./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2460859778

<...>
Warning: Permanently added '10.128.1.183' (ECDSA) to the list of known hosts.
execve("./syz-executor2460859778", ["./syz-executor2460859778"], 0x7fff62427b30 /* 10 vars */) = 0
brk(NULL)                               = 0x55555719d000
brk(0x55555719dc40)                     = 0x55555719dc40
arch_prctl(ARCH_SET_FS, 0x55555719d300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
set_tid_address(0x55555719d5d0)         = 5069
set_robust_list(0x55555719d5e0, 24)     = 0
rt_sigaction(SIGRTMIN, {sa_handler=0x7f949d64c2d0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f949d64c9a0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=0x7f949d64c370, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f949d64c9a0}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2460859778", 4096) = 28
brk(0x5555571bec40)                     = 0x5555571bec40
brk(0x5555571bf000)                     = 0x5555571bf000
mprotect(0x7f949d70e000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid()                                = 5069
openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3
write(3, "10000000000", 11)             = 11
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3
write(3, "20", 2)                       = 2
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
write(3, "100", 3)                      = 3
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3
write(3, "7 4 1 3", 7)                  = 7
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3
write(3, "5069", 4)                     = 4
close(3)                                = 0
mount(NULL, "/proc/sys/fs/binfmt_misc", "binfmt_misc", 0, NULL) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "/proc/sys/fs/binfmt_misc/register", O_WRONLY|O_CLOEXEC) = 3
write(3, "\x3a\x73\x79\x7a\x30\x3a\x4d\x3a\x30\x3a\x01\x3a\x3a\x2e\x2f\x66\x69\x6c\x65\x30\x3a", 21) = 21
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/fs/binfmt_misc/register", O_WRONLY|O_CLOEXEC) = 3
write(3, "\x3a\x73\x79\x7a\x31\x3a\x4d\x3a\x31\x3a\x02\x3a\x3a\x2e\x2f\x66\x69\x6c\x65\x30\x3a\x50\x4f\x43", 24) = 24
close(3)                                = 0
socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4
sendto(4, [{nlmsg_len=36, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
recvfrom(4, [{nlmsg_len=784, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=5069}, "\x01\x02\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00\x06\x00\x01\x00\x1d\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x2e\x00\x00\x00\x98\x02\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x05\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x03\x00"...], 4096, 0, NULL, NULL) = 784
recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5069}, {error=0, msg={nlmsg_len=36, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
access("/proc/net", R_OK)               = 0
access("/proc/net/unix", R_OK)          = 0
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0
close(5)                                = 0
sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x06\x00\x0a\x00\xa0\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5069}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0
close(5)                                = 0
sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0c\x00\x01\x00\x02\x00\xaa\xaa\xaa\xaa\xaa\xaa"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5069}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
sendto(3, [{nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}, [[{nla_len=11, nla_type=IFLA_IFNAME}, "lowpan0"...], [{nla_len=16, nla_type=IFLA_LINKINFO}, [{nla_len=10, nla_type=IFLA_INFO_KIND}, "lowpan"...]], [{nla_len=8, nla_type=IFLA_LINK}, 11]]], 68, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 68
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5069}, {error=0, msg={nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0
close(5)                                = 0
sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x06\x00\x0a\x00\xa1\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5069}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0
close(5)                                = 0
sendto(3, [{nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=if_nametoindex("wpan1"), ifi_flags=IFF_UP, ifi_change=0x1}, [{nla_len=12, nla_type=IFLA_ADDRESS}, 02:01:aa:aa:aa:aa:aa]], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5069}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
close(3)                                = 0
close(4)                                = 0
getpid()                                = 5069
mkdir("./syzkaller.Kv5T0u", 0700)       = 0
chmod("./syzkaller.Kv5T0u", 0777)       = 0
chdir("./syzkaller.Kv5T0u")             = 0
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5072 attached
, child_tidptr=0x55555719d5d0) = 5072
[pid  5072] set_robust_list(0x55555719d5e0, 24) = 0
[pid  5072] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  5072] socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI) = 3
[pid  5072] openat(AT_FDCWD, "/dev/vhci", O_RDWR) = 4
[pid  5072] dup2(4, 202)                = 202
[pid  5072] close(4)                    = 0
[pid  5072] write(202, "\xff\x00", 2)   = 2
[pid  5072] read(202, "\xff\x00\x00\x00", 4) = 4
[pid  5072] mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f949ce3a000
[pid  5072] mprotect(0x7f949ce3b000, 8388608, PROT_READ|PROT_WRITE) = 0
[pid  5072] clone(child_stack=0x7f949d63a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2], tls=0x7f949d63a700, child_tidptr=0x7f949d63a9d0) = 2
[pid  5072] ioctl(3, HCIDEVUP./strace-static-x86_64: Process 5074 attached
 <unfinished ...>
[pid  5074] set_robust_list(0x7f949d63a9e0, 24) = 0
[pid  5074] read(202, "\x01\x03\x0c\x00", 1024) = 4
[pid  5074] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5074] read(202, "\x01\x03\x10\x00", 1024) = 4
[pid  5074] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5074] read(202, "\x01\x01\x10\x00", 1024) = 4
[pid  5074] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x01\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5074] read(202, "\x01\x09\x10\x00", 1024) = 4
[pid  5074] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0a", iov_len=2}, {iov_base="\x01\x09\x10", iov_len=3}, {iov_base="\x00\xaa\xaa\xaa\xaa\xaa\xaa", iov_len=7}], 4) = 13
[pid  5074] read(202, "\x01\x05\x10\x00", 1024) = 4
[pid  5074] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0b", iov_len=2}, {iov_base="\x01\x05\x10", iov_len=3}, {iov_base="\x00\xfd\x03\x60\x04\x00\x06\x00", iov_len=8}], 4) = 14
[pid  5074] read(202, "\x01\x23\x0c\x00", 1024) = 4
[pid  5074] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x23\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5074] read(202, "\x01\x14\x0c\x00", 1024) = 4
[pid  5074] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x14\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5074] read(202, "\x01\x25\x0c\x00", 1024) = 4
[pid  5074] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x25\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5074] read(202, "\x01\x38\x0c\x00", 1024) = 4
[pid  5074] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x38\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[   59.032846][ T5073] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   59.041829][ T5073] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   59.051160][ T5073] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   59.061789][ T5073] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   59.071636][ T5073] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[pid  5074] read(202, "\x01\x39\x0c\x00", 1024) = 4
[pid  5074] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x39\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5074] read(202, "\x01\x16\x0c\x02\x00\x7d", 1024) = 6
[pid  5074] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x16\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5074] read(202,  <unfinished ...>
[pid  5072] <... ioctl resumed>, 0)     = -1 EALREADY (Operation already in progress)
[pid  5072] ioctl(3, HCISETSCAN <unfinished ...>
[pid  5074] <... read resumed>"\x01\x1a\x0c\x01\x02", 1024) = 5
[pid  5074] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x04", iov_len=2}, {iov_base="\x01\x1a\x0c", iov_len=3}, {iov_base="\x00", iov_len=1}], 4) = 7
[pid  5074] madvise(0x7f949ce3a000, 8372224, MADV_DONTNEED <unfinished ...>
[pid  5072] <... ioctl resumed>, 0x7fff6846ee78) = 0
[pid  5074] <... madvise resumed>)      = 0
[pid  5072] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x04\x0a", iov_len=2}, {iov_base="\xaa\xaa\xaa\xaa\xaa\x10\x00\x00\x00\x01", iov_len=10}], 3 <unfinished ...>
[pid  5074] exit(0 <unfinished ...>
[pid  5072] <... writev resumed>)       = 13
[pid  5072] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x03\x0b", iov_len=2}, {iov_base="\x00\xc8\x00\xaa\xaa\xaa\xaa\xaa\x10\x01\x00", iov_len=11}], 3) = 14
[pid  5072] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\v\v", iov_len=2}, {iov_base="\x00\xc8\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=11}], 3) = 14
[pid  5072] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x3e\x13", iov_len=2}, {iov_base="\x01\x00\xc9\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\x11\x00\x00\x00\x00\x00\x00\x00", iov_len=19}], 3) = 22
[pid  5072] futex(0x7f949d63a9d0, FUTEX_WAIT, 2, NULL <unfinished ...>
[pid  5074] <... exit resumed>)         = ?
[pid  5072] <... futex resumed>)        = 0
[pid  5072] close(3)                    = 0
[pid  5072] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5072] setsid()                    = 1
[pid  5072] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  5072] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  5072] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  5072] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  5072] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  5072] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  5072] unshare(CLONE_NEWNS <unfinished ...>
[pid  5074] +++ exited with 0 +++
[pid  5072] <... unshare resumed>)      = 0
[pid  5072] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  5072] unshare(CLONE_NEWIPC)       = 0
[pid  5072] unshare(CLONE_NEWCGROUP)    = 0
[pid  5072] unshare(CLONE_NEWUTS)       = 0
[pid  5072] unshare(CLONE_SYSVSEM)      = 0
[pid  5072] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5072] write(3, "16777216", 8)     = 8
[pid  5072] close(3)                    = 0
[pid  5072] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  5072] write(3, "536870912", 9)    = 9
[pid  5072] close(3)                    = 0
[pid  5072] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5072] write(3, "1024", 4)         = 4
[pid  5072] close(3)                    = 0
[pid  5072] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5072] write(3, "8192", 4)         = 4
[pid  5072] close(3)                    = 0
[pid  5072] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5072] write(3, "1024", 4)         = 4
[pid  5072] close(3)                    = 0
[pid  5072] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  5072] write(3, "1024", 4)         = 4
[pid  5072] close(3)                    = 0
[pid  5072] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  5072] write(3, "1024 1048576 500 1024", 21) = 21
[pid  5072] close(3)                    = 0
[pid  5072] getpid()                    = 1
[pid  5072] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5072] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[   59.079773][ T5073] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[pid  5072] unshare(CLONE_NEWNET)       = 0
[pid  5072] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  5072] write(3, "0 65535", 7)      = 7
[pid  5072] close(3)                    = 0
[pid  5072] openat(AT_FDCWD, "/dev/net/tun", O_RDWR|O_NONBLOCK) = 3
[pid  5072] dup2(3, 200)                = 200
[pid  5072] close(3)                    = 0
[pid  5072] ioctl(200, TUNSETIFF, 0x7fff6846eed0) = 0
[pid  5072] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/accept_dad", O_WRONLY|O_CLOEXEC) = 3
[pid  5072] write(3, "0", 1)            = 1
[pid  5072] close(3)                    = 0
[pid  5072] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/router_solicitations", O_WRONLY|O_CLOEXEC) = 3
[pid  5072] write(3, "0", 1)            = 1
[pid  5072] close(3)                    = 0
[pid  5072] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
[pid  5072] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5072] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5072] close(4)                    = 0
[pid  5072] sendto(3, [{nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x18\x00\x00\x0b\x00\x00\x00\x08\x00\x02\x00\xac\x14\x14\xaa\x08\x00\x01\x00\xac\x14\x14\xaa"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 40
[pid  5072] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5072] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5072] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5072] close(4)                    = 0
[pid  5072] sendto(3, [{nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x78\x00\x00\x0b\x00\x00\x00\x14\x00\x02\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid  5072] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5072] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5072] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5072] close(4)                    = 0
[pid  5072] sendto(3, [{nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x08\x00\x01\x00\xac\x14\x14\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 48, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 48
[pid  5072] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5072] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5072] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5072] close(4)                    = 0
[pid  5072] sendto(3, [{nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 60, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 60
[pid  5072] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5072] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5072] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5072] close(4)                    = 0
[pid  5072] sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0a\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\xaa\x00\x00"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44
[pid  5072] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5072] close(3)                    = 0
[pid  5072] openat(AT_FDCWD, "/dev/rfkill", O_RDWR) = 3
[pid  5072] write(3, "\x00\x00\x00\x00\x00\x03\x00\x00", 8) = 8
[pid  5072] close(3)                    = 0
[pid  5072] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3
[pid  5072] sendto(3, [{nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 40
[pid  5072] recvfrom(3, [{nlmsg_len=224, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x01\x02\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00\x06\x00\x01\x00\x29\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x19\x00\x00\x00\x7c\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00"...], 4096, 0, NULL, NULL) = 224
[pid  5072] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5072] sendto(3, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  5072] recvfrom(3, [{nlmsg_len=2476, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x23\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x42\x01\x00\x00\xd8\x08\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2476
[pid  5072] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5072] sendto(3, [{nlmsg_len=36, nlmsg_type=0x29 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  5072] recvfrom(3, [{nlmsg_len=56, nlmsg_type=NLMSG_ERROR, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, {error=2, msg=[{nlmsg_len=36, nlmsg_type=0x29 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x00\x00\x00"]}], 4096, 0, NULL, NULL) = 56
[pid  5072] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5072] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan0", ifr_ifindex=12}) = 0
[pid  5072] close(4)                    = 0
[pid  5072] sendto(3, [{nlmsg_len=36, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x06\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x08\x00\x05\x00\x01\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  5072] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=36, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5072] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
[pid  5072] ioctl(4, SIOCGIFFLAGS, {ifr_name="wlan0", ifr_flags=IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  5072] ioctl(4, SIOCSIFFLAGS, {ifr_name="wlan0", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  5072] close(4)                    = 0
[pid  5072] sendto(3, [{nlmsg_len=64, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x2b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x0a\x00\x34\x00\x10\x10\x10\x10\x10\x10\x00\x00\x08\x00\x26\x00\x6c\x09\x00\x00\x0a\x00\x06\x00\x50\x50\x50\x50\x50\x50\x00\x00\x04\x00\x3c\x00"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid  5072] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5072] sendto(3, [{nlmsg_len=36, nlmsg_type=0x29 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x01\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  5072] recvfrom(3, [{nlmsg_len=56, nlmsg_type=NLMSG_ERROR, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, {error=3, msg=[{nlmsg_len=36, nlmsg_type=0x29 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x01\x00\x00"]}], 4096, 0, NULL, NULL) = 56
[pid  5072] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5072] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=13}) = 0
[pid  5072] close(4)                    = 0
[pid  5072] sendto(3, [{nlmsg_len=36, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x06\x00\x00\x00\x08\x00\x03\x00\x0d\x00\x00\x00\x08\x00\x05\x00\x01\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  5072] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=36, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5072] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
[pid  5072] ioctl(4, SIOCGIFFLAGS, {ifr_name="wlan1", ifr_flags=IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  5072] ioctl(4, SIOCSIFFLAGS, {ifr_name="wlan1", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  5072] close(4)                    = 0
[pid  5072] sendto(3, [{nlmsg_len=64, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x2b\x00\x00\x00\x08\x00\x03\x00\x0d\x00\x00\x00\x0a\x00\x34\x00\x10\x10\x10\x10\x10\x10\x00\x00\x08\x00\x26\x00\x6c\x09\x00\x00\x0a\x00\x06\x00\x50\x50\x50\x50\x50\x50\x00\x00\x04\x00\x3c\x00"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid  5072] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5072] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5072] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan0", ifr_ifindex=12}) = 0
[pid  5072] close(4)                    = 0
[pid  5072] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4
[   59.239024][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.247713][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.257509][  T897] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[pid  5072] sendto(4, [{nlmsg_len=32, nlmsg_type=0x12 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  5072] recvfrom(4, [{nlmsg_len=1444, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x00\x00\x01\x00\x0c\x00\x00\x00\x43\x10\x01\x00\x00\x00\x00\x00\x0a\x00\x03\x00\x77\x6c\x61\x6e\x30\x00\x00\x00\x08\x00\x0d\x00\xe8\x03\x00\x00\x05\x00\x10\x00\x06\x00\x00\x00\x05\x00\x11\x00\x00\x00\x00\x00\x08\x00\x04\x00\xdc\x05\x00\x00\x08\x00\x32\x00\x00\x01\x00\x00\x08\x00\x33\x00\x00\x09\x00\x00\x08\x00\x1b\x00\x00\x00\x00\x00\x08\x00\x1e\x00\x00\x00\x00\x00\x08\x00\x3d\x00\x00\x00\x00\x00"...], 4096, 0, NULL, NULL) = 1444
[pid  5072] close(4)                    = 0
[pid  5072] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5072] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=13}) = 0
[pid  5072] close(4)                    = 0
[pid  5072] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4
[pid  5072] sendto(4, [{nlmsg_len=32, nlmsg_type=0x12 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0d\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  5072] recvfrom(4, [{nlmsg_len=1444, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x00\x00\x01\x00\x0d\x00\x00\x00\x43\x10\x00\x00\x00\x00\x00\x00\x0a\x00\x03\x00\x77\x6c\x61\x6e\x31\x00\x00\x00\x08\x00\x0d\x00\xe8\x03\x00\x00\x05\x00\x10\x00\x00\x00\x00\x00\x05\x00\x11\x00\x00\x00\x00\x00\x08\x00\x04\x00\xdc\x05\x00\x00\x08\x00\x32\x00\x00\x01\x00\x00\x08\x00\x33\x00\x00\x09\x00\x00\x08\x00\x1b\x00\x00\x00\x00\x00\x08\x00\x1e\x00\x00\x00\x00\x00\x08\x00\x3d\x00\x00\x00\x00\x00"...], 4096, 0, NULL, NULL) = 1444
[pid  5072] close(4)                    = 0
[pid  5072] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4
[pid  5072] sendto(4, [{nlmsg_len=32, nlmsg_type=0x12 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0d\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  5072] recvfrom(4, [{nlmsg_len=1444, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x00\x00\x01\x00\x0d\x00\x00\x00\x43\x10\x01\x00\x00\x00\x00\x00\x0a\x00\x03\x00\x77\x6c\x61\x6e\x31\x00\x00\x00\x08\x00\x0d\x00\xe8\x03\x00\x00\x05\x00\x10\x00\x06\x00\x00\x00\x05\x00\x11\x00\x00\x00\x00\x00\x08\x00\x04\x00\xdc\x05\x00\x00\x08\x00\x32\x00\x00\x01\x00\x00\x08\x00\x33\x00\x00\x09\x00\x00\x08\x00\x1b\x00\x00\x00\x00\x00\x08\x00\x1e\x00\x00\x00\x00\x00\x08\x00\x3d\x00\x00\x00\x00\x00"...], 4096, 0, NULL, NULL) = 1444
[pid  5072] close(4)                    = 0
[pid  5072] close(3)                    = 0
[pid  5072] mkdir("/dev/binderfs", 0777) = 0
[pid  5072] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  5072] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[pid  5072] ioctl(3, USB_RAW_IOCTL_INIT, 0x7fff6846ddc0) = 0
[pid  5072] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid  5072] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff6846ddc0) = 0
[   59.285112][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.295194][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.304899][  T897] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[pid  5072] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff6846ddc0) = 0
[pid  5072] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff6846cdb0) = 18
[   59.589029][ T5076] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[pid  5072] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff6846ddc0) = 0
[pid  5072] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff6846cdb0) = 18
[   59.828997][ T5076] usb 1-1: Using ep0 maxpacket: 8
[pid  5072] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff6846ddc0) = 0
[pid  5072] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff6846cdb0) = 9
[pid  5072] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff6846ddc0) = 0
[pid  5072] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff6846cdb0) = 70
[pid  5072] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff6846ddc0) = 0
[pid  5072] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff6846cdb0) = 4
[   59.949146][ T5076] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[pid  5072] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff6846ddc0) = 0
[pid  5072] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff6846cdb0) = 8
[pid  5072] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff6846ddc0) = 0
[pid  5072] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0
[pid  5072] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0
[pid  5072] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff6846cdb0) = 0
[   60.039494][ T5076] usb 1-1: New USB device found, idVendor=0bd3, idProduct=0d55, bcdDevice=69.6a
[   60.048628][ T5076] usb 1-1: New USB device strings: Mfr=64, Product=0, SerialNumber=0
[   60.056865][ T5076] usb 1-1: Manufacturer: syz
[   60.064444][ T5076] usb 1-1: config 0 descriptor??
[pid  5072] close(3)                    = 0
[pid  5072] close(4)                    = -1 EBADF (Bad file descriptor)
[pid  5072] close(5)                    = -1 EBADF (Bad file descriptor)
[pid  5072] close(6)                    = -1 EBADF (Bad file descriptor)
[pid  5072] close(7)                    = -1 EBADF (Bad file descriptor)
[pid  5072] close(8)                    = -1 EBADF (Bad file descriptor)
[pid  5072] close(9)                    = -1 EBADF (Bad file descriptor)
[pid  5072] close(10)                   = -1 EBADF (Bad file descriptor)
[pid  5072] close(11)                   = -1 EBADF (Bad file descriptor)
[pid  5072] close(12)                   = -1 EBADF (Bad file descriptor)
[pid  5072] close(13)                   = -1 EBADF (Bad file descriptor)
[pid  5072] close(14)                   = -1 EBADF (Bad file descriptor)
[pid  5072] close(15)                   = -1 EBADF (Bad file descriptor)
[pid  5072] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  5072] close(17)                   = -1 EBADF (Bad file descriptor)
[pid  5072] close(18)                   = -1 EBADF (Bad file descriptor)
[pid  5072] close(19)                   = -1 EBADF (Bad file descriptor)
[pid  5072] close(20)                   = -1 EBADF (Bad file descriptor)
[pid  5072] close(21)                   = -1 EBADF (Bad file descriptor)
[pid  5072] close(22)                   = -1 EBADF (Bad file descriptor)
[pid  5072] close(23)                   = -1 EBADF (Bad file descriptor)
[pid  5072] close(24)                   = -1 EBADF (Bad file descriptor)
[pid  5072] close(25)                   = -1 EBADF (Bad file descriptor)
[pid  5072] close(26)                   = -1 EBADF (Bad file descriptor)
[pid  5072] close(27)                   = -1 EBADF (Bad file descriptor)
[pid  5072] close(28)                   = -1 EBADF (Bad file descriptor)
[pid  5072] close(29)                   = -1 EBADF (Bad file descriptor)
[pid  5072] exit_group(1)               = ?
[   60.349291][ T5076] usb 1-1: Found UVC 0.00 device <unnamed> (0bd3:0d55)
[   60.356314][ T5076] uvcvideo 1-1:0.0: Entity type for entity Output 255 was not initialized!
[   60.366592][ T5076] ------------[ cut here ]------------
[   60.372261][ T5076] WARNING: CPU: 1 PID: 5076 at drivers/media/mc/mc-entity.c:1089 media_create_pad_link+0x979/0xad0
[   60.383001][ T5076] Modules linked in:
[   60.386901][ T5076] CPU: 1 PID: 5076 Comm: kworker/1:3 Not tainted 6.3.0-rc2-syzkaller-00462-g5cdfdd6da323 #0
[   60.397014][ T5076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[   60.407142][ T5076] Workqueue: usb_hub_wq hub_event
[   60.412242][ T5076] RIP: 0010:media_create_pad_link+0x979/0xad0
[   60.418339][ T5076] Code: 00 66 41 ff 04 24 31 c0 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 75 df 7f fa 0f 0b b8 ea ff ff ff eb e3 e8 67 df 7f fa <0f> 0b b8 ea ff ff ff eb d5 e8 59 df 7f fa 0f 0b b8 ea ff ff ff eb
[   60.438032][ T5076] RSP: 0018:ffffc90003c8e9e0 EFLAGS: 00010293
[   60.444171][ T5076] RAX: ffffffff870a8db9 RBX: 0000000000000000 RCX: ffff88801f02ba80
[   60.452226][ T5076] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   60.460273][ T5076] RBP: 0000000000000000 R08: ffffffff870a84b1 R09: ffffed100516b098
[   60.468282][ T5076] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000
[   60.476320][ T5076] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff88802abae080
[   60.484348][ T5076] FS:  0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[   60.493397][ T5076] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   60.500067][ T5076] CR2: 00007fff4edf0ec8 CR3: 0000000022dc7000 CR4: 00000000003506e0
[   60.508071][ T5076] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   60.516108][ T5076] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   60.524163][ T5076] Call Trace:
[   60.527448][ T5076]  <TASK>
[   60.530434][ T5076]  ? _raw_spin_unlock+0x28/0x40
[   60.535346][ T5076]  ? v4l2_device_register_subdev+0x50c/0x590
[   60.541398][ T5076]  uvc_mc_register_entities+0x6e4/0x950
[   60.547004][ T5076]  uvc_register_chains+0x3d4/0x4c0
[   60.552189][ T5076]  uvc_probe+0xa937/0xb1d0
[   60.556650][ T5076]  ? mark_lock+0x9a/0x340
[   60.561046][ T5076]  ? lockdep_hardirqs_on_prepare+0x43c/0x7a0
[   60.567057][ T5076]  ? print_irqtrace_events+0x220/0x220
[   60.572606][ T5076]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   60.578632][ T5076]  ? _raw_spin_unlock+0x40/0x40
[   60.583602][ T5076]  usb_probe_interface+0x5c4/0xb00
[   60.588752][ T5076]  ? usb_register_driver+0x3d0/0x3d0
[   60.594099][ T5076]  really_probe+0x2af/0xc80
[   60.598642][ T5076]  __driver_probe_device+0x1c3/0x3f0
[   60.604012][ T5076]  driver_probe_device+0x50/0x420
[   60.609097][ T5076]  __device_attach_driver+0x2d3/0x520
[   60.614488][ T5076]  bus_for_each_drv+0x24a/0x2d0
[   60.619411][ T5076]  ? coredump_store+0x90/0x90
[   60.624116][ T5076]  ? bus_find_device+0x2e0/0x2e0
[   60.629153][ T5076]  __device_attach+0x32f/0x510
[   60.633965][ T5076]  ? __lock_acquire+0x1f80/0x1f80
[   60.639140][ T5076]  ? device_attach+0x20/0x20
[   60.643776][ T5076]  ? do_raw_spin_unlock+0x13b/0x8b0
[   60.649041][ T5076]  bus_probe_device+0x185/0x260
[   60.653942][ T5076]  device_add+0xbcf/0x1060
[   60.658379][ T5076]  usb_set_configuration+0x196e/0x1fb0
[   60.663924][ T5076]  usb_generic_driver_probe+0x88/0x140
[   60.669447][ T5076]  usb_probe_device+0x134/0x270
[   60.674311][ T5076]  ? usb_register_device_driver+0x240/0x240
[   60.680373][ T5076]  really_probe+0x2af/0xc80
[   60.685078][ T5076]  __driver_probe_device+0x1c3/0x3f0
[   60.690725][ T5076]  driver_probe_device+0x50/0x420
[   60.695794][ T5076]  __device_attach_driver+0x2d3/0x520
[   60.701236][ T5076]  bus_for_each_drv+0x24a/0x2d0
[   60.706127][ T5076]  ? coredump_store+0x90/0x90
[   60.710883][ T5076]  ? bus_find_device+0x2e0/0x2e0
[   60.715872][ T5076]  __device_attach+0x32f/0x510
[   60.720730][ T5076]  ? __lock_acquire+0x1f80/0x1f80
[   60.725798][ T5076]  ? device_attach+0x20/0x20
[   60.730546][ T5076]  ? do_raw_spin_unlock+0x13b/0x8b0
[   60.735805][ T5076]  bus_probe_device+0x185/0x260
[   60.740834][ T5076]  device_add+0xbcf/0x1060
[   60.745304][ T5076]  usb_new_device+0xb7e/0x18d0
[   60.750153][ T5076]  ? usb_disconnect+0x8d0/0x8d0
[   60.755043][ T5076]  ? _raw_spin_unlock_irq+0x23/0x50
[   60.760330][ T5076]  ? lockdep_hardirqs_on+0x98/0x140
[   60.765576][ T5076]  hub_event+0x3016/0x5460
[   60.770135][ T5076]  ? led_work+0x770/0x770
[   60.774517][ T5076]  ? read_lock_is_recursive+0x20/0x20
[   60.779959][ T5076]  ? lockdep_hardirqs_on_prepare+0x43c/0x7a0
[   60.785970][ T5076]  ? print_irqtrace_events+0x220/0x220
[   60.791496][ T5076]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   60.797444][ T5076]  process_one_work+0x8a0/0x10e0
[   60.802463][ T5076]  ? worker_detach_from_pool+0x290/0x290
[   60.808133][ T5076]  ? _raw_spin_lock_irqsave+0x120/0x120
[   60.813743][ T5076]  ? kthread_data+0x52/0xc0
[   60.818289][ T5076]  ? wq_worker_running+0x9b/0x1a0
[   60.823383][ T5076]  worker_thread+0xa63/0x1210
[   60.828091][ T5076]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   60.834056][ T5076]  ? _raw_spin_unlock+0x40/0x40
[   60.839002][ T5076]  kthread+0x270/0x300
[   60.843117][ T5076]  ? pr_cont_work+0x5e0/0x5e0
[   60.847832][ T5076]  ? kthread_blkcg+0xd0/0xd0
[   60.852483][ T5076]  ret_from_fork+0x1f/0x30
[   60.856993][ T5076]  </TASK>
[   60.860083][ T5076] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   60.867379][ T5076] CPU: 1 PID: 5076 Comm: kworker/1:3 Not tainted 6.3.0-rc2-syzkaller-00462-g5cdfdd6da323 #0
[   60.877480][ T5076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[   60.887639][ T5076] Workqueue: usb_hub_wq hub_event
[   60.892691][ T5076] Call Trace:
[   60.895993][ T5076]  <TASK>
[   60.898934][ T5076]  dump_stack_lvl+0x1e7/0x2d0
[   60.903652][ T5076]  ? nf_tcp_handle_invalid+0x650/0x650
[   60.909142][ T5076]  ? panic+0x770/0x770
[   60.913232][ T5076]  ? vscnprintf+0x5d/0x80
[   60.917572][ T5076]  panic+0x31c/0x770
[   60.921593][ T5076]  ? __warn+0x171/0x4a0
[   60.925774][ T5076]  ? memcpy_page_flushcache+0x100/0x100
[   60.931347][ T5076]  ? ret_from_fork+0x1f/0x30
[   60.935960][ T5076]  __warn+0x314/0x4a0
[   60.939950][ T5076]  ? media_create_pad_link+0x979/0xad0
[   60.945446][ T5076]  report_bug+0x2b3/0x500
[   60.949796][ T5076]  ? media_create_pad_link+0x979/0xad0
[   60.955265][ T5076]  handle_bug+0x3d/0x70
[   60.959434][ T5076]  exc_invalid_op+0x1a/0x50
[   60.963951][ T5076]  asm_exc_invalid_op+0x1a/0x20
[   60.968809][ T5076] RIP: 0010:media_create_pad_link+0x979/0xad0
[   60.974888][ T5076] Code: 00 66 41 ff 04 24 31 c0 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 75 df 7f fa 0f 0b b8 ea ff ff ff eb e3 e8 67 df 7f fa <0f> 0b b8 ea ff ff ff eb d5 e8 59 df 7f fa 0f 0b b8 ea ff ff ff eb
[   60.994506][ T5076] RSP: 0018:ffffc90003c8e9e0 EFLAGS: 00010293
[   61.000599][ T5076] RAX: ffffffff870a8db9 RBX: 0000000000000000 RCX: ffff88801f02ba80
[   61.008572][ T5076] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   61.016591][ T5076] RBP: 0000000000000000 R08: ffffffff870a84b1 R09: ffffed100516b098
[   61.024676][ T5076] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000
[   61.032675][ T5076] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff88802abae080
[   61.040663][ T5076]  ? media_create_pad_link+0x71/0xad0
[   61.046059][ T5076]  ? media_create_pad_link+0x979/0xad0
[   61.051704][ T5076]  ? _raw_spin_unlock+0x28/0x40
[   61.056571][ T5076]  ? v4l2_device_register_subdev+0x50c/0x590
[   61.062565][ T5076]  uvc_mc_register_entities+0x6e4/0x950
[   61.068123][ T5076]  uvc_register_chains+0x3d4/0x4c0
[   61.073252][ T5076]  uvc_probe+0xa937/0xb1d0
[   61.077708][ T5076]  ? mark_lock+0x9a/0x340
[   61.082135][ T5076]  ? lockdep_hardirqs_on_prepare+0x43c/0x7a0
[   61.088131][ T5076]  ? print_irqtrace_events+0x220/0x220
[   61.093604][ T5076]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   61.099528][ T5076]  ? _raw_spin_unlock+0x40/0x40
[   61.104397][ T5076]  usb_probe_interface+0x5c4/0xb00
[   61.109547][ T5076]  ? usb_register_driver+0x3d0/0x3d0
[   61.114851][ T5076]  really_probe+0x2af/0xc80
[   61.119380][ T5076]  __driver_probe_device+0x1c3/0x3f0
[   61.124695][ T5076]  driver_probe_device+0x50/0x420
[   61.129751][ T5076]  __device_attach_driver+0x2d3/0x520
[   61.135218][ T5076]  bus_for_each_drv+0x24a/0x2d0
[   61.140092][ T5076]  ? coredump_store+0x90/0x90
[   61.144771][ T5076]  ? bus_find_device+0x2e0/0x2e0
[   61.149749][ T5076]  __device_attach+0x32f/0x510
[   61.154539][ T5076]  ? __lock_acquire+0x1f80/0x1f80
[   61.159576][ T5076]  ? device_attach+0x20/0x20
[   61.164182][ T5076]  ? do_raw_spin_unlock+0x13b/0x8b0
[   61.169415][ T5076]  bus_probe_device+0x185/0x260
[   61.174280][ T5076]  device_add+0xbcf/0x1060
[   61.178711][ T5076]  usb_set_configuration+0x196e/0x1fb0
[   61.184193][ T5076]  usb_generic_driver_probe+0x88/0x140
[   61.189658][ T5076]  usb_probe_device+0x134/0x270
[   61.194516][ T5076]  ? usb_register_device_driver+0x240/0x240
[   61.200414][ T5076]  really_probe+0x2af/0xc80
[   61.204926][ T5076]  __driver_probe_device+0x1c3/0x3f0
[   61.210228][ T5076]  driver_probe_device+0x50/0x420
[   61.215257][ T5076]  __device_attach_driver+0x2d3/0x520
[   61.220642][ T5076]  bus_for_each_drv+0x24a/0x2d0
[   61.225504][ T5076]  ? coredump_store+0x90/0x90
[   61.230209][ T5076]  ? bus_find_device+0x2e0/0x2e0
[   61.235167][ T5076]  __device_attach+0x32f/0x510
[   61.239945][ T5076]  ? __lock_acquire+0x1f80/0x1f80
[   61.245149][ T5076]  ? device_attach+0x20/0x20
[   61.249752][ T5076]  ? do_raw_spin_unlock+0x13b/0x8b0
[   61.254963][ T5076]  bus_probe_device+0x185/0x260
[   61.259827][ T5076]  device_add+0xbcf/0x1060
[   61.264266][ T5076]  usb_new_device+0xb7e/0x18d0
[   61.269056][ T5076]  ? usb_disconnect+0x8d0/0x8d0
[   61.273918][ T5076]  ? _raw_spin_unlock_irq+0x23/0x50
[   61.279131][ T5076]  ? lockdep_hardirqs_on+0x98/0x140
[   61.284340][ T5076]  hub_event+0x3016/0x5460
[   61.288803][ T5076]  ? led_work+0x770/0x770
[   61.293155][ T5076]  ? read_lock_is_recursive+0x20/0x20
[   61.298557][ T5076]  ? lockdep_hardirqs_on_prepare+0x43c/0x7a0
[   61.304544][ T5076]  ? print_irqtrace_events+0x220/0x220
[   61.310005][ T5076]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   61.315921][ T5076]  process_one_work+0x8a0/0x10e0
[   61.320882][ T5076]  ? worker_detach_from_pool+0x290/0x290
[   61.326527][ T5076]  ? _raw_spin_lock_irqsave+0x120/0x120
[   61.332088][ T5076]  ? kthread_data+0x52/0xc0
[   61.336630][ T5076]  ? wq_worker_running+0x9b/0x1a0
[   61.341684][ T5076]  worker_thread+0xa63/0x1210
[   61.346370][ T5076]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   61.352281][ T5076]  ? _raw_spin_unlock+0x40/0x40
[   61.357149][ T5076]  kthread+0x270/0x300
[   61.361226][ T5076]  ? pr_cont_work+0x5e0/0x5e0
[   61.365907][ T5076]  ? kthread_blkcg+0xd0/0xd0
[   61.370503][ T5076]  ret_from_fork+0x1f/0x30
[   61.374941][ T5076]  </TASK>
[   61.378251][ T5076] Kernel Offset: disabled
[   61.382683][ T5076] Rebooting in 86400 seconds..