ T9] usb 4-1: Manufacturer: syz [ 913.049240][ T9] usb 4-1: SerialNumber: syz [ 913.049397][T19021] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3780'. [ 913.065667][ T9] usb 4-1: config 0 descriptor?? [ 913.112878][ T9] usb 4-1: selecting invalid altsetting 0 [ 913.330393][ T5828] usb 4-1: USB disconnect, device number 73 [ 913.333316][T19035] tipc: Enabling of bearer rejected, failed to enable media [ 913.348165][T19035] syzkaller0: entered promiscuous mode [ 913.353771][T19035] syzkaller0: entered allmulticast mode [ 913.427915][T19037] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 913.493130][T19040] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 913.508050][T19037] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 913.727189][ T9] usb 2-1: new high-speed USB device number 69 using dummy_hcd [ 913.882548][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 913.889857][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 913.902054][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 913.912976][ T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 913.927564][ T9] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 913.936623][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 913.949914][ T9] usb 2-1: config 0 descriptor?? [ 914.128593][ T5832] Bluetooth: hci2: unexpected event 0x05 length: 6 > 4 [ 914.239974][T19055] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3794'. [ 914.377653][ T9] microsoft 0003:045E:07DA.0013: ignoring exceeding usage max [ 914.394818][ T9] microsoft 0003:045E:07DA.0013: unsupported Resolution Multiplier 0 [ 914.405911][ T9] microsoft 0003:045E:07DA.0013: implement() called with n (152) > 32! (kworker/0:0) [ 914.571885][ T9] microsoft 0003:045E:07DA.0013: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 914.610316][ T9] microsoft 0003:045E:07DA.0013: no inputs found [ 914.616697][ T9] microsoft 0003:045E:07DA.0013: could not initialize ff, continuing anyway [ 914.649684][ T9] usb 2-1: USB disconnect, device number 69 [ 914.693690][T19067] fido_id[19067]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 914.797190][ T5828] net_ratelimit: 8 callbacks suppressed [ 914.797209][ T5828] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 915.174531][T19086] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3807'. [ 915.266010][T19090] netlink: 'syz.1.3808': attribute type 12 has an invalid length. [ 915.277075][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 915.300489][T19090] netlink: 'syz.1.3808': attribute type 29 has an invalid length. [ 915.313652][T19090] netlink: 148 bytes leftover after parsing attributes in process `syz.1.3808'. [ 915.479966][T19096] tipc: Enabling of bearer rejected, failed to enable media [ 915.542793][T19099] syzkaller0: entered promiscuous mode [ 915.604509][T19099] syzkaller0: entered allmulticast mode [ 915.849566][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 916.052133][T19113] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3819'. [ 916.107240][ T9] usb 1-1: new high-speed USB device number 79 using dummy_hcd [ 916.155684][T19117] syzkaller0: entered promiscuous mode [ 916.161557][T19117] syzkaller0: entered allmulticast mode [ 916.238748][ T60] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 916.267130][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 916.276248][ T9] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 916.293188][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 916.302749][ T9] usb 1-1: Product: syz [ 916.307372][ T9] usb 1-1: Manufacturer: syz [ 916.317137][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 916.317905][ T9] usb 1-1: SerialNumber: syz [ 916.345466][T19119] bridge_slave_0: left allmulticast mode [ 916.366193][T19119] bridge_slave_0: left promiscuous mode [ 916.382925][ T9] r8152-cfgselector 1-1: Unknown version 0x0000 [ 916.392115][ T9] r8152-cfgselector 1-1: config 0 descriptor?? [ 916.397395][T19119] bridge0: port 1(bridge_slave_0) entered disabled state [ 916.434450][T19119] bridge_slave_1: left allmulticast mode [ 916.441111][T19119] bridge_slave_1: left promiscuous mode [ 916.450698][T19119] bridge0: port 2(bridge_slave_1) entered disabled state [ 916.461128][T19124] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 916.489982][T19119] bond0: (slave bond_slave_0): Releasing backup interface [ 916.505044][T19119] bond0: (slave bond_slave_1): Releasing backup interface [ 916.569849][T19119] team0: Port device team_slave_0 removed [ 916.592048][T19119] team0: Port device team_slave_1 removed [ 916.599299][T19119] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 916.608046][T19119] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 916.618784][T19119] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 916.626212][T19119] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 916.648865][T19119] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 916.729606][T19139] openvswitch: netlink: Message has 16 unknown bytes. [ 916.850892][T19144] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3830'. [ 916.880526][ T50] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 916.888675][ T50] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 916.897292][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 917.716420][T19156] tipc: Started in network mode [ 917.752990][T19156] tipc: Node identity ac14140f, cluster identity 4711 [ 917.798521][T19156] tipc: New replicast peer: 255.255.255.255 [ 917.829727][T19156] tipc: Enabled bearer , priority 10 [ 918.190441][T19169] bridge_slave_0: left allmulticast mode [ 918.211331][T19169] bridge_slave_0: left promiscuous mode [ 918.219608][T19169] bridge0: port 1(bridge_slave_0) entered disabled state [ 918.241769][T19169] bridge_slave_1: left allmulticast mode [ 918.255561][T19169] bridge_slave_1: left promiscuous mode [ 918.277275][T19169] bridge0: port 2(bridge_slave_1) entered disabled state [ 918.332050][T19169] bond0: (slave bond_slave_0): Releasing backup interface [ 918.428181][T19169] bond0: (slave bond_slave_1): Releasing backup interface [ 918.456182][T19175] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3841'. [ 918.540694][T19169] team0: Port device team_slave_0 removed [ 918.586799][T19169] team0: Port device team_slave_1 removed [ 918.621063][T19169] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 918.651529][T19169] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 918.684826][T19169] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 918.711035][T19169] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 918.947089][ T9968] tipc: Node number set to 2886997007 [ 919.010945][T19190] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3847'. [ 919.228335][ T9] r8152-cfgselector 1-1: Unknown version 0x0000 [ 919.264522][ T9] r8152-cfgselector 1-1: bad CDC descriptors [ 919.293378][ T9] r8152-cfgselector 1-1: USB disconnect, device number 79 [ 919.430205][T19204] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 919.507003][T19210] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3856'. [ 919.894628][T19227] net_ratelimit: 15 callbacks suppressed [ 919.894651][T19227] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 920.002070][ T9968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 920.284040][T19240] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3870'. [ 920.477097][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 921.173096][ T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 921.357392][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 921.367135][ T60] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 921.375256][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 921.403932][ T50] bridge_slave_1: left allmulticast mode [ 921.411560][ T50] bridge_slave_1: left promiscuous mode [ 921.440144][ T50] bridge0: port 2(bridge_slave_1) entered disabled state [ 921.517100][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 921.626255][ T50] bridge_slave_0: left allmulticast mode [ 921.672631][ T50] bridge_slave_0: left promiscuous mode [ 921.693087][ T50] bridge0: port 1(bridge_slave_0) entered disabled state [ 922.042521][T19278] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3882'. [ 922.243948][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 922.557123][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 922.558510][ T50] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 922.575254][ T50] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 922.585158][ T50] bond0 (unregistering): (slave batadv0): Releasing backup interface [ 922.595202][ T50] bond0 (unregistering): Released all slaves [ 922.704388][ T50] bond1 (unregistering): Released all slaves [ 922.788638][ T50] tipc: Left network mode [ 922.969781][ T50] hsr_slave_0: left promiscuous mode [ 922.975840][ T50] hsr_slave_1: left promiscuous mode [ 922.982051][ T50] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 922.989839][ T50] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 923.018878][ T50] pimreg (unregistering): left allmulticast mode [ 923.028611][ T9968] usb 4-1: new high-speed USB device number 74 using dummy_hcd [ 923.267594][ T9968] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 923.317397][ T9968] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 923.396479][ T9968] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 923.489588][ T9968] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 923.537546][ T9968] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 923.549613][ T9968] usb 4-1: config 0 descriptor?? [ 924.019152][ T9968] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0 [ 924.057693][ T9968] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0 [ 924.065415][ T9968] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0 [ 924.092015][ T9968] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0 [ 924.100012][ T9968] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0 [ 924.118243][ T9968] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0 [ 924.137633][ T9968] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0 [ 924.153765][ T9968] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0 [ 924.161971][ T9968] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0 [ 924.183955][ T9968] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0 [ 924.202738][ T9968] plantronics 0003:047F:FFFF.0014: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 924.353143][ T9968] usb 4-1: USB disconnect, device number 74 [ 924.471678][ T50] team0 (unregistering): Port device team_slave_1 removed [ 924.516449][ T50] team0 (unregistering): Port device team_slave_0 removed [ 924.994897][T19335] net_ratelimit: 10 callbacks suppressed [ 924.994917][T19335] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 925.368155][ T9968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 925.677139][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 926.407298][ T50] IPVS: stop unused estimator thread 0... [ 926.424946][ T9968] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 926.651295][T19372] netlink: 'syz.2.3909': attribute type 4 has an invalid length. [ 926.665440][T19372] netlink: 'syz.2.3909': attribute type 4 has an invalid length. [ 926.717099][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 926.786822][ T50] bridge0: port 1(batadv0) entered disabled state [ 927.067039][ T9] usb 5-1: new high-speed USB device number 77 using dummy_hcd [ 927.280162][ T9] usb 5-1: config 0 has no interfaces? [ 927.288242][ T9] usb 5-1: New USB device found, idVendor=0547, idProduct=7303, bcdDevice=71.ba [ 927.323866][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 927.346908][ T9] usb 5-1: Product: syz [ 927.351115][ T9] usb 5-1: Manufacturer: syz [ 927.364072][ T9] usb 5-1: SerialNumber: syz [ 927.388660][ T9] usb 5-1: config 0 descriptor?? [ 927.757652][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 928.185389][ T50] bond0 (unregistering): Released all slaves [ 928.290815][T19394] syzkaller0: entered promiscuous mode [ 928.296641][T19394] syzkaller0: entered allmulticast mode [ 928.330907][ T50] tipc: Disabling bearer [ 928.336317][ T50] tipc: Left network mode [ 928.413822][T19407] bridge0: port 1(syz_tun) entered blocking state [ 928.423908][T19407] bridge0: port 1(syz_tun) entered disabled state [ 928.430757][T19407] syz_tun: entered allmulticast mode [ 928.440300][T19407] syz_tun: entered promiscuous mode [ 928.446213][T19407] bridge0: port 1(syz_tun) entered blocking state [ 928.453005][T19407] bridge0: port 1(syz_tun) entered forwarding state [ 928.786587][ T50] hsr_slave_0: left promiscuous mode [ 928.798886][ T50] hsr_slave_1: left promiscuous mode [ 928.818499][ T50] veth1_macvtap: left promiscuous mode [ 928.824050][ T50] veth0_macvtap: left promiscuous mode [ 928.830712][ T50] veth1_vlan: left promiscuous mode [ 928.836012][ T50] veth0_vlan: left promiscuous mode [ 929.600393][T19423] ================================================================== [ 929.608503][T19423] BUG: KASAN: slab-out-of-bounds in change_page_attr_set_clr+0x625/0xfc0 [ 929.617081][T19423] Read of size 8 at addr ffff88807511c688 by task syz.1.3931/19423 [ 929.625041][T19423] [ 929.627360][T19423] CPU: 1 UID: 0 PID: 19423 Comm: syz.1.3931 Not tainted syzkaller #0 PREEMPT(full) [ 929.627375][T19423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 929.627383][T19423] Call Trace: [ 929.627390][T19423] [ 929.627397][T19423] dump_stack_lvl+0x189/0x250 [ 929.627413][T19423] ? __kasan_check_byte+0x12/0x40 [ 929.627427][T19423] ? __pfx_dump_stack_lvl+0x10/0x10 [ 929.627439][T19423] ? lock_release+0x4b/0x3e0 [ 929.627454][T19423] ? __virt_addr_valid+0x4a5/0x5c0 [ 929.627466][T19423] print_report+0xca/0x240 [ 929.627478][T19423] ? change_page_attr_set_clr+0x625/0xfc0 [ 929.627490][T19423] kasan_report+0x118/0x150 [ 929.627502][T19423] ? change_page_attr_set_clr+0x625/0xfc0 [ 929.627515][T19423] change_page_attr_set_clr+0x625/0xfc0 [ 929.627529][T19423] ? __pfx_change_page_attr_set_clr+0x10/0x10 [ 929.627541][T19423] ? __pfx_pagerange_is_ram_callback+0x10/0x10 [ 929.627552][T19423] ? memtype_reserve+0x874/0xb30 [ 929.627565][T19423] ? __pfx___ww_mutex_lock+0x10/0x10 [ 929.627577][T19423] _set_pages_array+0x145/0x270 [ 929.627592][T19423] drm_gem_shmem_get_pages_locked+0x2d0/0x440 [ 929.627609][T19423] ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10 [ 929.627625][T19423] ? ww_mutex_lock+0x3f/0x1c0 [ 929.627636][T19423] drm_gem_shmem_mmap+0x193/0x460 [ 929.627647][T19423] drm_gem_mmap_obj+0x18a/0x4e0 [ 929.627660][T19423] drm_gem_mmap+0x384/0x640 [ 929.627671][T19423] ? __pfx_drm_gem_mmap+0x10/0x10 [ 929.627683][T19423] ? __mas_set_range+0x12f/0x3c0 [ 929.627697][T19423] mmap_region+0x18b4/0x2110 [ 929.627714][T19423] ? __pfx_mmap_region+0x10/0x10 [ 929.627740][T19423] ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10 [ 929.627757][T19423] ? bpf_lsm_mmap_addr+0x9/0x20 [ 929.627770][T19423] ? security_mmap_addr+0x71/0x270 [ 929.627784][T19423] ? shmem_mapping+0xd/0x50 [ 929.627797][T19423] ? memfd_check_seals_mmap+0xc5/0x200 [ 929.627812][T19423] do_mmap+0xc45/0x10d0 [ 929.627824][T19423] ? __pfx_do_mmap+0x10/0x10 [ 929.627832][T19423] ? down_write_killable+0x178/0x230 [ 929.627844][T19423] ? __pfx_down_write_killable+0x10/0x10 [ 929.627855][T19423] ? common_file_perm+0x1b5/0x230 [ 929.627867][T19423] vm_mmap_pgoff+0x2a6/0x4d0 [ 929.627883][T19423] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 929.627898][T19423] ? __fget_files+0x2a/0x420 [ 929.627911][T19423] ? __fget_files+0x2a/0x420 [ 929.627921][T19423] ? __fget_files+0x2a/0x420 [ 929.627933][T19423] ksys_mmap_pgoff+0x51f/0x760 [ 929.627945][T19423] do_syscall_64+0xfa/0xfa0 [ 929.627955][T19423] ? lockdep_hardirqs_on+0x9c/0x150 [ 929.627964][T19423] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 929.627975][T19423] ? clear_bhb_loop+0x60/0xb0 [ 929.627985][T19423] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 929.627996][T19423] RIP: 0033:0x7f68b2b8efc9 [ 929.628008][T19423] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 929.628018][T19423] RSP: 002b:00007f68b0df6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 929.628031][T19423] RAX: ffffffffffffffda RBX: 00007f68b2de6180 RCX: 00007f68b2b8efc9 [ 929.628040][T19423] RDX: 0000000000000004 RSI: 0000000000004000 RDI: 0000200000001000 [ 929.628047][T19423] RBP: 00007f68b2c11f91 R08: 0000000000000006 R09: 0000000100000000 [ 929.628055][T19423] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000 [ 929.628062][T19423] R13: 00007f68b2de6218 R14: 00007f68b2de6180 R15: 00007f68b2f0fa28 [ 929.628074][T19423] [ 929.628078][T19423] [ 929.965452][T19423] Allocated by task 19423: [ 929.969863][T19423] kasan_save_track+0x3e/0x80 [ 929.974529][T19423] __kasan_kmalloc+0x93/0xb0 [ 929.979105][T19423] __kvmalloc_node_noprof+0x5cd/0x910 [ 929.984465][T19423] drm_gem_get_pages+0x166/0xa20 [ 929.989386][T19423] drm_gem_shmem_get_pages_locked+0x201/0x440 [ 929.995451][T19423] drm_gem_shmem_mmap+0x193/0x460 [ 930.000474][T19423] drm_gem_mmap_obj+0x18a/0x4e0 [ 930.005327][T19423] drm_gem_mmap+0x384/0x640 [ 930.009810][T19423] mmap_region+0x18b4/0x2110 [ 930.014391][T19423] do_mmap+0xc45/0x10d0 [ 930.018525][T19423] vm_mmap_pgoff+0x2a6/0x4d0 [ 930.023194][T19423] ksys_mmap_pgoff+0x51f/0x760 [ 930.027935][T19423] do_syscall_64+0xfa/0xfa0 [ 930.032417][T19423] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 930.038285][T19423] [ 930.040584][T19423] The buggy address belongs to the object at ffff88807511c600 [ 930.040584][T19423] which belongs to the cache kmalloc-192 of size 192 [ 930.054614][T19423] The buggy address is located 0 bytes to the right of [ 930.054614][T19423] allocated 136-byte region [ffff88807511c600, ffff88807511c688) [ 930.069084][T19423] [ 930.071406][T19423] The buggy address belongs to the physical page: [ 930.077804][T19423] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7511c [ 930.086546][T19423] ksm flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 930.094008][T19423] page_type: f5(slab) [ 930.097986][T19423] raw: 00fff00000000000 ffff88813ffa63c0 ffffea0001443d00 dead000000000003 [ 930.106553][T19423] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 930.115118][T19423] page dumped because: kasan: bad access detected [ 930.121521][T19423] page_owner tracks the page as allocated [ 930.127216][T19423] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 5842, tgid 5842 (syz-executor), ts 84004039337, free_ts 83967437649 [ 930.146736][T19423] post_alloc_hook+0x240/0x2a0 [ 930.151488][T19423] get_page_from_freelist+0x2365/0x2440 [ 930.157019][T19423] __alloc_frozen_pages_noprof+0x181/0x370 [ 930.162812][T19423] allocate_slab+0x71/0x3a0 [ 930.167299][T19423] ___slab_alloc+0xe94/0x18a0 [ 930.171970][T19423] __slab_alloc+0x65/0x100 [ 930.176373][T19423] __kmalloc_node_noprof+0x5cc/0x800 [ 930.181648][T19423] allocate_slab+0x179/0x3a0 [ 930.186230][T19423] ___slab_alloc+0xe94/0x18a0 [ 930.190892][T19423] __slab_alloc+0x65/0x100 [ 930.195292][T19423] kmem_cache_alloc_lru_noprof+0x3ef/0x6d0 [ 930.201076][T19423] __d_alloc+0x36/0x7a0 [ 930.205232][T19423] d_alloc_parallel+0xe1/0x1610 [ 930.210090][T19423] __lookup_slow+0x116/0x3d0 [ 930.214661][T19423] simple_start_creating+0xfd/0x1e0 [ 930.219836][T19423] debugfs_start_creating+0x10f/0x180 [ 930.225186][T19423] page last free pid 50 tgid 50 stack trace: [ 930.231140][T19423] __free_frozen_pages+0xbc4/0xd30 [ 930.236234][T19423] rcu_core+0xcab/0x1770 [ 930.240463][T19423] handle_softirqs+0x286/0x870 [ 930.245205][T19423] do_softirq+0xec/0x180 [ 930.249424][T19423] __local_bh_enable_ip+0x17d/0x1c0 [ 930.254603][T19423] nsim_dev_trap_report_work+0x7c7/0xb80 [ 930.260220][T19423] process_scheduled_works+0xae1/0x17b0 [ 930.265743][T19423] worker_thread+0x8a0/0xda0 [ 930.270322][T19423] kthread+0x711/0x8a0 [ 930.274381][T19423] ret_from_fork+0x4bc/0x870 [ 930.278955][T19423] ret_from_fork_asm+0x1a/0x30 [ 930.283700][T19423] [ 930.286004][T19423] Memory state around the buggy address: [ 930.291620][T19423] ffff88807511c580: 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 930.299663][T19423] ffff88807511c600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 930.307711][T19423] >ffff88807511c680: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 930.315760][T19423] ^ [ 930.320121][T19423] ffff88807511c700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 930.328178][T19423] ffff88807511c780: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 930.336214][T19423] ================================================================== [ 930.344302][ C1] vkms_vblank_simulate: vblank timer overrun [ 930.475564][T19423] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 930.482808][T19423] CPU: 1 UID: 0 PID: 19423 Comm: syz.1.3931 Not tainted syzkaller #0 PREEMPT(full) [ 930.492186][T19423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 930.502225][T19423] Call Trace: [ 930.505491][T19423] [ 930.508409][T19423] dump_stack_lvl+0x99/0x250 [ 930.512985][T19423] ? __asan_memcpy+0x40/0x70 [ 930.517556][T19423] ? __pfx_dump_stack_lvl+0x10/0x10 [ 930.522733][T19423] ? __pfx__printk+0x10/0x10 [ 930.527321][T19423] vpanic+0x237/0x6d0 [ 930.531318][T19423] ? __pfx_vpanic+0x10/0x10 [ 930.535835][T19423] ? preempt_schedule+0xae/0xc0 [ 930.540694][T19423] ? __pfx_preempt_schedule+0x10/0x10 [ 930.546053][T19423] panic+0xb9/0xc0 [ 930.549754][T19423] ? __pfx_panic+0x10/0x10 [ 930.554152][T19423] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 930.560036][T19423] ? change_page_attr_set_clr+0x625/0xfc0 [ 930.565745][T19423] check_panic_on_warn+0x89/0xb0 [ 930.570672][T19423] ? change_page_attr_set_clr+0x625/0xfc0 [ 930.576380][T19423] end_report+0x78/0x160 [ 930.580619][T19423] kasan_report+0x129/0x150 [ 930.585126][T19423] ? change_page_attr_set_clr+0x625/0xfc0 [ 930.590861][T19423] change_page_attr_set_clr+0x625/0xfc0 [ 930.596427][T19423] ? __pfx_change_page_attr_set_clr+0x10/0x10 [ 930.602511][T19423] ? __pfx_pagerange_is_ram_callback+0x10/0x10 [ 930.608678][T19423] ? memtype_reserve+0x874/0xb30 [ 930.613614][T19423] ? __pfx___ww_mutex_lock+0x10/0x10 [ 930.618893][T19423] _set_pages_array+0x145/0x270 [ 930.623747][T19423] drm_gem_shmem_get_pages_locked+0x2d0/0x440 [ 930.629814][T19423] ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10 [ 930.636400][T19423] ? ww_mutex_lock+0x3f/0x1c0 [ 930.641066][T19423] drm_gem_shmem_mmap+0x193/0x460 [ 930.646079][T19423] drm_gem_mmap_obj+0x18a/0x4e0 [ 930.650921][T19423] drm_gem_mmap+0x384/0x640 [ 930.655417][T19423] ? __pfx_drm_gem_mmap+0x10/0x10 [ 930.660432][T19423] ? __mas_set_range+0x12f/0x3c0 [ 930.665367][T19423] mmap_region+0x18b4/0x2110 [ 930.669955][T19423] ? __pfx_mmap_region+0x10/0x10 [ 930.674906][T19423] ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10 [ 930.681498][T19423] ? bpf_lsm_mmap_addr+0x9/0x20 [ 930.686342][T19423] ? security_mmap_addr+0x71/0x270 [ 930.691448][T19423] ? shmem_mapping+0xd/0x50 [ 930.695955][T19423] ? memfd_check_seals_mmap+0xc5/0x200 [ 930.701410][T19423] do_mmap+0xc45/0x10d0 [ 930.705557][T19423] ? __pfx_do_mmap+0x10/0x10 [ 930.710134][T19423] ? down_write_killable+0x178/0x230 [ 930.715411][T19423] ? __pfx_down_write_killable+0x10/0x10 [ 930.721036][T19423] ? common_file_perm+0x1b5/0x230 [ 930.726057][T19423] vm_mmap_pgoff+0x2a6/0x4d0 [ 930.730648][T19423] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 930.735845][T19423] ? __fget_files+0x2a/0x420 [ 930.740425][T19423] ? __fget_files+0x2a/0x420 [ 930.745006][T19423] ? __fget_files+0x2a/0x420 [ 930.749595][T19423] ksys_mmap_pgoff+0x51f/0x760 [ 930.754349][T19423] do_syscall_64+0xfa/0xfa0 [ 930.758845][T19423] ? lockdep_hardirqs_on+0x9c/0x150 [ 930.764117][T19423] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 930.770169][T19423] ? clear_bhb_loop+0x60/0xb0 [ 930.774833][T19423] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 930.780714][T19423] RIP: 0033:0x7f68b2b8efc9 [ 930.785118][T19423] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 930.804713][T19423] RSP: 002b:00007f68b0df6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 930.813117][T19423] RAX: ffffffffffffffda RBX: 00007f68b2de6180 RCX: 00007f68b2b8efc9 [ 930.821077][T19423] RDX: 0000000000000004 RSI: 0000000000004000 RDI: 0000200000001000 [ 930.829040][T19423] RBP: 00007f68b2c11f91 R08: 0000000000000006 R09: 0000000100000000 [ 930.837001][T19423] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000 [ 930.844965][T19423] R13: 00007f68b2de6218 R14: 00007f68b2de6180 R15: 00007f68b2f0fa28 [ 930.852931][T19423] [ 930.856207][T19423] Kernel Offset: disabled [ 930.860515][T19423] Rebooting in 86400 seconds..