last executing test programs: 1m26.032880415s ago: executing program 4 (id=1192): syz_open_dev$tty1(0xc, 0x4, 0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) unshare(0x8000000) semget$private(0x0, 0x4000, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x1c, 0x2, 0x3, 0x5, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) sendmsg$NFQNL_MSG_CONFIG(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x1c, 0x2, 0x3, 0x401, 0x0, 0x0, {0x0, 0x0, 0x10}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r3, 0xffffffffffffffff, 0x0) 1m23.366339997s ago: executing program 4 (id=1208): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(sm4)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x80000) syz_genetlink_get_family_id$l2tp(&(0x7f00000003c0), r1) writev(r1, &(0x7f0000000040)=[{&(0x7f00000012c0)="a4eac90f8e3ae7580e2e693731ef6b447fc2057d9a84e61f40c79e10218d131f865d68b23cd7c3f2b681e2205f67f140252abcc3b8015e176881d81a9e61b6a2c92a9d8e1f51861b64e7b61bf9a131e197f5a6c6d4d887d86c79836e81c69e211d2bf4c595b01c94de464ff9aa72b6058fe774c81142bbce9bd0d83f6239362c3347e3daadb292cf3fee4766a2d43cf006a476ce0e4dd221acdcdefcf67733ed2978c2cd564772844077920cf54543db03688079168e36709dbbf84933a2415a32617f7de4336d89967c2cbcd76a973d88a3c440862bc11e51df6f1cd25f1aa711b721c33703645bcf93b775f1eb28c7640d1b7cbe44b9fc0e55d1a4d8f83b8fd537a231fe75ebb7255387d089ae7924c86b36f11d4c09d27626fd8cd62dbee1662558322e3dffdb4c4816e8ee2501b8e73eda5a8caf70487ea6edede6b8337d5ff348bd874de5b9a5058b85c0659031d237abfcdc40bd6b45d4845b08adc7bdaefa8099bef8d5f6cae07abc605dc651a21b04ae53f6d89d9fac3ec696ca9508a681ca65a4524242fae4d79e40840ce54330107125a916b03459f58e4e6c3215a97e391c069926a24d9486909ef1f0c210514e2cd81cbaa6352a2de4f5829eb670a6500c83eb8c8bd5edbe4005bfb524fce3d4796d028acf27fb9df67851db5d59b2f88d97aa591d607d602dbb9bb4211abbc8641610aae237e8d47f8381dced80019a4e9b3d0e6e2a978ffeec19fe0a6077eb48d3d4d478801eb1902bb3f8552d402dd8de49cb6bb7c78600c75e3bcf53bf58e391d6484423cbfe17cf95f3b30a41b849af63ffd6a7b5aaab0ce5ac6d78519430c27415fd46f150671ee860341b9c473937c498cc9aae0cb64a73f24780b4771b1ea51816bd68f19c49747c4caf0acd418517e88e1f82cd9d2d870abb33624483670269aac3d2fe75fff726d60fe1be2fc2abc47b98eb75ef2f7f4eca0b50450ef48d71921cd10307563d120eed0416e3dcf4b198ec8424d857ab872d9de56e614e3fba275bae2c21793bebe86cdfbe822bffd2c9be6e623fcbb441e202cf8107da69cb06f93f7956a4ee88de99dc881fac8894ea5acaf4cac4c65de055017ab0dcd1adab2a22e1c2a12e73316be0f4d07b405d6bf4adda88fac3f081f8f180b403a067184b26e35860e1064d87748390e6f63217d7db40f002f85c57c125be768d68600e2c795a83a3477481a41b8392a6ae2c3a51cec2da15980c299f528e658641960ef2983ae3e30955586dd9e6a6591d81645ed451dfc14b2c648a89655af1f66067350c6fb356610469ae7b20ccd14cbb0fb04f58bfda8f28f90ebade9b6f8017094f1d467d9df73dfcc48cea0307ca833b72978e64651c8eb429f2b36adab59251452b4abaa2ecb42eaf674b12b49081b40c324d6da586212f187c51e32c42b00622b3fcb1acfecaeb603cec87a0010c199a80cf184894b0992fe709613c672ec91587afe94c637cce86a50dfe9c695c8398e963e68156537014405962d20610846691a352dad6204a33f07f175e5dbdc89aab549ef4150320084fd999a090d86affac5ac371dfe5dd595b7459b39bd78ba5bb77469da251d4f9906356667a27ac58025eed8d0ded3a69cd2a6cae52ac4dd5799802421fd8a818c5bc787da162a42f5dec2175b4ff37a543d214bdf0cc071de0b77c9902ce7dbb42ace340e64a020100b677a73bc4449655f4165f074cb1b85cd491f18f3fbeb03ca708a91fe041a46433d8d8e1693dbff6333981c243b1d412c87741aca8e790f3ebb3151e3b44870ba74c64cc5c3011d7ac138ef0bd48f197a32c31fac8d53ba54ae114119328eb9e8825555ba29e9d45cbe656eeff1b4e39600695d3911ab4f5075c3d5691b731c50adc226d3ebf50d3c38561a5d0cef2c9d16e071bb8221ab4f85a802a63b7071402f88c7cf39cfc916f8622357b3234f3761f89cfbf3aded40c512a614702ae867e197510d3bdb4ee60df96c4e51b5a338b58b07e8ee62be9822e0d166ff874b8d1f9e4486c601d9b56a26eb0b83a80704dee19d10cc05c63b95f7d1efef88177645bc30d8473983ed552926d219bd0c3dbcb0fb464649624ba7a57f5163f49f33fb79a46e7ac9797e300262a843f15f644f5230546f3c62450242fe12a79bd44c61fd946165662b0bfbcffd12deb93e0cb82dc8cc66bebf0721b94a5fa0d66381540246ff78c6225a952ab984c06c07902ed42e40fcc9151b0a59be83f454698f302f349014082ff08bcecbf0b9dea7e32b063449d573ca1b6efc812acf382ef7b7e6cd206185e063c985b8c44fe38d62d4a8d3d15228406f3abed51fe90bae3ddc283069d46e0ebd3a8bb87e4e0eb116dff6fc881e8fd0e5032e6a6494cadfd85652ed1c9c2d7aa00e18ccbde0aa3c857c50ee86975aff735f633471ab8e6db33bfcefeae661bd1bd6dfb55a9a4b4f9be01fd15e27e03fc943ccdb91a799d2eb168d9fdeecd32c19169cc0443ebb8e2f681d773efff72530f61a288cfb49c0217b9a9223ceb3798390e15fbe9475975c05f22a7c4d1990f9400a249d32eec4a5773bea0d15cc0df06d223e057b3693ac906cf632da8c9092e52718bd9f16af452dacfab22cfc2c58a3168de9914570f1035ae9b3092346db21dda270393a992cb967dc074ae2fe8b545df855b9e8b251cac7935a842bda9e850a9efb5309cc0fb83a630dcb3684fec4999ed6c4cc91aea72961420523be74711ff4c3f16a5f6ee906dae87d2bbc194b2d8b7743c157f6c8d80e6f4e377cf05810bef82e51fa5c1e442018466071f7d572cae794fab5cfbbd8e8d398c3a2823e8ce4357572a32123312d0d3976d63dc2a00b2d474ad288762e768e31ab7b4f09e7f3cfcb7a48adbdbca43d30c9bc8f67d115bc34f24eaf0318bb5e2994ff0f8b62c13f46abebdd0846da71a5d106e62266ec3e5a3f2c7166628220568807b595dc73920a0a7a9f2644db70fc53fac0a547cf6cbefe7aee975e0159fe8f413eab912925757581d2fe97cc5f19343f329b2ef081397737414a822432b5f9fa2044aebda92c1d6a065401b70c20a6867fb93e8f6f575aa9fae3e67b6fc6e0418f58731d932b3e5bd1dddbb9854a25144a334d00bea2995d7a751d40a06c37372b05cc584aaf62b90fdd95f87ff53eab367600d50eebbbb4cf04f225824086cfaca6aa82b3e3433881f7ec32cd419780ed0de6fb2234368983282fb93b9d1a6bd96c3d14aff8272328db634b02bbbc5b8957c695e469f80fc50eac333b88303d0bf29c42c13a92a58a9bf30391cfe6a0c5df40cd5b7a8637cbece9a4f251e5aa4aa2fdf883d82d2a430f06416f0372911e426620b25d8839d2ac9d73cb782194f0daddd4caa68f1ff6892981c00d6812d21ffb5fcd9b1cd187d519040968aa2d7f4ccfcc236ffe2cae8d349f39feb3fa574272a428dfbfba0a735a349188b1396b96d1fc2e86069fc797de98985bf338e495d66cbed89c2f5f2cc78ec2b880f04627e5cd49e93bb606d241149b936ab29b790e22022361c483d760e07cabdfdd204114fc3808b7bb7cf977ffe0b8c58584364571578084f1dfbb592e47e0f01c020d02aafc8c83a56299f31836574923a706e7a46861502dfbf0e9d2893a38aca39a16cec44664541e092ec489abfa28128ebd73e7bbe062515384c69c656268ef42c37632ce2db76afd09e6de7928136cfaae1b4fdeaab590617584831a7eb19af64625ec2ca635f79f50caa48524b0fcd1e08a09bcf52e231f3487ab54fc77ae44e13a966976e9e9deaf8ab9da7f804fe6290e16629c6f83110f54e5c206798033c614be334a5ee04f4ecb30f58371eeb3664eab1d00f52725992897279d21d475cefbe2345a7f1df6e916a806e7c39b651866f6c1108d00990673ca858d8af73a26a74e1f8d7818859e7d0123224f866ed0745382b2a29f5374d7c6c0fa54ddf743d89c85dc56cfab74ee786d054a5f4f1db15d85e9fe1a7fdaa3746d9e7429735f2253cb2a600b81f969c7c7e56f22b47f15aa700b3369102ea105106b96cebd1161673ae4725a4d96421833f65f76c64de5aa7957b0df8ab64583e8d5018faa1f4e0376f1d38103ac78403f65f809619c3a9fe43c6b3493d29c52d4c230a39914b1b49c627fba1612c6479205c", 0xb81}], 0x1) 1m22.434553037s ago: executing program 4 (id=1219): r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000480)) openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040301, 0x0) r1 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) ioctl$SNDRV_PCM_IOCTL_STATUS_EXT32(r1, 0xc06c4124, &(0x7f0000000200)) 1m22.371050695s ago: executing program 4 (id=1221): r0 = syz_open_procfs(0x0, &(0x7f0000000180)='smaps_rollup\x00') r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r1, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xe) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd, 0xc000000, 0x0, 0x0, 0x12}) read$FUSE(r0, &(0x7f00000040c0)={0x2020}, 0x2020) 1m22.197057067s ago: executing program 4 (id=1224): syz_open_dev$vim2m(&(0x7f00000001c0), 0x1f7ff6, 0x2) r0 = socket$rds(0x15, 0x5, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x25dfdbfc, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1a, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xffffffffffffffaa, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{}, 0x1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x84) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0) write$cgroup_int(r4, &(0x7f0000000040)=0x1c8, 0x12) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) r6 = dup(r5) r7 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r7, 0x84, 0x9, &(0x7f0000000140)={0x0, @in6={{0xa, 0x4e20, 0x4005, @mcast1, 0x2c4}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) bind$inet6(r7, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r7, &(0x7f0000847fff)='X', 0x1, 0x8000, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) ioctl$NBD_PRINT_DEBUG(r6, 0xab06) r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, &(0x7f00000000c0)={0x0, 0x0, 0x1, 0x762}) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone3(&(0x7f00000003c0)={0x385200080, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r8}}, 0x58) bind$rds(r0, &(0x7f0000000180)={0x2, 0x4e25, @loopback}, 0x10) sendmsg$rds(r0, &(0x7f0000000080)={&(0x7f0000000400)={0x2, 0x0, @initdev={0xac, 0x1e, 0x2, 0x0}}, 0x10, 0x0}, 0x0) 1m11.137114993s ago: executing program 4 (id=1241): socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000000)={0x38, 0x0, 0x4, 0x8001, 0x0, 0xb49, 0x200000000002, 0x7, 0x8, 0x5}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x8000002) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0x42, 0x6, 0x8, 0x0, 0x1}, 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0c00000004000000040000000180000000000000", @ANYRES32=r2], 0x50) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x8000, r3}, 0x38) 58.423898081s ago: executing program 2 (id=1270): syz_open_dev$tty1(0xc, 0x4, 0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x1c, 0x2, 0x3, 0x5, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) sendmsg$NFQNL_MSG_CONFIG(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x1c, 0x2, 0x3, 0x401, 0x0, 0x0, {0x0, 0x0, 0x10}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r3, 0xffffffffffffffff, 0x0) 56.967744267s ago: executing program 2 (id=1283): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, 0x0, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0) r4 = accept4$alg(r3, 0x0, 0x0, 0x800) sendmsg$alg(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000040)=[@op={0x10, 0x117, 0x3, 0x1}], 0x10, 0x40000}, 0x48104) io_setup(0xff, &(0x7f0000000380)=0x0) io_submit(r5, 0x27f, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r4, &(0x7f0000000340), 0x41}]) sendmsg$TEAM_CMD_OPTIONS_SET(r1, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f0000000380)={0x64, r2, 0x405, 0x70bd2b, 0x25dfdbfe, {}, [{{0x8}, {0x48, 0x2, 0x0, 0x1, [{0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}]}}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000401}, 0x44084) 56.804490448s ago: executing program 2 (id=1286): r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=@ipv6_getaddrlabel={0x24, 0x1a, 0x1, 0x0, 0x0, {0xa, 0x0, 0x80}, [@IFAL_LABEL={0x8, 0x2, 0xb}]}, 0x24}, 0x1, 0x0, 0x0, 0x45}, 0x20044000) 56.703511441s ago: executing program 2 (id=1289): syz_mount_image$exfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x800, &(0x7f0000000580)={[{@time_offset={'time_offset', 0x3d, 0x9}}, {@utf8}, {@iocharset={'iocharset', 0x3d, 'maciceland'}}, {@fmask={'fmask', 0x3d, 0x9}}, {@iocharset={'iocharset', 0x3d, 'ascii'}}, {@errors_remount}, {@keep_last_dots}, {@fmask={'fmask', 0x3d, 0x200}}, {@umask={'umask', 0x3d, 0x6}}, {@iocharset={'iocharset', 0x3d, 'ascii'}}, {@namecase}]}, 0x1, 0x1531, &(0x7f0000001f80)="$eJzs3AucTtX6OPDnWWvtMSS9TXIZ1lrP5k1imSTJJUkuSZIkSW4JSZMcSUgMuSUNSch1SC5DSC4Tk8b9fr8kJEmTJCG5Jev/Ef7qVL9zzu/0O86neb6fz/5Yz+z9rP287/Ne1t6YbzoOqtageuV6RAT/FrzwRxIAxAJAPwC4BgACACgdVzru/P7sEpP+vZOwP9fDqVe6AnYlcf+zNu5/1sb9z9q4/1kb9z9r4/5nbdz/rI37z1hWtnFq/mt5y7ob3///66vzh3v4+/8vJLPE6C9Wl7i+E0DMP5vC/c/auP9/WcE/cxD3P2vj/mdVsVe6APZfgN//f0lNfh1m+8MDuf9ZG/efsazsSt9/vtIbRLL2c3ClX3+MMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxrKGU/6i0+AVAFwKr3RdjDHGGGOMMcYY+/P4bFe6AsYYY4wxxhhjjP3fQxAgQUEAMZANYiE75AABAFdDLrgGInAtxMF1kBuuhzyQF/JBfoiHAlAQNBiwQBBCISgMUbgBisCNUBRugmJQHByUgAS4GUrCLVAKboXScBuUgduhLJSD8lAB7oCKcCdUgrugMtwNVaAqVIPqcA/UgHuhJtwHteB+qA0PQB14EOrCQ1APHob68Ag0gEehITwGjaAxNIGm0Ox/lf8idIWXoBt0hyToAT3hZegFvaEP9IV+8Ar0h1dhALwGyTAQBsHrMBjegCHwJgyFYTAc3oIRMBJGwWgYA2MhBcbBeHgbJsA7MBEmwWSYAqkwFabBuzAdZsBMeA9mwfswG+bAXJgHafABzIcFkA4fwkL4CDJgESyGJbAUlsFyWAErYRWshjWwFtbBetgAG2ETbIYtsBW2wXb4GHbAJ7ATdsFu+BT2wGf/Yv7Jv8vvhICAAgUqVBiDMRiLsZgDc2BOzIm5MBdGMIJxGIe5MTfmwTyYD/NhPMZjQSyIBg0SEhbCQhjFKBbBIlgUi2IxLIYOHSZgApbEW7AUlsLSWBrLYBksi+WwHFbAClgRK2IlrISVsTJWwSpYDavhPXgP9sCaWBNrYS2sjbUv3Z7CelgP62N9bIANsCE2xEbYCJtgE2yGzbA5NscW2AJbYStsja2xDbbBREzEttgW22E7bI/tsQN2wI7YETthZ+yc+WI2wJfwJeyOVUQP7Ik9sRcmZ+uDfbEvvoL98VV8FV/DZByIg/B1fB3fwCF4AofiMByOw7GiGImjcDSSGIspmILjcTxOwAk4ESfhJJyCqTgVp+E0nI4zcAa+h7PwfXwf5+AcnIdpmIbzcQGmYzouxJOYgYtwMS7BpbgMl+IKXIkrcDWuwdW4DtfhBtyAm3ATbsEtuA234ceoAPAT3IW7MBn34B7ci3txH+7D/bgfMzETD+ABPIgH8RAewsN4GI/gUTyGR/E4HscTeBJP4Sk8g2fwLD4f/1X9j29alQziPCWUiBExIlbEihwih8gpcopcIpeIiIiIE3Eit8gt8og8Ip/IJ+JFvCgoCgojjCARxgCAiIqoKCKKiKKiqCgmigknnEgQCaKkKClKiVKitLhNlBG3i7KinGjpKogKoqJo5SqJu0RlUVlUEVVFNVFdVBc1RA1RU9QUtUQtUVvUFnXEg6Ku6IF98GFxvjMNxEBsKAZhI9FYyIufYM3FEGwhWopW4kkxDIdiG9HcJYpnRFsxCtuJv4nR+JzoIMZiR/GC6CQ6iy7iRdFVtHDdRHcxEXuInmIK9hK9RR/RV0zHquI9nJW9mnhNJIuBYpB4XczDN8QQ8aYYKoaJ4eItMUKMFKPEaDFGjBUpYpwYL94WE8Q7YqKYJCaLKSJVTBXTxLtiupghZor3xCzxvpgt5oi5Yp5IEx+I+WKBSBcfioXiI5EhFonFYolYKpaJ5WKFWClWidVijVgr1on1YoPYKDaJzWKL2Cq2ie3iY7FDfCJ2il1it/hU7BGfib3ic7FPfCH2iy9FpvhKHBBfi4PiG3FIfCsOi+/EEXFUHBPfi+PiB3FCnBSnxGlxRvwozoqfxDnhBUiUQkqpZCBjZDYZK7PLHPIqmVMGF5/da2WcvE7mltfLPDKvzCfzy3hZQBaUWhppJclQFpKFZVTeIIvIG2VReZMsJotLJ0vIBHmzLClvkaXkrbK0vE2WkbfLsrKcLC8ryDtkRXmnhMiFc1SRVWU1WV3eI5PgXllT3idryftlbfmArCMflHXlQ7KefFjWl4/IBvJR2VA+JhvJxrKJbCqbycdlc/mEbCFbylbySdlaPiXbyKdlonxGtpX+4kvkOdlBPi87yhdkJ9lZdpE/yXPSy26yu4QeIHvKl2Uv2Vv2kX1lP/mK7C9flQPkazJZDpSD5OtysHxDDpFvyqFymBwu35Ij5Eg5So6WY+RYmSLHyfHybTlBviMnyklyspwiU+VU2efiTDOl/If5b/9O/oCfz75BbpSb5Ga5RW6V2+R2+bHcIXfInXKn3C13yz1yj9wr98p9cp/cL/fLTJkpD8gD8qA8KA/JQ/KwPCyPyKPytPxeHpc/yBPypDwpT8sz8ow8e/E5AIVKKKmUClSMyqZiVXaVQ12lcqqrVS51jYqoa1Wcuk7lVterPCqvyqfyq3hVQBVUWhllFalQFVKFVVTdgBdfMKqYKq6cKqES1M3/Sr4qom5URdVNv8q/VF/SH9TXTDVTzVVz1UK1UK1UK9VatVZtVBuVqBJVW9VWtVPtVHvVXnVQHVRH1VF1Up1UF9VFdVVdVTfVTSWpJNVTvax6qd6qj+qr+qlXVH/VXw1QA1SySlaD1CA1WA1WQ9QQNVQNVcPVcDVCjVCj1Cg1Ro1RKSpFjVfj1QQ1QU1UE9VkNVmlqlQ1TU1T09V0NVPNVLPULDVbzVZz1VyVptLUfDVfpat0tVAtVBlqkVqklqglaplaplaoFWqVWqXWqDVqnVqnMtRGtVFtVpvVVrVVbVfb1Q61Q+1UO9VutVvtUXvUXrVX7VP71H61X2WqTHVAHVAH1UF1SB1Sh9VhdUQdUcfUMXVcHVcn1Al1Sp1SZ9QZdVadVefUufPLvkAEIlCBCmKCmCA2iA1yBDmCnEHOIFeQK4gEkSAuiAtyB9cHeYK8Qb4gfxAfFAgKBjowgQ3ExaZHgxuCIsGNQdHgpqBYUDxwQYkgIbg5KBncEpQKbg1KB7cFZYLbg7JBuaB8UCG4I6gY3BlUCu4KKgd3B1WCqkG1oHpwT1AjuDeoGdwX1AruD2oHDwR1ggeDusFDQb3g4aB+8EjQIHg0aBg8FjQKGgdNgqZBsz91fu9P5H3CddPddZLuoXvql3Uv3Vv30X11P/2K7q9f1QP0azpZD9SD9Ot6sH5DD9Fv6qF6mB6u39Ij9Eg9So/WY/RYnaLH6fH6bT1Bv6Mn6kl6sp6iU/VUPU2/q6frGXqmfk/P0u/r2XqOnqvn6TT9gZ6vF+h0/aFeqD/SGXqRXqyX6KV6mV6uV+iVepVerdfotXqdXq836I16k96st+itepverj/WO/QneqfepXfrT/Ue/Zneqz/X+/QXer/+Umfqr/QB/bU+qL/Rh/S3+rD+Th/RR/Ux/b0+rn/QJ/RJfUqf1mf0j/qs/kmf0/784v7817tRRpkYE2NiTazJYXKYnCanyWVymYiJmDgTZ3Kb3CaPyWPymXwm3sSbgqagOY8MmUKmkImaqCliipiipqgpZooZZ5xJMAmmpClpSplSprQpbcqYMqasKWvKm/LmDnOHudPcae4yd5m7zd2mqqlqqpvqpoapYWqamqaWqWVqm9qmjqlj6pq6pp6pZ+qb+qaBaWAamoamkWlkmpgmpplpZpqb5qaFaWFamVamtWlt2pg2JtEkmramrWln2pn2pr3pYDqYjqaj6WQ6mS6mi+lquppupptJMkmmp+lpeplepo/pY/qZfqa/6W8GmAEm2SSbQWaQGWwGmyFmiBlqhpnh5xeqZqQZZUZ/O8aMNSkmxYw3480EM8FMNBPNZDPZpJpUM81MM9PNdDPTzDSzzCwz28w2c81ck2bSzHwz36SbdLPQLDQZJsMsNovNUrPULDfLzUqz0qw2q81aWGvWm/Vmo9loNpvNZqvZarab7WaH2WF2mp1mt9lt9pg9Zq/Za/aZfWa/2W8yTaY5YA6Yg+agOWQOmcPmsDlijphj5pg5bo6bE+aEOWVOmTMm78XvS29ibXabw15lc9qrbS57jf37OJ/Nb+NtAVvQapvH5v1VbKy1Re1Ntpgtbp0tYRPszb+Jy9pytrytYO+wFe2dttJv4hr2XlvT3mdr2fttdXvPr+La9gFbxz5q6yIC2Ma2vm1qG9hHbUP7mG1kG9smtqltbZ+ybezTNtE+Y9vaZ38Tz7cL7Eq7yq62a+xOu8uesqftQfuNPWN/tN1sd9vPvmL721ftAPuaTbYDfxMPt2/ZEXakHWVH2zF27G/iyXaKTbVT7TT7rp1uZ/wmTrMf2Fk23c62c+xcO+/n+HxN6fZDu9B+ZDNsAIvtErvULrPL7Yr/X+sSu86utxvsDvuJ3Wy32K12m91+aSFsd9nd9lO7x35mD9iv7T77hd1vD9lM+9XP8fnHd8h+aw/b7+wRe9Qes9/b4/YH9XPuyF4A9kf7vf3JnrPeAiEBSVIUUAxlo1jKTjnoKspJV1MuuoYidC3F0XWUm66nPJSX8lF+iqcCVJA0GbJEFFIhKkxRuoEulVeMipOjEpRAN1NJuoVK0a1Umm6jMnQ7laVyVJ4q0B1Uke6kSnQXVaa7qQpVpWpUne6hGnQv1aT7qBbdT7XpAapDD1Jdeojq0cNUnx6hBvQoNaTHqBE1pibUlJrR49ScnqAW1JJa0ZPUmp6iNvQ0JdIz1JaepXb0N2pPz1EHep460gvUiTpTF3qRutJL1I26UxL1oJ70MvWi3tSH+lI/eoX606s0gF6jZBpIg+h1Gkxv0BB6k4bSMBpOb9EIGkmjaDSNobGUQuNoPL1NE+gdmkiTaDJNoVSaStPoXZpOM2gmvUez6H2aTXNoLs2jNPqA5tMCSqcPaSF9RBm0iBbTElpKy2g5raCVtIpW0xpaS+toPW2gjbSJNtMW2krbaDt9TDvoE9pJu2g3fUp76DPaS5/TPvqC9tOXlElf0QH6mg7SN3SIvvXd6Ts6QkfpGH1Px+kHOkEn6RSdpjP0I52ln+gceYIQQxHKUIVBGBNmC2PD7GGO8KowZ3h1mCu8JoyE14Zx4XVh7vD6ME+YN8wX5g/jwwJhwVCHJrQhhWFYKCwcRsMbwiLhjWHREMNiYfHQhSXChPDmsGR4S1gqvDUsHd4WlglvD8uG5cJH768Q3hFWDO8MK4V3hZXDu8MqYdWwWlg9vCesEd4b1gzvC2uF94elwgfCOuGDYd3wobBe+HBYP3wkbBA+GjYMHwsbhY3DJmHTsFn4eNg8fCJsEbYMW4VPhq3Dp8I24dNhYvhM2DZ89uf9Dyz44/1JYY+wZ/hy+HLo/X1ybnReNC36QXR+dEE0PfphdGH0o2hGdFF0cXRJdGl0WXR5dEV0ZXRVdHV0TXRtdF10fXRD1Pvq2cChE0465QIX47K5WJfd5XBXuZzuapfLXeMi7loX565zud31Lo/L6/K5/C7eFXAFnXbGWUcudIVcYRd1N7gi7kZX1N3kirnizrkSLsE1dc1cM9fcPeFauJaulXvSPemeck+5p93T7hnX1j3r2rm/ufbuOdfBPe+edy+4Tq6z6+JedF3duFwX3pNJrqfr6Xq5Xq6P6+P6uX6uv+vvBrgBLtklu0FukBvsBrshbogb6oa64W64G+FGuFFulBvjxrgUl+LGu/FugpvgJrqJbrKb7FJdqpvmprnpbrqrOOPCWWa72W6um+vSXJqb786vGdPdQrfQZbgMt9gtdkvdUrfcLXcr3Uq32q12a91at96tdxvdRrfZbXZb3Va33W13O9wOt9Nfc2FSt8ftdXvdPrfP7Xdfukz3lTvgvnYH3TfukPvWHXbfuSPuqDvmvnfH3Q/uhDvpTrnT7oz70Z11P7lzzruUyLjI+MjbkQmRdyITI5MikyNTIqmRqZFpkXcj0yMzIjMj70VmRd6PzI7MicyNzIukRT6IzI8siKRHPowsjHwUyYgsiiyOLIksjSyLeF9gc+gL+cI+6m/wRfyNvqi/yRfzxb3zJXyCv9mX9Lf4Uv5WX9rf5sv4231ZX86X94/5Rr6xb+Kb+mb+cd/cP+Fb+Ja+lX/St/ZP+Tb+aZ/on/Ft/bO+nf+bb++f8x38876jf8F38p19F/+i7+pf8t18d5/ke/ie/mXfy/f2fXxf38+/4vv7V/0A/5pP9gP9IP+6H+zf8EP8m36oH+aHx7zlR1y6RIaxPsWP8+P9236Cf8dP9JP8ZD/Fp/qpfpp/10/3M/xM/56f5d/3s/0cP9fP82n+Az/fL/Dp/kO/0H/kM/yiSzeV/XK/wq/0q/xqv8av9ev8er/Bb/Sb/Ga/xW/12/x2/7Hf4T/xO/0uv9t/6vf4z/xe/7nf57/w+/2XPtN/5Q/4r/1B/40/5L/1h/13/og/6o/57/1x/4M/4U/6U/60P+N/9Gf9T/4c/581xhhjjLF/yrjLQ/HrPRdu5/f4nRzxi4N7AsDVW/Jn/nL/+RXl2jwXxr1FfOsIADzTvePDl7YqVZKSki4emyEhKDwH4NLfBJ0XA5fjRdAKnoJEaAklf7f+3qLzGfoH80dvA8jxi5xYuBxfnv9zAEz6nfkff3L4/DLhqbj/Yf45AEULX87JDpfjRdDq5/srLaHUH9Sft/kv64/97fzZv0gBaPGLnJxwOb5cfwI8Ac9C4q+OZIwxxhhjjDHGLugtyre/dP156V98/t71eby6nJMNLsf/6PqcMcYYY4wxxhhjV95znbs8/XhiYsv2//qg0v8q658eNIT/q5l58LsD7wEu/UQBwL85IcD5gfxPPopN/5FzJV986/z9rqWnfQD/Ha38MwZX+IOJMcYYY4wx9qe7vOj/9c/VlSqIMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhjLgv4Tv07sSj9GxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhj7Er7fwEAAP//nXwDKg==") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0) mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc11, 0x0) mount$bind(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000000)='./file0/file0\x00', 0x0, 0x887008, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r0, &(0x7f0000006b40)={0x2020}, 0x2020) 56.505024776s ago: executing program 2 (id=1292): socket$inet6(0xa, 0xa, 0xfffff000) syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x8c57, &(0x7f00000000c0)=ANY=[@ANYRESDEC], 0xf5, 0x2e6, &(0x7f0000000540)="$eJzs3ctrE18UwPGTV5O0v/6ShYiIwqWCKNKhCbhz0SItiAGlbQQrCFM71ZBpUjKhEBGbheDWtYsuXIoggjs3Im678S/wteumOwsWR6Yzk6bJGNNqX/b7WTSnOffMvZm56eO2uVm59GSuOGtp321XdFjqshaStIQlIq66nH+/9On0xLv/3M+VGhuZzGSVCovIrQcvBt5W+268/v9NXJbTt1dWs1+XT02K/Ji8V7BUwVIl21a6mi6XqyGneKZgFTWlrpuGbhmqULKMStXL69OmoWbN8vx8Temlmf7e+YphWUov1VTRqKlqWVUrNaXf1QslpWma6u8ViEi6EYXbcqFOhfnna7Ytq86Fj9fFtu2A1nU/iHm38T8bLA6SluvfsW3b5Ijs5siwF9bsaNfXH/8e9/n/+SnX/2iauDl1dSSXGx1XKiEy93ghv5B3b938xz4piCmGLI1fmFoXsRsk5Hwcu5IbHVIb0nJ2btGrX1zIu98cRma9+oyknJ9TmurFr8+49WprfUx6m+uzkpJjwfVZv17CTfU9cu5MU70mKflwR8piyow4tZv1DzNKXb6Wa+k/udEOAAAAAAAAAIDDSFMNm+v3oc0/9WpafOM/Phr5pHOv087NN9bXhyQl68Hr80OB6/tRORndv8cNAAAAAMBRYtXuF3XTNCq7E0SeJTt0ERMRJxB5NOAMpuMBj3sj7q73HhFpT0U6d7ElSF50+3s57g1MdvNE/aXAf7FGUTdf+amkBDUOb2sCDPYEnvnEnj5A6aaxJHY2seNdT63WILTu33MisI0d+v1xbN2Mba/34W09HX4ZJFpP1OAX97hmhy8a3xpLfAAAAAAOkaZfnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwD7Z0eZh/r79W1PivUV8+5Zsre8Tz77/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6gnwEAAP//JZK+GA==") r0 = socket$nl_generic(0x10, 0x3, 0x10) close(0xffffffffffffffff) socket(0x80000000000000a, 0x2, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) ioctl$sock_SIOCSIFBR(0xffffffffffffffff, 0x890c, &(0x7f0000000080)=@generic={0x2, 0x96}) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r2, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 56.00773471s ago: executing program 32 (id=1241): socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000000)={0x38, 0x0, 0x4, 0x8001, 0x0, 0xb49, 0x200000000002, 0x7, 0x8, 0x5}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x8000002) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0x42, 0x6, 0x8, 0x0, 0x1}, 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0c00000004000000040000000180000000000000", @ANYRES32=r2], 0x50) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x8000, r3}, 0x38) 55.92908886s ago: executing program 2 (id=1301): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f0000000380), 0x1012d, 0x0, 0x0) 55.918048601s ago: executing program 33 (id=1301): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f0000000380), 0x1012d, 0x0, 0x0) 45.878150527s ago: executing program 6 (id=1376): socket$packet(0x11, 0x2, 0x300) unshare(0x2c000480) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0xe7c) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0) openat$vcsa(0xffffffffffffff9c, 0x0, 0x242002, 0x0) socket$alg(0x26, 0x5, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x9, 0x4, 0x6, 0xfffa}, 0x1d, [0x1, 0xc95a, 0xfffffff3, 0x9, 0xc0, 0x2, 0xffffffff, 0x7f, 0x6, 0x4d, 0x39cc191a, 0x5c, 0x6, 0x3, 0x2, 0x0, 0x6, 0x3, 0x0, 0x2ab, 0x4, 0x7, 0x4, 0x3c5b, 0x1, 0x1ff, 0x9, 0x5, 0x1f461e2c, 0x7, 0x2000e665, 0x7fff, 0xb, 0x3, 0x7fff, 0x4c74, 0x80000000, 0x800242, 0xffffffff, 0xa, 0x0, 0x71, 0x1002, 0x6, 0x3, 0x2, 0x5, 0x3e, 0x400008f, 0x6, 0x6, 0x3, 0x80092a3, 0x1200000, 0x1, 0x20000000, 0x82, 0x0, 0x7, 0x7, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0xffff, 0x12f, 0x6, 0x10, 0xfffffff3, 0x129432e6, 0xcb, 0xf9, 0xd, 0x2bf, 0x5, 0x1000, 0xfffffffc, 0x0, 0x0, 0x7, 0x5, 0x2f, 0xe, 0x312, 0x1, 0x0, 0xfffffffe, 0x8, 0x4, 0x8000, 0x9, 0x7fffffff, 0x401, 0xfff, 0x4, 0xfb, 0x5, 0x8000, 0x5f31, 0x4, 0x1, 0x2, 0x2, 0x20009, 0x4, 0x9, 0x8, 0x9, 0x6, 0xb, 0xa, 0x1, 0x9, 0x9, 0x2, 0x7f, 0x9, 0x1, 0x3, 0x9, 0xffffffff, 0x7, 0x3, 0x9, 0x48c93693, 0x42, 0x400004], [0x6, 0x6, 0x80000001, 0x2, 0xff, 0x40000100, 0x8d2, 0xb, 0x20005, 0x7fff, 0x0, 0x20000001, 0xb, 0x4, 0x5, 0x1005, 0x0, 0x1f0, 0x0, 0x2, 0x86, 0x1, 0x9, 0x3e7, 0x9, 0x5, 0x2, 0x2, 0x800, 0x8, 0x5, 0x8001, 0x7, 0x38, 0x800003, 0x200, 0x80, 0x1, 0xcc52, 0x950bfaf, 0x1000, 0xa2, 0x7, 0x53cf697b, 0xfffffff9, 0x6, 0xac8, 0xbf, 0x10002, 0x403, 0x7ff, 0x3, 0x0, 0x1, 0xffff, 0x0, 0x6, 0x1c, 0x120000, 0x3, 0x6, 0xaaed, 0x4, 0xff], [0x9, 0xbb31, 0x0, 0xb, 0x5, 0x1, 0x6, 0x5, 0x0, 0x3, 0x80ce7, 0x1ff, 0x3, 0x7, 0x5, 0x1003, 0xff, 0x10000, 0x6, 0x7fff, 0xffff, 0xe620, 0x2, 0x2, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x4, 0xffffffff, 0x80000000, 0x7, 0x8, 0xc8, 0xee1, 0x0, 0xffff, 0x3, 0x7f, 0x100, 0x9602, 0x4, 0x6, 0xffff, 0x6, 0x1, 0x10080, 0x6, 0x8, 0x30b1d693, 0x5a2b, 0xc, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1c, 0x1, 0x200, 0x3, 0xfff]}, 0x45c) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) 45.823613394s ago: executing program 6 (id=1377): r0 = socket$inet6(0xa, 0x3, 0x8000000003c) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000001280)=@raw={'raw\x00', 0x8, 0x3, 0x3e0, 0x160, 0xffffffff, 0xffffffff, 0x160, 0xffffffff, 0x310, 0xffffffff, 0xffffffff, 0x310, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [0x0, 0x0, 0x0, 0xffffffff], 'veth0_macvtap\x00', 'dvmrp1\x00', {}, {}, 0x0, 0x0, 0x5}, 0x0, 0x118, 0x160, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@socket2={{0x28}, 0x2}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@dev={0xac, 0x14, 0x14, 0x3e}, '\x00', {0x6}}}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [0xff0000ff, 0x0, 0x0, 0xffffff00], [0xff], 'batadv0\x00', 'gre0\x00'}, 0x0, 0x190, 0x1b0, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@srh1={{0x90}, {0x3c, 0x7, 0xed, 0x4, 0x2, @private0, @private0, @private1, [0xff, 0x0, 0xffffff00, 0xffffff00], [0xffffffff, 0xff000000, 0x0, 0xff], [0xffffff00, 0xffffff00, 0xff000000], 0x808, 0x2188}}]}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x440) 45.721837237s ago: executing program 6 (id=1382): syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f000000bc40)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, &(0x7f0000000700)=ANY=[], 0x1, 0x6f2, &(0x7f0000000ac0)="$eJzs3U9sHFcZAPBv1mt7N1Udt03TIFWqaVFBWCSxLRfMJQYhZKQKqiDB2WqcxsrmD7aL3B6wC0hcOXBFKgdzgRMIISEhRSpnuFXcLE4VSFx6Snpg0Pxbr93d9TquvS78ftFk3rw3780338y+2V3J2gD+by1NR/1BNGNp+tXNbHt3Z661uzN3pyjXWhExHhG1iHpHr+S9iMUolvhMVlE19DrOL1YXrr//4e4HxVa9XGpR/NfsHWB9kLPYLpeYioiRcn0M+8Z7/fHGG98rJu3MZAl7qUocDNtoRKT7/ODiXks36UjHRs/XO/DpkRTPzQ7F638y4lxENKoH2nbRWDv9CA91pLlo++TiAAAAgDPj/MOtiM2YGHYcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8GlS/v5/Ui6PqvJUJNXv/3+uY/exIYbaX//IGlXhQe00ggEAAAAAAACAk/XCw/jN9TSdqLbTJGrfGyk3muX6zViPlXrE5diM5diIjViLmYiY7BhobHN5Y2NtJl7Mty58lKZpPFH0jLV9PWe79pwdMODmcc8YAAAAAAAAAP6nXJsfz9c/jqWYGHYwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQKYkYKVb5cqEqT0atHhGNiBjL9tuO+FtVPkPqR+3w4GTiAAAAgCEb3bd1/mE8jM2YqLbTJP/MfzH/3N+IN+NubMRqbEQrVuJG/l1A8am/truzNb27M3cnW8phv/Nke9yv/XvvGL+fODSofMQovnvofuRL+R7NuBmrec3leD3uRStuRC3vmblUxdMRV4d3spiSa4U0jfFB0nWjXGdn/vNyfSqah+0wmWdktJ2Rq1lsSZHHp/pnovPqDODgkWai1v7m50LvI7W/jKlyfq3vUZL/pGlROlfVRDzxrb45z++X0SOdzLEczMRsx913sX/OIz7/h99+/1br7u1byfb0qd1Gj+WF7tXj/6iuUJWJwnasxFxHJp4bOBM31894Jnra/01jLZ5tl5fim/HdmI6peC3WYjV+GMuxESsxFd/IS8vl/Zz9P9k/U4v7tl47LKax8rqMHIjps+eLdb+YXsz7TsRqfDvuxY1YiVfyf7MxE1+O+ZiPhY4r/OwAM22ty6v+j72Df+kLZSGb+H62NwGe4qu7lyyvT3XktXPOnczbOmtqkZZPlqeP8DzqPzdW9h5Z2ZX4ScdrcPjamWhE+ylRRfdMlYHRrpn4VT6trLfu3l67tXz/wLjJdvfjvRz7T//sTCTZ/fJ0e47Yf3dkbc90bZvJ2y6022oH237dbLcd9kodK9/DfXyk2bztuYj4ZRlt1pbJ5vCs7VJHv+z9ViNv+yhN0+L9FgBn3rkvnhtr/qv51+a7zZ82bzVfbXx9/Cvjz4/F6F9Gv1q/OvJy7fnkd/Fu/CgO/4QOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcav2tt28vt1orawcKaZpu9Wg6kULUI/bV/PlPHfvkvzUWEYMPmO29WIvIa+pRFgbo/s+IKGu2Hu903nncJPy9vCankvA+hWTgnRs975+ycO/J8nQepWl66qdT/VbbkbunpaFdgk+4UP1E1seaknpEj15DmY6AU3Rl4879K+tvvf2l1TvLb6y8sXJ3YX5+4erC/CtzV26uthrDDg84QfmzPn+fM+xIAAAAAAAAAAAAgEEN9sc5ye3lKGrq3f6K4LDuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMewNB31B5HEzNXLV7Pt3Z25VrZU5Ww9ku/5KCJqEZFMRSTvRSxGscRkx3BJr+NsR1x//8PdD4qternk+9eOfxbb5RJTZbhT3fdrdKtMt3qNl+Tj3O893oCSchlp1yweazz4hPw3AAD//xEwCSs=") removexattr(&(0x7f0000000040)='./file1\x00', &(0x7f0000000080)=@known='trusted.overlay.opaque\x00') 45.641080207s ago: executing program 6 (id=1384): syz_mount_image$vfat(&(0x7f0000000400), &(0x7f0000000100)='./file0\x00', 0x1000000, &(0x7f0000000000)=ANY=[@ANYBLOB="6e6f6e756d7461696c2c6e66732c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d697865642c757466383d312c004845160000000000"], 0x1, 0x2bb, &(0x7f0000000440)="$eJzs3UFrE1sYxvGnTW+TprTJhcuFe0E96EY3oY0fQIO0IAaU2hR1IUztREPGpMyESkRsNuLWD+Gq6M6doC7ddCNu3LsrguCmC3HETNImbVrTNklj+/9BmTd5z8OcttPyptDJ2o1n9/NZL5G1ShqMGA1KFa1L8V9VzUDtOFith9WoonOj3z6duH7z1pVUOj01Y8x0avZ80hgzfurNg0cvTr8rjc69Gn8d1mr89trX5OfVf1f/W/sxey/nmZxnCsWSscx8sViy5h3bLOS8fMKYa45tebbJFTzbbepnneLiYtlYhYWx6KJre56xCmWTt8umVDQlt2ysu1auYBKJhBmL6ngbamNNZmVmxkrt2PZDHd0Rum6k1ZOum6q0bmZWerAnAADQZ3af/4NZf+f5Pz0XHNua/18+l9qb/6VOzv8DPf2C9rlK06PfzP84Elw3ZUVrP7/NmP8BAAAAAAAAAAAAAAAAAAAAAPgTrPt+zPf9WP1Y/whLikiqPz7sfaI79vn9v3BI20WHNfzjXkRyni5lljLBMeinssrJka0JxfS9ej3UBPX05fTUhKmK662zXMsvL2VCCtfzdfFW+ZN/TwZ505z/S9HG8ycV0z+tz59smR/W2TMN+YRi+nBHRTlaqF7Xm/nHk8Zcuprekh+prgMAAAAA4ChImA3bXr9X+9UFEW3vB/k9/H1gy+vrIf3fzi0qAQAAAADAgXnlh3nLcWx3H0VY0gHieyj8ga6fonNFSH2xjS3FRUl9sI1eFRFJwTNmP/EvG/G2Un4ba4YkHfTzivTw0jrs30wAAAAAOm1z6N9D6OOTLu4IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDjp937gdXXb2vVG7vEG04X0vuNtwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjp2fAQAA//91iCZA") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0) mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc11, 0x0) mount$bind(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000000)='./file0/file0\x00', 0x0, 0x887008, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r0, &(0x7f0000006b40)={0x2020}, 0x2020) 45.497010915s ago: executing program 6 (id=1390): r0 = socket(0x10, 0x3, 0x4) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x24008000) 43.323571824s ago: executing program 6 (id=1408): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0x2}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000800)={@ptr={0x66642a85, 0x0, 0x0, 0x0, 0x2, 0x8002c}, @fd={0x66642a85, 0x0, r4}, @fda={0x66646185, 0x9, 0x1, 0x100000000045}}, &(0x7f0000000240)={0x0, 0x28, 0x40}}, 0x1000}], 0x0, 0x0, 0x0}) 43.27206118s ago: executing program 34 (id=1408): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0x2}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000800)={@ptr={0x66642a85, 0x0, 0x0, 0x0, 0x2, 0x8002c}, @fd={0x66642a85, 0x0, r4}, @fda={0x66646185, 0x9, 0x1, 0x100000000045}}, &(0x7f0000000240)={0x0, 0x28, 0x40}}, 0x1000}], 0x0, 0x0, 0x0}) 17.233169714s ago: executing program 7 (id=1697): r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x20880) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000080)=0x4) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') mount$9p_fd(0x0, 0x0, &(0x7f0000000040), 0x0, &(0x7f0000000f80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) 17.175082841s ago: executing program 7 (id=1699): syz_usb_connect(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00"], 0x0) syz_open_dev$loop(0x0, 0x8, 0x0) socket$inet6(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0xb, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xa5a9b000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000006c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) r3 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc1}, &(0x7f0000000080)={0x0, "5d9bc136c963254c661fb620148b6f72ca6ae2a44829bfa79ec13499f8ec9077d85d879711d98bb1687ad36dfe5f14a7b0ce15c1e6be0e7ecabfdfde0dfa00b1"}, 0x48, 0xffffffffffffffff) pipe2$watch_queue(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) r5 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFC_CMD_GET_DEVICE(r6, &(0x7f00000005c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x10000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4040001}, 0x8040) keyctl$KEYCTL_WATCH_KEY(0x20, r5, r4, 0xa0) keyctl$KEYCTL_WATCH_KEY(0x20, r3, r4, 0xfffffffdffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r7) sendmsg$ETHTOOL_MSG_TSINFO_GET(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000500)={0x20, r8, 0x6a98047402e98331, 0x0, 0x0, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x6}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x8040}, 0x4008800) 13.897185281s ago: executing program 7 (id=1729): r0 = fsopen(0x0, 0x1) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) socket$inet_sctp(0x2, 0xf, 0x84) socket$inet6_udplite(0xa, 0x2, 0x88) socketpair$unix(0x1, 0x2, 0x0, 0x0) syz_usb_connect$uac1(0x3, 0x0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="04050400c900", @ANYRESOCT=r0], 0x7) fsconfig$FSCONFIG_SET_FLAG(r0, 0x5, 0x0, 0x0, 0x300) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000400)=0x7) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) 13.768998987s ago: executing program 1 (id=1734): r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/5, 0x1c000, 0x800, 0x8, 0x2}, 0x1c) setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) bind$xdp(r0, &(0x7f0000000100)={0x2c, 0x1, r2, 0x8000000, r0}, 0x10) 13.744612781s ago: executing program 1 (id=1735): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x141, 0x48, 0x13, 0x44, 0x20, 0x424, 0x7500, 0x69ee, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xb8, 0x7, 0x2, 0x96, 0xd1, 0xca, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x200, 0xd, 0x0, 0x6}}, {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0x10}}]}}]}}]}}, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000900)={0x84, &(0x7f0000000c80)=ANY=[@ANYBLOB="0017df000000ab"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000740)={0x44, &(0x7f0000000180)=ANY=[@ANYBLOB="601004"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000440)={0x34, &(0x7f00000001c0)={0x20, 0x3, 0x35, "e1a89161410acee0cf9833ab9a37f58ea5641ad54baf75b762c9198fb169ad096f16245c612ff7e73efdac515a58fa70de2afa4c1e"}, &(0x7f00000002c0)={0x0, 0xa, 0x1, 0x5}, 0x0, 0x0, 0x0, 0x0}) 13.369175759s ago: executing program 7 (id=1740): r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000300), 0x800401, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000080)) ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000500)={0xa00, 0x18, 0xfa00, {0x100000000000000, 0x0}}, 0xfc36) syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) 13.217542638s ago: executing program 1 (id=1741): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x8, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x10, 0x0, 0x0, 0x389, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x9, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xe], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x8000000], [0x8, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x9fb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffff9, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000]}, 0x45c) ioctl$UI_SET_PROPBIT(r0, 0x5501, 0x0) write$input_event(r0, &(0x7f00000005c0), 0x200005d8) 11.203582736s ago: executing program 1 (id=1756): r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x20880) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000080)=0x4) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x0, &(0x7f0000000f80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) 11.202510206s ago: executing program 1 (id=1757): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r2) socket$kcm(0x10, 0x2, 0x10) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xffffffed, 0x6}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000001}, 0x810) sendmsg$nl_route_sched(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x25dfdbfb, {0x0, 0x0, 0x0, r5, {}, {0xb, 0xb}, {0x2, 0xb}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x6, 0x808, 0x205, 0x1, 0xc}, 0xb, 0x1, 0x32, 0x5, 0x9, 0x3, 0x9, 0xd, 0x1, 0x1, {0xffff1c72, 0x23, 0x3, 0x8, 0xfffffffe, 0x7583}}}}]}, 0x78}}, 0x8000) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000680)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x7, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) r8 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r8, &(0x7f0000000900)="bada30fbc99b5400040000ea", 0xc, 0x8040, &(0x7f00000001c0)={0x11, 0x88a8, r7, 0x1, 0xd8, 0x6, @multicast}, 0x14) 10.776382331s ago: executing program 0 (id=1758): io_uring_register$IORING_REGISTER_RESTRICTIONS(0xffffffffffffffff, 0xb, &(0x7f0000000080), 0x0) io_uring_register$IORING_REGISTER_RESTRICTIONS(0xffffffffffffffff, 0xb, 0x0, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f0000000100)='H', 0x0}, 0x20) bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffff, 0x3}, 0x6) bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0x1a, 0x4, 0xffff, 0x5}, 0x50) r1 = io_uring_setup(0x3ac7, &(0x7f0000004140)={0x0, 0x800000, 0x40, 0x1, 0x14e}) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r2, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c) sendmmsg$inet6(r2, &(0x7f0000002b80)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000240)="11a8", 0x2}], 0x1}}], 0x1, 0x4404c880) sendto$inet6(r2, &(0x7f0000000300), 0x16, 0x3b00, 0x0, 0xfffffffffffffdfd) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xd) r3 = dup(0xffffffffffffffff) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) close_range(r1, 0xffffffffffffffff, 0x0) 10.750966914s ago: executing program 3 (id=1759): r0 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f0000000200)={r1, 0x0, 0x3}, 0x8) 10.711796439s ago: executing program 0 (id=1760): write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0x0) r0 = socket$inet(0x2, 0x2, 0x1) openat$autofs(0xffffffffffffff9c, &(0x7f0000000180), 0x882, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)={0x4c, 0x2, 0x6, 0x701, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0x14, 0x3, 'hash:ip,port,ip\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}]}, 0x4c}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000000000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) ioctl$vim2m_VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0) sendmsg$IPSET_CMD_LIST(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000070601080005000000"], 0x1c}, 0x1, 0x0, 0x0, 0x20048005}, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 10.710923829s ago: executing program 3 (id=1761): setresuid(0x0, 0x0, 0xee00) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) setresgid(0xee01, 0x0, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x21c0, 0x103) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000001180), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000580), 0x14800, &(0x7f00000005c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}}) read$FUSE(r0, &(0x7f0000004280)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000180)={0x50, 0x0, r1, {0x7, 0x2b, 0xfffffffe, 0x30004004, 0x0, 0xfffe, 0x6, 0xfffffffe, 0x0, 0x0, 0x100, 0x100}}, 0x50) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000002180)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_GETFLAGS(r2, 0x80086601, 0x0) 10.693001011s ago: executing program 0 (id=1762): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0) ioctl$DRM_IOCTL_SET_VERSION(r0, 0xc0106407, &(0x7f00000000c0)={0x1, 0x2, 0x3, 0x7}) 10.617089331s ago: executing program 0 (id=1763): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r4) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0x100, 0x3, 0x6361, 0x5, 0xfffffffd, 0x6}, [@TCA_NETEM_LATENCY64={0xc, 0xa, 0x211}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0xc04c001}, 0x20000804) sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x80000, {0x0, 0x0, 0x0, r6, {}, {0xffe0, 0xb}, {0xd, 0xd}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0xc, 0x2, [@TCA_HHF_QUANTUM={0x8, 0x2, 0x4}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000004}, 0x4010804) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 10.616921871s ago: executing program 3 (id=1764): r0 = syz_usb_connect$hid(0x2, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0xeef, 0x72c4, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x0, 0x0, 0x60, 0x2, [{{0x9, 0x4, 0x0, 0x0, 0x7, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x0, 0x36, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0xc, 0x2, 0xe}}, [{{0x9, 0x5, 0x2, 0x3, 0x20, 0x81, 0x8, 0x80}}]}}}]}}]}}, 0x0) syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000009"], 0x0) syz_usb_disconnect(r0) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[], 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io(r1, &(0x7f00000001c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="000085"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_disconnect(r0) 10.38774029s ago: executing program 7 (id=1765): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'bond0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'team0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="400d00000000000030001280080001006873720024", @ANYRES32=r2, @ANYBLOB="08000100", @ANYRES32=r1], 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x8000) r3 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0) 9.497189324s ago: executing program 3 (id=1767): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=@newqdisc={0x54, 0x10, 0x1, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, 0x0, {0xffe0, 0xffe0}, {0xf}, {0xe}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x491, 0x0, 0x0, 0x4, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x4040c00) 5.616911462s ago: executing program 5 (id=1776): r0 = socket$kcm(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, 0x0}, 0x4000) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001a00)=ANY=[@ANYBLOB="18000000030000000000000026d0000095002b000000000093adff012255f674412d02000000880b5f04596a5e99fce658be2f200c699223886d8be4b50000005ab527ee3697f98125f30e6326996a3cfee33025a30b45bdcf2c69d105e5e55a1d273683623f1a5dc6e3c7e20eb7a98ecf3bd2cf898e924abe26ac296f660e69ba982fd76e00dcff7f0000ca6b78ad833488cfe4109eaf009eddcf21f5c63cde2f00150200000001000000520a0000151d010000000100bf00000000cc587424363da52001a3cdf2000000db74596fd72c002a60c1bc7dc8c38b7d2e13c50424b9dd1145d03ff45f70685c6bd9ff41c69b7de406e89dcbb7677e65a88a8407a9e7f9c0e91028b0856eb1ed9474480737a55ebb0bd701f7fb21135c6172eba7eb8a341f07e5a2d1e88b3cfc22df01e4bac9d97328fa2a82b5e8741e02056d93a433f50479387467824262852c7939db5672d07cdbe8e14abf56497e5d56dbe37551b870b2851c3f0a1a9ebfcba105a6ccdd01b0f04edb256c0200000073f6db43661bd7f0e2536ffbfe5ca31b4083145531458b7d1e341c6b351ebc5223f54d6bec93f4ef088e5d1be2515226988d664709ff03f1aa3dc7f1580ace9bf2afd28d0700000000000000d6eb372713255012e028cb2654d493a0b43bf21375709f348f5eda2967199cc936859a538100070000000000dc10e13ef227f627a40000ad1fa253d33fa74f172d3407ae4e1e347c0c6ef9dd2b6bb700000000000000000c586272c3f4d79bc36315745cb149f3cb385e6add14652003c7cdd3324f07d134d3a6c718bbd1aafe1140cff0be4c6f8df084c5e9734ae30aa9af030025f01ab03a9b1074407136bc506031f0916a39d3057d55183612b39e73ae8e6dc30356886a831836469e2051d937eb85f3f2d5ae2c1dca476b97419a3b76ed62409d004d7fbe362145d19605d760df4c5124ca325d374b371867a79b35c6617fc3327191fbf514573f0e30d1d60be2168fffc2f3dccd599a2cb77f124e22f87673675805494db821f39b50d938d5fd8c6b2a3a324c257bc9110971b749ccd74089ed6b86f81ca3ba47d8f71d290ed1b1a11f7a67125170c88c3b6a50692cc0064fc6bbd312536ac15016c85c6332226401b110da9c786eeca22debc99335587b54c13c3107008fa069af8223b38ced735c2d906551004d8dc10d88738488da01ffa4add56474573c964a270000f2f16625c0c10200000000c7a5ca60fdad159f2e44171f39638410020000004825d081f2d987f05c534187738655d7dc958f2046fa0c1619a6554b82d9c162eb61ca74f1ffdaccf0ea5f06e0fca8b27ff3983ab74fd3d560700a1fab44e77e312b3b129e000302d613916c9bcf9f0000fac73a5b6bfb27f88dba816020be760f7b45e001efada8000000000000fdaf4660402f7b3b79a433e08074ea2462974a00040000eb01352638f56dae0249d15ba8767259658878b7492cfbacde9b57cf4de00788adce638190f3570e0b4c80ef682df22201270955afb6008846557ee3bc09fda6dbb6550d597300eb82a184c96ffde5a30e5433e866665b98ca2002c804c22ff2634b7bfbf5c0d586cda5b45fd00dede1e88a4d41dee7cc76d7a23d06acb1d2d4c58faea84158bb440df2a694f4cdcaa4f65c22efffffffffffdd00000000d503d79986958115ae07b70f991430b7fb475d77b869ee02000000000000000000001ffff0ef89b2a68d2b05c995445d8a7700bcdfbec74fb2dd163e863315e84498dfb52bb93f6c9084659ce777ddac563c8596c2b1d8180289a61faa95a82bf1cfb7f2fd7252e9322abe282c33445d443a67467893b9bf0d1c8130ae6b226900000635376413c29f7c6f7b7e29b9a0c64e68328661f0c06e21f7d7dc22174ea4447a6f60edef3a4168d40200fbc71104512efe8e5d7d934aa289b4bd2b870000000000000000000007000000002000000000009b777883a02f0593dfc4cb4114b9f9cf4ad155110cc6ace2b322ac31bfa27847c799c8009a1ea5b98e525e6383ad7fd9795170e7b11e247603c2ff49a11459c7f606d729d3979676bffb3049166bb84a0f061991bd57c2566c10c282352aba05b6164ef876915a3f2491e4793e590dcc71de10da96366c1e992c0068c940dd4422c9882d3aa0f8a797b8fea6efcfb5276b7679f15559edaa977504cc0b2f777acb907ebf5fc14add71d0bca37405ded69b77ab4a3d7487fd04000000de17e1e13b93669b79556abb722d9c085b189b5fd1f30e8dc813f608830b110001732135e8e7262f290000923bfb6b41ff3792cee2fc37eee739c3e36a4bc80112968ec0d8902eced1fe552018014a463abbbf7ccd6a92a5734e3ebfca9b6e88e031f31de2183652e77c164c646a1cfd3710aa4205d8d4d4f974133ccb1e49feb42664eccd809c0ba8917eda87489e8946d5c8156197bcb66fd5606c63e3389ee9e8552381646365066ef9a36a449c96485c22ad1aa423b7b89efbc6cd54000bb0ea5f4f1e8773144fb6ac9a44d43593d77e66aa7ed7f3d4e7b211590c738888d02b2dbb0b2ba73ec72e1d8d7360a128499dd19e1e7b9b0671f4f58515b45ecb9964f3c4ddb8234391d514f8d996d8d6dd7f8fadfee2d7a0035638ce27c2936cb04b30a0eb0cde0000000000000040000000ec3c12ecee8fc3a40000000000000000e215b00ce2570b930723cbadb4033d1b8aaa2cfb3fb89e4a6e89737fd6232218a9e0c099d1eb59d60b3cca089785642f327139bc4394fb6d547a9b3c22599e780c1da7433fb47615d372e3fffe9703e37d5c87d513165278650738efcc04d27b766cf7f60066edd292f6c8a2174f391ed164bb1816819ceb3e378e776d422bc946cd9501accebeac3a5b31d8abc68ae537cd44a04e6bc21c35a7beab2610c51e593676bf635a20f597f4631b91454d182f826071f5210bd6d93173589929b23801e63c2266fde13b5a04b8d48be057c752bc415a756ea9b4d34156c4f73dd5e5924ef101a5fcdaf37c7ba2c4a9de9b000000000000000000000000000000a73b862e4b63c245616b522345587d0ee65a6902bdd0abd941e8aba37510b222ae544f395edd1b92ad53fc68f08ea00edc5e10d768836169dd296d56b306e8b75778c37571792a6c3d8b02ef378ebd59422cdd008bef6f80a80a68641ea5ed4f1126bb676098c10bf663eb3fb8c839364d28fd046dc64b35f9c3397ce6f4ad357b0000000000090000000088c7a8e2638f650a6f04a6f33a090f59414d6ebcbc687e66d600000000bd0a58ea6d36fc2cf9b9a71c137a2a22adb1006f371d4faf47285fd66fe0389afb96854bb360edcdf11b4ff6dd578bba93e949d240cde9b5836cb46032484dc19c93db7b6e5afa10547c78e76a3111557346e52566df196fd630561bb908fff4d2e19562aabd43742a26a43799f8636fa04ceb40c9e4ca1cfbbc7b949cd245a3ee118fd0d4f639444539af8766028d4ac4d4c548e290199e0dacbb4f6796b39bf32934d941ba2f88e3ebd0cf8e24f99eca86e4ca9b2cd2b54044a7fc4631572a6378a32df288785f146275c1f548e2a0c1016744e05f9de5044373d7650125027547eefe7b2d8c8871bb65395fae99d8456883705bfdfb00001854b2e5efa8aaf25827d659f592b1575281ec125de7fb91cd81d91dcb19f5cdf1e1e2b4a8a1389753a09110538689e38e07fb2dc72bd4fd11d7bc16aac5d85c6101bb722895248e463a5fb45ce0e564e90cb19d5993b471687ae4165e29cf2f58082115f5f8569896eedfd798733223e6d6584997510c374912ab798bd4af4654c01bb2c411bc36468ddd62b4eba5cfc8953526e0e5b1359797956152d0098ce47c62c3fe5a23219389622b7f65bf03527d25c3941b9cf1ffeedf6d99082bb57ea871c12213cc40900f83033bc18c529171fae324c315bc6ce358831d0230412212acfd5fc8d5cb0d028cf568e8bb40e27befe2ff01f7c6674a4d86d900633ea36641e0a781ea0ea7f2d928b8b22e2f97dd13348927375baea6863bef4acf4299096ada5cdd2a0eaafaa760a79d102d1e0c0000000000000000007926653b8d79ce16a432f124786a0bc3c5b7d196822492ae1ccf91aeac16406ad6f9cd3d96d57fceba8360ae49f73351814c9c2972f11064aaf3739d9100f9c0e4d0cb17d50c82e305ba7d62cf1cc6da26e34982a8c74dd8122cf5b5e7c34fd2712a0cef05e4d8ec7dd363219676bd9b19943185b132eb35a695e208dfa5cecdb1d6425c8879063c0f11bd64291a4209ee6dc1d9e9010013f6148c603e6a335e298efd6ab5cccc47a2c568c6afec54f8251bd840752addf200371361c9eedf05ed98585cf6d99e9e56055064bda2d373369761238c278147cd0eb7799f6b9c9fcaa3fd282154994f5b25420c86db9b6401e885de1c615a719a1c83e8fbbb181282dbaf3313a4e4a4877e9f37607e2cd6da0cf6371ec06a75f5a4206b2418ad8897ae149085d63f01f22eca44033234b3930b4d5da756669a1d59d69e7de54abf439988ed7ec33c2d0a901bb0985a24878984d8a4340fa9a356d100926fb5f2ef9976366a61b8cc2bcb1c072b0e9c564852388e1edff10d75b3832792e471cc15b40380f94d834243080158603fbc9134d6983c540525447478984611c0d9666941bfc0a30db47a8828b6e5c51aee2094599b4ce52795750e1764f1657ca8c5633c71287239dddf5c651496f7bbd148c937f083d2e4e0197dbc6ff0649c749707b17399b1d7efad23abb8b40b38704737e15662ae4913a4a001cd3b71c7af75b5ffad9780650c800a40ca80ddc41987919142fd28dbf22db5f4c435415a03455e1d55d1783ccef97d7e4655cf839d06f06e137bbe462a03b3100231914b19739dd57b4f12d026ad0c7fd3"], &(0x7f00002bf000)='GPL\x00', 0x4, 0xb7, &(0x7f0000000040)=""/183, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94) r6 = socket$kcm(0x29, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r6, 0x89e0, &(0x7f0000000180)={r4, r5}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000100)="1400000016000b63d25a80648c2594f90224fc60", 0x14}], 0x1, 0x0, 0x0, 0x10}, 0x0) 4.732908434s ago: executing program 5 (id=1777): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000a0000004200000040"], 0x50) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x50, 0xffffffffffffffff, 0x0) r1 = socket(0x2c, 0x3, 0x1000) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, r1) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000001c0)=0x0) sched_setattr(r4, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x100000001, 0xfffffe0000000001, 0xfa11, 0x65aa}, 0x0) execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r5 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00') pread64(r5, &(0x7f0000001240)=""/102400, 0xffffff8c, 0x200000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000300)='bic', 0x3) 3.818371741s ago: executing program 5 (id=1778): r0 = socket$inet_udplite(0x2, 0x2, 0x88) sendmmsg$inet(r0, &(0x7f0000006c80)=[{{&(0x7f0000000100)={0x2, 0x4e20, @multicast2}, 0x10, 0x0, 0x0, &(0x7f0000000200)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x1f}, @multicast1}}}], 0x20}}], 0x1, 0x4000000) 3.818272071s ago: executing program 5 (id=1779): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r0, 0x0, 0x0) 3.817550502s ago: executing program 5 (id=1780): r0 = socket(0x2a, 0x2, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}}, 0x24}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=@newtfilter={0x40, 0x2c, 0xd27, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r1, {}, {}, {0x8, 0x9}}, [@filter_kind_options=@f_u32={{0x5}, {0x14, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x43}, @TCA_U32_HASH={0x8, 0x2, 0x1}]}}]}, 0x40}}, 0x4000) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 78.055111ms ago: executing program 7 (id=1781): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) r5 = socket$kcm(0x11, 0x3, 0x0) r6 = socket(0x400000000010, 0x3, 0x0) r7 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newtfilter={0x54, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0xb, 0x4}, {}, {0x7, 0xfff1}}, [@filter_kind_options=@f_basic={{0xa}, {0x24, 0x2, [@TCA_BASIC_EMATCHES={0x20, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x10, 0x1, 0x0, 0x0, {{0x7, 0x2, 0x2}, {0xffff, 0x0, 0x2}}}]}]}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x20041090}, 0x8000) r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r9) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r5, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x7, r10, 0x18}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000340)="03", 0x1}], 0x1}, 0x4) 60.889063ms ago: executing program 5 (id=1782): r0 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x258, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08060cdc030ec0007f03e3f74e22000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08120800030006010000bdad446b9bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x0) 60.739773ms ago: executing program 3 (id=1783): write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0x0) r0 = socket$inet(0x2, 0x2, 0x1) openat$autofs(0xffffffffffffff9c, &(0x7f0000000180), 0x882, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)={0x4c, 0x2, 0x6, 0x701, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0x14, 0x3, 'hash:ip,port,ip\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}]}, 0x4c}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000000000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) ioctl$vim2m_VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0) sendmsg$IPSET_CMD_LIST(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000070601080005000000000000000000"], 0x1c}, 0x1, 0x0, 0x0, 0x20048005}, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 59.882673ms ago: executing program 0 (id=1784): r0 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f0000000200)={0x0, 0x0, 0x3}, 0x8) 26.963757ms ago: executing program 1 (id=1785): syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000200)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r0, &(0x7f0000000000), 0xd) 20.214598ms ago: executing program 3 (id=1786): r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000006c0)={0xffffffffffffffff, 0x0, 0x5f, 0xee, &(0x7f00000005c0)="3cb580bc019d5bc3b4b78e7d236a74b05e365ffb4624d85cc1421b7bafcc3e9660615b2c5f28ae18fe9136c08659bfad53b0fa54bcb8d1f00353654ef441fa01ae1532acfc9a2581e27b0aeb82ff957eeeda9f0baa2d47c399841ec899ce0e", &(0x7f0000000900)=""/238, 0x1, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000300), 0x0, 0x0, 0x10000}, 0x50) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000540)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r2, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 0s ago: executing program 0 (id=1787): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r5 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0) gettid() fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) ioctl$VT_RESIZEX(r1, 0x560a, &(0x7f00000006c0)={0x4, 0x0, 0x0, 0x0, 0x132, 0x3}) ioctl$TIOCL_SETSEL(r1, 0x541c, &(0x7f0000001900)={0x2, {0xc, 0x117, 0x5, 0x101, 0x200}}) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2031, 0x60}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8}]}, @IFLA_GROUP={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x20048054}, 0x0) ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(0xffffffffffffffff, 0xf504, 0x0) kernel console output (not intermixed with test programs): 5 subj=unconfined pid=5562 comm="syz.4.307" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=57 compat=0 ip=0xffff92375928 code=0x7ffc0000 [ 53.891195][ T5572] set_capacity_and_notify: 5 callbacks suppressed [ 53.891204][ T5572] loop4: detected capacity change from 0 to 256 [ 53.893119][ T27] audit: type=1326 audit(53.660:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5562 comm="syz.4.307" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff92375928 code=0x7ffc0000 [ 53.902173][ T27] audit: type=1326 audit(53.660:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5562 comm="syz.4.307" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff92375928 code=0x7ffc0000 [ 53.906115][ T27] audit: type=1326 audit(53.670:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5562 comm="syz.4.307" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffff92375928 code=0x7ffc0000 [ 53.909803][ T27] audit: type=1326 audit(53.670:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5562 comm="syz.4.307" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff92375928 code=0x7ffc0000 [ 53.911314][ T5570] device syzkaller0 entered promiscuous mode [ 53.922115][ T5574] netlink: 112 bytes leftover after parsing attributes in process `syz.0.310'. [ 53.930315][ T27] audit: type=1326 audit(53.670:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5562 comm="syz.4.307" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff92375928 code=0x7ffc0000 [ 53.940501][ T5572] FAT-fs (loop4): Directory bread(block 64) failed [ 53.941502][ T5572] FAT-fs (loop4): Directory bread(block 65) failed [ 53.942533][ T5572] FAT-fs (loop4): Directory bread(block 66) failed [ 53.943538][ T5572] FAT-fs (loop4): Directory bread(block 67) failed [ 53.943967][ T27] audit: type=1326 audit(53.680:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5562 comm="syz.4.307" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=211 compat=0 ip=0xffff92375928 code=0x7ffc0000 [ 53.944513][ T5572] FAT-fs (loop4): Directory bread(block 68) failed [ 53.952439][ T27] audit: type=1326 audit(53.830:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5562 comm="syz.4.307" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff92375928 code=0x7ffc0000 [ 53.959693][ T5572] FAT-fs (loop4): Directory bread(block 69) failed [ 53.960775][ T5572] FAT-fs (loop4): Directory bread(block 70) failed [ 53.961828][ T5572] FAT-fs (loop4): Directory bread(block 71) failed [ 53.962945][ T5572] FAT-fs (loop4): Directory bread(block 72) failed [ 53.964022][ T5572] FAT-fs (loop4): Directory bread(block 73) failed [ 53.998959][ T5576] binder: 5575:5576 ioctl 4018620d 0 returned -22 [ 54.000225][ T5576] binder: tried to use weak ref as strong ref [ 54.001211][ T5576] binder: 5575:5576 Acquire 1 refcount change on invalid ref 0 ret -22 [ 54.021375][ T5576] binder: 5575:5576 got transaction to invalid handle, 1 [ 54.022392][ T5576] binder: 5576:5575 cannot find target node [ 54.023319][ T5576] binder: 5575:5576 transaction call to 0:0 failed 159/29201/-22, size 0-0 line 3045 [ 54.033109][ T5576] binder: 5575:5576 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 54.035087][ T5576] binder: 5575:5576 ioctl c0306201 20000300 returned -11 [ 54.036330][ T5576] binder: 5575:5576 transaction reply to 0:0 failed 160/29201/-71, size 0-0 line 2946 [ 54.069932][ T4384] binder: undelivered TRANSACTION_ERROR: 29201 [ 54.197274][ T5585] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 54.924547][ T5620] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 54.926263][ T5620] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 55.944467][ T5631] netlink: 112 bytes leftover after parsing attributes in process `syz.1.322'. [ 56.207561][ T4368] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 56.391308][ T4368] usb 1-1: too many configurations: 9, using maximum allowed: 8 [ 56.393997][ T4368] usb 1-1: config 64 has 1 interface, different from the descriptor's value: 9 [ 56.395430][ T4368] usb 1-1: config 64 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 56.397259][ T4368] usb 1-1: config 64 interface 0 has no altsetting 0 [ 56.402140][ T4368] usb 1-1: config 64 has 1 interface, different from the descriptor's value: 9 [ 56.403623][ T4368] usb 1-1: config 64 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 56.405223][ T4368] usb 1-1: config 64 interface 0 has no altsetting 0 [ 56.406927][ T4368] usb 1-1: config 64 has 1 interface, different from the descriptor's value: 9 [ 56.408566][ T4368] usb 1-1: config 64 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 56.410310][ T4368] usb 1-1: config 64 interface 0 has no altsetting 0 [ 56.411991][ T4368] usb 1-1: config 64 has 1 interface, different from the descriptor's value: 9 [ 56.413301][ T4368] usb 1-1: config 64 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 56.414915][ T4368] usb 1-1: config 64 interface 0 has no altsetting 0 [ 56.417026][ T4368] usb 1-1: config 64 has 1 interface, different from the descriptor's value: 9 [ 56.418544][ T4368] usb 1-1: config 64 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 56.420186][ T4368] usb 1-1: config 64 interface 0 has no altsetting 0 [ 56.421992][ T4368] usb 1-1: config 64 has 1 interface, different from the descriptor's value: 9 [ 56.423319][ T4368] usb 1-1: config 64 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 56.425243][ T4368] usb 1-1: config 64 interface 0 has no altsetting 0 [ 56.427101][ T4368] usb 1-1: config 64 has 1 interface, different from the descriptor's value: 9 [ 56.428681][ T4368] usb 1-1: config 64 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 56.430959][ T4368] usb 1-1: config 64 interface 0 has no altsetting 0 [ 56.432784][ T4368] usb 1-1: config 64 has 1 interface, different from the descriptor's value: 9 [ 56.434142][ T4368] usb 1-1: config 64 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 56.435852][ T4368] usb 1-1: config 64 interface 0 has no altsetting 0 [ 56.440795][ T4368] usb 1-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 56.442357][ T4368] usb 1-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 56.443706][ T4368] usb 1-1: Product: syz [ 56.444398][ T4368] usb 1-1: Manufacturer: syz [ 56.445154][ T4368] usb 1-1: SerialNumber: syz [ 56.460765][ T4368] yurex 1-1:64.0: USB YUREX device now attached to Yurex #0 [ 56.666077][ T4381] usb 1-1: USB disconnect, device number 2 [ 56.669572][ T4381] yurex 1-1:64.0: USB YUREX #0 now disconnected [ 57.187220][ T5633] loop0: detected capacity change from 0 to 256 [ 57.200217][ T5633] FAT-fs (loop0): Directory bread(block 64) failed [ 57.201376][ T5633] FAT-fs (loop0): Directory bread(block 65) failed [ 57.202556][ T5633] FAT-fs (loop0): Directory bread(block 66) failed [ 57.203510][ T5633] FAT-fs (loop0): Directory bread(block 67) failed [ 57.204739][ T5633] FAT-fs (loop0): Directory bread(block 68) failed [ 57.205685][ T5633] FAT-fs (loop0): Directory bread(block 69) failed [ 57.206666][ T5633] FAT-fs (loop0): Directory bread(block 70) failed [ 57.208321][ T5633] FAT-fs (loop0): Directory bread(block 71) failed [ 57.209336][ T5633] FAT-fs (loop0): Directory bread(block 72) failed [ 57.210294][ T5633] FAT-fs (loop0): Directory bread(block 73) failed [ 57.255372][ T5635] binder: 5634:5635 ioctl c0306201 0 returned -14 [ 57.257263][ T5635] binder: 5635:5634 cannot find target node [ 57.258418][ T5635] binder: 5634:5635 transaction call to 0:0 failed 164/29201/-22, size 0-0 line 3045 [ 57.260072][ T5635] binder: 5634:5635 ioctl c0306201 20000300 returned -11 [ 64.478872][ T2061] ieee802154 phy0 wpan0: encryption failed: -22 [ 64.480045][ T2061] ieee802154 phy1 wpan1: encryption failed: -22 [ 64.763936][ T5596] device bridge0 entered promiscuous mode [ 64.764964][ T5596] device macvlan2 entered promiscuous mode [ 64.911997][ T5685] loop3: detected capacity change from 0 to 256 [ 64.934344][ T5685] FAT-fs (loop3): Directory bread(block 64) failed [ 64.935510][ T5685] FAT-fs (loop3): Directory bread(block 65) failed [ 64.939211][ T5685] FAT-fs (loop3): Directory bread(block 66) failed [ 64.939214][ T5687] binder: 5686:5687 ioctl c0306201 0 returned -14 [ 64.942665][ T5685] FAT-fs (loop3): Directory bread(block 67) failed [ 64.942689][ T5687] binder_user_error: 6 callbacks suppressed [ 64.942696][ T5687] binder: 5686:5687 got transaction to invalid handle, 1 [ 64.943905][ T5685] FAT-fs (loop3): Directory bread(block 68) failed [ 64.944624][ T5687] binder_debug: 2 callbacks suppressed [ 64.944637][ T5687] binder: 5687:5686 cannot find target node [ 64.945877][ T5685] FAT-fs (loop3): Directory bread(block 69) failed [ 64.946678][ T5687] binder: 5686:5687 transaction call to 0:0 failed 169/29201/-22, size 0-0 line 3045 [ 64.959056][ T5685] FAT-fs (loop3): Directory bread(block 70) failed [ 64.962948][ T5687] binder: 5686:5687 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 64.964596][ T5685] FAT-fs (loop3): Directory bread(block 71) failed [ 64.964949][ T5687] binder: 5687 RLIMIT_NICE not set [ 64.966835][ T5687] binder: 5686:5687 ioctl c0306201 20000300 returned -11 [ 64.967089][ T5685] FAT-fs (loop3): Directory bread(block 72) failed [ 64.973016][ T5687] binder: 5686:5687 got reply transaction with no transaction stack [ 64.974304][ T5685] FAT-fs (loop3): Directory bread(block 73) failed [ 64.974325][ T5687] binder: 5686:5687 transaction reply to 0:0 failed 170/29201/-71, size 0-0 line 2946 [ 65.024161][ T1515] binder: undelivered TRANSACTION_ERROR: 29201 [ 65.038298][ T5689] netlink: 8 bytes leftover after parsing attributes in process `syz.1.330'. [ 65.039681][ T5689] device lo entered promiscuous mode [ 65.049301][ T5689] device tunl0 entered promiscuous mode [ 65.050423][ T5689] device gre0 entered promiscuous mode [ 65.055167][ T5689] device gretap0 entered promiscuous mode [ 65.056617][ T5689] device erspan0 entered promiscuous mode [ 65.060829][ T5689] device ip_vti0 entered promiscuous mode [ 65.062340][ T5689] device ip6_vti0 entered promiscuous mode [ 65.066591][ T5689] device sit0 entered promiscuous mode [ 65.069738][ T5689] device ip6tnl0 entered promiscuous mode [ 65.070943][ T5689] device ip6gre0 entered promiscuous mode [ 65.072035][ T5689] device syz_tun entered promiscuous mode [ 65.087451][ T5689] device ip6gretap0 entered promiscuous mode [ 65.093878][ T5689] device bridge0 entered promiscuous mode [ 65.095352][ T5689] device vcan0 entered promiscuous mode [ 65.096308][ T5689] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 65.104125][ T5694] 9pnet_virtio: no channels available for device syz [ 65.111175][ T5689] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 65.116014][ T5696] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 65.117453][ T5696] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 65.146256][ T5689] device bond0 entered promiscuous mode [ 65.147174][ T5689] device bond_slave_0 entered promiscuous mode [ 65.148578][ T5689] device bond_slave_1 entered promiscuous mode [ 65.159460][ T4381] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 65.169662][ T5689] device team0 entered promiscuous mode [ 65.170747][ T5689] device team_slave_0 entered promiscuous mode [ 65.172209][ T5689] device team_slave_1 entered promiscuous mode [ 65.176265][ T5689] device dummy0 entered promiscuous mode [ 65.177900][ T5689] device nlmon0 entered promiscuous mode [ 65.218901][ T5689] device caif0 entered promiscuous mode [ 65.221041][ T5689] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 65.377588][ T4381] usb 1-1: Using ep0 maxpacket: 8 [ 65.383529][ T4381] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 65.384766][ T4381] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 65.386194][ T4381] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 65.388170][ T4381] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 65.389750][ T4381] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 65.393568][ T4381] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 65.397249][ T4381] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 65.618346][ T4381] usb 1-1: usb_control_msg returned -32 [ 65.619309][ T4381] usbtmc 1-1:16.0: can't read capabilities [ 65.698176][ T5715] netlink: 132 bytes leftover after parsing attributes in process `syz.4.340'. [ 65.766413][ T5723] device syzkaller0 entered promiscuous mode [ 66.027392][ T5731] usbtmc 1-1:16.0: control status returned 0 [ 66.051304][ T5733] netlink: 24 bytes leftover after parsing attributes in process `syz.3.345'. [ 66.141498][ T5740] 9pnet_virtio: no channels available for device syz [ 66.450211][ T4381] usb 1-1: USB disconnect, device number 3 [ 66.999538][ T5748] loop0: detected capacity change from 0 to 256 [ 67.025686][ T5748] FAT-fs (loop0): Directory bread(block 64) failed [ 67.026726][ T5748] FAT-fs (loop0): Directory bread(block 65) failed [ 67.036900][ T5748] FAT-fs (loop0): Directory bread(block 66) failed [ 67.039683][ T5748] FAT-fs (loop0): Directory bread(block 67) failed [ 67.040691][ T5748] FAT-fs (loop0): Directory bread(block 68) failed [ 67.041689][ T5748] FAT-fs (loop0): Directory bread(block 69) failed [ 67.042729][ T5748] FAT-fs (loop0): Directory bread(block 70) failed [ 67.043701][ T5748] FAT-fs (loop0): Directory bread(block 71) failed [ 67.044781][ T5748] FAT-fs (loop0): Directory bread(block 72) failed [ 67.045786][ T5748] FAT-fs (loop0): Directory bread(block 73) failed [ 67.116958][ T5750] netlink: 132 bytes leftover after parsing attributes in process `syz.0.351'. [ 77.033490][ T5797] loop1: detected capacity change from 0 to 256 [ 77.054149][ T5797] FAT-fs (loop1): Directory bread(block 64) failed [ 77.056457][ T5797] FAT-fs (loop1): Directory bread(block 65) failed [ 77.060434][ T5797] FAT-fs (loop1): Directory bread(block 66) failed [ 77.061609][ T5797] FAT-fs (loop1): Directory bread(block 67) failed [ 77.062591][ T5797] FAT-fs (loop1): Directory bread(block 68) failed [ 77.067085][ T5797] FAT-fs (loop1): Directory bread(block 69) failed [ 77.072471][ T5797] FAT-fs (loop1): Directory bread(block 70) failed [ 77.074723][ T5797] FAT-fs (loop1): Directory bread(block 71) failed [ 77.075694][ T5797] FAT-fs (loop1): Directory bread(block 72) failed [ 77.087161][ T5797] FAT-fs (loop1): Directory bread(block 73) failed [ 77.203396][ T5817] device syzkaller0 entered promiscuous mode [ 77.275332][ T5823] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 77.277981][ T5823] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 77.463111][ T5826] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.464675][ T5826] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.902255][ T5826] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 77.916210][ T5826] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 78.193220][ T5826] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 78.194721][ T5826] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 78.196134][ T5826] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 78.198212][ T5826] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 78.245848][ T5847] loop3: detected capacity change from 0 to 256 [ 78.265175][ T5847] FAT-fs (loop3): Directory bread(block 64) failed [ 78.266325][ T5847] FAT-fs (loop3): Directory bread(block 65) failed [ 78.267402][ T5847] FAT-fs (loop3): Directory bread(block 66) failed [ 78.272363][ T5847] FAT-fs (loop3): Directory bread(block 67) failed [ 78.273609][ T5847] FAT-fs (loop3): Directory bread(block 68) failed [ 78.274707][ T5847] FAT-fs (loop3): Directory bread(block 69) failed [ 78.275616][ T5847] FAT-fs (loop3): Directory bread(block 70) failed [ 78.276692][ T5847] FAT-fs (loop3): Directory bread(block 71) failed [ 78.278318][ T5847] FAT-fs (loop3): Directory bread(block 72) failed [ 78.279343][ T5847] FAT-fs (loop3): Directory bread(block 73) failed [ 78.353122][ T5853] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 78.354709][ T5853] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 78.508391][ T5828] device syzkaller0 entered promiscuous mode [ 78.926575][ T5869] loop1: detected capacity change from 0 to 256 [ 78.946135][ T5869] FAT-fs (loop1): Directory bread(block 64) failed [ 78.947328][ T5869] FAT-fs (loop1): Directory bread(block 65) failed [ 78.953934][ T5869] FAT-fs (loop1): Directory bread(block 66) failed [ 78.955234][ T5869] FAT-fs (loop1): Directory bread(block 67) failed [ 78.956545][ T5869] FAT-fs (loop1): Directory bread(block 68) failed [ 78.965422][ T5869] FAT-fs (loop1): Directory bread(block 69) failed [ 78.968439][ T5869] FAT-fs (loop1): Directory bread(block 70) failed [ 78.970269][ T5869] FAT-fs (loop1): Directory bread(block 71) failed [ 78.971428][ T5869] FAT-fs (loop1): Directory bread(block 72) failed [ 78.972528][ T5869] FAT-fs (loop1): Directory bread(block 73) failed [ 79.126427][ T5882] loop3: detected capacity change from 0 to 512 [ 79.141560][ T5882] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 79.160848][ T4320] EXT4-fs (loop3): unmounting filesystem. [ 79.187851][ T5887] netlink: 28 bytes leftover after parsing attributes in process `syz.3.396'. [ 79.917578][ T47] Bluetooth: hci5: command 0x1003 tx timeout [ 79.919635][ T4327] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 82.878299][ T4332] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 82.879637][ T4332] Bluetooth: hci1: Injecting HCI hardware error event [ 82.881516][ T4332] Bluetooth: hci1: hardware error 0x00 [ 85.117566][ T4332] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 89.348093][ T5932] loop1: detected capacity change from 0 to 512 [ 89.469411][ T5932] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 89.716552][ T4321] EXT4-fs (loop1): unmounting filesystem. [ 90.001198][ T5967] device syzkaller0 entered promiscuous mode [ 90.204995][ T5978] binder: 5977:5978 unknown command 0 [ 90.206044][ T5978] binder: 5977:5978 ioctl c0306201 20000080 returned -22 [ 90.214163][ T5978] binder: 5977:5978 tried to acquire reference to desc 0, got 1 instead [ 90.229660][ T5978] binder: 5977:5978 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 90.231699][ T5978] binder: 5978 RLIMIT_NICE not set [ 90.232586][ T5978] binder: 5978 RLIMIT_NICE not set [ 90.235238][ T14] binder: release 5977:5978 transaction 175 out, still active [ 90.247351][ T14] binder: undelivered TRANSACTION_COMPLETE [ 90.262649][ T14] binder: release 5977:5978 transaction 175 in, still active [ 90.263803][ T14] binder: send failed reply for transaction 175, target dead [ 90.902700][ T5995] 9pnet_virtio: no channels available for device syz [ 101.063161][ T4332] Bluetooth: Unknown BR/EDR signaling command 0xfb [ 101.064247][ T4332] Bluetooth: Wrong link type (-22) [ 101.065090][ T4332] Bluetooth: hci0: link tx timeout [ 101.066101][ T4332] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 101.193128][ T6016] netlink: 56 bytes leftover after parsing attributes in process `syz.0.442'. [ 101.292032][ T6026] capability: warning: `syz.3.444' uses deprecated v2 capabilities in a way that may be insecure [ 101.754047][ T6034] device syzkaller0 entered promiscuous mode [ 101.838653][ T4332] Bluetooth: Unknown BR/EDR signaling command 0xfb [ 101.839789][ T4332] Bluetooth: Wrong link type (-22) [ 101.840659][ T4332] Bluetooth: hci4: link tx timeout [ 101.842066][ T4332] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 102.802437][ T6053] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 103.117548][ T4332] Bluetooth: hci0: command 0x0406 tx timeout [ 103.917652][ T4332] Bluetooth: hci4: command 0x0406 tx timeout [ 112.748384][ T4583] IPv6: ADDRCONF(NETDEV_CHANGE): vlan2: link becomes ready [ 112.752082][ T6056] netlink: 'syz.0.454': attribute type 1 has an invalid length. [ 112.765561][ T6066] IPv6: NLM_F_CREATE should be specified when creating new route [ 112.834533][ T79] block nbd1: Attempted send on invalid socket [ 112.835679][ T79] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 112.843830][ T6075] efs: cannot read volume header [ 113.052462][ T6096] netlink: 56 bytes leftover after parsing attributes in process `syz.2.462'. [ 113.072794][ T6098] netlink: 148 bytes leftover after parsing attributes in process `syz.1.469'. [ 113.559423][ T6109] binder: 6108:6109 tried to acquire reference to desc 0, got 1 instead [ 113.562372][ T6109] binder: 6108:6109 ioctl c0306201 0 returned -14 [ 113.566793][ T6109] binder: 6108:6109 got reply transaction with no transaction stack [ 113.570352][ T6109] binder: 6108:6109 transaction reply to 0:0 failed 181/29201/-71, size 0-0 line 2946 [ 113.949663][ T6122] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 113.953556][ T6122] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 114.276766][ T6124] device syzkaller0 entered promiscuous mode [ 114.306065][ T6128] netlink: 148 bytes leftover after parsing attributes in process `syz.4.481'. [ 114.387418][ T4368] binder: undelivered TRANSACTION_ERROR: 29201 [ 114.389340][ T4368] binder: send failed reply for transaction 180 to 6108:6109 [ 114.392124][ T4368] binder: undelivered TRANSACTION_COMPLETE [ 114.393088][ T4368] binder: undelivered TRANSACTION_ERROR: 29189 [ 114.689683][ T4368] usb 1-1: new full-speed USB device number 4 using dummy_hcd [ 114.869007][ T4368] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 114.870648][ T4368] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 114.872484][ T4368] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 114.873833][ T4368] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 115.080307][ T4368] usb 1-1: usb_control_msg returned -32 [ 115.081359][ T4368] usbtmc 1-1:16.0: can't read capabilities [ 115.464335][ T6159] netlink: 148 bytes leftover after parsing attributes in process `syz.3.493'. [ 116.215832][ T6166] binder: 6165:6166 tried to acquire reference to desc 0, got 1 instead [ 116.221318][ T6166] binder: 6165:6166 ioctl c0306201 0 returned -14 [ 116.222607][ T6166] binder: 6165:6166 got reply transaction with no transaction stack [ 116.223872][ T6166] binder: 6165:6166 transaction reply to 0:0 failed 187/29201/-71, size 0-0 line 2946 [ 117.047778][ T4443] binder: undelivered TRANSACTION_ERROR: 29201 [ 117.048935][ T4443] binder: send failed reply for transaction 186 to 6165:6166 [ 117.050176][ T4443] binder: undelivered TRANSACTION_COMPLETE [ 117.051510][ T4443] binder: undelivered TRANSACTION_ERROR: 29189 [ 117.064187][ T6168] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 117.065600][ T6168] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 120.281760][ T6192] binder: 6191:6192 tried to acquire reference to desc 0, got 1 instead [ 120.283945][ T6192] binder: 6191:6192 ioctl c0306201 0 returned -14 [ 120.285087][ T6192] binder: 6191:6192 got reply transaction with no transaction stack [ 120.286304][ T6192] binder: 6191:6192 transaction reply to 0:0 failed 193/29201/-71, size 0-0 line 2946 [ 121.118776][ T4443] binder: undelivered TRANSACTION_ERROR: 29201 [ 121.119785][ T4443] binder: send failed reply for transaction 192 to 6191:6192 [ 121.120983][ T4443] binder: undelivered TRANSACTION_COMPLETE [ 121.121867][ T4443] binder: undelivered TRANSACTION_ERROR: 29189 [ 121.134595][ T6194] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 121.135978][ T6194] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 125.915897][ T6221] binder: 6220:6221 tried to acquire reference to desc 0, got 1 instead [ 125.918799][ T2061] ieee802154 phy0 wpan0: encryption failed: -22 [ 125.919821][ T2061] ieee802154 phy1 wpan1: encryption failed: -22 [ 125.921637][ T6221] binder: 6220:6221 got reply transaction with no transaction stack [ 125.922885][ T6221] binder: 6220:6221 transaction reply to 0:0 failed 199/29201/-71, size 0-0 line 2946 [ 125.961931][ T6223] netlink: 132 bytes leftover after parsing attributes in process `syz.3.518'. [ 126.009394][ T6227] device syzkaller0 entered promiscuous mode [ 126.158974][ T6194] usbtmc 1-1:16.0: stb usb_control_msg returned -110 [ 126.164120][ T4443] usb 1-1: USB disconnect, device number 4 [ 126.753077][ T1515] binder: undelivered TRANSACTION_ERROR: 29201 [ 126.754118][ T1515] binder: send failed reply for transaction 198 to 6220:6221 [ 126.755403][ T1515] binder: undelivered TRANSACTION_COMPLETE [ 126.756304][ T1515] binder: undelivered TRANSACTION_ERROR: 29189 [ 126.790508][ T6251] netlink: 132 bytes leftover after parsing attributes in process `syz.1.530'. [ 136.944843][ T6273] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 136.946367][ T6273] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 136.966290][ T6276] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 136.970966][ T6276] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 137.000656][ T6282] binder: 6281:6282 tried to acquire reference to desc 0, got 1 instead [ 137.005285][ T6282] binder: 6281:6282 got reply transaction with no transaction stack [ 137.006539][ T6282] binder: 6281:6282 transaction reply to 0:0 failed 205/29201/-71, size 0-0 line 2946 [ 137.139448][ T6296] netlink: 132 bytes leftover after parsing attributes in process `syz.3.545'. [ 137.233839][ T6302] device syzkaller0 entered promiscuous mode [ 137.521340][ T6308] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 137.522346][ T6308] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 137.844354][ T4443] binder: undelivered TRANSACTION_ERROR: 29201 [ 137.844386][ T4443] binder: send failed reply for transaction 204 to 6281:6282 [ 137.844496][ T4443] binder: undelivered TRANSACTION_COMPLETE [ 137.844505][ T4443] binder: undelivered TRANSACTION_ERROR: 29189 [ 138.334851][ T27] kauditd_printk_skb: 1 callbacks suppressed [ 138.334860][ T27] audit: type=1326 audit(138.320:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6319 comm="syz.4.554" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff92375928 code=0x7ffc0000 [ 138.340870][ T27] audit: type=1326 audit(138.320:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6319 comm="syz.4.554" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff92375928 code=0x7ffc0000 [ 138.344440][ T27] audit: type=1326 audit(138.330:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6319 comm="syz.4.554" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=274 compat=0 ip=0xffff92375928 code=0x7ffc0000 [ 138.351886][ T27] audit: type=1326 audit(138.330:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6319 comm="syz.4.554" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff92375928 code=0x7ffc0000 [ 138.355800][ T27] audit: type=1326 audit(138.340:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6319 comm="syz.4.554" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=7 compat=0 ip=0xffff92375928 code=0x7ffc0000 [ 138.360402][ T27] audit: type=1326 audit(138.350:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6319 comm="syz.4.554" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff92375928 code=0x7ffc0000 [ 138.363621][ T27] audit: type=1326 audit(138.350:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6319 comm="syz.4.554" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=130 compat=0 ip=0xffff92375928 code=0x7ffc0000 [ 138.367263][ T27] audit: type=1326 audit(138.350:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6319 comm="syz.4.554" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff92375928 code=0x7ffc0000 [ 138.375470][ T27] audit: type=1326 audit(138.350:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6319 comm="syz.4.554" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffff92375928 code=0x7ffc0000 [ 138.380922][ T27] audit: type=1326 audit(138.360:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6319 comm="syz.4.554" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff92375928 code=0x7ffc0000 [ 139.085307][ T6328] netlink: 132 bytes leftover after parsing attributes in process `syz.4.556'. [ 148.154782][ T6338] binder: 6337:6338 tried to acquire reference to desc 0, got 1 instead [ 148.161553][ T6340] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 148.162160][ T6338] binder: 6337:6338 got reply transaction with no transaction stack [ 148.162993][ T6340] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 148.164158][ T6338] binder: 6337:6338 transaction reply to 0:0 failed 211/29201/-71, size 0-0 line 2946 [ 148.410770][ T6359] binder: 6358:6359 Acquire 1 refcount change on invalid ref 0 ret -22 [ 148.413933][ T6359] binder: 6358:6359 got transaction to invalid handle, 1 [ 148.415181][ T6359] binder: 6359:6358 cannot find target node [ 148.416063][ T6359] binder: 6358:6359 transaction call to 0:0 failed 214/29201/-22, size 0-0 line 3045 [ 148.418433][ T6359] binder: 6358:6359 BC_FREE_BUFFER u0000000020ffd000 no match [ 148.419915][ T1515] binder: undelivered TRANSACTION_ERROR: 29201 [ 148.607638][ T4443] usb 1-1: new full-speed USB device number 5 using dummy_hcd [ 148.618935][ T6366] device syzkaller0 entered promiscuous mode [ 148.714536][ T6368] netlink: 132 bytes leftover after parsing attributes in process `syz.4.573'. [ 148.798949][ T4443] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 148.800641][ T4443] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 148.802781][ T4443] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 148.804416][ T4443] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 148.967895][ T4384] binder: undelivered TRANSACTION_ERROR: 29201 [ 148.969025][ T4384] binder: send failed reply for transaction 210 to 6337:6338 [ 148.970298][ T4384] binder: undelivered TRANSACTION_COMPLETE [ 148.971264][ T4384] binder: undelivered TRANSACTION_ERROR: 29189 [ 149.012642][ T4443] usb 1-1: usb_control_msg returned -32 [ 149.013473][ T4443] usbtmc 1-1:16.0: can't read capabilities [ 153.597553][ T4332] Bluetooth: hci2: command 0x0406 tx timeout [ 153.597565][ T4327] Bluetooth: hci0: command 0x0406 tx timeout [ 153.597588][ T4327] Bluetooth: hci4: command 0x0406 tx timeout [ 159.380379][ T1515] usb 1-1: USB disconnect, device number 5 [ 159.419903][ T6390] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 159.420974][ T6390] overlayfs: failed to set xattr on upper [ 159.421900][ T6390] overlayfs: ...falling back to index=off,metacopy=off. [ 159.483034][ T6399] binder: 6398:6399 Acquire 1 refcount change on invalid ref 0 ret -22 [ 159.493179][ T6399] binder: 6398:6399 got transaction to invalid handle, 1 [ 159.494354][ T6399] binder: 6399:6398 cannot find target node [ 159.495267][ T6399] binder: 6398:6399 transaction call to 0:0 failed 217/29201/-22, size 0-0 line 3045 [ 159.506017][ T6399] binder: 6398:6399 BC_FREE_BUFFER u0000000020ffd000 no match [ 159.509380][ T4381] binder: undelivered TRANSACTION_ERROR: 29201 [ 159.550031][ T6407] binder: 6402:6407 tried to acquire reference to desc 0, got 1 instead [ 159.554701][ T6407] binder: 6402:6407 got reply transaction with no transaction stack [ 159.555988][ T6407] binder: 6402:6407 transaction reply to 0:0 failed 223/29201/-71, size 0-0 line 2946 [ 159.594564][ T6410] netlink: 'syz.4.587': attribute type 13 has an invalid length. [ 159.601517][ T6411] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 159.602996][ T6411] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 159.606909][ T6410] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 159.612674][ T6410] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 159.614594][ T6410] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 159.940706][ T6421] device geneve0 entered promiscuous mode [ 160.036547][ T6424] device syzkaller0 entered promiscuous mode [ 160.110419][ T6424] tipc: Started in network mode [ 160.111382][ T6424] tipc: Node identity 4a0dd96f998c, cluster identity 4711 [ 160.112692][ T6424] tipc: Enabled bearer , priority 0 [ 160.115126][ T6423] tipc: Resetting bearer [ 160.168586][ T6423] tipc: Disabling bearer [ 160.392268][ T1515] binder: undelivered TRANSACTION_ERROR: 29201 [ 160.393387][ T1515] binder: send failed reply for transaction 222 to 6402:6407 [ 160.394757][ T1515] binder: undelivered TRANSACTION_COMPLETE [ 160.395722][ T1515] binder: undelivered TRANSACTION_ERROR: 29189 [ 160.676151][ T6436] syz.1.596 uses obsolete (PF_INET,SOCK_PACKET) [ 161.414605][ T6450] binder: 6449:6450 Acquire 1 refcount change on invalid ref 0 ret -22 [ 161.446737][ T6450] binder: 6449:6450 got transaction to invalid handle, 1 [ 161.456357][ T6450] binder: 6450:6449 cannot find target node [ 161.465711][ T6450] binder: 6449:6450 transaction call to 0:0 failed 226/29201/-22, size 0-0 line 3045 [ 161.500552][ T6450] binder: 6449:6450 BC_FREE_BUFFER u0000000020ffd000 no match [ 161.511603][ T6452] binder: 6451:6452 tried to acquire reference to desc 0, got 1 instead [ 161.523884][ T6452] binder: 6451:6452 got reply transaction with no transaction stack [ 161.707322][ T6462] device syzkaller1 entered promiscuous mode [ 162.701168][ T6493] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 162.706389][ T6493] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 162.711684][ T6493] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 162.810985][ T6496] netlink: 8 bytes leftover after parsing attributes in process `syz.4.618'. [ 162.815943][ T6496] netlink: 'syz.4.618': attribute type 5 has an invalid length. [ 162.819768][ T6496] netlink: 20 bytes leftover after parsing attributes in process `syz.4.618'. [ 162.871801][ T6496] netdevsim netdevsim4 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0 [ 162.882442][ T6496] netdevsim netdevsim4 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0 [ 162.894672][ T6496] netdevsim netdevsim4 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0 [ 162.903393][ T6496] netdevsim netdevsim4 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0 [ 162.914071][ T6496] device geneve2 entered promiscuous mode [ 164.105897][ T6537] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 164.108702][ T6537] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 164.488305][ T6554] Driver unsupported XDP return value 0 on prog (id 51) dev N/A, expect packet loss! [ 164.681376][ T6573] binder_user_error: 10 callbacks suppressed [ 164.681386][ T6573] binder: 6572:6573 tried to acquire reference to desc 0, got 1 instead [ 164.685944][ T6573] binder: 6572:6573 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 164.688533][ T6573] binder: 6573 RLIMIT_NICE not set [ 164.689691][ T6573] binder: 6572:6573 got reply transaction with no transaction stack [ 164.691125][ T6573] binder_debug: 20 callbacks suppressed [ 164.691138][ T6573] binder: 6572:6573 transaction reply to 0:0 failed 255/29201/-71, size 0-0 line 2946 [ 164.745103][ T6577] binder: 6575:6577 Acquire 1 refcount change on invalid ref 0 ret -22 [ 164.749574][ T6577] binder: 6575:6577 got transaction to invalid handle, 1 [ 164.750711][ T6577] binder: 6577:6575 cannot find target node [ 164.752095][ T6577] binder: 6575:6577 transaction call to 0:0 failed 258/29201/-22, size 0-0 line 3045 [ 164.753884][ T6577] binder: 6575:6577 BC_FREE_BUFFER u0000000020ffd000 no match [ 164.755514][ T4384] binder: undelivered TRANSACTION_ERROR: 29201 [ 164.800073][ T47] Bluetooth: hci0: command 0x0401 tx timeout [ 165.124442][ T6606] binder: 6605:6606 Acquire 1 refcount change on invalid ref 0 ret -22 [ 165.127288][ T6606] binder: 6605:6606 got transaction to invalid handle, 1 [ 165.128901][ T6606] binder: 6606:6605 cannot find target node [ 165.130104][ T6606] binder: 6605:6606 transaction call to 0:0 failed 261/29201/-22, size 0-0 line 3045 [ 165.131912][ T6606] binder: 6605:6606 BC_FREE_BUFFER u0000000020ffd000 no match [ 165.137593][ T14] binder: undelivered TRANSACTION_ERROR: 29201 [ 165.164568][ T6609] random: crng reseeded on system resumption [ 165.192479][ T6607] block device autoloading is deprecated and will be removed. [ 165.195369][ T6603] md: md2 stopped. [ 165.510187][ T6630] binder: 6629:6630 ioctl 4018620d 0 returned -22 [ 165.519958][ T1515] binder: undelivered TRANSACTION_ERROR: 29201 [ 165.520978][ T1515] binder: send failed reply for transaction 254 to 6572:6573 [ 165.522242][ T1515] binder: undelivered TRANSACTION_COMPLETE [ 165.779257][ T6645] netlink: 12 bytes leftover after parsing attributes in process `syz.3.681'. [ 165.855360][ T6652] block device autoloading is deprecated and will be removed. [ 166.014912][ T6660] binder: 6659:6660 ioctl 4018620d 0 returned -22 [ 166.177978][ T6671] tipc: Started in network mode [ 166.178749][ T6671] tipc: Node identity d6d853230f53, cluster identity 4711 [ 166.180010][ T6671] tipc: Enabled bearer , priority 0 [ 166.181655][ T6671] device syzkaller0 entered promiscuous mode [ 166.184678][ T6671] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 166.268346][ T6670] tipc: Resetting bearer [ 166.410362][ T6670] tipc: Disabling bearer [ 166.853953][ T6690] binder: 6689:6690 ioctl 4018620d 0 returned -22 [ 166.947444][ T6694] device syzkaller1 entered promiscuous mode [ 167.617092][ T6720] binder: BINDER_SET_CONTEXT_MGR already set [ 167.618520][ T6720] binder: 6719:6720 ioctl 4018620d 200001c0 returned -16 [ 167.933231][ T6727] device syzkaller1 entered promiscuous mode [ 168.183137][ T6740] futex_wake_op: syz.4.720 tries to shift op by 32; fix this program [ 168.224214][ T6743] netlink: 4 bytes leftover after parsing attributes in process `syz.0.718'. [ 168.575518][ T6747] binder: BINDER_SET_CONTEXT_MGR already set [ 168.576505][ T6747] binder: 6746:6747 ioctl 4018620d 200001c0 returned -16 [ 168.695711][ T6755] device syzkaller1 entered promiscuous mode [ 169.492963][ T6777] binder: BINDER_SET_CONTEXT_MGR already set [ 169.492995][ T6777] binder: 6776:6777 ioctl 4018620d 200001c0 returned -16 [ 169.732092][ T6785] device syzkaller1 entered promiscuous mode [ 169.901248][ T6795] Bluetooth: MGMT ver 1.22 [ 170.156325][ T6804] binder: 6803:6804 ioctl c0306201 0 returned -14 [ 170.165529][ T6804] binder_user_error: 24 callbacks suppressed [ 170.165536][ T6804] binder: 6803:6804 got transaction to invalid handle, 1 [ 170.178144][ T6804] binder_debug: 25 callbacks suppressed [ 170.178158][ T6804] binder: 6804:6803 cannot find target node [ 170.182395][ T6804] binder: 6803:6804 transaction call to 0:0 failed 295/29201/-22, size 0-0 line 3045 [ 170.190141][ T6804] binder: 6803:6804 BC_FREE_BUFFER u0000000020ffd000 no match [ 170.193700][ T1515] binder: undelivered TRANSACTION_ERROR: 29201 [ 170.344077][ T6809] binder: 6808:6809 tried to acquire reference to desc 0, got 1 instead [ 170.355184][ T6809] binder: 6808:6809 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 170.359851][ T6809] binder: 6809 RLIMIT_NICE not set [ 170.363200][ T6809] binder: 6808:6809 got reply transaction with no transaction stack [ 170.364627][ T6809] binder: 6808:6809 transaction reply to 0:0 failed 301/29201/-71, size 0-0 line 2946 [ 171.086698][ T6832] binder: 6831:6832 ioctl c0306201 0 returned -14 [ 171.089885][ T6832] binder: 6831:6832 got transaction to invalid handle, 1 [ 171.091078][ T6832] binder: 6832:6831 cannot find target node [ 171.091985][ T6832] binder: 6831:6832 transaction call to 0:0 failed 305/29201/-22, size 0-0 line 3045 [ 171.093742][ T6832] binder: 6831:6832 BC_FREE_BUFFER u0000000020ffd000 no match [ 171.095164][ T1515] binder: undelivered TRANSACTION_ERROR: 29201 [ 171.175111][ T14] binder: undelivered TRANSACTION_ERROR: 29201 [ 171.177085][ T14] binder: send failed reply for transaction 300 to 6808:6809 [ 171.180706][ T14] binder: undelivered TRANSACTION_COMPLETE [ 171.370191][ T6836] bridge0: port 2(bridge_slave_1) entered disabled state [ 171.371441][ T6836] bridge0: port 1(bridge_slave_0) entered disabled state [ 171.826647][ T6836] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 171.842565][ T6836] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 171.917576][ T4332] Bluetooth: hci0: command 0x0c20 tx timeout [ 172.094145][ T6836] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 172.095592][ T6836] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 172.096936][ T6836] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 172.098451][ T6836] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 172.426510][ T6863] binder: 6861:6863 ioctl c0306201 0 returned -14 [ 172.429778][ T6863] binder: 6861:6863 got transaction to invalid handle, 1 [ 172.431264][ T6863] binder: 6861:6863 BC_FREE_BUFFER u0000000020ffd000 no match [ 172.472879][ T6860] syz.2.767 (6860): drop_caches: 1 [ 172.527236][ T6860] syz.2.767 (6860): drop_caches: 1 [ 172.780993][ T6880] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 172.863174][ T6882] netlink: 84 bytes leftover after parsing attributes in process `syz.3.771'. [ 173.542229][ T6892] bridge0: port 2(bridge_slave_1) entered disabled state [ 173.543508][ T6892] bridge0: port 1(bridge_slave_0) entered disabled state [ 173.975716][ T6892] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 173.989170][ T6892] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 174.264020][ T6892] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.265417][ T6892] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.266763][ T6892] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.269208][ T6892] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.553139][ T6892] netdevsim netdevsim4 netdevsim0: unset [1, 1] type 2 family 0 port 256 - 0 [ 174.554573][ T6892] netdevsim netdevsim4 netdevsim1: unset [1, 1] type 2 family 0 port 256 - 0 [ 174.555831][ T6892] netdevsim netdevsim4 netdevsim2: unset [1, 1] type 2 family 0 port 256 - 0 [ 174.557181][ T6892] netdevsim netdevsim4 netdevsim3: unset [1, 1] type 2 family 0 port 256 - 0 [ 174.653942][ T6928] 9pnet_virtio: no channels available for device syz [ 174.807518][ T47] Bluetooth: hci0: command 0x0401 tx timeout [ 175.170497][ T6957] binder_user_error: 13 callbacks suppressed [ 175.170508][ T6957] binder: 6956:6957 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 175.178871][ T6957] binder: 6957 RLIMIT_NICE not set [ 175.181363][ T6957] binder: 6956:6957 got reply transaction with no transaction stack [ 175.592708][ T6968] netlink: 132 bytes leftover after parsing attributes in process `syz.4.803'. [ 175.719850][ T6975] binder: 6974:6975 got transaction to invalid handle, 1 [ 175.723342][ T6975] binder_debug: 21 callbacks suppressed [ 175.723357][ T6975] binder: 6975:6974 cannot find target node [ 175.725295][ T6975] binder: 6974:6975 transaction call to 0:0 failed 339/29201/-22, size 0-0 line 3045 [ 175.728255][ T6975] binder: 6974:6975 BC_FREE_BUFFER u0000000020ffd000 no match [ 175.729799][ T5138] binder: undelivered TRANSACTION_ERROR: 29201 [ 175.848590][ T27] kauditd_printk_skb: 11 callbacks suppressed [ 175.848601][ T27] audit: type=1326 audit(175.840:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6989 comm="syz.4.813" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff92375928 code=0x7ffc0000 [ 175.853714][ T27] audit: type=1326 audit(175.840:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6989 comm="syz.4.813" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff92375928 code=0x7ffc0000 [ 175.861303][ T27] audit: type=1326 audit(175.840:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6989 comm="syz.4.813" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff92375928 code=0x7ffc0000 [ 175.872042][ T27] audit: type=1326 audit(175.840:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6989 comm="syz.4.813" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=8 compat=0 ip=0xffff92375928 code=0x7ffc0000 [ 175.876404][ T27] audit: type=1326 audit(175.840:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6989 comm="syz.4.813" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff92375928 code=0x7ffc0000 [ 175.889537][ T27] audit: type=1326 audit(175.840:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6989 comm="syz.4.813" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff92375928 code=0x7ffc0000 [ 175.892874][ T27] audit: type=1326 audit(175.840:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6989 comm="syz.4.813" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=436 compat=0 ip=0xffff92375928 code=0x7ffc0000 [ 175.900331][ T27] audit: type=1326 audit(175.840:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6989 comm="syz.4.813" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=94 compat=0 ip=0xffff92375928 code=0x7ffc0000 [ 175.996465][ T5138] binder: undelivered TRANSACTION_ERROR: 29201 [ 175.997447][ T5138] binder: send failed reply for transaction 334 to 6956:6957 [ 175.998903][ T5138] binder: undelivered TRANSACTION_COMPLETE [ 175.999735][ T5138] binder: undelivered TRANSACTION_ERROR: 29189 [ 176.136660][ T7002] bridge0: port 2(bridge_slave_1) entered disabled state [ 176.138836][ T7002] bridge0: port 1(bridge_slave_0) entered disabled state [ 176.554910][ T7002] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 176.574585][ T7002] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 176.643200][ T7009] binder: 7008:7009 got transaction to invalid handle, 1 [ 176.644519][ T7009] binder: 7009:7008 cannot find target node [ 176.646699][ T7009] binder: 7008:7009 transaction call to 0:0 failed 343/29201/-22, size 0-0 line 3045 [ 176.653940][ T7009] binder: 7008:7009 BC_FREE_BUFFER u0000000020ffd000 no match [ 176.665185][ T1515] binder: undelivered TRANSACTION_ERROR: 29201 [ 176.848977][ T7026] binder: 7025:7026 tried to acquire reference to desc 0, got 1 instead [ 176.852772][ T7026] binder: 7025:7026 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 176.859241][ T7026] binder: 7026 RLIMIT_NICE not set [ 176.982777][ T7002] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 176.984188][ T7002] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 176.985551][ T7002] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 176.986715][ T7002] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 177.605038][ T7056] netlink: 4 bytes leftover after parsing attributes in process `syz.1.838'. [ 178.629869][ T7109] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 178.632051][ T7109] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 179.122682][ T7119] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.124073][ T7119] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.544293][ T7119] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 179.558957][ T7119] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 179.865152][ T7119] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 179.866636][ T7119] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 179.870435][ T7119] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 179.872750][ T7119] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 180.522926][ T7175] device syzkaller1 entered promiscuous mode [ 180.889576][ T7179] binder: 7178:7179 ioctl 4018620d 0 returned -22 [ 180.891025][ T7179] binder_user_error: 16 callbacks suppressed [ 180.891047][ T7179] binder: 7178:7179 got transaction to invalid handle, 1 [ 180.893125][ T7179] binder_debug: 26 callbacks suppressed [ 180.893138][ T7179] binder: 7179:7178 cannot find target node [ 180.895024][ T7179] binder: 7178:7179 transaction call to 0:0 failed 381/29201/-22, size 0-0 line 3045 [ 180.896786][ T7179] binder: 7178:7179 BC_FREE_BUFFER u0000000020ffd000 no match [ 180.901900][ T7122] binder: undelivered TRANSACTION_ERROR: 29201 [ 181.011457][ T4368] binder: release 7146:7147 transaction 374 out, still active [ 181.012652][ T4368] binder: undelivered TRANSACTION_COMPLETE [ 181.013555][ T4368] binder: undelivered TRANSACTION_ERROR: 29201 [ 181.014498][ T4368] binder: send failed reply for transaction 374, target dead [ 181.050938][ T7191] binder: 7190:7191 tried to acquire reference to desc 0, got 1 instead [ 181.053799][ T7191] binder: 7190:7191 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 181.055822][ T7191] binder: 7191 RLIMIT_NICE not set [ 181.056649][ T7191] binder: 7191 RLIMIT_NICE not set [ 181.057975][ T4368] binder: undelivered TRANSACTION_COMPLETE [ 181.123973][ T7196] device syzkaller1 entered promiscuous mode [ 181.285614][ T7209] binder: 7208:7209 ioctl 4018620d 0 returned -22 [ 181.286939][ T7209] binder: 7208:7209 got transaction to invalid handle, 1 [ 181.293773][ T7209] binder: 7209:7208 cannot find target node [ 181.294667][ T7209] binder: 7208:7209 transaction call to 0:0 failed 389/29201/-22, size 0-0 line 3045 [ 181.296289][ T7209] binder: 7208:7209 BC_FREE_BUFFER u0000000020ffd000 no match [ 181.321192][ T7213] binder: 7212:7213 tried to acquire reference to desc 0, got 1 instead [ 181.341353][ T7213] binder: 7212:7213 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 182.227590][ T7240] binder: 7239:7240 ioctl 4018620d 0 returned -22 [ 182.378750][ T7244] device syzkaller1 entered promiscuous mode [ 183.004192][ T7271] binder: 7270:7271 ioctl c0306201 0 returned -14 [ 183.390172][ T7294] binder: 7293:7294 ioctl c0306201 0 returned -14 [ 183.449522][ T5139] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 183.639888][ T5139] usb 1-1: Using ep0 maxpacket: 8 [ 183.643534][ T5139] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 183.644871][ T5139] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 183.646439][ T5139] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 183.648095][ T5139] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 183.653860][ T5139] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 183.665463][ T5139] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 183.670297][ T5139] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 183.884695][ T5139] usb 1-1: usb_control_msg returned -32 [ 183.885619][ T5139] usbtmc 1-1:16.0: can't read capabilities [ 184.238966][ T7320] usbtmc 1-1:16.0: control status returned 0 [ 184.424796][ T7324] binder: 7323:7324 ioctl c0306201 0 returned -14 [ 184.443387][ T5139] usb 1-1: USB disconnect, device number 6 [ 184.868731][ T7334] device bridge_slave_0 left promiscuous mode [ 184.869875][ T7334] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.899195][ T7334] device bridge_slave_1 left promiscuous mode [ 184.900321][ T7334] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.938938][ T7334] bond0: (slave bond_slave_0): Releasing backup interface [ 184.978525][ T7334] bond0: (slave bond_slave_1): Releasing backup interface [ 185.030850][ T7334] team0: Port device team_slave_0 removed [ 185.032937][ T7334] team0: Port device team_slave_1 removed [ 185.034120][ T7334] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 185.035940][ T7334] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 185.040439][ T7337] team0: Mode changed to "activebackup" [ 185.048661][ T7338] device vlan0 entered promiscuous mode [ 185.570496][ T7362] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 185.571976][ T7362] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 185.696801][ T7364] netlink: 16 bytes leftover after parsing attributes in process `syz.4.968'. [ 185.739916][ T7364] device bond0 entered promiscuous mode [ 185.740787][ T7364] device bond_slave_0 entered promiscuous mode [ 185.741950][ T7364] device bond_slave_1 entered promiscuous mode [ 185.797892][ T7364] device team0 entered promiscuous mode [ 185.798861][ T7364] device team_slave_0 entered promiscuous mode [ 185.799896][ T7364] device team_slave_1 entered promiscuous mode [ 185.848807][ T7364] device hsr1 entered promiscuous mode [ 185.857787][ T7367] netlink: 16 bytes leftover after parsing attributes in process `syz.4.968'. [ 186.163912][ T7386] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 186.166206][ T7386] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 186.499850][ T5139] binder_debug: 19 callbacks suppressed [ 186.499866][ T5139] binder: undelivered TRANSACTION_ERROR: 29201 [ 186.502002][ T5139] binder: send failed reply for transaction 427 to 7357:7358 [ 186.503295][ T5139] binder: undelivered TRANSACTION_COMPLETE [ 186.504363][ T5139] binder: undelivered TRANSACTION_ERROR: 29189 [ 186.863855][ T7403] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 187.006354][ T7406] binder_user_error: 20 callbacks suppressed [ 187.006431][ T7406] binder: 7405:7406 BC_FREE_BUFFER u0000000020ffd000 no match [ 187.357957][ T2061] ieee802154 phy0 wpan0: encryption failed: -22 [ 187.359052][ T2061] ieee802154 phy1 wpan1: encryption failed: -22 [ 187.445380][ T7414] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 187.450951][ T7414] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 187.751398][ T7422] binder: 7421:7422 tried to acquire reference to desc 0, got 1 instead [ 187.756250][ T7422] binder: 7421:7422 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 187.758228][ T7422] binder: 7422 RLIMIT_NICE not set [ 187.763419][ T7422] binder: 7421:7422 got reply transaction with no transaction stack [ 187.764633][ T7422] binder: 7421:7422 transaction reply to 0:0 failed 437/29201/-71, size 0-0 line 2946 [ 188.389184][ T7435] binder: 7434:7435 BC_FREE_BUFFER u0000000020ffd000 no match [ 188.587269][ T5139] binder: undelivered TRANSACTION_ERROR: 29201 [ 188.588404][ T5139] binder: send failed reply for transaction 436 to 7421:7422 [ 188.589694][ T5139] binder: undelivered TRANSACTION_COMPLETE [ 188.590507][ T5139] binder: undelivered TRANSACTION_ERROR: 29189 [ 188.665774][ T7450] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 188.669299][ T7450] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 189.253874][ T7465] binder: 7464:7465 tried to acquire reference to desc 0, got 1 instead [ 189.256517][ T7465] binder: 7464:7465 BC_FREE_BUFFER u0000000020ffd000 no match [ 189.350676][ T7471] binder: 7469:7471 tried to acquire reference to desc 0, got 1 instead [ 189.355366][ T7471] binder: 7469:7471 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 189.361230][ T7471] binder: 7469:7471 transaction reply to 0:0 failed 450/29201/-71, size 0-0 line 2946 [ 190.624055][ T7490] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 190.625591][ T7490] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 191.319860][ T27] audit: type=1326 audit(191.310:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7522 comm="syz.3.1028" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa9975928 code=0x7ffc0000 [ 191.324033][ T27] audit: type=1326 audit(191.310:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7522 comm="syz.3.1028" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa9975928 code=0x7ffc0000 [ 191.329634][ T7533] fuse: Bad value for 'fd' [ 191.330587][ T27] audit: type=1326 audit(191.310:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7522 comm="syz.3.1028" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=274 compat=0 ip=0xffffa9975928 code=0x7ffc0000 [ 191.334158][ T27] audit: type=1326 audit(191.310:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7522 comm="syz.3.1028" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa9975928 code=0x7ffc0000 [ 191.339525][ T27] audit: type=1326 audit(191.310:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7522 comm="syz.3.1028" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa9975928 code=0x7ffc0000 [ 191.343536][ T27] audit: type=1326 audit(191.320:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7522 comm="syz.3.1028" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=217 compat=0 ip=0xffffa9975928 code=0x7ffc0000 [ 191.350705][ T27] audit: type=1326 audit(191.320:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7522 comm="syz.3.1028" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa9975928 code=0x7ffc0000 [ 191.354179][ T27] audit: type=1326 audit(191.320:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7522 comm="syz.3.1028" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=219 compat=0 ip=0xffffa9975928 code=0x7ffc0000 [ 191.358286][ T27] audit: type=1326 audit(191.320:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7522 comm="syz.3.1028" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa9975928 code=0x7ffc0000 [ 191.414397][ T27] audit: type=1326 audit(191.320:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7522 comm="syz.3.1028" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=29 compat=0 ip=0xffffa9975928 code=0x7ffc0000 [ 191.737631][ T7122] binder_debug: 5 callbacks suppressed [ 191.737642][ T7122] binder: release 7510:7511 transaction 459 out, still active [ 191.739767][ T7122] binder: undelivered TRANSACTION_COMPLETE [ 191.740740][ T7122] binder: undelivered TRANSACTION_ERROR: 29201 [ 191.741642][ T7122] binder: send failed reply for transaction 459, target dead [ 191.901679][ T7543] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1035'. [ 192.105905][ T7551] binder_user_error: 10 callbacks suppressed [ 192.105914][ T7551] binder: 7550:7551 got transaction to invalid handle, 1 [ 192.108055][ T7551] binder: 7551:7550 cannot find target node [ 192.109056][ T7551] binder: 7550:7551 transaction call to 0:0 failed 468/29201/-22, size 0-0 line 3045 [ 192.110730][ T7551] binder: 7550:7551 BC_FREE_BUFFER u0000000020ffd000 no match [ 192.112333][ T7122] binder: undelivered TRANSACTION_ERROR: 29201 [ 192.304465][ T7564] binder: 7563:7564 tried to acquire reference to desc 0, got 1 instead [ 192.306633][ T7564] binder: 7563:7564 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 192.314227][ T7564] binder: 7564 RLIMIT_NICE not set [ 192.315106][ T7564] binder: 7564 RLIMIT_NICE not set [ 192.316178][ T7564] binder: 7563:7564 ioctl c0306201 0 returned -14 [ 192.582519][ T7574] binder: 7573:7574 got transaction to invalid handle, 1 [ 192.584162][ T7574] binder: 7574:7573 cannot find target node [ 192.585417][ T7574] binder: 7573:7574 transaction call to 0:0 failed 477/29201/-22, size 0-0 line 3045 [ 192.587417][ T7574] binder: 7573:7574 BC_FREE_BUFFER u0000000020ffd000 no match [ 192.597695][ T5139] binder: undelivered TRANSACTION_ERROR: 29201 [ 192.889812][ T7599] binder: 7598:7599 got transaction to invalid handle, 1 [ 192.891170][ T7599] binder: 7598:7599 BC_FREE_BUFFER u0000000020ffd000 no match [ 193.826416][ T7627] binder: 7626:7627 ioctl c0306201 0 returned -14 [ 193.920524][ T7629] binder: 7628:7629 ioctl c0306201 0 returned -14 [ 194.022453][ T7638] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 194.025288][ T7638] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 194.214583][ T7646] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1081'. [ 194.235410][ T7648] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 194.236920][ T7648] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 194.345226][ T7658] device syzkaller0 entered promiscuous mode [ 194.494517][ T7666] binder: 7665:7666 ioctl c0306201 0 returned -14 [ 194.634323][ T7672] device geneve0 entered promiscuous mode [ 194.873482][ T7689] binder: 7688:7689 ioctl c0306201 0 returned -14 [ 195.027194][ T7695] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 195.035395][ T7695] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 195.472812][ T7708] binder: 7707:7708 ioctl c0306201 0 returned -14 [ 195.951926][ T7732] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 196.195544][ T7741] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 196.203793][ T7741] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 197.102697][ T7767] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 197.104375][ T7767] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 197.323417][ T7771] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 197.324971][ T7771] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 197.818834][ T7785] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 197.821766][ T7785] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 197.878094][ T4380] binder_debug: 24 callbacks suppressed [ 197.878107][ T4380] binder: release 7763:7764 transaction 511 in, still active [ 197.880313][ T4380] binder: send failed reply for transaction 511 to 7763:7764 [ 197.881683][ T4380] binder: undelivered TRANSACTION_COMPLETE [ 197.882827][ T4380] binder: undelivered TRANSACTION_ERROR: 29189 [ 197.901428][ T7787] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1143'. [ 197.966242][ T7791] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 197.971370][ T7791] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 198.469867][ T7813] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 198.471377][ T7813] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 198.501456][ T7815] binder_user_error: 15 callbacks suppressed [ 198.501465][ T7815] binder: 7814:7815 tried to acquire reference to desc 0, got 1 instead [ 198.504630][ T7815] binder: 7814:7815 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 198.506515][ T7815] binder: 7815 RLIMIT_NICE not set [ 198.512790][ T7815] binder: 7815 RLIMIT_NICE not set [ 198.633958][ T7823] device bridge_slave_0 left promiscuous mode [ 198.635023][ T7823] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.678287][ T7823] device bridge_slave_1 left promiscuous mode [ 198.679384][ T7823] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.721720][ T7823] bond0: (slave bond_slave_0): Releasing backup interface [ 198.760865][ T7823] bond0: (slave bond_slave_1): Releasing backup interface [ 198.804138][ T7823] team0: Port device team_slave_0 removed [ 198.806883][ T7823] team0: Port device team_slave_1 removed [ 198.808465][ T7823] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 198.810225][ T7823] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 198.812276][ T7824] team0: Mode changed to "activebackup" [ 198.814576][ T7825] device vlan0 entered promiscuous mode [ 199.339335][ T4380] binder: release 7814:7815 transaction 516 in, still active [ 199.340519][ T4380] binder: send failed reply for transaction 516 to 7814:7815 [ 199.341917][ T4380] binder: undelivered TRANSACTION_COMPLETE [ 199.343074][ T4380] binder: undelivered TRANSACTION_ERROR: 29189 [ 199.850833][ T7856] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 199.853598][ T7856] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 199.899474][ T7859] team0: Unable to change to the same mode the team is in [ 199.981209][ T7865] binder: 7864:7865 tried to acquire reference to desc 0, got 1 instead [ 199.984608][ T7865] binder: 7864:7865 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 199.986729][ T7865] binder: 7865 RLIMIT_NICE not set [ 199.988257][ T7865] binder: 7865 RLIMIT_NICE not set [ 200.819033][ T4380] binder: release 7864:7865 transaction 521 in, still active [ 200.820231][ T4380] binder: send failed reply for transaction 521 to 7864:7865 [ 202.428920][ T27] kauditd_printk_skb: 20 callbacks suppressed [ 202.428934][ T27] audit: type=1326 audit(202.420:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7896 comm="syz.0.1185" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=139 compat=0 ip=0xffffa185281c code=0x7ffc0000 [ 202.433304][ T27] audit: type=1326 audit(202.420:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7896 comm="syz.0.1185" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=139 compat=0 ip=0xffffa185281c code=0x7ffc0000 [ 202.436559][ T27] audit: type=1326 audit(202.420:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7896 comm="syz.0.1185" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=139 compat=0 ip=0xffffa185281c code=0x7ffc0000 [ 202.443278][ T7916] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 202.443992][ T7913] device vlan0 entered promiscuous mode [ 202.444825][ T7916] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 202.451139][ T7910] binder: 7909:7910 tried to acquire reference to desc 0, got 1 instead [ 202.460883][ T7910] binder: 7909:7910 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 202.469841][ T27] audit: type=1326 audit(202.420:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7896 comm="syz.0.1185" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=139 compat=0 ip=0xffffa185281c code=0x7ffc0000 [ 202.483171][ T27] audit: type=1326 audit(202.420:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7896 comm="syz.0.1185" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=139 compat=0 ip=0xffffa185281c code=0x7ffc0000 [ 202.512902][ T27] audit: type=1326 audit(202.420:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7896 comm="syz.0.1185" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=139 compat=0 ip=0xffffa185281c code=0x7ffc0000 [ 202.521161][ T27] audit: type=1326 audit(202.420:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7896 comm="syz.0.1185" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=139 compat=0 ip=0xffffa185281c code=0x7ffc0000 [ 202.527411][ T27] audit: type=1326 audit(202.420:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7896 comm="syz.0.1185" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=139 compat=0 ip=0xffffa185281c code=0x7ffc0000 [ 202.546457][ T27] audit: type=1326 audit(202.420:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7896 comm="syz.0.1185" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=139 compat=0 ip=0xffffa185281c code=0x7ffc0000 [ 202.554587][ T27] audit: type=1326 audit(202.420:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7896 comm="syz.0.1185" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=139 compat=0 ip=0xffffa185281c code=0x7ffc0000 [ 203.236152][ T4368] binder_debug: 2 callbacks suppressed [ 203.236166][ T4368] binder: release 7909:7910 transaction 526 in, still active [ 203.238733][ T4368] binder: send failed reply for transaction 526 to 7909:7910 [ 203.241378][ T4368] binder: undelivered TRANSACTION_COMPLETE [ 203.242472][ T4368] binder: undelivered TRANSACTION_ERROR: 29189 [ 205.246269][ T7971] binder_user_error: 2 callbacks suppressed [ 205.246278][ T7971] binder: 7970:7971 tried to acquire reference to desc 0, got 1 instead [ 205.257175][ T7971] binder: 7970:7971 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 205.261580][ T7971] binder: 7971 RLIMIT_NICE not set [ 205.262396][ T7971] binder: 7971 RLIMIT_NICE not set [ 206.103086][ T7121] binder: release 7970:7971 transaction 532 in, still active [ 206.104212][ T7121] binder: send failed reply for transaction 532 to 7970:7971 [ 206.120514][ T7121] binder: undelivered TRANSACTION_COMPLETE [ 206.121509][ T7121] binder: undelivered TRANSACTION_ERROR: 29189 [ 206.138209][ T8000] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1222'. [ 206.151569][ T7995] device syzkaller0 entered promiscuous mode [ 206.159712][ T8000] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 206.437982][ T8015] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 206.440728][ T8015] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 206.449999][ T8013] block device autoloading is deprecated and will be removed. [ 207.625014][ T8032] binder: 8031:8032 tried to acquire reference to desc 0, got 1 instead [ 207.627356][ T8032] binder: 8031:8032 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 207.629770][ T8032] binder: 8032 RLIMIT_NICE not set [ 207.630621][ T8032] binder: 8032 RLIMIT_NICE not set [ 208.456849][ T5139] binder: release 8031:8032 transaction 537 in, still active [ 208.458236][ T5139] binder: send failed reply for transaction 537 to 8031:8032 [ 208.459575][ T5139] binder: undelivered TRANSACTION_COMPLETE [ 208.460479][ T5139] binder: undelivered TRANSACTION_ERROR: 29189 [ 217.385792][ T8062] binder: 8061:8062 tried to acquire reference to desc 0, got 1 instead [ 217.392527][ T8062] binder: 8061:8062 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 217.399028][ T8062] binder: 8062 RLIMIT_NICE not set [ 217.399845][ T8062] binder: 8062 RLIMIT_NICE not set [ 217.404237][ T8062] binder: 8062 RLIMIT_NICE not set [ 217.406476][ T8062] binder: 8061:8062 ioctl c0306201 0 returned -14 [ 217.416375][ T8064] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 217.419451][ T8064] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 217.430188][ T7121] binder: undelivered TRANSACTION_COMPLETE [ 217.431255][ T7121] binder: undelivered TRANSACTION_COMPLETE [ 217.432256][ T7121] binder: undelivered transaction 543, process died. [ 217.921397][ T8074] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 217.922775][ T8074] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 218.550752][ T8087] device syzkaller0 entered promiscuous mode [ 219.026423][ T8093] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1252'. [ 220.430129][ T8096] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 220.433335][ T8096] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 220.436706][ T8096] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 220.438710][ T8096] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 220.984000][ T8100] binder: 8099:8100 tried to acquire reference to desc 0, got 1 instead [ 220.986213][ T8100] binder: 8099:8100 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 220.989153][ T8100] binder: 8100 RLIMIT_NICE not set [ 220.989939][ T8100] binder: 8100 RLIMIT_NICE not set [ 220.991147][ T8100] binder: 8100 RLIMIT_NICE not set [ 220.992093][ T8100] binder: 8099:8100 ioctl c0306201 0 returned -14 [ 220.999977][ T4380] binder: undelivered TRANSACTION_COMPLETE [ 221.001033][ T4380] binder: undelivered TRANSACTION_COMPLETE [ 221.001927][ T4380] binder: undelivered transaction 549, process died. [ 221.897014][ T8109] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 221.898729][ T8109] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 229.269281][ T8091] device vlan0 entered promiscuous mode [ 229.286984][ T8123] TCP: TCP_TX_DELAY enabled [ 229.299274][ T8125] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 229.300778][ T8125] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 229.311123][ T8127] 9pnet_fd: Insufficient options for proto=fd [ 229.546446][ T8147] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1269'. [ 229.565123][ T8147] device vlan0 left promiscuous mode [ 230.407952][ T8164] device syzkaller0 entered promiscuous mode [ 230.510727][ T8167] netlink: 'syz.1.1272': attribute type 10 has an invalid length. [ 230.512206][ T8167] device dummy0 left promiscuous mode [ 230.527372][ T8167] device dummy0 entered promiscuous mode [ 230.533694][ T8167] team0: Port device dummy0 added [ 230.621158][ T8167] netlink: 'syz.1.1272': attribute type 10 has an invalid length. [ 230.634133][ T8167] device dummy0 left promiscuous mode [ 230.722426][ T8166] 9pnet_fd: Insufficient options for proto=fd [ 230.733065][ T8167] team0: Port device dummy0 removed [ 230.735102][ T8167] device dummy0 entered promiscuous mode [ 230.736164][ T8167] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 230.786112][ T8172] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1279'. [ 231.758978][ T8200] loop2: detected capacity change from 0 to 256 [ 231.760294][ T8200] exfat: Deprecated parameter 'utf8' [ 231.761244][ T8200] exfat: Deprecated parameter 'namecase' [ 231.819551][ T8204] loop3: detected capacity change from 0 to 256 [ 231.822332][ T8200] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xf6e0d861, utbl_chksum : 0xe619d30d) [ 231.835299][ T8204] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 231.836829][ T8204] exFAT-fs (loop3): Medium has reported failures. Some data may be lost. [ 231.870471][ T8204] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 231.903052][ T8206] device syzkaller0 entered promiscuous mode [ 231.978032][ T8204] loop3: detected capacity change from 256 to 2 [ 231.981587][ T8207] syz.3.1290: attempt to access beyond end of device [ 231.981587][ T8207] loop3: rw=2051, sector=160, nr_sectors = 32 limit=2 [ 231.996971][ T8209] device syzkaller0 entered promiscuous mode [ 232.093480][ T8216] bond0: (slave dummy0): Releasing backup interface [ 232.117953][ T8216] device dummy0 left promiscuous mode [ 232.122981][ T8216] device bridge_slave_0 left promiscuous mode [ 232.123908][ T8216] bridge0: port 1(bridge_slave_0) entered disabled state [ 232.148513][ T8216] device bridge_slave_1 left promiscuous mode [ 232.149453][ T8216] bridge0: port 2(bridge_slave_1) entered disabled state [ 232.188604][ T8216] bond0: (slave bond_slave_0): Releasing backup interface [ 232.230047][ T8216] device bond_slave_0 left promiscuous mode [ 232.231578][ T8216] bond0: (slave bond_slave_1): Releasing backup interface [ 232.267903][ T8216] device bond_slave_1 left promiscuous mode [ 232.269365][ T8216] device team_slave_0 left promiscuous mode [ 232.272637][ T8216] team0: Port device team_slave_0 removed [ 232.273731][ T8216] device team_slave_1 left promiscuous mode [ 232.275113][ T8216] team0: Port device team_slave_1 removed [ 232.276128][ T8216] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 232.277722][ T8216] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 232.407611][ T47] Bluetooth: hci0: command 0x040e tx timeout [ 232.411712][ T8220] team0: Mode changed to "activebackup" [ 232.557238][ T47] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 232.560271][ T47] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 232.561891][ T47] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 232.565973][ T47] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 232.571415][ T47] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 232.574520][ T47] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 232.594288][ T8235] device syzkaller0 entered promiscuous mode [ 232.623531][ T4332] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 232.625633][ T4332] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 232.628816][ T4332] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 232.632080][ T4332] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 232.633407][ T4332] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 232.634560][ T4332] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 232.834655][ T8239] chnl_net:caif_netlink_parms(): no params data found [ 232.869429][ T5138] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 232.871334][ T5138] hid-generic 0000:0000:0000.0013: hidraw0: HID v0.00 Device [syz1] on syz0 [ 233.058745][ T8229] chnl_net:caif_netlink_parms(): no params data found [ 233.078678][ T8239] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.086831][ T8239] bridge0: port 1(bridge_slave_0) entered disabled state [ 233.088486][ T8239] device bridge_slave_0 entered promiscuous mode [ 233.144225][ T8239] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.145396][ T8239] bridge0: port 2(bridge_slave_1) entered disabled state [ 233.146984][ T8239] device bridge_slave_1 entered promiscuous mode [ 233.160215][ T8229] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.164027][ T8229] bridge0: port 1(bridge_slave_0) entered disabled state [ 233.165617][ T8229] device bridge_slave_0 entered promiscuous mode [ 233.165710][ T8289] process 'syz.3.1312' launched './file0' with NULL argv: empty string added [ 233.235545][ T8239] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 233.240340][ T8239] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 233.241829][ T8229] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.243829][ T8229] bridge0: port 2(bridge_slave_1) entered disabled state [ 233.246146][ T8229] device bridge_slave_1 entered promiscuous mode [ 233.332762][ T8229] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 233.340236][ T8239] team0: Port device team_slave_0 added [ 233.342269][ T8239] team0: Port device team_slave_1 added [ 233.350713][ T8296] team0: Unable to change to the same mode the team is in [ 233.352955][ T8229] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 233.432307][ T8239] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 233.433399][ T8239] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 233.438339][ T8239] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 233.447275][ T8229] team0: Port device team_slave_0 added [ 233.452173][ T8229] team0: Port device team_slave_1 added [ 233.463030][ T8229] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 233.464125][ T8229] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 233.479463][ T8229] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 233.487912][ T8239] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 233.489041][ T8239] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 233.497765][ T8239] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 233.570388][ T8229] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 233.571552][ T8229] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 233.575981][ T8229] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 233.585731][ T8313] device syzkaller0 entered promiscuous mode [ 233.669171][ T8239] device hsr_slave_0 entered promiscuous mode [ 233.707862][ T8239] device hsr_slave_1 entered promiscuous mode [ 233.747619][ T8239] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 233.748854][ T8239] Cannot create hsr debugfs directory [ 233.826919][ T8317] loop3: detected capacity change from 0 to 16 [ 233.830039][ T8317] erofs: (device loop3): mounted with root inode @ nid 36. [ 233.839095][ T8229] device hsr_slave_0 entered promiscuous mode [ 233.857948][ T8229] device hsr_slave_1 entered promiscuous mode [ 233.897558][ T8229] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 233.898715][ T8229] Cannot create hsr debugfs directory [ 234.205700][ T8239] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 234.239333][ T8239] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 234.486950][ T8345] team0: Unable to change to the same mode the team is in [ 234.488256][ T8239] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 234.528815][ T8239] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 234.601851][ T8229] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 234.639203][ T8229] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 234.647625][ T4332] Bluetooth: hci5: command 0x0409 tx timeout [ 234.647629][ T47] Bluetooth: hci4: command 0x0409 tx timeout [ 234.881979][ T8350] device syzkaller0 entered promiscuous mode [ 234.883867][ T8229] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 234.908980][ T8229] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 235.075906][ T246] device hsr_slave_0 left promiscuous mode [ 235.103910][ T8383] loop3: detected capacity change from 0 to 1024 [ 235.105404][ T8383] EXT4-fs: Ignoring removed nomblk_io_submit option [ 235.114632][ T246] device hsr_slave_1 left promiscuous mode [ 235.121558][ T8383] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 235.155337][ T8383] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 235.214905][ T4320] EXT4-fs (loop3): unmounting filesystem. [ 236.717505][ T47] Bluetooth: hci5: command 0x041b tx timeout [ 236.727811][ T47] Bluetooth: hci4: command 0x041b tx timeout [ 238.807647][ T47] Bluetooth: hci4: command 0x040f tx timeout [ 238.807729][ T4327] Bluetooth: hci5: command 0x040f tx timeout [ 239.169054][ T246] bond0 (unregistering): Released all slaves [ 239.645242][ T8229] 8021q: adding VLAN 0 to HW filter on device bond0 [ 239.654629][ T8239] 8021q: adding VLAN 0 to HW filter on device bond0 [ 239.659564][ T4579] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 239.660973][ T4579] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 239.666009][ T8229] 8021q: adding VLAN 0 to HW filter on device team0 [ 239.671412][ T4579] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 239.672783][ T4579] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 239.675550][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 239.677056][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 239.680871][ T4575] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.682015][ T4575] bridge0: port 1(bridge_slave_0) entered forwarding state [ 239.683672][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 239.686547][ T8239] 8021q: adding VLAN 0 to HW filter on device team0 [ 239.695308][ T4579] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 239.696986][ T4579] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 239.699322][ T4579] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.700477][ T4579] bridge0: port 2(bridge_slave_1) entered forwarding state [ 239.703739][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 239.725035][ T4579] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 239.726726][ T4579] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 239.734934][ T4579] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.736105][ T4579] bridge0: port 1(bridge_slave_0) entered forwarding state [ 239.743240][ T4579] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 239.746540][ T4579] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 239.753515][ T4579] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 239.755346][ T4579] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 239.756879][ T4579] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.758072][ T4579] bridge0: port 2(bridge_slave_1) entered forwarding state [ 239.759537][ T4579] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 239.769583][ T4579] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 239.775749][ T4579] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 239.782823][ T8229] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 239.784409][ T8229] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 239.809292][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 239.810989][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 239.812558][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 239.814096][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 239.815447][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 239.828049][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 239.829796][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 239.831340][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 239.833004][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 239.834801][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 239.846913][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 239.850588][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 239.852130][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 239.856315][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 239.868477][ T4588] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 239.870097][ T4588] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 239.871570][ T4588] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 239.872977][ T4588] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 239.881813][ T8239] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 239.964328][ T4579] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 239.965617][ T4579] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 239.978481][ T8229] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 239.991149][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 239.992475][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 240.000083][ T8239] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 240.113311][ T4579] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 240.114992][ T4579] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 240.119168][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 240.120719][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 240.124188][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 240.125679][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 240.133074][ T8229] device veth0_vlan entered promiscuous mode [ 240.136980][ T8229] device veth1_vlan entered promiscuous mode [ 240.145393][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 240.146816][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 240.152117][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 240.153672][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 240.162559][ T8229] device veth0_macvtap entered promiscuous mode [ 240.165667][ T8229] device veth1_macvtap entered promiscuous mode [ 240.174758][ T8229] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 240.176048][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 240.178199][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 240.179887][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 240.181354][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 240.203116][ T8229] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 240.206746][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 240.208673][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 240.210652][ T8229] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.212148][ T8229] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.213722][ T8229] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.215322][ T8229] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.233364][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 240.235254][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 240.254850][ T8239] device veth0_vlan entered promiscuous mode [ 240.263434][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 240.265495][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 240.270138][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 240.271584][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 240.273664][ T8239] device veth1_vlan entered promiscuous mode [ 240.307112][ T4575] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 240.309134][ T4575] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 240.317881][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 240.319410][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 240.320783][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 240.336521][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 240.338363][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 240.342096][ T8239] device veth0_macvtap entered promiscuous mode [ 240.347343][ T8239] device veth1_macvtap entered promiscuous mode [ 240.354481][ T4579] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 240.355888][ T4579] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 240.360077][ T4588] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 240.361765][ T4588] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 240.363191][ T4588] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 240.378984][ T8239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 240.381085][ T8239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 240.386659][ T8239] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 240.388697][ T4579] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 240.390343][ T4579] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 240.393186][ T8239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 240.394935][ T8239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 240.397057][ T8239] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 240.406228][ T4579] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 240.408127][ T4579] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 240.430693][ T8239] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.432146][ T8239] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.433470][ T8239] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.436679][ T8239] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.463153][ T8496] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1299'. [ 240.472299][ T8496] Set syz0 is full, maxelem 0 reached [ 240.510386][ T246] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 240.511696][ T246] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 240.516610][ T246] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 240.537443][ T8498] team0: Unable to change to the same mode the team is in [ 240.551419][ T246] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 240.552711][ T246] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 240.555428][ T4579] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 240.743619][ T8518] loop6: detected capacity change from 0 to 256 [ 240.803797][ T8518] exFAT-fs (loop6): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 240.830440][ T8521] hub 1-0:1.0: USB hub found [ 240.843846][ T8521] hub 1-0:1.0: 1 port detected [ 240.877632][ T4332] Bluetooth: hci4: command 0x0419 tx timeout [ 240.879287][ T4327] Bluetooth: hci5: command 0x0419 tx timeout [ 241.128013][ T4368] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 241.319690][ T4368] usb 1-1: Using ep0 maxpacket: 16 [ 241.332924][ T4368] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 241.336696][ T4368] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 241.358363][ T4368] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 241.361058][ T4368] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 241.363190][ T4368] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 241.390476][ T4368] usb 1-1: config 0 descriptor?? [ 241.911780][ T4368] microsoft 0003:045E:07DA.0014: ignoring exceeding usage max [ 241.913584][ T4368] microsoft 0003:045E:07DA.0014: ignoring exceeding usage max [ 241.939266][ T4368] microsoft 0003:045E:07DA.0014: No inputs registered, leaving [ 241.944918][ T4368] microsoft 0003:045E:07DA.0014: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 241.947319][ T4368] microsoft 0003:045E:07DA.0014: no inputs found [ 241.950506][ T4368] microsoft 0003:045E:07DA.0014: could not initialize ff, continuing anyway [ 242.122332][ T4368] usb 1-1: USB disconnect, device number 7 [ 242.257204][ T8572] binder: 8570:8572 unknown command 0 [ 242.258572][ T8572] binder: 8570:8572 ioctl c0306201 20000080 returned -22 [ 242.262743][ T8572] binder: 8570:8572 tried to acquire reference to desc 0, got 1 instead [ 242.264339][ T8572] binder: 8570:8572 ioctl c0306201 200003c0 returned -14 [ 242.265800][ T8572] binder: 8570:8572 BC_ACQUIRE_DONE u0000000000000001 no match [ 242.267335][ T8572] binder: 8570:8572 got new transaction with bad transaction stack, transaction 554 has target 8570:0 [ 242.270031][ T8572] binder: 8570:8572 transaction call to 8570:0 failed 555/29201/-71, size 104-24 line 3105 [ 242.272187][ T5139] binder: release 8570:8572 transaction 554 out, still active [ 242.273296][ T5139] binder: undelivered TRANSACTION_COMPLETE [ 242.274187][ T5139] binder: undelivered TRANSACTION_ERROR: 29201 [ 242.284499][ T7122] binder: send failed reply for transaction 554, target dead [ 242.371302][ T8577] device syzkaller0 entered promiscuous mode [ 242.471271][ T8589] loop5: detected capacity change from 0 to 1024 [ 242.597683][ T8603] usb usb1: usbfs: interface 0 claimed by hub while 'syz.5.1375' sets config #1 [ 242.706728][ T8613] loop6: detected capacity change from 0 to 1024 [ 242.806323][ T8623] loop6: detected capacity change from 0 to 128 [ 242.811660][ T8623] FAT-fs (loop6): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 242.823652][ T8623] FAT-fs (loop6): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 242.841972][ T4588] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 242.843260][ T4588] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 242.844883][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 242.951365][ T8630] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.1389' sets config #1 [ 242.951625][ T8239] FAT-fs (loop6): error, corrupted directory (invalid entries) [ 242.955393][ T8239] FAT-fs (loop6): Filesystem has been set read-only [ 242.959229][ T8239] FAT-fs (loop6): error, corrupted directory (invalid entries) [ 243.322327][ T8648] team0: Unable to change to the same mode the team is in [ 243.327405][ T8648] tipc: Started in network mode [ 243.330273][ T8648] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711 [ 243.332010][ T8648] tipc: Enabled bearer , priority 0 [ 244.427074][ T8668] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1402'. [ 244.447910][ T8668] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1402'. [ 244.462387][ T4443] tipc: Node number set to 11578026 [ 245.230884][ T4332] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 245.233209][ T4332] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 245.239720][ T4332] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 245.242178][ T4332] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 245.243582][ T4332] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 245.245875][ T4332] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 245.400657][ T4585] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 245.422006][ T8698] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1414'. [ 245.424160][ T8698] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1414'. [ 245.499309][ T4585] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 245.537615][ T4385] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 245.559084][ T8684] chnl_net:caif_netlink_parms(): no params data found [ 245.638676][ T4585] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 245.652202][ T8684] bridge0: port 1(bridge_slave_0) entered blocking state [ 245.653442][ T8684] bridge0: port 1(bridge_slave_0) entered disabled state [ 245.655006][ T8684] device bridge_slave_0 entered promiscuous mode [ 245.658587][ T8684] bridge0: port 2(bridge_slave_1) entered blocking state [ 245.659764][ T8684] bridge0: port 2(bridge_slave_1) entered disabled state [ 245.661576][ T8684] device bridge_slave_1 entered promiscuous mode [ 245.673707][ T8684] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 245.676397][ T8684] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 245.712458][ T4585] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 245.723704][ T8684] team0: Port device team_slave_0 added [ 245.727274][ T8684] team0: Port device team_slave_1 added [ 245.736640][ T8684] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 245.737524][ T4385] usb 1-1: Using ep0 maxpacket: 8 [ 245.738008][ T8684] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 245.739780][ T4385] usb 1-1: config 0 interface 0 has no altsetting 0 [ 245.742806][ T8684] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 245.743641][ T4385] usb 1-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 245.745859][ T8684] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 245.746446][ T4385] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 245.747438][ T8684] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 245.751613][ T8684] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 245.760846][ T4385] usb 1-1: config 0 descriptor?? [ 245.800200][ T8684] device hsr_slave_0 entered promiscuous mode [ 245.802584][ T8720] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1419'. [ 245.839667][ T8684] device hsr_slave_1 entered promiscuous mode [ 245.936842][ T8684] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 245.998984][ T8684] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 246.042047][ T8684] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 246.086684][ T8684] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 246.162762][ T8731] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1424'. [ 246.167190][ T4385] mcp2221 0003:04D8:00DD.0015: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0 [ 246.172204][ T8684] bridge0: port 2(bridge_slave_1) entered blocking state [ 246.173340][ T8684] bridge0: port 2(bridge_slave_1) entered forwarding state [ 246.175496][ T8684] bridge0: port 1(bridge_slave_0) entered blocking state [ 246.176449][ T8684] bridge0: port 1(bridge_slave_0) entered forwarding state [ 246.183304][ T8731] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1424'. [ 246.265511][ T8684] 8021q: adding VLAN 0 to HW filter on device bond0 [ 246.385885][ T4380] usb 1-1: USB disconnect, device number 8 [ 246.452274][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 246.454819][ T4575] bridge0: port 1(bridge_slave_0) entered disabled state [ 246.456395][ T4575] bridge0: port 2(bridge_slave_1) entered disabled state [ 246.466313][ T8684] 8021q: adding VLAN 0 to HW filter on device team0 [ 246.481732][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 246.483745][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 246.485470][ T4575] bridge0: port 1(bridge_slave_0) entered blocking state [ 246.486561][ T4575] bridge0: port 1(bridge_slave_0) entered forwarding state [ 246.488557][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 246.490212][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 246.491751][ T4575] bridge0: port 2(bridge_slave_1) entered blocking state [ 246.492862][ T4575] bridge0: port 2(bridge_slave_1) entered forwarding state [ 246.494250][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 246.525742][ T8765] ubi8: attaching mtd0 [ 246.527210][ T8765] ubi8: scanning is finished [ 246.530667][ T8765] ubi8: empty MTD device detected [ 246.530884][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 246.531447][ T8765] ubi8 error: ubi_read_volume_table: LEB size too small for a volume record [ 246.533246][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 246.539849][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 246.541742][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 246.543265][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 246.544855][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 246.546349][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 246.548398][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 246.550011][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 246.552672][ T8684] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 246.559939][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 246.583761][ T8765] ubi8 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 246.641562][ T8769] usb usb1: usbfs: interface 0 claimed by hub while 'syz.5.1428' sets config #1 [ 246.682426][ T8776] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1429'. [ 246.696073][ T8684] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 246.697790][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 246.699059][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 246.944171][ T8807] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1434'. [ 246.948837][ T8807] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1434'. [ 247.043357][ T8820] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.1438' sets config #1 [ 247.050226][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 247.051827][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 247.059454][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 247.064199][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 247.065993][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 247.069527][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 247.074465][ T8684] device veth0_vlan entered promiscuous mode [ 247.080128][ T8684] device veth1_vlan entered promiscuous mode [ 247.106051][ T8827] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1439'. [ 247.129126][ T246] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 247.131388][ T246] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 247.132806][ T246] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 247.134562][ T246] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 247.138621][ T8684] device veth0_macvtap entered promiscuous mode [ 247.141183][ T8684] device veth1_macvtap entered promiscuous mode [ 247.155260][ T8684] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 247.156960][ T8684] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 247.160944][ T8684] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 247.164779][ T8684] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 247.171076][ T8684] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 247.202336][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 247.203942][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 247.205539][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 247.207140][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 247.210282][ T8684] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 247.211954][ T8684] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 247.213373][ T8684] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 247.215042][ T8684] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 247.217078][ T8684] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 247.227894][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 247.229653][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 247.232382][ T8684] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 247.233818][ T8684] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 247.235100][ T8684] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 247.236437][ T8684] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 247.277815][ T47] Bluetooth: hci5: command 0x0409 tx timeout [ 247.345344][ T4579] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 247.350566][ T4579] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 247.360527][ T246] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 247.362870][ T246] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 247.367748][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 247.373792][ T4583] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 247.654647][ T8854] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1445'. [ 247.656228][ T8861] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1445'. [ 247.754170][ T8877] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.1448' sets config #1 [ 247.802572][ T8881] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1449'. [ 248.146106][ T4585] device hsr_slave_0 left promiscuous mode [ 248.188200][ T4585] device hsr_slave_1 left promiscuous mode [ 248.279868][ T4585] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 248.281300][ T4585] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 248.295024][ T4585] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 248.296431][ T4585] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 248.299476][ T4585] device bridge_slave_1 left promiscuous mode [ 248.306308][ T4585] bridge0: port 2(bridge_slave_1) entered disabled state [ 248.321494][ T8915] binder: 8914:8915 tried to acquire reference to desc 0, got 1 instead [ 248.326674][ T8915] binder: tried to use weak ref as strong ref [ 248.333872][ T8915] binder: 8914:8915 got transaction with invalid handle, 0 [ 248.337857][ T8915] binder: 8915:8914 translate handle failed [ 248.340100][ T8915] binder: 8914:8915 transaction call to 8914:0 failed 560/29201/-22, size 104-24 line 3393 [ 248.345653][ T7] binder: undelivered TRANSACTION_ERROR: 29201 [ 248.361234][ T4585] device bridge_slave_0 left promiscuous mode [ 248.362321][ T4585] bridge0: port 1(bridge_slave_0) entered disabled state [ 248.522376][ T4585] device veth1_macvtap left promiscuous mode [ 248.523628][ T4585] device veth0_macvtap left promiscuous mode [ 248.524587][ T4585] device veth1_vlan left promiscuous mode [ 248.525585][ T4585] device veth0_vlan left promiscuous mode [ 248.799166][ T2061] ieee802154 phy0 wpan0: encryption failed: -22 [ 248.800199][ T2061] ieee802154 phy1 wpan1: encryption failed: -22 [ 249.357555][ T47] Bluetooth: hci5: command 0x041b tx timeout [ 250.407700][ T47] Bluetooth: hci6: command 0x1003 tx timeout [ 250.407999][ T4327] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 250.910518][ T4585] team0 (unregistering): Port device team_slave_1 removed [ 251.089763][ T4585] team0 (unregistering): Port device team_slave_0 removed [ 251.282246][ T4585] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 251.447538][ T4332] Bluetooth: hci5: command 0x040f tx timeout [ 251.478276][ T4585] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 252.512898][ T8976] __nla_validate_parse: 2 callbacks suppressed [ 252.512909][ T8976] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1484'. [ 252.938871][ T4585] bond0 (unregistering): Released all slaves [ 253.244106][ T8922] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1464'. [ 253.252419][ T8968] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1481'. [ 253.253685][ T8968] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1481'. [ 253.331804][ T8989] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1486'. [ 253.505950][ T8999] tipc: Started in network mode [ 253.518967][ T4327] Bluetooth: hci5: command 0x0419 tx timeout [ 253.524099][ T8999] tipc: Node identity 665fdbe80f5d, cluster identity 4711 [ 253.533288][ T8999] tipc: Enabled bearer , priority 0 [ 253.542375][ T8999] device syzkaller0 entered promiscuous mode [ 253.637040][ T8999] tipc: Resetting bearer [ 253.667206][ T8998] tipc: Resetting bearer [ 253.770783][ T8998] tipc: Disabling bearer [ 254.150336][ T9024] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 254.168645][ T9024] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 254.781036][ T9073] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1509'. [ 256.242628][ T4579] Bluetooth: hci7: Frame reassembly failed (-84) [ 256.317561][ T47] Bluetooth: hci6: command 0x1003 tx timeout [ 256.317622][ T4332] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 256.359148][ T4575] Bluetooth: hci6: Frame reassembly failed (-84) [ 257.695247][ T4332] Bluetooth: Frame is too long (len 11, expected len 8) [ 258.237584][ T4327] Bluetooth: hci7: Opcode 0x1003 failed: -110 [ 258.398212][ T4327] Bluetooth: hci6: command 0x1003 tx timeout [ 258.400533][ T4329] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 258.536980][ T4332] Bluetooth: hci4: Malformed Event: 0x02 [ 259.313217][ T4332] Bluetooth: Frame is too long (len 11, expected len 8) [ 260.162551][ T9342] team0: Unable to change to the same mode the team is in [ 260.558226][ T9356] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 260.563100][ T9356] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 261.272540][ T9371] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 261.274114][ T9371] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 261.311457][ T4332] Bluetooth: Frame is too long (len 11, expected len 8) [ 261.830450][ T9388] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1571'. [ 261.963375][ T9277] syz.0.1542 (9277): drop_caches: 2 [ 262.293173][ T9402] binder: 9399:9402 got transaction to invalid handle, 2 [ 262.295042][ T9402] binder: 9402:9399 cannot find target node [ 262.296006][ T9402] binder: 9399:9402 transaction async to 0:0 failed 561/29201/-22, size 0-0 line 3045 [ 262.356902][ T5138] binder: undelivered TRANSACTION_ERROR: 29201 [ 262.444568][ T9411] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 262.456443][ T9411] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 262.482879][ T9413] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1582'. [ 263.724632][ T9466] netlink: 176 bytes leftover after parsing attributes in process `syz.0.1603'. [ 264.148430][ T9488] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1613'. [ 264.150396][ T9488] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1613'. [ 264.175853][ T9490] binder: 9489:9490 tried to acquire reference to desc 0, got 1 instead [ 264.178059][ T9490] binder: 9489:9490 got transaction with invalid parent offset or type [ 264.179462][ T9490] binder: 9489:9490 transaction call to 9489:0 failed 566/29201/-22, size 80-24 line 3439 [ 264.181537][ T5139] binder: undelivered TRANSACTION_ERROR: 29201 [ 265.392829][ T9529] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1624'. [ 265.395193][ T9529] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1624'. [ 267.095406][ T9573] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1635'. [ 267.100795][ T9573] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1635'. [ 267.116684][ T9575] usb usb8: usbfs: process 9575 (syz.1.1636) did not claim interface 0 before use [ 268.378884][ T9666] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1647'. [ 268.394922][ T9666] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1647'. [ 268.959849][ T9698] 9pnet_fd: Insufficient options for proto=fd [ 269.081495][ T9704] tipc: Started in network mode [ 269.082271][ T9704] tipc: Node identity 4e7e8526ee7e, cluster identity 4711 [ 269.085789][ T9704] tipc: Enabled bearer , priority 0 [ 269.089750][ T9706] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1660'. [ 269.092101][ T9706] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1660'. [ 269.094396][ T9704] device syzkaller0 entered promiscuous mode [ 269.105417][ T9704] tipc: Resetting bearer [ 269.112821][ T9703] tipc: Resetting bearer [ 269.189774][ T9703] tipc: Disabling bearer [ 269.208106][ T9702] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 269.209606][ T9702] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 269.782010][ T9737] 9pnet_fd: Insufficient options for proto=fd [ 269.919184][ T9743] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1671'. [ 269.931863][ T9743] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1671'. [ 270.094957][ T9747] tipc: Enabled bearer , priority 0 [ 270.124368][ T9747] device syzkaller0 entered promiscuous mode [ 270.166040][ T9747] tipc: Resetting bearer [ 270.225670][ T9746] tipc: Resetting bearer [ 270.278374][ T9746] tipc: Disabling bearer [ 270.418850][ T9767] 9pnet_fd: Insufficient options for proto=fd [ 270.423850][ T9769] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1684'. [ 270.425794][ T9769] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1684'. [ 270.937820][ T9791] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 270.945049][ T9791] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 271.330595][ T9804] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 271.333352][ T9804] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 271.435193][ T9810] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 271.439983][ T9810] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 271.523075][ T9814] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 271.531968][ T9814] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 272.498433][ T9847] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 272.511820][ T9847] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 272.896211][ T9853] tipc: Enabled bearer , priority 0 [ 272.898012][ T9853] device syzkaller0 entered promiscuous mode [ 272.905214][ T9853] tipc: Resetting bearer [ 272.908070][ T9852] tipc: Resetting bearer [ 272.968230][ T9852] tipc: Disabling bearer [ 273.046906][ T9860] __nla_validate_parse: 4 callbacks suppressed [ 273.046919][ T9860] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1720'. [ 273.052499][ T9860] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1720'. [ 273.175753][ T9868] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 273.185088][ T9868] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 274.592078][ T9888] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1731'. [ 274.594062][ T9888] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1731'. [ 274.710072][ T9898] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 274.711617][ T9898] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 275.144684][ T9913] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 275.149551][ T9913] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 275.202370][ T9913] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 275.252799][ T9917] input: syz0 as /devices/virtual/input/input2 [ 275.438033][ T9919] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1742'. [ 275.443963][ T9919] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1742'. [ 275.776805][ T9935] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1749'. [ 276.564182][ T9939] tipc: Started in network mode [ 276.565274][ T9939] tipc: Node identity 46d11fcda7b9, cluster identity 4711 [ 276.573155][ T9939] tipc: Enabled bearer , priority 0 [ 276.579654][ T9939] device syzkaller0 entered promiscuous mode [ 276.599172][ T9939] tipc: Resetting bearer [ 276.607075][ T9938] tipc: Resetting bearer [ 276.671189][ T9938] tipc: Disabling bearer [ 276.771911][ T9943] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1753'. [ 276.773990][ T9941] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1752'. [ 276.777108][ T9943] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1753'. [ 277.264537][ T9954] device syzkaller0 entered promiscuous mode [ 277.809722][ T9971] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 277.811861][ T9971] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 277.815305][ T9971] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 277.817141][ T9971] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 278.024276][ T9971] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 278.026344][ T9971] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 279.205498][T10000] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 279.206990][T10000] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 279.731029][T10002] __nla_validate_parse: 1 callbacks suppressed [ 279.731041][T10002] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1772'. [ 283.826459][ T27] kauditd_printk_skb: 2600 callbacks suppressed [ 283.826471][ T27] audit: type=1326 audit(283.807:2682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10019 comm="syz.5.1777" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa9f75928 code=0x7ffc0000 [ 283.830710][ T27] audit: type=1326 audit(283.807:2683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10019 comm="syz.5.1777" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=29 compat=0 ip=0xffffa9f75928 code=0x7ffc0000 [ 283.833906][ T27] audit: type=1326 audit(283.807:2684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10019 comm="syz.5.1777" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa9f75928 code=0x7ffc0000 [ 283.836996][ T27] audit: type=1326 audit(283.807:2685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10019 comm="syz.5.1777" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=274 compat=0 ip=0xffffa9f75928 code=0x7ffc0000 [ 283.847487][ T27] audit: type=1326 audit(283.807:2686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10019 comm="syz.5.1777" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa9f75928 code=0x7ffc0000 [ 283.853177][ T27] audit: type=1326 audit(283.807:2687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10019 comm="syz.5.1777" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=281 compat=0 ip=0xffffa9f75928 code=0x7ffc0000 [ 283.856172][ T27] audit: type=1326 audit(283.807:2688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10019 comm="syz.5.1777" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa9f75928 code=0x7ffc0000 [ 283.867500][ T27] audit: type=1326 audit(283.817:2689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10019 comm="syz.5.1777" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=233 compat=0 ip=0xffffa9f75928 code=0x7ffc0000 [ 283.871217][ T27] audit: type=1326 audit(283.817:2690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10019 comm="syz.5.1777" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa9f75928 code=0x7ffc0000 [ 283.874437][ T27] audit: type=1326 audit(283.817:2691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10019 comm="syz.5.1777" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=233 compat=0 ip=0xffffa9f75928 code=0x7ffc0000 [ 288.232948][ T9973] tipc: Enabling of bearer rejected, failed to enable media [ 288.234624][ T9980] netlink: 36 bytes leftover after parsing attributes in process `syz.7.1765'. [ 288.339548][ T9982] netlink: 36 bytes leftover after parsing attributes in process `syz.7.1765'. [ 288.393672][T10037] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1783'. [ 288.424195][T10039] device syzkaller0 entered promiscuous mode [ 288.443745][T10039] ------------[ cut here ]------------ [ 288.444845][T10039] WARNING: CPU: 0 PID: 10039 at include/linux/skbuff.h:2844 em_nbyte_match+0x294/0x350 [ 288.446255][T10039] Modules linked in: [ 288.446896][T10039] CPU: 0 PID: 10039 Comm: syz.7.1781 Not tainted syzkaller #0 [ 288.448104][T10039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 288.449639][T10039] pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 288.450805][T10039] pc : em_nbyte_match+0x294/0x350 [ 288.451604][T10039] lr : em_nbyte_match+0x294/0x350 [ 288.452377][T10039] sp : ffff800021e67000 [ 288.453021][T10039] x29: ffff800021e67000 x28: 0000000000000001 x27: 000000000000ffff [ 288.454176][T10039] x26: 1fffe000203e568e x25: 1fffe0001bd83640 x24: dfff800000000000 [ 288.455483][T10039] x23: 000000000000ffff x22: ffff000101f2b476 x21: ffff0000dec1b202 [ 288.456700][T10039] x20: ffff000101f2b3c0 x19: ffff0000dec1b200 x18: 0000000000000000 [ 288.457920][T10039] x17: ffff800018338000 x16: ffff8000082eeb30 x15: 0000000000000002 [ 288.459073][T10039] x14: 0000000000000002 x13: 0000000000ff0100 x12: 0000000000080000 [ 288.460302][T10039] x11: 00000000000008c3 x10: ffff800028ece000 x9 : ffff8000100b96d8 [ 288.461485][T10039] x8 : 00000000000008c4 x7 : 0000000000000000 x6 : 000000000000003f [ 288.462687][T10039] x5 : 0000000000000040 x4 : ffffffffffffffe0 x3 : 0000000000000020 [ 288.463870][T10039] x2 : 0000000000000000 x1 : 000000000000ffff x0 : 000000000000ffff [ 288.465017][T10039] Call trace: [ 288.465510][T10039] em_nbyte_match+0x294/0x350 [ 288.466234][T10039] __tcf_em_tree_match+0x180/0x5e4 [ 288.466986][T10039] basic_classify+0x138/0x30c [ 288.467719][T10039] tcf_classify+0x1b8/0x9c4 [ 288.468399][T10039] multiq_enqueue+0x104/0x418 [ 288.469111][T10039] dev_qdisc_enqueue+0x5c/0x388 [ 288.469849][T10039] __dev_queue_xmit+0xaf8/0x3134 [ 288.470533][T10039] dev_queue_xmit+0x24/0x34 [ 288.471257][T10039] packet_sendmsg+0x2f9c/0x3fd0 [ 288.472022][T10039] ____sys_sendmsg+0x5c8/0x938 [ 288.472712][T10039] __sys_sendmsg+0x288/0x374 [ 288.473367][T10039] __arm64_sys_sendmsg+0x80/0x94 [ 288.474149][T10039] invoke_syscall+0x98/0x2b4 [ 288.474800][T10039] el0_svc_common+0x138/0x258 [ 288.475476][T10039] do_el0_svc+0x58/0x130 [ 288.476103][T10039] el0_svc+0x58/0x128 [ 288.476665][T10039] el0t_64_sync_handler+0x84/0xf0 [ 288.477387][T10039] el0t_64_sync+0x18c/0x190 [ 288.478029][T10039] irq event stamp: 3519 [ 288.478594][T10039] hardirqs last enabled at (3517): [] ___slab_alloc+0xcac/0xe98 [ 288.479899][T10039] hardirqs last disabled at (3519): [] el1_dbg+0x24/0x80 [ 288.481163][T10039] softirqs last enabled at (3506): [] local_bh_enable+0x10/0x34 [ 288.482544][T10039] softirqs last disabled at (3518): [] local_bh_disable+0x10/0x34 [ 288.483904][T10039] ---[ end trace 0000000000000000 ]--- [ 288.490924][T10042] Bluetooth: hci0: invalid length 0, exp 2 for type 0 [ 288.977365][ T4443] libceph: connect (1)[c::]:6789 error -101 [ 288.979142][ T4443] libceph: mon0 (1)[c::]:6789 connect error [ 289.249209][ T5139] libceph: connect (1)[c::]:6789 error -101 [ 289.250287][ T5139] libceph: mon0 (1)[c::]:6789 connect error [ 289.350855][T10051] ceph: No mds server is up or the cluster is laggy