last executing test programs: 38.464022897s ago: executing program 4 (id=615): r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000000)=0xffb) 38.463459877s ago: executing program 4 (id=616): r0 = socket$l2tp(0x2, 0x2, 0x73) bind$inet(r0, &(0x7f00000002c0)={0x2, 0x4e1c, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000200)={0x2, 0x4e22, @local}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f00000000c0)) 38.362293788s ago: executing program 4 (id=619): writev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000240)}], 0x1) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x9}, &(0x7f0000000180)=0x8) 38.362084468s ago: executing program 4 (id=620): syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x208000, 0x0, 0x3d, 0x0, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x9801) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) chroot(&(0x7f0000001740)='./file0\x00') syz_open_procfs(0x0, &(0x7f0000000040)='mounts\x00') r2 = fsopen(&(0x7f0000000180)='proc\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) fchdir(0xffffffffffffffff) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) read$FUSE(r3, &(0x7f00000102c0)={0x2020}, 0x7) 38.361061118s ago: executing program 4 (id=621): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) timer_create(0x2, 0x0, &(0x7f0000bbdffc)) seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x4, &(0x7f0000000140)={0x0, 0x0}) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x600, 0x102020) 37.478118008s ago: executing program 3 (id=628): r0 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'veth0_macvtap\x00', 0x0}) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0xc0189436, 0x0) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) listen(r2, 0xfffffffc) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000780)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, '\x00', r1, 0x0}, 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) sendmsg$MPTCP_PM_CMD_DEL_ADDR(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x28, r5, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x28}}, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000004c0)={0x30, r4, 0x1, 0x70bd2c, 0x1000000, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0x37}}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}]}]}, 0x30}, 0x1, 0xff07}, 0x2000000) 37.462703068s ago: executing program 3 (id=629): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) socket$inet_udp(0x2, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x5, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r6, {0x0, 0x9}, {0x0, 0xb}, {0x9, 0xb}}}, 0x24}, 0x1, 0x0, 0x0, 0x2000c061}, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), r7) sendmsg$TIPC_CMD_ENABLE_BEARER(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) 37.28200393s ago: executing program 1 (id=632): r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100)) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r3 = dup3(r2, r1, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x10000000000) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1723e81bfa5c3688803c8a124dcb27df7938e7ddfdd52"}) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000004a40)={0x44, 0x0, &(0x7f00000049c0)=[@transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_THREAD_EXIT(r4, 0x40046208, 0x0) read$FUSE(r0, &(0x7f0000004800)={0x2020}, 0x2020) 37.27660789s ago: executing program 3 (id=633): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0xa, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000001040)={0x4c, 0x0, &(0x7f0000000ec0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000c00)={0x44, 0x0, &(0x7f0000000a80)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r4 = openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0) read$FUSE(r4, &(0x7f0000007fc0)={0x2020}, 0x2020) 37.226413351s ago: executing program 4 (id=634): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0xa, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x0, 0x0) r4 = mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000001040)={0x4c, 0x0, &(0x7f0000000ec0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000c00)={0x44, 0x0, &(0x7f0000000a80)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000300)={0xc, 0x0, &(0x7f0000000240)=[@free_buffer={0x40086303, r4}], 0x54, 0x0, &(0x7f0000000280)="37b82b8f41afa37c5297fe5b692d3cedbd057d6f37743560799bbf4ddd06bc810453adcec0c458de737aeadf5afcd6641ea3434a1a0bfd0debe7506939a82090490c46a6010019e855badfb0bee8561d5ee15bac"}) 37.218133931s ago: executing program 32 (id=634): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0xa, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x0, 0x0) r4 = mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000001040)={0x4c, 0x0, &(0x7f0000000ec0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000c00)={0x44, 0x0, &(0x7f0000000a80)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000300)={0xc, 0x0, &(0x7f0000000240)=[@free_buffer={0x40086303, r4}], 0x54, 0x0, &(0x7f0000000280)="37b82b8f41afa37c5297fe5b692d3cedbd057d6f37743560799bbf4ddd06bc810453adcec0c458de737aeadf5afcd6641ea3434a1a0bfd0debe7506939a82090490c46a6010019e855badfb0bee8561d5ee15bac"}) 37.215726491s ago: executing program 3 (id=635): syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x208000, 0x0, 0x3d, 0x0, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x9801) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) chroot(&(0x7f0000001740)='./file0\x00') syz_open_procfs(0x0, &(0x7f0000000040)='mounts\x00') r2 = fsopen(&(0x7f0000000180)='proc\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) fchdir(0xffffffffffffffff) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) read$FUSE(r3, &(0x7f00000102c0)={0x2020}, 0x7) 37.172745462s ago: executing program 3 (id=636): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup(r0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, 0x0, 0x0) sendmsg$inet6(r0, 0x0, 0x20000896) dup(r0) write$UHID_INPUT(r1, 0x0, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000140), 0x42000, 0x0) syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2) socket$netlink(0x10, 0x3, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00') socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) mount_setattr(r2, 0x0, 0x8000, 0x0, 0x0) socket(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) socket$kcm(0x2, 0xa, 0x2) r3 = socket$unix(0x1, 0x1, 0x0) bind$unix(r3, &(0x7f00000000c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r3, 0x0) accept(r3, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_emit_vhci(&(0x7f0000000840)=ANY=[@ANYBLOB="04050400c900", @ANYRES16=r4], 0x7) 36.766159916s ago: executing program 3 (id=637): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901) r2 = fspick(r1, &(0x7f00000000c0)='.\x00', 0x0) fsconfig$FSCONFIG_SET_FLAG(r2, 0x0, &(0x7f0000000000)='dirsync\x00', 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0) setxattr$security_ima(&(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), &(0x7f0000000380)=@ng={0x4, 0x2, "1263cdb7"}, 0x6, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x40, 0x0) close(r3) r4 = socket$kcm(0x29, 0x2, 0x0) ioctl$sock_proto_private(r4, 0x89e2, &(0x7f0000000040)) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) ioctl$VIDIOC_ENUMAUDOUT(r1, 0xc0345642, &(0x7f00000003c0)={0x2, "873e45dacd5291f166c9aac0b6f8ce6da80afca0fe66169480a5a6b43da5bc0e", 0x1}) sendmsg$nl_route_sched(r5, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xe}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x5, 0x7, 0xb3}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r8, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001240)=@newqdisc={0xc48, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r10, {0x10}, {}, {0x2, 0x3}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0xc1c, 0x2, [@TCA_TBF_PTAB={0x404, 0x3, [0x0, 0x4f0d, 0x5, 0x10001, 0x8, 0x10000, 0x80, 0x288, 0x9, 0x9, 0x2, 0xfff, 0xdfd, 0x1, 0x7887, 0x5, 0xdd16, 0x392, 0x31aa, 0x7fff, 0x2, 0xfffff98c, 0x4, 0x4e, 0x100, 0xa, 0x9, 0x2, 0x11, 0xffffffff, 0x3, 0x4, 0x1000, 0x800, 0x7, 0x1, 0x9, 0xd, 0x7, 0xa4f, 0x2, 0xc, 0x3, 0x0, 0xffffffef, 0x74, 0x4, 0x4, 0xffffffff, 0x6, 0x3, 0x1000, 0x6, 0x5, 0x71d, 0x2, 0xffff, 0x6, 0x6, 0x80000000, 0xce0, 0x9, 0xea5, 0x8, 0x200, 0x4, 0x8001, 0xa8, 0x9, 0x10, 0x9, 0x10000, 0x2, 0x7fff, 0xc, 0x7, 0x4800, 0x8, 0x6, 0xe87, 0x7f, 0x6, 0x0, 0x4800, 0x1, 0x12, 0x18b, 0x6, 0x2, 0x5, 0x1, 0x40, 0x5, 0x1, 0x0, 0x1da35084, 0x4, 0x1, 0x9, 0x7, 0x0, 0x4, 0x8, 0x4, 0x2, 0x0, 0x7, 0x200, 0x3, 0x8001, 0xa000, 0x0, 0x7a69, 0x764064d2, 0x92, 0x2, 0xbdc9, 0x3, 0xff, 0x2, 0x10, 0x5, 0x10000, 0x100, 0x5, 0x1022075d, 0x8, 0x5, 0x5, 0xfffffffe, 0x7f, 0x101, 0x4, 0xb, 0x9, 0x27, 0xff, 0x1, 0xf64a, 0xa78c, 0x5, 0x6, 0x7, 0xffff4fc5, 0x8, 0x7f, 0x385, 0x400, 0x100, 0x2, 0x5, 0x4, 0x7, 0x2, 0x7, 0x1, 0xb8, 0xffffff2a, 0x6, 0x8001, 0x6, 0x8, 0x3ff, 0x2, 0x6, 0x0, 0x6, 0x7fff, 0x80, 0x2, 0x5aeb, 0xe, 0x80000001, 0x39, 0x5, 0xa05, 0x3, 0x9, 0x72, 0x5, 0x4, 0x9, 0xba, 0x3, 0xc3, 0x8, 0x6, 0x7f, 0x5, 0xe8f0, 0x55, 0x8, 0x0, 0x7, 0x2, 0x8, 0x410, 0xffff03a4, 0xa8, 0x39b5, 0x8, 0xf3, 0x4, 0x10001, 0x0, 0x7f, 0x2, 0x7fff, 0x7, 0x401, 0x4, 0x0, 0x8, 0x2, 0x7, 0x2, 0x1, 0x2, 0x8, 0xffff, 0x0, 0x9, 0xc0e, 0x41, 0xf, 0xffff, 0xfffffff7, 0xffffff26, 0x7, 0x32a, 0xad95, 0x776, 0x9, 0xfffffffd, 0xfbc0, 0x3, 0xa4c9, 0x1, 0x6, 0xb, 0x3, 0x101, 0x1, 0x0, 0x2, 0x3, 0x4, 0x0, 0x80000000, 0xfffffff8, 0x400, 0x5, 0x2, 0x40, 0xfffeffff, 0x541b]}, @TCA_TBF_RTAB={0x404, 0x2, [0x9, 0x100, 0x2, 0xc91, 0x5, 0x400, 0x1000, 0x2, 0x5, 0x3ff, 0x2, 0x200, 0x7, 0x2, 0x6, 0xdb6, 0x401, 0x6, 0xf, 0x100, 0x3, 0xb, 0x5, 0x77dedf80, 0x100, 0x7, 0x2, 0x4, 0x1, 0x5, 0x5, 0x5, 0x4, 0x7, 0x6, 0x6, 0x4, 0x0, 0x0, 0x3, 0x5, 0x2, 0x10, 0x101, 0x8, 0xd6, 0x8, 0x800, 0x3, 0x4, 0x10001, 0x66a, 0x7, 0x7, 0x6c, 0xa6d, 0x4, 0x6, 0x3, 0x8, 0x2, 0x3d, 0x4, 0x80000000, 0xc, 0x2, 0x40, 0x7, 0x2, 0x4, 0xffffffff, 0x2, 0x4, 0xb0, 0xe7, 0x8, 0x8001, 0x7, 0xb, 0x4, 0x3, 0x2, 0x6, 0x1, 0x5, 0x10001, 0x3, 0x4, 0xffffffff, 0x5, 0x4, 0x7, 0x5, 0x3, 0x8, 0x8, 0x0, 0x374, 0x2, 0x4, 0x7, 0x81, 0x8, 0x7f, 0x9, 0x0, 0x4, 0x6, 0x2, 0xa08d, 0x100, 0x5, 0xffff248d, 0x5, 0x7, 0xa, 0x0, 0x671, 0x3, 0x10000, 0x8c, 0x2ea, 0xd6, 0x79, 0x9, 0x9, 0xc, 0xccf, 0x2, 0xb, 0x5, 0x100, 0x158, 0x4, 0x2, 0x7, 0x1, 0x401, 0x6, 0x5, 0xfffffffb, 0xffffffff, 0x6, 0x80000001, 0x2, 0x7, 0x5, 0xab7, 0x6f18f07b, 0x80000001, 0x0, 0x9, 0xc1, 0x5, 0x4, 0x8, 0x7, 0x3, 0x8, 0x3ff, 0x0, 0x9, 0x203a, 0x3, 0x0, 0x8, 0x2, 0x7, 0x7, 0x8, 0x0, 0x4, 0x4007ff, 0x4, 0x9, 0x2, 0x5, 0x8000, 0x200, 0x0, 0x1, 0xfffffff6, 0x0, 0x7b, 0xfd, 0x5b653309, 0xe5, 0x14f, 0x6, 0x10001, 0x1, 0x7, 0x2, 0xffffffff, 0x0, 0x40100, 0x197, 0x3ff, 0x9, 0x4, 0x200, 0xcbf, 0x1ff, 0x80, 0x9, 0x2f74, 0x4, 0x1, 0x9, 0x0, 0x4, 0x8, 0x8000, 0x5, 0x8, 0xf, 0x9, 0x6057, 0x101, 0x8001, 0xad, 0x4, 0x7, 0x7, 0x2, 0x80000001, 0x8c6b, 0xd87, 0x82, 0x100, 0x0, 0x80000000, 0x0, 0x9a, 0x9, 0xfc3, 0x89, 0xa, 0x80000001, 0x2, 0x1, 0xffffffff, 0x4, 0x8000, 0x2, 0x3, 0x10000, 0x8486, 0x3, 0x8, 0x6, 0x0, 0x1, 0x3, 0x2, 0x9]}, @TCA_TBF_PTAB={0x404, 0x3, [0x5, 0x5, 0x4, 0x5, 0x8001, 0x8, 0x5, 0x2, 0x8, 0x5, 0x4c5, 0x1, 0x6, 0x8, 0x5, 0x5, 0x1, 0x6, 0x0, 0x0, 0x0, 0x0, 0x81, 0xfff, 0x10, 0x3, 0xe55, 0xd, 0x3, 0x6, 0x2, 0x5, 0xef, 0x7, 0x1, 0x8, 0x96b, 0x8, 0x80000001, 0x3, 0x6, 0x5, 0xa4f, 0x8, 0x3, 0x7ff, 0xc68, 0x80000001, 0x10200, 0x101, 0x10100, 0x166, 0x1, 0x7, 0x7a8, 0x2d, 0x7, 0x80, 0x8, 0x9, 0x0, 0x3ff, 0x8001, 0x5, 0x0, 0x635, 0x656, 0x2, 0x6, 0x5, 0x8, 0x1, 0x6, 0xeb, 0xfffffff9, 0x8, 0x3, 0x1, 0x0, 0x0, 0x3, 0x8ca, 0xffff, 0x9, 0x8, 0x800, 0xc198, 0x8, 0x7db903f4, 0x4, 0x6, 0x2, 0xfffffffc, 0x4, 0x7, 0xa2d, 0x0, 0x0, 0x8, 0x5, 0x8, 0x1000, 0x44da11fe, 0x5, 0xfffffbff, 0xfffff2fc, 0x4, 0x7d2, 0x4, 0x7, 0xffffffff, 0x2, 0xe, 0xe, 0x7, 0x101, 0x5, 0x1, 0x98, 0xc, 0x4, 0x98, 0x7, 0xffff, 0x8e58, 0x6, 0x9, 0x77a, 0x1, 0xfffff001, 0x1, 0x0, 0x7, 0x5, 0x9, 0x0, 0x2, 0xe5, 0x51, 0x2, 0xd50, 0x80000000, 0x1ff, 0x7, 0x3, 0xfffffff2, 0x7ff, 0x1ff, 0xee, 0x0, 0xfffff8aa, 0x0, 0x0, 0x80, 0x6df0, 0x2, 0x4, 0x10001, 0x7ff, 0x1, 0xfffffe01, 0x4, 0x5, 0x81, 0x5, 0x2e7, 0xf3, 0x9, 0x6, 0x5, 0x8000, 0x8, 0xe, 0xce2a, 0x1, 0xcb, 0x5, 0x0, 0x9, 0x94, 0x9f, 0x3, 0x8, 0x401, 0x5, 0x3ff, 0x5, 0x1b, 0x2, 0x4, 0x862d, 0x0, 0xff, 0x5, 0x1, 0x1, 0x0, 0xd, 0x5, 0x4, 0xffffff5c, 0x6, 0xff, 0x3, 0x728, 0x2be55882, 0x8, 0x7, 0x7, 0x0, 0x10, 0x7, 0xff, 0x101, 0xfffff801, 0xc86, 0x3, 0x10000, 0x2, 0x2, 0x2, 0x2, 0x2400, 0x81, 0x5, 0x5, 0x3, 0xc9, 0x1, 0x13, 0x5, 0x9, 0xffffffa2, 0xf5b, 0xe, 0xe, 0xb, 0x8, 0xff, 0x2, 0x3, 0x9, 0x10, 0x67d8fb7a, 0x3, 0x8, 0x10001, 0xfffffffa, 0x8001, 0x4, 0x9, 0x0, 0x1, 0x3, 0xfffffffe, 0x100]}, @TCA_TBF_PRATE64={0xc, 0x5, 0x467944efcdcbb7e7}]}}]}, 0xc48}, 0x1, 0x0, 0x0, 0xb3538085985bb3d6}, 0x0) 36.740081766s ago: executing program 33 (id=637): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901) r2 = fspick(r1, &(0x7f00000000c0)='.\x00', 0x0) fsconfig$FSCONFIG_SET_FLAG(r2, 0x0, &(0x7f0000000000)='dirsync\x00', 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0) setxattr$security_ima(&(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), &(0x7f0000000380)=@ng={0x4, 0x2, "1263cdb7"}, 0x6, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x40, 0x0) close(r3) r4 = socket$kcm(0x29, 0x2, 0x0) ioctl$sock_proto_private(r4, 0x89e2, &(0x7f0000000040)) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) ioctl$VIDIOC_ENUMAUDOUT(r1, 0xc0345642, &(0x7f00000003c0)={0x2, "873e45dacd5291f166c9aac0b6f8ce6da80afca0fe66169480a5a6b43da5bc0e", 0x1}) sendmsg$nl_route_sched(r5, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xe}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x5, 0x7, 0xb3}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r8, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001240)=@newqdisc={0xc48, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r10, {0x10}, {}, {0x2, 0x3}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0xc1c, 0x2, [@TCA_TBF_PTAB={0x404, 0x3, [0x0, 0x4f0d, 0x5, 0x10001, 0x8, 0x10000, 0x80, 0x288, 0x9, 0x9, 0x2, 0xfff, 0xdfd, 0x1, 0x7887, 0x5, 0xdd16, 0x392, 0x31aa, 0x7fff, 0x2, 0xfffff98c, 0x4, 0x4e, 0x100, 0xa, 0x9, 0x2, 0x11, 0xffffffff, 0x3, 0x4, 0x1000, 0x800, 0x7, 0x1, 0x9, 0xd, 0x7, 0xa4f, 0x2, 0xc, 0x3, 0x0, 0xffffffef, 0x74, 0x4, 0x4, 0xffffffff, 0x6, 0x3, 0x1000, 0x6, 0x5, 0x71d, 0x2, 0xffff, 0x6, 0x6, 0x80000000, 0xce0, 0x9, 0xea5, 0x8, 0x200, 0x4, 0x8001, 0xa8, 0x9, 0x10, 0x9, 0x10000, 0x2, 0x7fff, 0xc, 0x7, 0x4800, 0x8, 0x6, 0xe87, 0x7f, 0x6, 0x0, 0x4800, 0x1, 0x12, 0x18b, 0x6, 0x2, 0x5, 0x1, 0x40, 0x5, 0x1, 0x0, 0x1da35084, 0x4, 0x1, 0x9, 0x7, 0x0, 0x4, 0x8, 0x4, 0x2, 0x0, 0x7, 0x200, 0x3, 0x8001, 0xa000, 0x0, 0x7a69, 0x764064d2, 0x92, 0x2, 0xbdc9, 0x3, 0xff, 0x2, 0x10, 0x5, 0x10000, 0x100, 0x5, 0x1022075d, 0x8, 0x5, 0x5, 0xfffffffe, 0x7f, 0x101, 0x4, 0xb, 0x9, 0x27, 0xff, 0x1, 0xf64a, 0xa78c, 0x5, 0x6, 0x7, 0xffff4fc5, 0x8, 0x7f, 0x385, 0x400, 0x100, 0x2, 0x5, 0x4, 0x7, 0x2, 0x7, 0x1, 0xb8, 0xffffff2a, 0x6, 0x8001, 0x6, 0x8, 0x3ff, 0x2, 0x6, 0x0, 0x6, 0x7fff, 0x80, 0x2, 0x5aeb, 0xe, 0x80000001, 0x39, 0x5, 0xa05, 0x3, 0x9, 0x72, 0x5, 0x4, 0x9, 0xba, 0x3, 0xc3, 0x8, 0x6, 0x7f, 0x5, 0xe8f0, 0x55, 0x8, 0x0, 0x7, 0x2, 0x8, 0x410, 0xffff03a4, 0xa8, 0x39b5, 0x8, 0xf3, 0x4, 0x10001, 0x0, 0x7f, 0x2, 0x7fff, 0x7, 0x401, 0x4, 0x0, 0x8, 0x2, 0x7, 0x2, 0x1, 0x2, 0x8, 0xffff, 0x0, 0x9, 0xc0e, 0x41, 0xf, 0xffff, 0xfffffff7, 0xffffff26, 0x7, 0x32a, 0xad95, 0x776, 0x9, 0xfffffffd, 0xfbc0, 0x3, 0xa4c9, 0x1, 0x6, 0xb, 0x3, 0x101, 0x1, 0x0, 0x2, 0x3, 0x4, 0x0, 0x80000000, 0xfffffff8, 0x400, 0x5, 0x2, 0x40, 0xfffeffff, 0x541b]}, @TCA_TBF_RTAB={0x404, 0x2, [0x9, 0x100, 0x2, 0xc91, 0x5, 0x400, 0x1000, 0x2, 0x5, 0x3ff, 0x2, 0x200, 0x7, 0x2, 0x6, 0xdb6, 0x401, 0x6, 0xf, 0x100, 0x3, 0xb, 0x5, 0x77dedf80, 0x100, 0x7, 0x2, 0x4, 0x1, 0x5, 0x5, 0x5, 0x4, 0x7, 0x6, 0x6, 0x4, 0x0, 0x0, 0x3, 0x5, 0x2, 0x10, 0x101, 0x8, 0xd6, 0x8, 0x800, 0x3, 0x4, 0x10001, 0x66a, 0x7, 0x7, 0x6c, 0xa6d, 0x4, 0x6, 0x3, 0x8, 0x2, 0x3d, 0x4, 0x80000000, 0xc, 0x2, 0x40, 0x7, 0x2, 0x4, 0xffffffff, 0x2, 0x4, 0xb0, 0xe7, 0x8, 0x8001, 0x7, 0xb, 0x4, 0x3, 0x2, 0x6, 0x1, 0x5, 0x10001, 0x3, 0x4, 0xffffffff, 0x5, 0x4, 0x7, 0x5, 0x3, 0x8, 0x8, 0x0, 0x374, 0x2, 0x4, 0x7, 0x81, 0x8, 0x7f, 0x9, 0x0, 0x4, 0x6, 0x2, 0xa08d, 0x100, 0x5, 0xffff248d, 0x5, 0x7, 0xa, 0x0, 0x671, 0x3, 0x10000, 0x8c, 0x2ea, 0xd6, 0x79, 0x9, 0x9, 0xc, 0xccf, 0x2, 0xb, 0x5, 0x100, 0x158, 0x4, 0x2, 0x7, 0x1, 0x401, 0x6, 0x5, 0xfffffffb, 0xffffffff, 0x6, 0x80000001, 0x2, 0x7, 0x5, 0xab7, 0x6f18f07b, 0x80000001, 0x0, 0x9, 0xc1, 0x5, 0x4, 0x8, 0x7, 0x3, 0x8, 0x3ff, 0x0, 0x9, 0x203a, 0x3, 0x0, 0x8, 0x2, 0x7, 0x7, 0x8, 0x0, 0x4, 0x4007ff, 0x4, 0x9, 0x2, 0x5, 0x8000, 0x200, 0x0, 0x1, 0xfffffff6, 0x0, 0x7b, 0xfd, 0x5b653309, 0xe5, 0x14f, 0x6, 0x10001, 0x1, 0x7, 0x2, 0xffffffff, 0x0, 0x40100, 0x197, 0x3ff, 0x9, 0x4, 0x200, 0xcbf, 0x1ff, 0x80, 0x9, 0x2f74, 0x4, 0x1, 0x9, 0x0, 0x4, 0x8, 0x8000, 0x5, 0x8, 0xf, 0x9, 0x6057, 0x101, 0x8001, 0xad, 0x4, 0x7, 0x7, 0x2, 0x80000001, 0x8c6b, 0xd87, 0x82, 0x100, 0x0, 0x80000000, 0x0, 0x9a, 0x9, 0xfc3, 0x89, 0xa, 0x80000001, 0x2, 0x1, 0xffffffff, 0x4, 0x8000, 0x2, 0x3, 0x10000, 0x8486, 0x3, 0x8, 0x6, 0x0, 0x1, 0x3, 0x2, 0x9]}, @TCA_TBF_PTAB={0x404, 0x3, [0x5, 0x5, 0x4, 0x5, 0x8001, 0x8, 0x5, 0x2, 0x8, 0x5, 0x4c5, 0x1, 0x6, 0x8, 0x5, 0x5, 0x1, 0x6, 0x0, 0x0, 0x0, 0x0, 0x81, 0xfff, 0x10, 0x3, 0xe55, 0xd, 0x3, 0x6, 0x2, 0x5, 0xef, 0x7, 0x1, 0x8, 0x96b, 0x8, 0x80000001, 0x3, 0x6, 0x5, 0xa4f, 0x8, 0x3, 0x7ff, 0xc68, 0x80000001, 0x10200, 0x101, 0x10100, 0x166, 0x1, 0x7, 0x7a8, 0x2d, 0x7, 0x80, 0x8, 0x9, 0x0, 0x3ff, 0x8001, 0x5, 0x0, 0x635, 0x656, 0x2, 0x6, 0x5, 0x8, 0x1, 0x6, 0xeb, 0xfffffff9, 0x8, 0x3, 0x1, 0x0, 0x0, 0x3, 0x8ca, 0xffff, 0x9, 0x8, 0x800, 0xc198, 0x8, 0x7db903f4, 0x4, 0x6, 0x2, 0xfffffffc, 0x4, 0x7, 0xa2d, 0x0, 0x0, 0x8, 0x5, 0x8, 0x1000, 0x44da11fe, 0x5, 0xfffffbff, 0xfffff2fc, 0x4, 0x7d2, 0x4, 0x7, 0xffffffff, 0x2, 0xe, 0xe, 0x7, 0x101, 0x5, 0x1, 0x98, 0xc, 0x4, 0x98, 0x7, 0xffff, 0x8e58, 0x6, 0x9, 0x77a, 0x1, 0xfffff001, 0x1, 0x0, 0x7, 0x5, 0x9, 0x0, 0x2, 0xe5, 0x51, 0x2, 0xd50, 0x80000000, 0x1ff, 0x7, 0x3, 0xfffffff2, 0x7ff, 0x1ff, 0xee, 0x0, 0xfffff8aa, 0x0, 0x0, 0x80, 0x6df0, 0x2, 0x4, 0x10001, 0x7ff, 0x1, 0xfffffe01, 0x4, 0x5, 0x81, 0x5, 0x2e7, 0xf3, 0x9, 0x6, 0x5, 0x8000, 0x8, 0xe, 0xce2a, 0x1, 0xcb, 0x5, 0x0, 0x9, 0x94, 0x9f, 0x3, 0x8, 0x401, 0x5, 0x3ff, 0x5, 0x1b, 0x2, 0x4, 0x862d, 0x0, 0xff, 0x5, 0x1, 0x1, 0x0, 0xd, 0x5, 0x4, 0xffffff5c, 0x6, 0xff, 0x3, 0x728, 0x2be55882, 0x8, 0x7, 0x7, 0x0, 0x10, 0x7, 0xff, 0x101, 0xfffff801, 0xc86, 0x3, 0x10000, 0x2, 0x2, 0x2, 0x2, 0x2400, 0x81, 0x5, 0x5, 0x3, 0xc9, 0x1, 0x13, 0x5, 0x9, 0xffffffa2, 0xf5b, 0xe, 0xe, 0xb, 0x8, 0xff, 0x2, 0x3, 0x9, 0x10, 0x67d8fb7a, 0x3, 0x8, 0x10001, 0xfffffffa, 0x8001, 0x4, 0x9, 0x0, 0x1, 0x3, 0xfffffffe, 0x100]}, @TCA_TBF_PRATE64={0xc, 0x5, 0x467944efcdcbb7e7}]}}]}, 0xc48}, 0x1, 0x0, 0x0, 0xb3538085985bb3d6}, 0x0) 36.43331902s ago: executing program 1 (id=643): bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x80000}, 0x50) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x4000}}) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) getdents64(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4c0000000206010800000000000000000000003f0500010006000000050005000200000005000400000000000900020073797a310020000013000300686173683a"], 0x4c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)={0x54, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0xfdff}, [@IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast1}}, @IPSET_ATTR_IFACE={0x14, 0x17, 'batadv_slave_0\x00'}, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x94}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x54}}, 0x40c0080) 36.38077995s ago: executing program 1 (id=645): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0xa, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000001040)={0x4c, 0x0, &(0x7f0000000ec0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000c00)={0x44, 0x0, &(0x7f0000000a80)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r4 = openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0) read$FUSE(r4, &(0x7f0000007fc0)={0x2020}, 0x2020) 36.311471201s ago: executing program 1 (id=646): syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x208000, 0x0, 0x3d, 0x0, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x9801) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) chroot(&(0x7f0000001740)='./file0\x00') syz_open_procfs(0x0, &(0x7f0000000040)='mounts\x00') r2 = fsopen(&(0x7f0000000180)='proc\x00', 0x1) r3 = fsmount(r2, 0x1, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) fchdir(r3) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) read$FUSE(r4, &(0x7f00000102c0)={0x2020}, 0x7) 36.311155891s ago: executing program 1 (id=647): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup(r0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, 0x0, 0x0) sendmsg$inet6(r0, 0x0, 0x20000896) dup(r0) write$UHID_INPUT(r1, 0x0, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000140), 0x42000, 0x0) syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2) socket$netlink(0x10, 0x3, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00') socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) mount_setattr(r2, 0x0, 0x8000, 0x0, 0x0) socket(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) socket$kcm(0x2, 0xa, 0x2) r3 = socket$unix(0x1, 0x1, 0x0) bind$unix(r3, &(0x7f00000000c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r3, 0x0) accept(r3, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_emit_vhci(&(0x7f0000000840)=ANY=[@ANYBLOB="04050400c900", @ANYRES16=r4], 0x7) 35.925917466s ago: executing program 1 (id=650): r0 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xecc0, 0x400, 0x1, 0x40000333}, 0x0, &(0x7f00000001c0), &(0x7f0000000000)) syz_io_uring_setup(0x4acf, &(0x7f0000000000)={0x0, 0x9e4e, 0x125, 0x3, 0x28d, 0x0, r0}, 0x0, 0x0, 0x0) 35.862009466s ago: executing program 34 (id=650): r0 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xecc0, 0x400, 0x1, 0x40000333}, 0x0, &(0x7f00000001c0), &(0x7f0000000000)) syz_io_uring_setup(0x4acf, &(0x7f0000000000)={0x0, 0x9e4e, 0x125, 0x3, 0x28d, 0x0, r0}, 0x0, 0x0, 0x0) 35.090509675s ago: executing program 2 (id=653): mount_setattr(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000080)={0xb, 0x0, 0x40000}, 0x20) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000480), 0x101301, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x4e02}) io_setup(0xbf, &(0x7f0000000100)=0x0) io_submit(r1, 0x0, &(0x7f00000001c0)) 34.910071997s ago: executing program 2 (id=654): bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x80000}, 0x50) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x80, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x4000}}) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) getdents64(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4c0000000206010800000000000000000000003f0500010006000000050005000200000005000400000000000900020073797a310020000013000300686173683a"], 0x4c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)={0x54, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0xfdff}, [@IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast1}}, @IPSET_ATTR_IFACE={0x14, 0x17, 'batadv_slave_0\x00'}, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x94}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x54}}, 0x40c0080) 34.877541497s ago: executing program 2 (id=655): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0xa, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000001040)={0x4c, 0x0, &(0x7f0000000ec0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000c00)={0x44, 0x0, &(0x7f0000000a80)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r4 = openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0) read$FUSE(r4, &(0x7f0000007fc0)={0x2020}, 0x2020) 34.800981738s ago: executing program 2 (id=656): syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x208000, 0x0, 0x3d, 0x0, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x9801) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) chroot(&(0x7f0000001740)='./file0\x00') syz_open_procfs(0x0, &(0x7f0000000040)='mounts\x00') r2 = fsopen(&(0x7f0000000180)='proc\x00', 0x1) r3 = fsmount(r2, 0x1, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) fchdir(r3) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) read$FUSE(r4, &(0x7f00000102c0)={0x2020}, 0x7) 34.800607228s ago: executing program 2 (id=657): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) socket$inet_udp(0x2, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x5, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r6, {0x0, 0x9}, {0x0, 0xb}, {0x9, 0xb}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0xd2b1, 0x84000002, 0x10001, 0x1, 0x80000000, 0x1ff, 0x8, 0x0, 0x2}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x2000c061}, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$tipc(0x0, r7) sendmsg$TIPC_CMD_ENABLE_BEARER(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) 34.378437133s ago: executing program 2 (id=659): socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xd, 0x4, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x2a, '\x00', 0x0, @fallback=0x3c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000000)={'bridge0\x00', &(0x7f0000000340)=@ethtool_regs={0x7}}) 34.376456153s ago: executing program 35 (id=659): socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xd, 0x4, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x2a, '\x00', 0x0, @fallback=0x3c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000000)={'bridge0\x00', &(0x7f0000000340)=@ethtool_regs={0x7}}) 2.198669445s ago: executing program 0 (id=892): r0 = socket$inet(0x2, 0x3, 0xa) sendmmsg$inet(r0, &(0x7f0000000900)=[{{&(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10, 0x0, 0x0, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1c000000000000000000000007000000860a00000003"], 0x20}}], 0x1, 0x24000004) 2.098358836s ago: executing program 0 (id=895): socket$nl_netfilter(0x10, 0x3, 0xc) socket$netlink(0x10, 0x3, 0x4) r0 = socket$inet6(0xa, 0x3, 0x5) sendmmsg(r0, &(0x7f0000001500)=[{{&(0x7f0000000040)=@l2tp6={0xa, 0x0, 0x7080000, @ipv4={'\x00', '\xff\xff', @loopback}, 0x7, 0x1}, 0x80, 0x0, 0x0, &(0x7f0000001580)=ANY=[@ANYBLOB="120000000000000029000000", @ANYRES64=r0], 0x108}}], 0x1, 0xc040) 2.006963837s ago: executing program 0 (id=899): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_P2P_DEVICE(0xffffffffffffffff, 0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000200)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_PMKSA(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x60, r1, 0x63d, 0x70bd2a, 0x25dfdbff, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_PMKID={0x14, 0x55, "c8cf7f4639f3a71d5048b1b814d79e0b"}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_PMK={0x14, 0xfe, "81954acaf42aa86b0bf1a9be0bdc6fac"}, @NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0x1}, @NL80211_ATTR_PMK_LIFETIME={0x8, 0x11f, 0x7}]}, 0x60}, 0x1, 0x0, 0x0, 0x801}, 0x20002884) 1.914192278s ago: executing program 0 (id=902): r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_int(r0, 0x0, 0xf, &(0x7f0000000340)=0xfffffffffffffff9, 0x4) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newchain={0x24, 0x1e, 0x1, 0x0, 0x8000, {0x0, 0x0, 0x0, 0x0, {0x0, 0x8}, {0x4, 0xe}, {0x10, 0xb}}}, 0x24}, 0x1, 0x0, 0x0, 0x24001090}, 0x44004) socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) socket$nl_route(0x10, 0x3, 0x0) ioctl$BTRFS_IOC_QGROUP_LIMIT(0xffffffffffffffff, 0x8030942b, &(0x7f0000000300)={0x6, {0x2, 0x100, 0x8, 0x1, 0x576}}) syz_emit_ethernet(0xbe, 0x0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r1, 0x29, 0x36, 0x0, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, 0x0, 0x0) openat$ppp(0xffffffffffffff9c, 0x0, 0x101000, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x60, 0x30, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x4}}}, 0xb8}}, 0x0) 1.866493289s ago: executing program 0 (id=905): syz_usb_connect(0x2, 0x4e, &(0x7f0000000080)={{0x12, 0x1, 0x110, 0x47, 0xfe, 0x93, 0x40, 0x2caf, 0x13a3, 0xbddc, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3c, 0x2, 0x1, 0x2, 0x0, 0xd, "", [{{0x9, 0x4, 0x3e, 0xe3, 0x1, 0x60, 0x6a, 0xbc, 0x8, [], [{{0x9, 0x5, 0x0, 0x1, 0x10, 0xf4, 0x29, 0x81, [@generic={0x8, 0xb, "af33248a602c"}]}}]}}, {{0x9, 0x4, 0x8b, 0x86, 0x1, 0x2, 0x2, 0xff, 0x97, [], [{{0x9, 0x5, 0x0, 0x3, 0x20, 0x5, 0x81, 0xb0, [@generic={0x7, 0xb, "001521caf6"}]}}]}}]}}]}}, 0x0) 1.096028318s ago: executing program 8 (id=935): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xa, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000ff0300000000000000000000850000001100000085000000a000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0xe, 0x0, &(0x7f0000000300)="e02742e8680d85ff978276fcf294", 0x0, 0x4002, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 902.415479ms ago: executing program 8 (id=940): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffff, 0x2}, 0x6) recvmmsg(r0, &(0x7f0000000580)=[{{&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000100)=""/230, 0xe6}, {&(0x7f0000000240)=""/200, 0xc8}, {&(0x7f0000000340)=""/175, 0xaf}, {&(0x7f0000000400)=""/53, 0x35}, {&(0x7f0000000440)=""/119, 0x77}], 0x5, &(0x7f0000000540)=""/55, 0x37}}], 0x400000000000222, 0x0, 0x0) sendmsg$inet(r0, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000740)='T*/\n', 0x4}], 0x1}, 0x4000) 902.162549ms ago: executing program 7 (id=942): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00'}) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r0, 0x0, 0x0) connect$can_bcm(0xffffffffffffffff, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[], 0x4c}}, 0x0) r2 = socket(0x2, 0x80805, 0x0) sendmmsg$inet(r2, &(0x7f0000001d80)=[{{&(0x7f0000000280)={0x2, 0x4e22, @private=0xa010101}, 0x10, &(0x7f0000000980)=[{&(0x7f0000000200)="9c", 0x1}], 0x1}}, {{&(0x7f0000000080)={0x2, 0x4e22, @rand_addr=0x64010104}, 0x10, &(0x7f0000000180)=[{&(0x7f00000000c0)="99", 0x1}], 0x1}}, {{&(0x7f0000000380)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f0000001c80)=[{&(0x7f0000000b00)='>', 0x1}], 0x1, &(0x7f0000001f40)=ANY=[@ANYBLOB="110000000000000000000000010000000b000000000000001400000000000000000000000200000001000080000000004c"], 0x80}}], 0x3, 0x48000) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0xc, &(0x7f0000000040)=@assoc_value, &(0x7f0000000000)=0x8) sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x15}, 0x60040090) recvmmsg(0xffffffffffffffff, &(0x7f0000000280)=[{{0x0, 0x0, 0x0}, 0x40}], 0x15, 0x10040, 0x0) 882.24743ms ago: executing program 8 (id=943): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) write$dsp(r0, &(0x7f0000000200), 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x801) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000100)) r2 = syz_open_dev$sndpcmp(&(0x7f0000001200), 0x0, 0xa2c65) write$snddsp(r2, &(0x7f0000000200)="a3", 0x1) ioctl$SNDRV_PCM_IOCTL_DRAIN(r2, 0x4144, 0x0) ioctl$SNDRV_PCM_IOCTL_FORWARD(r2, 0x40084149, &(0x7f0000000040)=0x80000000) ioctl$SNDRV_PCM_IOCTL_HW_FREE(r2, 0x4112, 0x0) 813.60712ms ago: executing program 7 (id=945): socket$kcm(0x10, 0x2, 0x0) socket$igmp(0x2, 0x3, 0x2) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_TID_CONFIG(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)={0x38, r0, 0x10ada85e65c25359, 0xfffffffc, 0x25dfdbfd, {{0x6b}, {@val={0x8}, @val={0xc, 0x99, {0x7431, 0x2e}}}}, [@NL80211_ATTR_TID_CONFIG={0x10, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x8, 0xd, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x4}]}]}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x8441}, 0x4000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) socket$kcm(0x10, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) socket$inet6_udp(0xa, 0x2, 0x0) socket(0x10, 0x3, 0x0) r3 = socket$nl_generic(0x11, 0x3, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @broadcast, @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x3a, 0x1c, 0x7ffd, 0x0, 0x0, 0x2, 0x0, @broadcast, @loopback}, {0x17, 0x74, 0x0, @rand_addr=0x64010100}}}}}, 0x0) sendmsg(r3, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f0800", 0x36}], 0x2, 0x0, 0x0, 0x11000000}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bc00000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r4, 0xffffffffffffffff}, &(0x7f00000001c0), &(0x7f0000000300)=r5}, 0x20) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), r2) sendmsg$TIPC_NL_MON_GET(r7, &(0x7f00000004c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x3c, r8, 0x311, 0x70bd29, 0x25dfdbfd, {}, [@TIPC_NLA_PUBL={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x80000001}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x810e}]}, @TIPC_NLA_SOCK={0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0xdc63f6baf90ddeb5}, 0x20044880) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000000)={r6, &(0x7f0000000380)="0099", &(0x7f0000000480)=@udp6=r5, 0x2}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r5, 0x5, 0xe, 0x0, &(0x7f00000003c0)="000000000000000000000001e370", 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, 0x50) 813.21501ms ago: executing program 8 (id=946): socket$key(0xf, 0x3, 0x2) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x840) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, 0x0, 0xc000) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_MGMT_C_REMOVE(r1, &(0x7f0000000480)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000440)={&(0x7f00000002c0)={0x14, 0x0, 0x8, 0x70bd28, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4010}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket(0x1, 0x803, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x40, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_FLAGS={0x8, 0x8, 0x100}]}, 0x34}}, 0x0) r5 = socket(0x10, 0x803, 0x0) ioctl$SIOCX25SCALLUSERDATA(r2, 0x89e5, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x215eb000) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_FLAGS={0x8, 0x8, 0x210}]}, 0x34}}, 0x8000) 746.384051ms ago: executing program 5 (id=947): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001e00010330bd7000f8dbdf2505"], 0x14}}, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x1010, 0xffffffffffffffff, 0x4000) socket(0x11, 0x2, 0x10001) bpf$PROG_LOAD(0x5, 0x0, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) syz_open_procfs$namespace(0x0, 0x0) getpeername(0xffffffffffffffff, 0x0, &(0x7f0000000700)) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, 0xffffffffffffffff, 0x0) 730.973001ms ago: executing program 5 (id=948): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) write$dsp(r0, 0x0, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x801) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000100)) r2 = syz_open_dev$sndpcmp(&(0x7f0000001200), 0x0, 0xa2c65) write$snddsp(r2, &(0x7f0000000200)="a3", 0x1) ioctl$SNDRV_PCM_IOCTL_DRAIN(r2, 0x4144, 0x0) ioctl$SNDRV_PCM_IOCTL_FORWARD(r2, 0x40084149, &(0x7f0000000040)=0x80000000) 709.310611ms ago: executing program 7 (id=949): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, 0x0, 0x1000d, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3c}, 0x94) r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_PAUSE_SET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000080)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0100000010651fbe347b2c2b00000c000180080001"], 0x20}}, 0x0) 708.284382ms ago: executing program 5 (id=950): openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r0 = socket(0xa, 0x3, 0xff) setsockopt$inet6_int(r0, 0x29, 0x21, 0x0, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x24000844, &(0x7f00000005c0)={0xa, 0x2, 0x6, @private0, 0xdb}, 0x1c) 684.885192ms ago: executing program 5 (id=951): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x2}) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x6, 0x6, &(0x7f00000001c0)=ANY=[@ANYBLOB="18020000013f00000000000003000000850000002c00000018"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) readv(r1, &(0x7f00000001c0)=[{&(0x7f0000001400)=""/227, 0x10}], 0x4) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r0, 0x8983, &(0x7f0000000080)={0x0, 'syzkaller1\x00', {0x4}, 0x1}) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', @link_local}) 602.514723ms ago: executing program 7 (id=953): bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x27, 0x0, 0x0, 0x0, 0x0, 0x4000, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x50) r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="3800000056000100000000f70000000007020000", @ANYRES32, @ANYBLOB="200001"], 0x38}}, 0x0) 597.687233ms ago: executing program 7 (id=954): r0 = socket$alg(0x26, 0x5, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB='\n\x00\x00\x00\v', @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000a7"], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{}, &(0x7f0000000140), &(0x7f0000000280)}, 0x20) close(0x3) socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) syz_init_net_socket$x25(0x9, 0x5, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0) socket$unix(0x1, 0x5, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), r1) sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000540)={0x0, 0x1f, &(0x7f0000000500)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000001400000008000200fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES32=r1], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) r3 = accept(r0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002f00000018110000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) sendmsg$nl_route(r3, 0x0, 0x4091) 561.760093ms ago: executing program 0 (id=955): r0 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) r1 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'bridge0\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00', {0xff}, {}, 0x0, 0x0, 0x0, 0x4b}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0xfffffffe, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x6, @local, 0xb}, 0x1c) syz_emit_ethernet(0x7e, &(0x7f0000000300)={@local, @local, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "fa0500", 0x48, 0x11, 0x0, @local, @local, {[], {0x4e20, 0xe22, 0x48, 0x0, @wg=@cookie={0x3, 0x2, "88c73b21f267636d01dbe5712c1c941e1cdafbbb43f09c28", "e102060872381f41e5fff9620915b6f78670dfaf9a195fcb2a79cf6b7931c9b4"}}}}}}}, 0x0) 490.550554ms ago: executing program 6 (id=957): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) write$dsp(r0, &(0x7f0000000200), 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x801) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000100)) r2 = syz_open_dev$sndpcmp(&(0x7f0000001200), 0x0, 0xa2c65) write$snddsp(r2, &(0x7f0000000200)="a3", 0x1) ioctl$SNDRV_PCM_IOCTL_DRAIN(r2, 0x4144, 0x0) ioctl$SNDRV_PCM_IOCTL_FORWARD(r2, 0x40084149, &(0x7f0000000040)=0x80000000) ioctl$SNDRV_PCM_IOCTL_HW_FREE(r2, 0x4112, 0x0) 473.162624ms ago: executing program 7 (id=958): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x10) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x4361, 0x7, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8000}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70b927, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x0, 0xd}, {0x6, 0xb}, {0xb, 0x2}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_AUTORATE={0x8, 0x9, 0x6}, @TCA_CAKE_MEMORY={0x8, 0xa, 0x5}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x240040e0}, 0x4890) r4 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r4, &(0x7f0000000240)="800000800000210ee7decd7a000340", 0xf, 0x40, &(0x7f00000001c0)={0x11, 0x8100, r3, 0x1, 0xd8, 0x6, @broadcast}, 0x14) 432.668074ms ago: executing program 8 (id=959): r0 = socket$inet(0x2, 0x1, 0x100) setsockopt$sock_int(r0, 0x1, 0x48, &(0x7f0000000040)=0x3, 0x4) connect$inet(r0, &(0x7f0000002040)={0x2, 0x4e24, @loopback}, 0x10) connect(r0, &(0x7f0000000380)=@in={0x2, 0x4e22, @empty}, 0x80) 432.321934ms ago: executing program 6 (id=960): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) write$dsp(r0, &(0x7f0000000200), 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x801) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000100)) r2 = syz_open_dev$sndpcmp(&(0x7f0000001200), 0x0, 0xa2c65) write$snddsp(r2, &(0x7f0000000200)="a3", 0x1) ioctl$SNDRV_PCM_IOCTL_DRAIN(r2, 0x4144, 0x0) ioctl$SNDRV_PCM_IOCTL_FORWARD(r2, 0x40084149, &(0x7f0000000040)=0x80000000) 385.572115ms ago: executing program 6 (id=961): openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r0 = socket(0xa, 0x3, 0xff) setsockopt$inet6_int(r0, 0x29, 0x21, 0x0, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x24000844, &(0x7f00000005c0)={0xa, 0x2, 0x6, @private0, 0xdb}, 0x1c) 301.505306ms ago: executing program 5 (id=962): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4) bind$inet(r0, &(0x7f0000000240)={0x2, 0x0, @local}, 0x6f) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x300) setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000180)=0x1f5, 0x4) setsockopt$inet_int(r0, 0x0, 0x17, &(0x7f0000000880)=0x8, 0x4) recvmmsg(r0, &(0x7f0000008c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x45833af96e4b39fe, 0x0) 301.320456ms ago: executing program 8 (id=963): r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100)) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r3 = dup3(r2, r1, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x10000000000) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1723e81bfa5c3688803c8a124dcb27df7938e7ddfdd52"}) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000004a40)={0x44, 0x0, &(0x7f00000049c0)=[@transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_THREAD_EXIT(r4, 0x40046208, 0x0) read$FUSE(r0, &(0x7f0000004800)={0x2020}, 0x2020) 301.089776ms ago: executing program 6 (id=964): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)={0x18, 0x40, 0x1, 0xfffffffe, 0x25dfdbff, {0x1, 0x7c}, [@nested={0x4, 0x142}]}, 0x18}, 0x1, 0x0, 0x0, 0xc081}, 0x800c000) 335.23µs ago: executing program 6 (id=965): socket$rds(0x15, 0x5, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x2}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x15, 0x3, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x800}}, 0x0, 0x0, 0x0, 0x0, 0x1e00, 0x48, '\x00', 0x0, @sk_reuseport=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) accept4$alg(r0, 0x0, 0x0, 0x800) r3 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r2) sendmsg$NLBL_MGMT_C_ADDDEF(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)={0x34, r3, 0x1, 0x70bd2c, 0x25dfdbfe, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @local}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x3}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @remote}, @NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x3}]}, 0x34}, 0x1, 0x0, 0x0, 0x2400cc04}, 0x0) 189.55µs ago: executing program 5 (id=966): syz_usb_connect(0x2, 0x4e, &(0x7f0000000080)={{0x12, 0x1, 0x110, 0x47, 0xfe, 0x93, 0x40, 0x2caf, 0x13a3, 0xbddc, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3c, 0x2, 0x1, 0x2, 0x0, 0xd, "", [{{0x9, 0x4, 0x3e, 0xe3, 0x1, 0x60, 0x6a, 0xbc, 0x8, [], [{{0x9, 0x5, 0x0, 0x1, 0x10, 0xf4, 0x29, 0x81, [@generic={0x8, 0xb, "af33248a602c"}]}}]}}, {{0x9, 0x4, 0x8b, 0x86, 0x1, 0x2, 0x2, 0xff, 0x97, [], [{{0x9, 0x5, 0x0, 0x3, 0x20, 0x5, 0x81, 0xb0, [@generic={0x7, 0xb, "001521caf6"}]}}]}}]}}]}}, 0x0) 0s ago: executing program 6 (id=967): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000002000000000000000000000085000000bc00000095"], &(0x7f0000000200)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x29, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r0, r2, 0x25, 0x0, @val=@iter={0x0}}, 0x20) syz_emit_ethernet(0xd81, &(0x7f0000000600)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @val={@void, {0x8100, 0x4, 0x1}}, {@mpls_uc={0x8847, {[], @ipv6=@generic={0x9, 0x6, "42e05d", 0xd47, 0x5c, 0x1, @loopback, @private1, {[@hopopts={0x3b, 0x18b, '\x00', [@hao={0xc9, 0x10, @private1}, @calipso={0x7, 0x48, {0x3, 0x10, 0x0, 0x2, [0x7dc, 0x9, 0x7, 0x7ff, 0xfffffffffffff44f, 0xfff, 0x9, 0x8]}}, @generic={0x7, 0x7b, "15150516342241d33f2f84419cd0ade5ead47f040f3610e0e64553bf3410243438486330d290af3e2a7347207e3096c9f52ae8fa46bb92954b5c4c8ddd25c8222c8e89291bbf3708eaf1cff9de108813e7d75f55f342443d057d1370fddf3a0525054239a4a929e53efdceba1f264486dd705079a5159b644cab60"}, @generic={0xb6, 0xb7e, "dcc90b7af212186183e96f505753a6bac53a363b8fea5b6f8ae2ffa5e616fb00ce4a776634ec4850a4336077d815b910c33440425503122672698c7f18eae511fabe74fff308983388351bedd123432d693ece874bc53b7cd6236bbf793f36fe58d256038f7bc58958b28b42e670a1e6c34be414b6ae7d19038ec6c9a1c5f5e726764e536e0c9947b044d126c68feaa30e71f6e99b15d78a283fc5948a0963f563ac50bedc5d4e4cccd75473a1f7048b5ec17441be54e319a19be0a405054fe58e8a082f53b4a4cbd649e76fde6fae7a1e2e1b07e29e94bbb1096d12a4b4ffa9eead4d2945653a0f1860cbd57c218fc8bd08943eca3246fd11a13d6551798f766702da5ce0f56b7a7db290e7f01bb26be889e8abc62c18ac4d9437b2d2133bae88ba5b2847c1916ac4a926cc51bbd5a723af30fd732e0118b78accd99bcd2d5406948f5f7b5fe2f3f12bb6dd940fc079dfceada5e2be2c011a836ce08a9966986c372a872cc3d17d5d34be3dd9f3751ab3821efb99006244fd3572fa6ee4e64558bdc9e704caa56175247ba767525d36f27d0664ecf57a18b28e8fea0baae0d944bb61c81ada0bf3a82cf3022c3d38cb857710212f46327c0899a8e998065a1700a4afb0023703607b8ec5a32826fea96f7c3b6d59e5541548eb5fed861392f04d5e5d9f487e6f41a09bddec16b3eb1089d5f3a1e97a755f4350a82f054eb13e06e77cdc5e4862dcc606cc26609734220cb35e27eabe1a339da9411a100bdbe973d27ab8a5a53ca1c0356c9608c5557feb8e376f9844a0cb6fe9ae6905f565fe8d62acffb89255459e95fb1d5340e3c9b95240eff2041d580a7469d4fa0b409d43ea489fb7fb20b0ea89d4c43430532cd2a273b97187335b605dd9a453d5f343642ae852e7e25006785eac4b1027f5aa7999ff1eeb16f118ca01a394914c6358f5667df96d8428034ecd7b600e4fd749171343ac8e5557e21614eb6c42633c919ddc7a9f9cf4d08b2e94db8f5a3aec1d63e5b8665e7f5007ef415866681d0e2520bed0a97af32c04591911257c71b7a1614447f8b520099781662f68f579a84ebcda93d0fe37c6423697c3492709da0f007a293a3142620478a7aad12baf7dc3ad15e2b1db8f8af17c8419208abf86fa188eda5c563961edaa2d47104b076f442d39b87dd4d254b92b3bbe2b8a95be230721a07631fe9066e6dcfb4c96e3b74acb93ae21e55d7e9b0a9b5b59f0ac7628262b960fcbd0a86e44223ca6d76fdedce62ecabb7b02f1f705862a2b60297d17f295275c80e8fb0791453847183d7cfb3e08f87b7ecd0ae24481df38a352c54227a20c60b899854287bbae06f974e74481419a6f705fd2b516d452c55fb87df013bbd714a0fe39cec0a18e4973407f45da2cccbc3004e0c62b6ae8bfb9c65400a22622bd9ff50cdf93e9031dd05c4afc5cc30d61d3c013b1c474695ca62d452ec6cdfbc21730b3cfdbdf815b508121dbb3af2b2b7235a2dd933d4ad2f82a59ec3fe8823b9730a4d2dcdb719f341cafd458752e23dac67b028988195ec33617f91921daa1f74a32970ad36bc4793bd4c40a83fefebf94db566cb2025be3cb05c3fd2abb99df00901c444cb56c64cb96eafba1e33bb5077168a4b0b8446b2cefca6b1d9d63ff1cce61e0b3ef3021c6270a799f94e0efd62e9a9d8c628b88fc07354d7ef8ea7f9b251456ad56d943e3f0092d7042c35bd94970cc5b7fe2364da0bae7f4fb0bf7a3bb3212f079a69b53fbe11afc0dbff7f005b12d6cec9e7169ebf8dfda4bb7d3211cabc7cffe7a0c1c1e496720209041c7f95aac0f49126ca7a5620f9f709bb72ba32ac6afe0acbfe3bee20b406d98b7e7bbe263b76fdb963c9e84c06c168aaac23c921feba4b2ef064f79aa1092fd2fc435feecee01ee10ebbd11199f6ee343e45dfc69b9f10fd86c85d4d3adf2d8d9be8c692fce1d92ce544bd53f33be2f40219953fd17842e0b608eb2d9e0db97286af10da05d6d3f2cebc5ae79d5fd3a7517f51c95ebc1044cdb711d03239b713553d5f99d9fdf7ac5dfe92e2c1a16c6de7f3c157698d8f96e3f46d2c9fca0de48fe3630afb2064686ba0c1734c37f0e9303488e9209025651142a87e8b1af770de99bc0b93c1cd9cf186bee7642588ea7f2f897f765b405dced642901d755c984de04602ca607a2cdd25f45eb7380d92ac70a80155a15438654ec26a3a90fe0fb8ae0bafe187440643dd3d29de3550d97f0b67c84f101e21c158279b18c29468e8b8968fc08ab5d794407f2a0cdcd31f23ba3c8e8ef0cd14a5be81ad4260142a457962171d216983c1d9a4ba1cf7009098d8d6848b12a6d14ef2fff856a5e3064e3ff2d9047e97c58644dce9a5c1c73c7cd3dcee911fda15cdbbf1e24a7f9d800f0197fa5af4a853a63d48a3fddc593bb68ebe0cd086359b69aa3f3b22b18d55bbad6a8c878f3bbc4730344fc84967fded81a7b7c651f6b121da407b818ff3516056bec3f4b4e6e8341de95a48614af93db4a7c74a96c3da0f623e58d0b224864d58d952359f13c01e322b2a8f9c2d564aaf25b0d83804b86bedb8db62d36dbb27437d7dc953d4b91270fd31b9fb50684b7bdf3ab78be0f94601feeceaba24cfd9ca2e3e9708f724b070d6153fc44fd68aa375037fb83b77a988d6e12c05e0ff9eb954fd732017979f0bdf7ba44c2b96d47815cd1527fd57cfbffa58c0e6727f1c56ff01fb78dc0aab374ef6b9bf409f3a1751f1935fad983a8def7de2c594b37fdcc29bceaff0e8d1aecd8bd938b3cbc5eed823897be22f1c037a73831b69e5148d11baeeb9b32ad016fe327705a59f7f40dd4bf4ca7ff1c5326dc24d81cbeeacfe6bbd9e9a44b56d8cc1eddb652744c0b2201d7014f9a49f55ee2b940f84a0369d5e81b5323321c89254fffa4d201c7a1eb032efc53607c48b5ebae48d80ad49bdaa20e13c9060692d50f50353ccadffa02cae0dfec8f60bbaef885cb16c2f02077762fc7518d28004e9630273a493ff53499499d766c60b0310e39a9c6c9db6c0a63f73f9e5089dade79e1939a88d6046cabaaed7588cd651761a1ca25be434e0280744693e3134fcd9d89e11cff18a841f4e2209aa9d52c2c257c95e283957c097227c493741d8a9a7fc5ac5e4c86dac5b419c8bc4a697534c1febfd52f9353805f554e30fb3f8c0bd977a83bbf2bdfb019cdd958af21dc00f54e86a0bf3df7219e1ca9c900646921c138404be38c279dcfcdd68a012715f6f0c5d68e5365658ac8b121868afe1d7f9ec07ed3b4b2ef49a3f07facdaccc07dd87b187a2dbb9e49b37c22b818d47f8cb27045c8b6e3ef1656072d7fdc23ab9a8e28506b52d04ae642152f4d6fd03f50537e9a7baa9e3a9ceb209b04f2844be5dca1526f9f1fcc8b57f33ada774f8262da08fb7f2b73cdc818e7788a240e656794a7186f4cfc0edb4940e73807b0dd39320056d1a9750041adf833562744323e9c492b2e199bbb8b2a647293e6b1e38e8022c0924a2dcccd406eab7c0d0caaf9ad4023bb57371c2a9de61b42363a266def05c178437715af52b1d424acf73f3298e8dfd02d849bd0d0d15a99026296cb6c9043909360b3173bd317834ca84261ffed928c83e058505abacde4171b14edb48450124bb253e8c35f6f44784b35c5b7cf761d25fc840bf88e8bb15adb3ca3a548d5727122c97209ff2321d46bfa5cb18a8c03b386c9aaef40ac79d5b5efc977447ac5b85df24cbe4365c996652f210a9477e57e137423b83f43cd217caa9be580735336400ad0b954469a56c0046e1123e00654c64d70d62cb07e90b7e475b8cae3e34e47ffd8bc282c7698c25fd5befe1719c1caec7771744ac07e2892c86ec383756d0fd055d4c8dbdef397e2f2c72ae9896db73830c47f0cfb06e8ea24da40daab915ba4c8d48a5ca30f9b51870eb92a7fbb927995249844b837fcc4dcbb7a04dee8d5c58fb2f16c046f2f8ebb480272c6250f69253fff678ba0d743c227ab4cde125da60d692376174d8d50d5ec735a80a69e32b23d128f6b8304570f3d600b354904ad9ed8d1e63ad336dc32f22be895af6943678fb3c924853e8cbb94f2d67090da239978c5caada0eaabe08e4dd2ce2b1ee8bafde0caf0c7b4e4cde188672b976e5d181337ec1d9ae2fa"}]}], "d443c4cd9262f2486153ea3f91e8d049fe1b44045f39b19bb735a99b66dd4f1e4bf3983d25e227c1013778774871609abb5c0fc06a61b35269e3b9a16e0dc07de3f32c3e6f543eaede0b600656968bc5ae6c090f334ad5b844f0232249e82328a61f620284d0b7da4640bbf84af374b6bdb6397a8a9155425618b8c659d53ae48c4be4538b1c0cad4950808c933e163c4897f9f13df0956bb82390f02fd2fc82e8323c9b849b0a7978e17b8a25f378c80e6e1d2f50f5a1587ccdf0e983f45be2ab36432ef1969e33a0e0dbb64f6a441cc69eb88a7da09108caf797904ce346"}}}}}}, 0x0) kernel console output (not intermixed with test programs): tdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.190492][ T4331] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.192418][ T4331] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.197098][ T1687] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 32.198873][ T1687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 32.205532][ T4325] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.207059][ T4325] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.208388][ T4325] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.209713][ T4325] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.221361][ T1687] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 32.223213][ T1687] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 32.224995][ T1687] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 32.226648][ T1687] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 32.236427][ T4332] device veth0_vlan entered promiscuous mode [ 32.237888][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 32.239591][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 32.241143][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 32.243628][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 32.249813][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 32.251446][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 32.264764][ T4330] device veth0_macvtap entered promiscuous mode [ 32.276110][ T4332] device veth1_vlan entered promiscuous mode [ 32.280572][ T4330] device veth1_macvtap entered promiscuous mode [ 32.285603][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 32.287135][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 32.294786][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 32.296499][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 32.298114][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 32.299759][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 32.311072][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 32.313195][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 32.314890][ T1687] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 32.316526][ T1687] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 32.320270][ T4330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 32.322556][ T4330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 32.324260][ T4330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 32.325900][ T4330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 32.327414][ T4330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 32.329017][ T4330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 32.331577][ T4330] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 32.339582][ T1687] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 32.341317][ T1687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 32.352464][ T39] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 32.353807][ T39] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 32.357844][ T4330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 32.359561][ T4330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 32.361060][ T4330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 32.366092][ T4330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 32.367837][ T4330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 32.369470][ T4330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 32.372409][ T4330] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 32.374155][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 32.375618][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 32.377301][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 32.380465][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 32.382733][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 32.401424][ T4332] device veth0_macvtap entered promiscuous mode [ 32.409963][ T4332] device veth1_macvtap entered promiscuous mode [ 32.415089][ T4407] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 32.419785][ T1687] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 32.421127][ T1687] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 32.421547][ T4330] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.422618][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 32.424953][ T4330] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.425102][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 32.426395][ T4330] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.429511][ T4407] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 32.430921][ T4330] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.438349][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 32.439929][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 32.441405][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 32.443339][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 32.460534][ T4332] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 32.462569][ T4332] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 32.463942][ T4332] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 32.465538][ T4332] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 32.466956][ T4332] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 32.468580][ T4332] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 32.470670][ T4332] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 32.475004][ T4332] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 32.477362][ T4332] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 32.478645][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 32.480354][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 32.503197][ T4332] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 32.504924][ T4332] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 32.506452][ T4332] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 32.508060][ T4332] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 32.521300][ T4410] binder: BINDER_SET_CONTEXT_MGR already set [ 32.522657][ T4332] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 32.524199][ T4332] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 32.525744][ T4332] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 32.527538][ T4410] binder: 4408:4410 ioctl 4018620d 20000040 returned -16 [ 32.529061][ T4410] binder: 4408:4410 got transaction to invalid handle, 1 [ 32.530343][ T4410] binder: 4410:4408 cannot find target node [ 32.531331][ T4410] binder: 4408:4410 transaction async to 0:0 failed 3/29201/-22, size 0-0 line 3045 [ 32.533195][ T4332] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 32.535855][ T4332] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 32.537130][ T4410] binder: 4408:4410 BC_FREE_BUFFER u0000000020ffd000 no match [ 32.538379][ T4410] binder: 4408:4410 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 32.541466][ T4410] binder: 4410 RLIMIT_NICE not set [ 32.548399][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 32.550104][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 32.552992][ T4332] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.554515][ T4332] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.555968][ T4332] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.557326][ T4332] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.569983][ T4383] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 32.578619][ T4383] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 32.585829][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 32.613909][ T4383] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 32.615234][ T4383] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 32.616207][ T39] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 32.616908][ T1687] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 32.617779][ T39] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 32.620555][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 32.639633][ T39] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 32.641205][ T39] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 32.643769][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 32.835436][ T4428] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 32.837349][ T4428] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 33.026119][ T4432] device syzkaller0 entered promiscuous mode [ 33.215076][ T4334] Bluetooth: hci3: command 0x041b tx timeout [ 33.216133][ T4334] Bluetooth: hci0: command 0x041b tx timeout [ 33.217179][ T4334] Bluetooth: hci4: command 0x041b tx timeout [ 33.304643][ T4341] Bluetooth: hci1: command 0x041b tx timeout [ 33.305783][ T4341] Bluetooth: hci2: command 0x041b tx timeout [ 33.353232][ T4373] binder: undelivered TRANSACTION_ERROR: 29201 [ 33.539522][ T4446] syz.4.19 uses obsolete (PF_INET,SOCK_PACKET) [ 33.703369][ T4461] binder: BINDER_SET_CONTEXT_MGR already set [ 33.704617][ T4461] binder: 4460:4461 ioctl 4018620d 20000040 returned -16 [ 33.706218][ T4461] binder: 4460:4461 got transaction to invalid handle, 1 [ 33.707599][ T4461] binder: 4461:4460 cannot find target node [ 33.708608][ T4461] binder: 4460:4461 transaction async to 0:0 failed 6/29201/-22, size 0-0 line 3045 [ 33.710568][ T4461] binder: 4460:4461 BC_FREE_BUFFER u0000000020ffd000 no match [ 33.712367][ T4461] binder: 4460:4461 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 33.714515][ T4461] binder: 4461 RLIMIT_NICE not set [ 33.822256][ T4372] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 34.001842][ T4372] usb 1-1: Using ep0 maxpacket: 16 [ 34.006019][ T4372] usb 1-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 34.008023][ T4372] usb 1-1: config 0 interface 0 has no altsetting 0 [ 34.009487][ T4372] usb 1-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 34.010980][ T4372] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 34.016914][ T4372] usb 1-1: config 0 descriptor?? [ 34.276115][ T4463] netlink: 'syz.1.26': attribute type 2 has an invalid length. [ 34.299824][ T4465] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 34.301453][ T4465] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 34.429996][ T4372] nzxt-smart2 0003:1E71:2009.0001: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.0-1/input0 [ 34.467095][ T4469] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 34.468731][ T4469] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 34.533188][ T112] binder: undelivered TRANSACTION_ERROR: 29201 [ 34.605092][ T4476] netlink: 12 bytes leftover after parsing attributes in process `syz.2.32'. [ 34.608694][ T4476] device vlan2 entered promiscuous mode [ 34.609646][ T4476] device syz_tun entered promiscuous mode [ 34.766702][ T4482] netlink: 16 bytes leftover after parsing attributes in process `syz.3.35'. [ 35.040298][ T4500] binder: BINDER_SET_CONTEXT_MGR already set [ 35.041505][ T4500] binder: 4499:4500 ioctl 4018620d 20000040 returned -16 [ 35.045979][ T4500] binder: 4499:4500 got transaction to invalid handle, 1 [ 35.047296][ T4500] binder: 4500:4499 cannot find target node [ 35.048265][ T4500] binder: 4499:4500 transaction async to 0:0 failed 9/29201/-22, size 0-0 line 3045 [ 35.050513][ T4500] binder: 4499:4500 BC_FREE_BUFFER u0000000020ffd000 no match [ 35.292037][ T4334] Bluetooth: hci4: command 0x040f tx timeout [ 35.293079][ T4334] Bluetooth: hci0: command 0x040f tx timeout [ 35.294052][ T4334] Bluetooth: hci3: command 0x040f tx timeout [ 35.343184][ T4372] usb 1-1: USB disconnect, device number 2 [ 35.381969][ T4341] Bluetooth: hci2: command 0x040f tx timeout [ 35.383029][ T4341] Bluetooth: hci1: command 0x040f tx timeout [ 35.540855][ T4512] IPVS: wlc: FWM 3 0x00000003 - no destination available [ 35.872606][ T4378] binder: undelivered TRANSACTION_ERROR: 29201 [ 35.951358][ T27] audit: type=1326 audit(35.930:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4534 comm="syz.1.54" exe="/root/ci2-linux-6-1-kasan-arm64/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffae5789e8 code=0x7ffc0000 [ 35.965574][ T27] audit: type=1326 audit(35.950:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4534 comm="syz.1.54" exe="/root/ci2-linux-6-1-kasan-arm64/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffae5789e8 code=0x7ffc0000 [ 35.976476][ T27] audit: type=1326 audit(35.950:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4534 comm="syz.1.54" exe="/root/ci2-linux-6-1-kasan-arm64/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffae5789e8 code=0x7ffc0000 [ 35.989127][ T27] audit: type=1326 audit(35.950:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4534 comm="syz.1.54" exe="/root/ci2-linux-6-1-kasan-arm64/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffae5789e8 code=0x7ffc0000 [ 36.001329][ T27] audit: type=1326 audit(35.960:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4534 comm="syz.1.54" exe="/root/ci2-linux-6-1-kasan-arm64/syz-executor" sig=0 arch=c00000b7 syscall=97 compat=0 ip=0xffffae5789e8 code=0x7ffc0000 [ 36.012472][ T27] audit: type=1326 audit(35.960:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4534 comm="syz.1.54" exe="/root/ci2-linux-6-1-kasan-arm64/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffae5789e8 code=0x7ffc0000 [ 36.029010][ T27] audit: type=1326 audit(35.960:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4534 comm="syz.1.54" exe="/root/ci2-linux-6-1-kasan-arm64/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffae5789e8 code=0x7ffc0000 [ 36.063192][ T27] audit: type=1326 audit(35.960:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4534 comm="syz.1.54" exe="/root/ci2-linux-6-1-kasan-arm64/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffae5789e8 code=0x7ffc0000 [ 36.084807][ T27] audit: type=1326 audit(35.960:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4534 comm="syz.1.54" exe="/root/ci2-linux-6-1-kasan-arm64/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffae5789e8 code=0x7ffc0000 [ 36.088878][ T27] audit: type=1326 audit(35.960:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4534 comm="syz.1.54" exe="/root/ci2-linux-6-1-kasan-arm64/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffffae5789e8 code=0x7ffc0000 [ 36.341065][ T4558] binder: 4558:4557 cannot find target node [ 36.651366][ T4562] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 36.656967][ T4562] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 37.020341][ T4564] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 37.025418][ T4564] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 37.209214][ T4580] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 37.211206][ T4580] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 37.382040][ T4334] Bluetooth: hci3: command 0x0419 tx timeout [ 37.383213][ T4334] Bluetooth: hci0: command 0x0419 tx timeout [ 37.384265][ T4334] Bluetooth: hci4: command 0x0419 tx timeout [ 37.461758][ T4334] Bluetooth: hci1: command 0x0419 tx timeout [ 37.462895][ T4334] Bluetooth: hci2: command 0x0419 tx timeout [ 38.731291][ T4623] binder_user_error: 6 callbacks suppressed [ 38.731300][ T4623] binder: 4622:4623 got transaction to invalid handle, 1 [ 38.735515][ T4623] binder_debug: 2 callbacks suppressed [ 38.735529][ T4623] binder: 4623:4622 cannot find target node [ 38.737513][ T4623] binder: 4622:4623 transaction async to 0:0 failed 17/29201/-22, size 0-0 line 3045 [ 38.739666][ T4623] binder: 4622:4623 BC_FREE_BUFFER u0000000020ffd000 no match [ 38.741022][ T4623] binder: 4622:4623 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 38.745921][ T4623] binder: 4623 RLIMIT_NICE not set [ 39.564306][ T4372] binder: undelivered TRANSACTION_ERROR: 29201 [ 47.251444][ T4592] tipc: Enabling of bearer rejected, failed to enable media [ 47.302907][ T4638] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 47.304521][ T4638] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 47.335077][ T4643] Zero length message leads to an empty skb [ 47.376455][ T4649] binder: 4639:4649 tried to acquire reference to desc 0, got 1 instead [ 47.379071][ T4649] binder: 4639:4649 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 30) [ 47.381213][ T4649] binder: 4649 RLIMIT_NICE not set [ 47.393333][ T4649] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 47.394784][ T4649] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 47.421060][ T4333] binder: release 4639:4649 transaction 22 out, still active [ 47.442742][ T4333] binder: undelivered TRANSACTION_COMPLETE [ 47.461651][ T4661] binder: 4660:4661 got transaction to invalid handle, 1 [ 47.463327][ T4661] binder: 4661:4660 cannot find target node [ 47.464277][ T4661] binder: 4660:4661 transaction async to 0:0 failed 26/29201/-22, size 0-0 line 3045 [ 47.466379][ T4661] binder: 4660:4661 BC_FREE_BUFFER u0000000020ffd000 no match [ 47.467661][ T4661] binder: 4660:4661 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 47.469776][ T4661] binder: 4661 RLIMIT_NICE not set [ 47.897265][ T4667] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 47.898774][ T4667] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 47.940402][ T4669] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 47.942337][ T4669] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 47.952100][ T14] binder: send failed reply for transaction 22, target dead [ 48.103512][ T4667] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 48.105092][ T4667] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 48.226081][ T4671] tipc: Started in network mode [ 48.227012][ T4671] tipc: Node identity 52ba73b2d79b, cluster identity 4711 [ 48.228383][ T4671] tipc: Enabled bearer , priority 0 [ 48.230560][ T4671] device syzkaller0 entered promiscuous mode [ 48.269854][ T4671] tipc: Resetting bearer [ 48.288760][ T4675] device syzkaller0 entered promiscuous mode [ 48.290816][ T4670] tipc: Resetting bearer [ 48.292594][ T4333] binder: undelivered TRANSACTION_ERROR: 29201 [ 48.384607][ T4670] tipc: Disabling bearer [ 48.530411][ T4685] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 48.535883][ T4685] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 48.636709][ T4694] binder: 4693:4694 ioctl 4018620d 0 returned -22 [ 48.638163][ T4694] binder: tried to use weak ref as strong ref [ 48.639380][ T4694] binder: 4693:4694 Acquire 1 refcount change on invalid ref 0 ret -22 [ 48.640992][ T4694] binder: 4693:4694 got transaction to invalid handle, 1 [ 48.648223][ T4694] binder: 4694:4693 cannot find target node [ 48.652142][ T4694] binder: 4693:4694 transaction async to 0:0 failed 29/29201/-22, size 0-0 line 3045 [ 48.659727][ T4377] binder: undelivered TRANSACTION_ERROR: 29201 [ 49.174862][ T4721] device syzkaller0 entered promiscuous mode [ 49.215068][ T4721] tipc: Enabled bearer , priority 0 [ 49.218000][ T4720] tipc: Resetting bearer [ 49.263304][ T4720] tipc: Disabling bearer [ 49.265589][ T4725] netlink: 36 bytes leftover after parsing attributes in process `syz.1.118'. [ 49.286700][ T4730] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 49.288279][ T4730] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 49.395273][ T4738] netlink: 12 bytes leftover after parsing attributes in process `syz.4.123'. [ 49.398334][ T4738] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 49.399950][ T4738] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 49.401372][ T4738] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 49.403103][ T4738] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 49.405728][ T4738] netlink: 12 bytes leftover after parsing attributes in process `syz.4.123'. [ 49.441864][ T4377] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 49.467292][ T4744] netlink: 12 bytes leftover after parsing attributes in process `syz.4.126'. [ 49.474427][ T4744] 8021q: adding VLAN 0 to HW filter on device bond1 [ 49.478749][ T4744] bond1: Unable to set up delay as MII monitoring is disabled [ 49.623468][ T4377] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 49.625350][ T4377] usb 1-1: config 0 has no interfaces? [ 49.626296][ T4377] usb 1-1: New USB device found, idVendor=046d, idProduct=c52f, bcdDevice= 0.00 [ 49.627902][ T4377] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 49.630530][ T4377] usb 1-1: config 0 descriptor?? [ 49.653769][ T4752] netlink: 4 bytes leftover after parsing attributes in process `syz.4.129'. [ 49.926805][ T1514] usb 1-1: USB disconnect, device number 3 [ 49.990535][ T4793] netlink: 12 bytes leftover after parsing attributes in process `syz.4.143'. [ 50.010614][ T4796] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 50.015789][ T4796] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 50.568822][ T4821] capability: warning: `syz.4.154' uses deprecated v2 capabilities in a way that may be insecure [ 50.603562][ T4823] xt_hashlimit: size too large, truncated to 1048576 [ 50.741978][ T4372] usb 1-1: new full-speed USB device number 4 using dummy_hcd [ 50.943133][ T4372] usb 1-1: config 1 has an invalid interface number: 62 but max is 1 [ 50.944629][ T4372] usb 1-1: config 1 has an invalid interface number: 139 but max is 1 [ 50.946042][ T4372] usb 1-1: config 1 has no interface number 0 [ 50.947209][ T4372] usb 1-1: config 1 has no interface number 1 [ 50.948329][ T4372] usb 1-1: config 1 interface 62 altsetting 227 has an invalid endpoint with address 0x0, skipping [ 50.950150][ T4372] usb 1-1: config 1 interface 139 altsetting 134 has an invalid endpoint with address 0x0, skipping [ 50.956269][ T4372] usb 1-1: config 1 interface 62 has no altsetting 0 [ 50.957281][ T4372] usb 1-1: config 1 interface 139 has no altsetting 0 [ 50.963087][ T4372] usb 1-1: New USB device found, idVendor=2caf, idProduct=13a3, bcdDevice=bd.dc [ 50.965093][ T4372] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 50.972547][ T4372] usb 1-1: Product: syz [ 50.973232][ T4372] usb 1-1: Manufacturer: syz [ 50.974172][ T4372] usb 1-1: SerialNumber: syz [ 51.188377][ T4372] ftdi_sio 1-1:1.62: FTDI USB Serial Device converter detected [ 51.190174][ T4372] ftdi_sio ttyUSB0: unknown device type: 0xbddc [ 51.197208][ T4372] usb 1-1: bad CDC descriptors [ 51.202624][ T4372] usb 1-1: bad CDC descriptors [ 51.203859][ T4372] ftdi_sio 1-1:1.139: FTDI USB Serial Device converter detected [ 51.205480][ T4372] ftdi_sio ttyUSB1: unknown device type: 0xbddc [ 51.223247][ T4372] usb 1-1: USB disconnect, device number 4 [ 51.228857][ T4372] ftdi_sio 1-1:1.62: device disconnected [ 51.230435][ T4372] ftdi_sio 1-1:1.139: device disconnected [ 51.240385][ T4838] xt_connbytes: Forcing CT accounting to be enabled [ 51.243152][ T4838] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 51.420209][ T4840] netlink: 12 bytes leftover after parsing attributes in process `syz.2.161'. [ 51.422041][ T4840] netlink: 3 bytes leftover after parsing attributes in process `syz.2.161'. [ 51.688958][ T4846] device geneve2 entered promiscuous mode [ 51.748456][ T4850] binder: 4849:4850 ioctl c0306201 0 returned -14 [ 51.749860][ T4850] binder: 4850:4849 cannot find target node [ 52.044724][ T4877] binder: 4876:4877 ioctl c0306201 0 returned -14 [ 52.148342][ T4885] tipc: Started in network mode [ 52.149152][ T4885] tipc: Node identity 62fcb4920fc8, cluster identity 4711 [ 52.150378][ T4885] tipc: Enabled bearer , priority 0 [ 52.155398][ T4885] device syzkaller0 entered promiscuous mode [ 52.206888][ T4885] tipc: Resetting bearer [ 52.216521][ T4884] tipc: Resetting bearer [ 52.293527][ T4884] tipc: Disabling bearer [ 52.335661][ T4899] netlink: 8 bytes leftover after parsing attributes in process `syz.2.189'. [ 52.431791][ T4372] usb 1-1: new low-speed USB device number 5 using dummy_hcd [ 52.548256][ T4925] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 52.551155][ T4925] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 52.579232][ T4927] tipc: Enabled bearer , priority 0 [ 52.580734][ T4927] device syzkaller0 entered promiscuous mode [ 52.613716][ T4372] usb 1-1: unable to get BOS descriptor or descriptor too short [ 52.617050][ T4372] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid maxpacket 1799, setting to 0 [ 52.618915][ T4372] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 251, changing to 4 [ 52.620744][ T4372] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid maxpacket 16, setting to 0 [ 52.627868][ T4372] usb 1-1: New USB device found, idVendor=245f, idProduct=931c, bcdDevice= 0.40 [ 52.629249][ T4372] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 52.630723][ T4372] usb 1-1: Manufacturer: 뺑⥉ᷯཽ캍ᖣҡﰫ콝骦険晻䄛㿶꬈st俩辄씬ﵵ卷靥䁽჋좕穈綠咹᪶빦副呼ꄢḯ㱜肗⼌䑕변䷖茁꺡槆䗹鸒棃怽〆׉眊㷼贁Ꞝⳣ狔赼 [ 52.643854][ T4927] tipc: Resetting bearer [ 52.648727][ T4926] tipc: Resetting bearer [ 52.742376][ T4926] tipc: Disabling bearer [ 52.802182][ T4930] process 'syz.3.203' launched '/dev/fd/3' with NULL argv: empty string added [ 52.843541][ T4372] usb 1-1: Audio class v2/v3 interfaces need an interface association [ 52.854345][ T4372] snd-usb-audio: probe of 1-1:1.0 failed with error -22 [ 52.856241][ T4372] usb 1-1: can't set first interface for hiFace device. [ 52.857486][ T4372] snd-usb-hiface: probe of 1-1:1.0 failed with error -5 [ 52.860922][ T4372] usb 1-1: can't set first interface for hiFace device. [ 52.871275][ T4372] snd-usb-hiface: probe of 1-1:1.1 failed with error -5 [ 52.874889][ T4372] usb 1-1: can't set first interface for hiFace device. [ 52.876115][ T4372] snd-usb-hiface: probe of 1-1:1.2 failed with error -5 [ 52.880818][ T4372] usb 1-1: USB disconnect, device number 5 [ 53.086112][ T4655] udevd[4655]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 53.137525][ T4947] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 53.139457][ T4947] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 53.387854][ T4957] binder_user_error: 2 callbacks suppressed [ 53.387864][ T4957] binder: 4956:4957 got transaction to invalid handle, 1 [ 53.390256][ T4957] binder_debug: 5 callbacks suppressed [ 53.390269][ T4957] binder: 4957:4956 cannot find target node [ 53.397350][ T4957] binder: 4956:4957 transaction async to 0:0 failed 41/29201/-22, size 0-0 line 3045 [ 53.406172][ T4377] binder: undelivered TRANSACTION_ERROR: 29201 [ 53.671400][ T4966] binder: 4965:4966 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 53.676536][ T4966] binder: 4965:4966 got transaction to invalid handle, 1 [ 53.677982][ T4966] binder: 4966:4965 cannot find target node [ 53.678904][ T4966] binder: 4965:4966 transaction async to 0:0 failed 44/29201/-22, size 0-0 line 3045 [ 53.680871][ T4966] binder: 4965:4966 BC_FREE_BUFFER u0000000020ffd000 no match [ 53.685009][ T4966] binder: 4965:4966 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 53.687384][ T4966] binder: 4966 RLIMIT_NICE not set [ 53.768116][ T4968] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 53.770535][ T4968] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 53.779645][ T4968] capability: warning: `syz.3.219' uses 32-bit capabilities (legacy support in use) [ 54.068019][ T4982] binder: 4981:4982 got transaction to invalid handle, 1 [ 54.069312][ T4982] binder: 4982:4981 cannot find target node [ 54.070324][ T4982] binder: 4981:4982 transaction async to 0:0 failed 48/29201/-22, size 0-0 line 3045 [ 54.074113][ T14] binder: undelivered TRANSACTION_ERROR: 29201 [ 54.438786][ T5011] binder: 5010:5011 got transaction to invalid handle, 1 [ 54.440021][ T5011] binder: 5011:5010 cannot find target node [ 54.440998][ T5011] binder: 5010:5011 transaction async to 0:0 failed 52/29201/-22, size 0-0 line 3045 [ 54.751501][ T5041] binder: 5039:5041 got transaction to invalid handle, 1 [ 54.810108][ T5047] binder: 5045:5047 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 55.171198][ T5073] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 55.174160][ T5073] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 55.300132][ T5083] netlink: 758 bytes leftover after parsing attributes in process `syz.3.269'. [ 55.541801][ T4377] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 55.661323][ T5088] binder: 5087:5088 unknown command 0 [ 55.662353][ T5088] binder: 5087:5088 ioctl c0306201 20000000 returned -22 [ 55.663818][ T5088] binder: 5087:5088 ioctl 8933 0 returned -22 [ 55.723181][ T4377] usb 1-1: config 0 has no interfaces? [ 55.725855][ T4377] usb 1-1: New USB device found, idVendor=1de1, idProduct=c102, bcdDevice=fb.9d [ 55.727560][ T4377] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 55.729004][ T4377] usb 1-1: Product: syz [ 55.729707][ T4377] usb 1-1: Manufacturer: syz [ 55.730462][ T4377] usb 1-1: SerialNumber: syz [ 55.733801][ T4377] usb 1-1: config 0 descriptor?? [ 55.899862][ T5103] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 55.904947][ T5103] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 55.947518][ T4377] usb 1-1: USB disconnect, device number 6 [ 56.500966][ T5134] binder: 5133:5134 ioctl c0306201 0 returned -14 [ 56.566001][ T5140] netlink: 4 bytes leftover after parsing attributes in process `syz.4.293'. [ 56.667828][ T5150] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 56.672331][ T5150] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 56.701303][ T5156] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 56.705795][ T5156] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 56.741154][ T5160] binder: 5159:5160 ioctl c0306201 0 returned -14 [ 56.978770][ T5175] usb usb8: usbfs: process 5175 (syz.1.309) did not claim interface 0 before use [ 57.085538][ T5185] binder: 5182:5185 ioctl c0306201 0 returned -14 [ 57.159792][ T5193] device syzkaller1 entered promiscuous mode [ 57.746448][ T5221] netlink: 32 bytes leftover after parsing attributes in process `syz.3.328'. [ 58.119642][ T5248] netlink: 32 bytes leftover after parsing attributes in process `syz.0.340'. [ 58.148983][ T5256] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 58.151447][ T5256] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 58.745674][ T5302] binder_user_error: 30 callbacks suppressed [ 58.745683][ T5302] binder: 5301:5302 tried to acquire reference to desc 0, got 1 instead [ 58.749223][ T1514] binder_debug: 55 callbacks suppressed [ 58.749229][ T1514] binder: undelivered TRANSACTION_COMPLETE [ 58.751208][ T1514] binder: undelivered TRANSACTION_COMPLETE [ 58.763017][ T1514] binder: undelivered transaction 129, process died. [ 58.764174][ T1514] binder: undelivered transaction 128, process died. [ 58.846899][ T5313] binder: 5312:5313 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 58.853438][ T5313] binder: 5312:5313 BC_FREE_BUFFER u0000000020ffd000 no match [ 58.857058][ T5313] binder: 5312:5313 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 58.861360][ T5313] binder: 5313 RLIMIT_NICE not set [ 59.020086][ T1514] binder: undelivered TRANSACTION_ERROR: 29201 [ 59.092454][ T5330] binder: 5329:5330 tried to acquire reference to desc 0, got 1 instead [ 59.111281][ T1514] binder: undelivered TRANSACTION_COMPLETE [ 59.112367][ T1514] binder: undelivered TRANSACTION_COMPLETE [ 59.124696][ T4333] binder: undelivered transaction 136, process died. [ 59.125854][ T4333] binder: undelivered transaction 135, process died. [ 59.140954][ T5336] IPVS: wlc: FWM 3 0x00000003 - no destination available [ 59.236551][ T5347] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 59.239322][ T5347] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 59.284898][ T5352] binder: 5351:5352 got transaction to invalid handle, 1 [ 59.286234][ T5352] binder: 5352:5351 cannot find target node [ 59.288191][ T5352] binder: 5351:5352 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 59.290244][ T5352] binder: 5352 RLIMIT_NICE not set [ 59.339372][ T5357] binder: 5351:5357 got transaction to invalid handle, 3 [ 59.351956][ T5359] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 59.356903][ T5359] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 59.871820][ T4333] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 59.898319][ T5390] binder: 5389:5390 ioctl c0306201 0 returned -14 [ 60.051775][ T4333] usb 1-1: Using ep0 maxpacket: 16 [ 60.054410][ T4333] usb 1-1: unable to get BOS descriptor or descriptor too short [ 60.056771][ T4333] usb 1-1: config 1 has an invalid interface number: 244 but max is 1 [ 60.058284][ T4333] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 60.059943][ T4333] usb 1-1: config 1 has 3 interfaces, different from the descriptor's value: 2 [ 60.061671][ T4333] usb 1-1: config 1 has no interface number 2 [ 60.065497][ T4333] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 60.067644][ T4333] usb 1-1: config 1 interface 244 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 60.070086][ T4333] usb 1-1: config 1 interface 244 has no altsetting 0 [ 60.074474][ T4333] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 60.076129][ T4333] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 60.077848][ T4333] usb 1-1: Product: syz [ 60.078527][ T4333] usb 1-1: Manufacturer: syz [ 60.079443][ T4333] usb 1-1: SerialNumber: syz [ 60.215950][ T4337] Bluetooth: hci0: ACL packet for unknown connection handle 201 [ 60.404858][ T5406] tipc: Started in network mode [ 60.405875][ T5406] tipc: Node identity 12419dfe6e88, cluster identity 4711 [ 60.407101][ T5406] tipc: Enabled bearer , priority 0 [ 60.408605][ T5406] device syzkaller0 entered promiscuous mode [ 60.452290][ T5406] netlink: 12 bytes leftover after parsing attributes in process `syz.1.407'. [ 60.454588][ T5405] tipc: Resetting bearer [ 60.533139][ T5405] tipc: Disabling bearer [ 60.677674][ T5414] binder: 5413:5414 ioctl c0306201 0 returned -14 [ 60.678036][ T5416] netlink: 16 bytes leftover after parsing attributes in process `syz.3.411'. [ 60.827650][ T4333] cdc_ncm 1-1:1.0: CDC Union missing and no IAD found [ 60.829066][ T4333] cdc_ncm 1-1:1.0: bind() failure [ 60.832075][ T4333] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 60.833277][ T4333] cdc_ncm 1-1:1.1: bind() failure [ 60.846441][ T4333] cdc_mbim: probe of 1-1:1.244 failed with error -71 [ 60.849751][ T4333] usb 1-1: USB disconnect, device number 7 [ 61.013363][ T5444] device syzkaller0 entered promiscuous mode [ 61.401813][ T4333] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 61.582252][ T5453] device syzkaller0 entered promiscuous mode [ 61.591833][ T4333] usb 1-1: Using ep0 maxpacket: 16 [ 61.593995][ T4333] usb 1-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 61.595518][ T4333] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 61.598281][ T4333] usb 1-1: config 0 descriptor?? [ 61.610035][ T4333] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 61.616934][ T5455] binder: 5454:5455 ioctl c0306201 0 returned -14 [ 62.081509][ T5487] netlink: 4 bytes leftover after parsing attributes in process `syz.1.435'. [ 62.613164][ T4333] gspca_sonixj: reg_w1 err -71 [ 62.642021][ T4333] sonixj: probe of 1-1:0.0 failed with error -71 [ 62.647319][ T4333] usb 1-1: USB disconnect, device number 8 [ 62.786191][ T5502] device syzkaller0 entered promiscuous mode [ 63.074976][ T5511] netlink: 'syz.1.445': attribute type 29 has an invalid length. [ 63.076627][ T5511] netlink: 'syz.1.445': attribute type 29 has an invalid length. [ 63.299636][ T5534] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 63.301568][ T5534] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 63.321107][ T4337] Bluetooth: hci3: Unknown advertising packet type: 0x3131 [ 63.321142][ T4337] Bluetooth: hci3: Malformed LE Event: 0x0d [ 63.571163][ T5537] device syzkaller0 entered promiscuous mode [ 63.714113][ T27] kauditd_printk_skb: 24 callbacks suppressed [ 63.714125][ T27] audit: type=1326 audit(63.700:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5540 comm="syz.2.457" exe="/root/ci2-linux-6-1-kasan-arm64/syz-executor" sig=9 arch=c00000b7 syscall=98 compat=0 ip=0xffff8b1789e8 code=0x0 [ 63.895150][ T5550] binder_user_error: 26 callbacks suppressed [ 63.895160][ T5550] binder: 5549:5550 tried to acquire reference to desc 0, got 1 instead [ 63.901421][ T4377] binder_debug: 41 callbacks suppressed [ 63.901429][ T4377] binder: undelivered TRANSACTION_COMPLETE [ 63.903786][ T4377] binder: undelivered TRANSACTION_COMPLETE [ 63.921092][ T4377] binder: undelivered transaction 196, process died. [ 63.923003][ T4377] binder: undelivered transaction 195, process died. [ 64.063726][ T5572] 8021q: VLANs not supported on caif0 [ 64.127024][ T5578] device syzkaller0 entered promiscuous mode [ 64.241782][ T4377] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 64.421884][ T4377] usb 1-1: Using ep0 maxpacket: 32 [ 64.424116][ T4377] usb 1-1: config 0 has an invalid interface number: 45 but max is 0 [ 64.425592][ T4377] usb 1-1: config 0 has no interface number 0 [ 64.426657][ T4377] usb 1-1: config 0 interface 45 has no altsetting 0 [ 64.429277][ T4377] usb 1-1: New USB device found, idVendor=2304, idProduct=0222, bcdDevice=77.3f [ 64.430732][ T4377] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 64.434615][ T4377] usb 1-1: Product: syz [ 64.435369][ T4377] usb 1-1: Manufacturer: syz [ 64.436183][ T4377] usb 1-1: SerialNumber: syz [ 64.438050][ T4377] usb 1-1: config 0 descriptor?? [ 64.440486][ T4377] dvb-usb: found a 'Pinnacle 450e DVB-S USB2.0' in warm state. [ 64.442088][ T4377] dvb-usb: bulk message failed: -22 (4/0) [ 64.443101][ T4377] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 64.443705][ T5583] fuse: root generation should be zero [ 64.444611][ T4377] dvb-usb: bulk message failed: -22 (5/0) [ 64.446444][ T4377] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 64.450331][ T4377] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 64.454528][ T4377] dvbdev: DVB: registering new adapter (Pinnacle 450e DVB-S USB2.0) [ 64.456001][ T4377] usb 1-1: media controller created [ 64.461400][ T4377] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 64.470675][ T4377] ttusb2: set interface to alts=3 failed [ 64.486537][ T4377] DVB: Unable to find symbol tda10086_attach() [ 64.487535][ T4377] dvb-usb: no frontend was attached by 'Pinnacle 450e DVB-S USB2.0' [ 64.494440][ T2062] ieee802154 phy0 wpan0: encryption failed: -22 [ 64.495570][ T2062] ieee802154 phy1 wpan1: encryption failed: -22 [ 64.498306][ T4377] dvb-usb: bulk message failed: -22 (4/0) [ 64.499293][ T4377] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 64.502341][ T4377] dvb-usb: bulk message failed: -22 (5/0) [ 64.504851][ T4377] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0) [ 64.507916][ T4377] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully initialized and connected. [ 64.508697][ T5588] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 64.512252][ T5588] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 64.558240][ T5590] binder: 5589:5590 tried to acquire reference to desc 0, got 1 instead [ 64.562501][ T4377] binder: undelivered TRANSACTION_COMPLETE [ 64.563620][ T4377] binder: undelivered TRANSACTION_COMPLETE [ 64.570691][ T4377] binder: undelivered transaction 202, process died. [ 64.572118][ T4377] binder: undelivered transaction 201, process died. [ 64.585385][ T5592] binder: 5591:5592 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 64.588008][ T5592] binder: 5591:5592 BC_FREE_BUFFER u0000000020ffd000 no match [ 64.589246][ T5592] binder: 5591:5592 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 64.591384][ T5592] binder: 5592 RLIMIT_NICE not set [ 64.650303][ T5560] ttusb2: more than 2 i2c messages at a time is not handled yet. TODO. [ 64.653138][ T5560] dvb-usb: bulk message failed: -22 (7/0) [ 64.654474][ T5560] ttusb2: there might have been an error during control message transfer. (rlen = 3, was 0) [ 64.656919][ T5560] ttusb2: i2c transfer failed. [ 64.670685][ T4372] usb 1-1: USB disconnect, device number 9 [ 64.680470][ T4372] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully deinitialized and disconnected. [ 64.920220][ T5611] device syzkaller0 entered promiscuous mode [ 65.028089][ T5622] binder: 5621:5622 tried to acquire reference to desc 0, got 1 instead [ 65.045367][ T4333] binder: undelivered TRANSACTION_COMPLETE [ 65.046450][ T4333] binder: undelivered TRANSACTION_COMPLETE [ 65.101316][ T4337] Bluetooth: hci4: ACL packet for unknown connection handle 201 [ 65.163777][ T5639] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 65.165305][ T5639] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 65.169047][ T5639] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 65.172237][ T5639] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 65.478079][ T5655] netlink: 20 bytes leftover after parsing attributes in process `syz.2.497'. [ 65.489077][ T5655] netlink: 20 bytes leftover after parsing attributes in process `syz.2.497'. [ 65.490897][ T5655] netlink: 20 bytes leftover after parsing attributes in process `syz.2.497'. [ 65.576482][ T5663] binder: 5662:5663 tried to acquire reference to desc 0, got 1 instead [ 65.597239][ T5665] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 65.598811][ T5665] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 65.666600][ T5669] device syzkaller0 entered promiscuous mode [ 65.852631][ T5671] device syzkaller0 entered promiscuous mode [ 65.925838][ T5673] binder: 5672:5673 ioctl 4018620d 0 returned -22 [ 65.927433][ T5673] binder: 5672:5673 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 65.930162][ T5673] binder: 5672:5673 got transaction to invalid handle, 1 [ 66.210739][ T5686] binder_alloc: 5684: pid 5684 spamming oneway? 2 buffers allocated for a total size of 5120 [ 66.213702][ T5686] binder: 5684:5686 ioctl c0306201 0 returned -14 [ 66.247732][ T5692] device syzkaller0 entered promiscuous mode [ 66.485380][ T5698] device syzkaller0 entered promiscuous mode [ 66.945362][ T5718] binder_alloc: 5717: pid 5717 spamming oneway? 2 buffers allocated for a total size of 5120 [ 66.947661][ T5718] binder: 5717:5718 ioctl c0306201 0 returned -14 [ 66.987958][ T5720] device syzkaller0 entered promiscuous mode [ 67.099879][ T5724] device geneve2 entered promiscuous mode [ 67.103252][ T5722] device syzkaller0 entered promiscuous mode [ 67.155235][ T5728] binder: 5727:5728 ioctl 4018620d 0 returned -22 [ 67.645443][ T5734] tipc: Cannot configure node identity twice [ 67.672026][ T4372] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 67.763582][ T27] audit: type=1326 audit(67.750:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5744 comm="syz.3.538" exe="/root/ci2-linux-6-1-kasan-arm64/syz-executor" sig=9 arch=c00000b7 syscall=98 compat=0 ip=0xffff9ff789e8 code=0x0 [ 67.815705][ T5747] netlink: 14 bytes leftover after parsing attributes in process `syz.4.539'. [ 67.831790][ T4372] usb 1-1: device descriptor read/64, error -71 [ 67.973159][ T5749] device geneve2 entered promiscuous mode [ 68.008573][ T5751] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 68.010294][ T5751] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 68.020295][ T5751] netlink: 28 bytes leftover after parsing attributes in process `syz.2.541'. [ 68.111787][ T4372] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 68.233821][ T5757] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 68.235401][ T5757] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 68.281837][ T4372] usb 1-1: device descriptor read/64, error -71 [ 68.402927][ T4372] usb usb1-port1: attempt power cycle [ 68.614581][ T5768] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 68.617277][ T5768] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 68.699502][ T5773] binder: 5772:5773 ioctl 4018620d 0 returned -22 [ 68.760106][ T5775] device geneve2 entered promiscuous mode [ 68.821821][ T4372] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 68.852210][ T4372] usb 1-1: device descriptor read/8, error -71 [ 69.135080][ T4372] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 69.172650][ T4372] usb 1-1: device descriptor read/8, error -71 [ 69.301947][ T4372] usb usb1-port1: unable to enumerate USB device [ 69.348052][ T5808] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 69.349713][ T5808] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 69.474352][ T5814] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 69.476884][ T5814] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 69.531811][ T4372] binder_debug: 22 callbacks suppressed [ 69.531822][ T4372] binder: undelivered TRANSACTION_ERROR: 29201 [ 69.600354][ T5823] binder_user_error: 15 callbacks suppressed [ 69.600363][ T5823] binder: 5822:5823 tried to acquire reference to desc 0, got 1 instead [ 69.603844][ T5823] binder_alloc: 5822: pid 5822 spamming oneway? 2 buffers allocated for a total size of 5120 [ 69.606411][ T4372] binder: undelivered TRANSACTION_COMPLETE [ 69.607491][ T4372] binder: undelivered TRANSACTION_COMPLETE [ 69.613220][ T22] cfg80211: failed to load regulatory.db [ 69.617783][ T22] binder: undelivered transaction 242, process died. [ 69.618915][ T22] binder: undelivered transaction 241, process died. [ 69.689196][ T5831] netlink: 4 bytes leftover after parsing attributes in process `syz.2.572'. [ 70.035206][ T5843] binder: BINDER_SET_CONTEXT_MGR already set [ 70.036515][ T5843] binder: 5842:5843 ioctl 4018620d 20000040 returned -16 [ 70.038135][ T5843] binder: 5842:5843 got transaction to invalid handle, 1 [ 70.039524][ T5843] binder: 5843:5842 cannot find target node [ 70.040433][ T5843] binder: 5842:5843 transaction async to 0:0 failed 244/29201/-22, size 0-0 line 3045 [ 70.042618][ T5843] binder: 5842:5843 BC_FREE_BUFFER u0000000020ffd000 no match [ 70.043974][ T5843] binder: 5842:5843 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 70.046039][ T5843] binder: 5843 RLIMIT_NICE not set [ 70.223724][ T5847] device syzkaller0 entered promiscuous mode [ 70.289652][ T5849] binder: 5848:5849 tried to acquire reference to desc 0, got 1 instead [ 70.297556][ T5849] binder_alloc: 5848: pid 5848 spamming oneway? 2 buffers allocated for a total size of 5120 [ 70.300351][ T4372] binder: undelivered TRANSACTION_COMPLETE [ 70.301434][ T4372] binder: undelivered TRANSACTION_COMPLETE [ 70.309959][ T4333] binder: undelivered transaction 250, process died. [ 70.327196][ T5851] fuse: Bad value for 'fd' [ 70.364294][ T5853] IPv6: NLM_F_CREATE should be specified when creating new route [ 70.397872][ T27] audit: type=1326 audit(70.380:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5856 comm="syz.2.584" exe="/root/ci2-linux-6-1-kasan-arm64/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8b1789e8 code=0x7ffc0000 [ 70.403610][ T27] audit: type=1326 audit(70.380:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5856 comm="syz.2.584" exe="/root/ci2-linux-6-1-kasan-arm64/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffff8b1789e8 code=0x7ffc0000 [ 70.407686][ T27] audit: type=1326 audit(70.380:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5856 comm="syz.2.584" exe="/root/ci2-linux-6-1-kasan-arm64/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8b1789e8 code=0x7ffc0000 [ 70.412339][ T27] audit: type=1326 audit(70.380:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5856 comm="syz.2.584" exe="/root/ci2-linux-6-1-kasan-arm64/syz-executor" sig=0 arch=c00000b7 syscall=204 compat=0 ip=0xffff8b1789e8 code=0x7ffc0000 [ 70.425478][ T27] audit: type=1326 audit(70.380:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5856 comm="syz.2.584" exe="/root/ci2-linux-6-1-kasan-arm64/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8b1789e8 code=0x7ffc0000 [ 70.481280][ T5865] binder: 5863:5865 ioctl 4018620d 0 returned -22 [ 70.483516][ T5865] binder: tried to use weak ref as strong ref [ 70.484600][ T5865] binder: 5863:5865 Acquire 1 refcount change on invalid ref 0 ret -22 [ 70.486230][ T5865] binder: 5863:5865 got transaction to invalid handle, 1 [ 70.488103][ T5865] binder: 5863:5865 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 70.798195][ T14] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 70.801596][ T14] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 70.871838][ T4372] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 70.900611][ T5877] fuse: Bad value for 'fd' [ 70.925888][ T5880] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 70.927711][ T5880] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 71.020044][ T5882] netlink: 12 bytes leftover after parsing attributes in process `syz.2.594'. [ 71.065150][ T4372] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 71.066672][ T4372] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 71.069078][ T4372] usb 1-1: config 0 descriptor?? [ 71.125811][ T5885] tc action pedit 'at' offset 6 out of bounds [ 71.126978][ T5885] tc action pedit 'at' offset 6 out of bounds [ 71.128076][ T5885] tc action pedit 'at' offset 6 out of bounds [ 71.129095][ T5885] tc action pedit 'at' offset 6 out of bounds [ 71.130122][ T5885] tc action pedit 'at' offset 6 out of bounds [ 71.131182][ T5885] tc action pedit 'at' offset 6 out of bounds [ 71.132314][ T5885] tc action pedit 'at' offset 6 out of bounds [ 71.133328][ T5885] tc action pedit 'at' offset 6 out of bounds [ 71.134409][ T5885] tc action pedit 'at' offset 6 out of bounds [ 71.135431][ T5885] tc action pedit 'at' offset 6 out of bounds [ 71.136461][ T5885] tc action pedit 'at' offset 6 out of bounds [ 71.137476][ T5885] tc action pedit 'at' offset 6 out of bounds [ 71.138472][ T5885] tc action pedit 'at' offset 6 out of bounds [ 71.139461][ T5885] tc action pedit 'at' offset 6 out of bounds [ 71.140465][ T5885] tc action pedit 'at' offset 6 out of bounds [ 71.141559][ T5885] tc action pedit 'at' offset 6 out of bounds [ 71.142639][ T5885] tc action pedit 'at' offset 6 out of bounds [ 71.143644][ T5885] 0: reclassify loop, rule prio 0, protocol 800 [ 71.273812][ T4372] [drm] vendor descriptor length:6 data:06 5f 01 00 00 00 00 00 00 00 00 [ 71.275261][ T4372] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor [ 71.299731][ T5889] device syzkaller0 entered promiscuous mode [ 71.477076][ T4372] [drm:udl_init] *ERROR* Selecting channel failed [ 71.483196][ T4372] [drm] Initialized udl 0.0.1 20120220 for 1-1:0.0 on minor 2 [ 71.484608][ T4372] [drm] Initialized udl on minor 2 [ 71.492183][ T4372] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 71.494237][ T4372] udl 1-1:0.0: [drm] Cannot find any crtc or sizes [ 71.508969][ T4372] usb 1-1: USB disconnect, device number 14 [ 71.510974][ T22] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffed [ 71.513108][ T22] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffed [ 71.514543][ T22] udl 1-1:0.0: [drm] Cannot find any crtc or sizes [ 71.537983][ T5902] binder: BINDER_SET_CONTEXT_MGR already set [ 71.539123][ T5902] binder: 5901:5902 ioctl 4018620d 20000040 returned -16 [ 71.666130][ T5906] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 71.668254][ T5906] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 71.751689][ T5914] binder: 5913:5914 ioctl 4018620d 0 returned -22 [ 72.055279][ T5921] binder_alloc: 5920: pid 5920 spamming oneway? 2 buffers allocated for a total size of 5120 [ 72.085620][ T5923] device syzkaller0 entered promiscuous mode [ 72.264750][ T5925] netlink: 'syz.4.612': attribute type 6 has an invalid length. [ 72.266049][ T5925] netlink: 8 bytes leftover after parsing attributes in process `syz.4.612'. [ 72.388330][ T5936] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 72.396402][ T5936] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 73.236331][ T5938] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 73.237513][ T5938] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 73.240930][ T5938] Bluetooth: hci0: Suspend notifier action (1) failed: -4 [ 73.244483][ T5938] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 73.245724][ T5938] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 73.248114][ T5938] Bluetooth: hci3: Suspend notifier action (1) failed: -4 [ 73.249377][ T5938] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 73.250400][ T5938] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 73.255004][ T5938] Bluetooth: hci1: Suspend notifier action (1) failed: -4 [ 73.256453][ T5938] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 73.257501][ T5938] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 73.260116][ T5938] Bluetooth: hci2: Suspend notifier action (1) failed: -4 [ 73.368958][ T5965] device syzkaller0 entered promiscuous mode [ 73.405859][ T5965] tipc: Enabled bearer , priority 0 [ 73.407865][ T5964] tipc: Resetting bearer [ 73.452747][ T5964] tipc: Disabling bearer [ 73.464893][ T5967] netlink: 20 bytes leftover after parsing attributes in process `syz.1.630'. [ 73.547193][ T5969] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 73.551295][ T5969] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 73.555207][ T5971] binder: 5970:5971 ioctl 4018620d 0 returned -22 [ 73.564561][ T5973] binder_alloc: 5972: pid 5972 spamming oneway? 2 buffers allocated for a total size of 5120 [ 73.566547][ T5973] binder_alloc: 5972: pid 5972 spamming oneway? 3 buffers allocated for a total size of 5128 [ 73.692702][ T4334] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 73.695195][ T4334] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 73.696885][ T4334] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 73.698811][ T4334] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 73.700594][ T4334] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 73.704506][ T4334] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 73.864099][ T11] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 73.865953][ T11] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 73.907505][ T5978] chnl_net:caif_netlink_parms(): no params data found [ 73.963042][ T11] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 73.964892][ T11] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 73.967711][ T5978] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.969076][ T5978] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.970629][ T5978] device bridge_slave_0 entered promiscuous mode [ 73.974304][ T5978] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.975522][ T5978] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.977086][ T5978] device bridge_slave_1 entered promiscuous mode [ 73.984049][ T5978] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.987004][ T5978] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 73.994219][ T5978] team0: Port device team_slave_0 added [ 73.996750][ T5978] team0: Port device team_slave_1 added [ 74.004480][ T5978] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 74.005618][ T5978] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.010172][ T5978] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 74.054327][ T11] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 74.056151][ T11] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 74.059410][ T5978] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 74.060701][ T5978] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.065975][ T5978] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 74.120938][ T4334] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 74.128923][ T4334] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 74.130969][ T4334] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 74.135664][ T5978] device hsr_slave_0 entered promiscuous mode [ 74.138746][ T4334] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 74.140351][ T4334] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 74.144665][ T4334] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 74.154962][ T5978] device hsr_slave_1 entered promiscuous mode [ 74.191989][ T5978] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 74.193190][ T5978] Cannot create hsr debugfs directory [ 74.225882][ T11] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 74.227776][ T11] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 74.291781][ T5978] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 74.341763][ T4372] usb 1-1: new full-speed USB device number 15 using dummy_hcd [ 74.345741][ T5978] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 74.387572][ T5992] chnl_net:caif_netlink_parms(): no params data found [ 74.389921][ T5978] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 74.423308][ T5978] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 74.443709][ T6010] binder_alloc: 6009: pid 6009 spamming oneway? 2 buffers allocated for a total size of 5120 [ 74.445916][ T6010] binder_alloc: 6009: pid 6009 spamming oneway? 3 buffers allocated for a total size of 5128 [ 74.490695][ T6008] device syzkaller0 entered promiscuous mode [ 74.492054][ T4337] Bluetooth: hci0: command 0x0c1a tx timeout [ 74.537558][ T4372] usb 1-1: config 1 has an invalid interface number: 62 but max is 1 [ 74.539057][ T4372] usb 1-1: config 1 has an invalid interface number: 139 but max is 1 [ 74.540398][ T4372] usb 1-1: config 1 has no interface number 0 [ 74.541428][ T4372] usb 1-1: config 1 has no interface number 1 [ 74.542688][ T4372] usb 1-1: config 1 interface 62 altsetting 227 has an invalid endpoint with address 0x0, skipping [ 74.544435][ T4372] usb 1-1: config 1 interface 62 has no altsetting 0 [ 74.545597][ T4372] usb 1-1: config 1 interface 139 has no altsetting 0 [ 74.548129][ T4372] usb 1-1: New USB device found, idVendor=2caf, idProduct=13a3, bcdDevice=bd.dc [ 74.549709][ T4372] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 74.550972][ T4372] usb 1-1: Product: syz [ 74.551543][ T4372] usb 1-1: Manufacturer: syz [ 74.555924][ T4372] usb 1-1: SerialNumber: syz [ 74.716827][ T5978] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.718419][ T5978] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.719844][ T5978] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.720941][ T5978] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.730342][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.735041][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.769723][ T4372] ftdi_sio 1-1:1.62: FTDI USB Serial Device converter detected [ 74.771356][ T4372] ftdi_sio ttyUSB0: unknown device type: 0xbddc [ 74.781312][ T5992] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.785287][ T5992] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.786307][ T4372] usb 1-1: bad CDC descriptors [ 74.787858][ T4372] usb 1-1: bad CDC descriptors [ 74.789513][ T4372] ftdi_sio 1-1:1.139: FTDI USB Serial Device converter detected [ 74.791044][ T5992] device bridge_slave_0 entered promiscuous mode [ 74.791475][ T4372] ftdi_sio ttyUSB1: unknown device type: 0xbddc [ 74.793462][ T5992] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.794674][ T5992] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.801506][ T5992] device bridge_slave_1 entered promiscuous mode [ 74.813005][ T11] tipc: Left network mode [ 74.820236][ T4372] usb 1-1: USB disconnect, device number 15 [ 74.821573][ T4372] ftdi_sio 1-1:1.62: device disconnected [ 74.828862][ T4372] ftdi_sio 1-1:1.139: device disconnected [ 74.851579][ T5978] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.854428][ T5992] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.859607][ T1687] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 74.861173][ T1687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 74.867393][ T5992] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.876459][ T5992] team0: Port device team_slave_0 added [ 74.881079][ T5992] team0: Port device team_slave_1 added [ 74.893808][ T5978] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.997270][ T4337] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 74.998995][ T4337] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 75.000331][ T4337] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 75.005417][ T4337] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 75.007034][ T4337] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 75.008355][ T4337] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 75.079907][ T5992] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 75.081396][ T5992] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.090925][ T5992] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 75.095106][ T5992] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 75.096487][ T5992] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.100917][ T5992] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 75.111585][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 75.113985][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 75.115573][ T4383] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.116644][ T4383] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.213630][ T5992] device hsr_slave_0 entered promiscuous mode [ 75.262033][ T5992] device hsr_slave_1 entered promiscuous mode [ 75.291833][ T4337] Bluetooth: hci1: command 0x0c1a tx timeout [ 75.292869][ T4337] Bluetooth: hci3: command 0x0c1a tx timeout [ 75.295794][ T6048] binder: 6047:6048 ioctl c0306201 0 returned -14 [ 75.297167][ T6048] binder_user_error: 21 callbacks suppressed [ 75.297173][ T6048] binder: 6047:6048 got transaction to invalid handle, 1 [ 75.299451][ T6048] binder_debug: 39 callbacks suppressed [ 75.299464][ T6048] binder: 6048:6047 cannot find target node [ 75.301404][ T6048] binder: 6047:6048 transaction call to 0:0 failed 288/29201/-22, size 72-24 line 3045 [ 75.305433][ T6048] binder: 6047:6048 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 75.307637][ T6048] binder: 6048 RLIMIT_NICE not set [ 75.312002][ T5992] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 75.313861][ T5992] Cannot create hsr debugfs directory [ 75.321146][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 75.323347][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 75.326584][ T4383] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.327858][ T4383] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.356461][ T6049] binder: 6047:6049 got transaction to invalid handle, 3 [ 75.357740][ T6049] binder: 6049:6047 cannot find target node [ 75.358828][ T6049] binder: 6047:6049 transaction call to 0:0 failed 289/29201/-22, size 0-0 line 3045 [ 75.360468][ T6049] binder: undelivered TRANSACTION_ERROR: 29201 [ 75.403053][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 75.405043][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 75.406892][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 75.409271][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 75.414892][ T5978] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 75.416531][ T5978] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 75.465191][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 75.466983][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 75.468867][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 75.470620][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 75.476636][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 75.478672][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 75.481315][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 75.493592][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 75.696870][ T6041] chnl_net:caif_netlink_parms(): no params data found [ 75.772321][ T4341] Bluetooth: hci2: command 0x0409 tx timeout [ 75.793553][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 75.794938][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 75.798854][ T6041] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.800078][ T6041] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.806509][ T6041] device bridge_slave_0 entered promiscuous mode [ 75.846799][ T5978] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.849336][ T6041] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.850758][ T6041] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.857189][ T6041] device bridge_slave_1 entered promiscuous mode [ 75.871860][ T6041] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 75.874670][ T6041] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 75.947195][ T6095] binder: 6094:6095 tried to acquire reference to desc 0, got 1 instead [ 75.949104][ T6095] binder_alloc: 6094: pid 6094 spamming oneway? 2 buffers allocated for a total size of 5120 [ 75.951014][ T6095] binder_alloc: 6094: pid 6094 spamming oneway? 3 buffers allocated for a total size of 5128 [ 75.953628][ T4372] binder: undelivered TRANSACTION_COMPLETE [ 75.955441][ T4372] binder: undelivered TRANSACTION_COMPLETE [ 75.956588][ T4372] binder: undelivered TRANSACTION_COMPLETE [ 75.959597][ T5992] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 75.967375][ T112] binder: undelivered transaction 295, process died. [ 75.968441][ T112] binder: undelivered transaction 296, process died. [ 75.984458][ T6041] team0: Port device team_slave_0 added [ 75.987632][ T6041] team0: Port device team_slave_1 added [ 76.047134][ T5992] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 76.063422][ T5992] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 76.113014][ T5992] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 76.172331][ T4337] Bluetooth: hci4: command 0x0409 tx timeout [ 76.474120][ T4337] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 76.475967][ T4337] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 76.477426][ T4337] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 76.479791][ T4337] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 76.481588][ T4337] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 76.483522][ T4337] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 76.507415][ T6041] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 76.508781][ T6041] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.514019][ T6041] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 76.571387][ T6041] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 76.576184][ T6041] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.580752][ T6041] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 76.610507][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 76.612839][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 76.915329][ T5978] device veth0_vlan entered promiscuous mode [ 76.919196][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 76.920858][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 76.925062][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 76.926648][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 76.963263][ T6041] device hsr_slave_0 entered promiscuous mode [ 77.002356][ T6041] device hsr_slave_1 entered promiscuous mode [ 77.042111][ T6041] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 77.043457][ T6041] Cannot create hsr debugfs directory [ 77.051962][ T4337] Bluetooth: hci0: command 0x0409 tx timeout [ 77.110615][ T11] device hsr_slave_0 left promiscuous mode [ 77.151795][ T11] device hsr_slave_1 left promiscuous mode [ 77.232065][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 77.233408][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 77.235259][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 77.236536][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 77.238072][ T11] device bridge_slave_1 left promiscuous mode [ 77.239841][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.293724][ T11] device bridge_slave_0 left promiscuous mode [ 77.294919][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.372090][ T4337] Bluetooth: hci3: command 0x0406 tx timeout [ 77.462140][ T11] device veth1_macvtap left promiscuous mode [ 77.463428][ T11] device veth0_macvtap left promiscuous mode [ 77.465074][ T11] device veth1_vlan left promiscuous mode [ 77.466169][ T11] device veth0_vlan left promiscuous mode [ 77.851755][ T4337] Bluetooth: hci2: command 0x041b tx timeout [ 78.214498][ T11] bond1 (unregistering): Released all slaves [ 78.251776][ T4341] Bluetooth: hci4: command 0x041b tx timeout [ 78.491796][ T4341] Bluetooth: hci1: command 0x0409 tx timeout [ 79.131768][ T4341] Bluetooth: hci0: command 0x041b tx timeout [ 79.931769][ T4341] Bluetooth: hci2: command 0x040f tx timeout [ 80.234305][ T11] team0 (unregistering): Port device team_slave_1 removed [ 80.331900][ T4341] Bluetooth: hci4: command 0x040f tx timeout [ 80.412807][ T11] team0 (unregistering): Port device team_slave_0 removed [ 80.571796][ T4341] Bluetooth: hci1: command 0x041b tx timeout [ 80.592228][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 80.792556][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 81.221834][ T4341] Bluetooth: hci0: command 0x040f tx timeout [ 82.021768][ T4337] Bluetooth: hci2: command 0x0419 tx timeout [ 82.253523][ T11] bond0 (unregistering): Released all slaves [ 82.411869][ T4341] Bluetooth: hci4: command 0x0419 tx timeout [ 82.470069][ T5992] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.475352][ T5978] device veth1_vlan entered promiscuous mode [ 82.502642][ T5992] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.507811][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 82.509324][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 82.543651][ T1687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 82.545353][ T1687] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 82.546971][ T1687] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.548189][ T1687] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.549897][ T1687] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 82.568926][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 82.570663][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 82.572848][ T1613] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.574086][ T1613] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.581236][ T1687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 82.600616][ T1687] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 82.613585][ T5978] device veth0_macvtap entered promiscuous mode [ 82.616313][ T5978] device veth1_macvtap entered promiscuous mode [ 82.618125][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 82.619765][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 82.621448][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 82.637195][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 82.641135][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 82.651789][ T4337] Bluetooth: hci1: command 0x040f tx timeout [ 82.653549][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 82.655246][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 82.662710][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 82.664470][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 82.665998][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 82.667603][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 82.675437][ T5992] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 82.784352][ T5978] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.786224][ T5978] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.787872][ T5978] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.789627][ T5978] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.791271][ T5978] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.794950][ T5978] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.796802][ T5978] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.798565][ T5978] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.801098][ T5978] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.803882][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 82.805424][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 82.806943][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 82.808530][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 82.934523][ T6120] chnl_net:caif_netlink_parms(): no params data found [ 82.948219][ T5978] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.950143][ T5978] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.957253][ T5978] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.959136][ T5978] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.960669][ T5978] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.967170][ T5978] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.968897][ T5978] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.970646][ T5978] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.976426][ T5978] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.978901][ T6168] binder: 6167:6168 tried to acquire reference to desc 0, got 1 instead [ 82.985602][ T6168] binder_alloc: 6167: pid 6167 spamming oneway? 2 buffers allocated for a total size of 5120 [ 82.987457][ T6168] binder_alloc: 6167: pid 6167 spamming oneway? 3 buffers allocated for a total size of 5128 [ 82.989530][ T4372] binder_debug: 2 callbacks suppressed [ 82.989535][ T4372] binder: undelivered TRANSACTION_COMPLETE [ 82.991460][ T4372] binder: undelivered TRANSACTION_COMPLETE [ 82.992533][ T4372] binder: undelivered TRANSACTION_COMPLETE [ 82.999003][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 82.999972][ T4372] binder: undelivered transaction 302, process died. [ 83.000906][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 83.001592][ T4372] binder: undelivered transaction 303, process died. [ 83.004209][ T4372] binder: undelivered transaction 301, process died. [ 83.029430][ T5978] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.031035][ T5978] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.040796][ T5978] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.046027][ T5978] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.070200][ T6178] binder: 6176:6178 ioctl c0306201 0 returned -14 [ 83.071692][ T6178] binder: 6176:6178 got transaction to invalid handle, 1 [ 83.073446][ T6178] binder: 6178:6176 cannot find target node [ 83.074556][ T6178] binder: 6176:6178 transaction call to 0:0 failed 307/29201/-22, size 72-24 line 3045 [ 83.076879][ T6178] binder: 6176:6178 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 83.078857][ T6178] binder: 6178 RLIMIT_NICE not set [ 83.105993][ T5992] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.109012][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 83.110359][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 83.128061][ T6041] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 83.130194][ T6185] binder: 6176:6185 got transaction to invalid handle, 3 [ 83.131467][ T6185] binder: 6185:6176 cannot find target node [ 83.138246][ T6185] binder: 6176:6185 transaction call to 0:0 failed 308/29201/-22, size 0-0 line 3045 [ 83.157673][ T6120] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.158979][ T6120] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.161570][ T6120] device bridge_slave_0 entered promiscuous mode [ 83.174552][ T6041] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 83.203227][ T6041] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 83.243283][ T6120] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.244548][ T6120] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.246363][ T6120] device bridge_slave_1 entered promiscuous mode [ 83.255547][ T1687] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.261198][ T1687] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.262750][ T1613] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.264287][ T1613] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.265902][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 83.269105][ T6041] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 83.291774][ T4337] Bluetooth: hci0: command 0x0419 tx timeout [ 83.313439][ T6120] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.316186][ T6120] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.320638][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 83.343698][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 83.345446][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 83.355265][ T6120] team0: Port device team_slave_0 added [ 83.361527][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 83.365983][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 83.367836][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 83.369282][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 83.371290][ T5992] device veth0_vlan entered promiscuous mode [ 83.376596][ T6120] team0: Port device team_slave_1 added [ 83.398788][ T5992] device veth1_vlan entered promiscuous mode [ 83.415727][ T6120] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.417006][ T6120] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.421585][ T6120] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.439653][ T6041] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.454061][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 83.455812][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 83.457300][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 83.459101][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 83.465019][ T6205] device syzkaller0 entered promiscuous mode [ 83.493580][ T5992] device veth0_macvtap entered promiscuous mode [ 83.495688][ T6120] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.497068][ T6120] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.501518][ T6120] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.507148][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 83.508568][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 83.510153][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 83.625941][ T6041] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.638214][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 83.640077][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 83.642040][ T1613] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.643231][ T1613] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.644661][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 83.646246][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 83.647704][ T1613] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.648858][ T1613] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.650284][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 83.653481][ T5992] device veth1_macvtap entered promiscuous mode [ 83.672152][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 83.683112][ T1687] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 83.686729][ T5992] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.697519][ T5992] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.701605][ T5992] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.704444][ T5992] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.706337][ T5992] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.708202][ T5992] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.709935][ T5992] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.711602][ T5992] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.714231][ T5992] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.716038][ T5992] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.718712][ T5992] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.773088][ T6120] device hsr_slave_0 entered promiscuous mode [ 83.812043][ T6120] device hsr_slave_1 entered promiscuous mode [ 83.851865][ T6120] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 83.853177][ T6120] Cannot create hsr debugfs directory [ 83.857242][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 83.859095][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 83.860708][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 83.863371][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 83.866121][ T5992] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.867923][ T5992] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.869533][ T5992] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.871390][ T5992] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.873525][ T5992] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.875335][ T5992] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.877018][ T5992] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.879318][ T5992] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.880989][ T5992] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.883421][ T5992] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.886261][ T5992] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.889094][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 83.890847][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 83.906154][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 83.930336][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 83.932630][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 83.936646][ T5992] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.938206][ T5992] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.939527][ T5992] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.940983][ T5992] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.964189][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 83.965878][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 83.971024][ T6041] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 83.974553][ T6041] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 83.980052][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 83.982050][ T4383] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 83.989074][ T6225] device syzkaller0 entered promiscuous mode [ 84.132966][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.134356][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.153368][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 84.180911][ T1613] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.182881][ T1613] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.184881][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 84.197631][ T6120] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 84.227226][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 84.228687][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 84.234061][ T6041] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.235501][ T6120] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 84.283502][ T6120] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 84.304251][ T6120] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 84.401917][ T6239] binder: 6237:6239 tried to acquire reference to desc 0, got 1 instead [ 84.404542][ T6239] binder_alloc: 6237: pid 6237 spamming oneway? 2 buffers allocated for a total size of 5120 [ 84.410881][ T6239] binder_alloc: 6237: pid 6237 spamming oneway? 3 buffers allocated for a total size of 5128 [ 84.452429][ T6120] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.481133][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 84.485438][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 84.488624][ T6120] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.491573][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 84.493759][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 84.495365][ T39] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.496512][ T39] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.497951][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 84.501319][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 84.504274][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 84.506017][ T55] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.507257][ T55] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.514614][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 84.538619][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 84.549129][ T6250] sctp: Trying to GSO but underlying device doesn't support it. [ 84.554010][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 84.558111][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 84.560395][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 84.562932][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 84.567646][ T6120] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 84.569350][ T6120] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 84.581117][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 84.583115][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 84.584734][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 84.586484][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 84.588113][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 84.590022][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 84.649562][ T6259] binder: 6258:6259 ioctl c0306201 0 returned -14 [ 84.650854][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 84.652955][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 84.657782][ T6257] device syzkaller0 entered promiscuous mode [ 84.659469][ T6259] binder: 6258:6259 got transaction to invalid handle, 1 [ 84.661479][ T6259] binder: 6258:6259 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 84.667701][ T6259] binder: 6259 RLIMIT_NICE not set [ 84.712532][ T6264] binder: 6258:6264 got transaction to invalid handle, 3 [ 84.730277][ T1687] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 84.732171][ T4341] Bluetooth: hci1: command 0x0419 tx timeout [ 84.733633][ T1687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 84.745625][ T6041] device veth0_vlan entered promiscuous mode [ 84.750835][ T6041] device veth1_vlan entered promiscuous mode [ 84.758216][ T1687] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 84.760134][ T1687] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 84.761646][ T1687] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 84.765956][ T1687] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 84.912455][ T1687] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 84.914359][ T1687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 84.933753][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 84.935207][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 84.939660][ T6041] device veth0_macvtap entered promiscuous mode [ 84.948752][ T6120] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.963212][ T6041] device veth1_macvtap entered promiscuous mode [ 84.989887][ T6041] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 84.992671][ T6041] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.994455][ T6041] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 84.996256][ T6041] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.997975][ T6041] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 84.999698][ T6041] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.007088][ T6041] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.009216][ T6041] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.010755][ T6041] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.013100][ T6041] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.014808][ T6041] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.016750][ T6041] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.019369][ T6041] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.020904][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 85.023177][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 85.024699][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 85.026209][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 85.038221][ T6278] binder_alloc: 6277: pid 6277 spamming oneway? 2 buffers allocated for a total size of 5120 [ 85.040458][ T6278] binder_alloc: 6277: pid 6277 spamming oneway? 3 buffers allocated for a total size of 5128 [ 85.524338][ T6041] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.525959][ T6041] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.527532][ T6041] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.529252][ T6041] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.530789][ T6041] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.533606][ T6041] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.535257][ T6041] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.536864][ T6041] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.538143][ T6041] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.539623][ T6041] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.541148][ T6041] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.542972][ T6041] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.545366][ T6041] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.561607][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 85.563493][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 85.835053][ T11] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 85.847659][ T6041] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.850032][ T6041] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.851440][ T6041] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.853975][ T6041] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.861458][ T6303] device syzkaller0 entered promiscuous mode [ 85.930886][ T6299] device syzkaller0 entered promiscuous mode [ 85.975480][ T11] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 85.997223][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 85.999373][ T1613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 86.031266][ T6120] device veth0_vlan entered promiscuous mode [ 86.038480][ T6120] device veth1_vlan entered promiscuous mode [ 86.044218][ T6019] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 86.045979][ T6019] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 86.047591][ T6019] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 86.049964][ T6019] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 86.051634][ T6019] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 86.153619][ T11] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.199253][ T1687] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 86.200888][ T1687] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 86.206782][ T1687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 86.253634][ T11] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.256312][ T1687] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.260202][ T1687] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.267088][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 86.270620][ T6120] device veth0_macvtap entered promiscuous mode [ 86.277881][ T6120] device veth1_macvtap entered promiscuous mode [ 86.290556][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.292069][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.293937][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 86.295572][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 86.297146][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 86.304203][ T6120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.305917][ T6120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.307742][ T6120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.309397][ T6120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.310959][ T6120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.314364][ T6120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.316178][ T6120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.318043][ T6120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.319777][ T6120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.321984][ T6120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.323637][ T6120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.325567][ T6120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.327261][ T6120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.329119][ T6120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.340132][ T6120] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.350224][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 86.355199][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 86.366261][ T6120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.367939][ T6120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.370360][ T6120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.373707][ T6120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.376626][ T6120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.378467][ T6120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.380272][ T6120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.384257][ T6120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.385816][ T6120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.387540][ T6120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.389283][ T6120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.391081][ T6120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.395874][ T6120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.397664][ T6120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.400156][ T6120] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.401930][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 86.403574][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 86.407638][ T6120] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.409373][ T6120] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.410911][ T6120] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.419057][ T6120] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.534250][ T11] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.556807][ T1687] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.558161][ T1687] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.568824][ T1687] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 86.580416][ T1687] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.586004][ T1687] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.614855][ T11] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.618496][ T1687] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 86.627523][ T6356] device syzkaller0 entered promiscuous mode [ 86.724294][ T11] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.766532][ T6367] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 86.768710][ T6367] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 86.914059][ T11] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.918175][ T6369] vxcan0: tx drop: invalid sa for name 0x0000000000000001 [ 86.981045][ T6372] netlink: 20 bytes leftover after parsing attributes in process `syz.5.699'. [ 87.005674][ T6377] fuse: Bad value for 'fd' [ 87.154635][ T11] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.240961][ T6404] netlink: 24 bytes leftover after parsing attributes in process `syz.5.709'. [ 87.253995][ T11] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.281576][ T6401] device syzkaller0 entered promiscuous mode [ 87.321017][ T6410] fuse: Bad value for 'fd' [ 87.362199][ T6416] fuse: Unknown parameter 'grou00000000000000000000' [ 87.397738][ T11] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.405188][ T6420] netlink: 'syz.6.716': attribute type 10 has an invalid length. [ 87.423399][ T6420] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 87.633752][ T11] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.677339][ T6437] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 87.694681][ T6437] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 87.796308][ T6447] fuse: Bad value for 'fd' [ 87.878607][ T6457] fuse: Unknown parameter 'grou00000000000000000000' [ 87.987108][ T6470] device syzkaller0 entered promiscuous mode [ 87.988804][ T11] tipc: Left network mode [ 88.007328][ T6473] netlink: 228 bytes leftover after parsing attributes in process `syz.0.731'. [ 88.192156][ T11] tipc: Left network mode [ 88.244667][ T3898] binder_debug: 31 callbacks suppressed [ 88.244676][ T3898] binder: undelivered TRANSACTION_ERROR: 29201 [ 88.299293][ T6495] fuse: Unknown parameter 'group_i00000000000000000000' [ 88.471626][ T6519] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 88.474865][ T6519] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 88.783011][ T6540] binder_user_error: 9 callbacks suppressed [ 88.783019][ T6540] binder: 6539:6540 got transaction to invalid handle, 1 [ 88.785280][ T6540] binder: 6540:6539 cannot find target node [ 88.786271][ T6540] binder: 6539:6540 transaction call to 0:0 failed 341/29201/-22, size 72-24 line 3045 [ 88.788865][ T6540] binder: 6539:6540 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 88.791077][ T6540] binder: 6540 RLIMIT_NICE not set [ 88.840716][ T6542] binder: 6539:6542 got transaction to invalid handle, 3 [ 88.842240][ T6542] binder: 6542:6539 cannot find target node [ 88.843280][ T6542] binder: 6539:6542 transaction call to 0:0 failed 342/29201/-22, size 0-0 line 3045 [ 88.845025][ T6542] binder: undelivered TRANSACTION_ERROR: 29201 [ 88.870177][ T6530] device syzkaller0 entered promiscuous mode [ 88.908010][ T6545] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 89.364210][ T6597] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 89.365783][ T6597] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 89.459105][ T6599] device syzkaller0 entered promiscuous mode [ 89.627689][ T4377] binder: undelivered TRANSACTION_ERROR: 29201 [ 89.973976][ T6650] netlink: 108 bytes leftover after parsing attributes in process `syz.6.775'. [ 90.006813][ T6652] binder: 6651:6652 got transaction to invalid handle, 1 [ 90.008328][ T6652] binder: 6652:6651 cannot find target node [ 90.009266][ T6652] binder: 6651:6652 transaction call to 0:0 failed 346/29201/-22, size 72-24 line 3045 [ 90.014345][ T6652] binder: 6651:6652 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 90.016718][ T6652] binder: 6652 RLIMIT_NICE not set [ 90.066982][ T6656] binder: 6651:6656 got transaction to invalid handle, 3 [ 90.071387][ T6656] binder: 6656:6651 cannot find target node [ 90.156271][ T6667] tipc: Failed to remove unknown binding: 66,0,0/0:2882170971/2882170973 [ 90.158199][ T6667] tipc: Failed to remove unknown binding: 66,0,0/0:2882170971/2882170972 [ 90.160223][ T6667] tipc: Failed to remove unknown binding: 66,0,0/0:2882170971/2882170973 [ 90.166502][ T6667] tipc: Failed to remove unknown binding: 66,0,0/0:2882170971/2882170972 [ 90.259406][ T6682] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 90.262654][ T6682] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 90.721084][ T6711] device syzkaller0 entered promiscuous mode [ 91.043828][ T6756] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 91.051203][ T6756] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 91.133806][ T6764] binder: 6763:6764 got transaction to invalid handle, 1 [ 91.154767][ T6764] binder: 6763:6764 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 91.477341][ T6792] netlink: 292 bytes leftover after parsing attributes in process `syz.8.806'. [ 91.610913][ T6807] netlink: 16 bytes leftover after parsing attributes in process `syz.7.812'. [ 91.756693][ T6807] netlink: 16 bytes leftover after parsing attributes in process `syz.7.812'. [ 92.036250][ T6856] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 92.038767][ T6856] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 92.283798][ T6863] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 92.322849][ T6863] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 92.986138][ T6928] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 92.987782][ T6928] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 93.259388][ T6956] netlink: 36 bytes leftover after parsing attributes in process `syz.6.847'. [ 93.405616][ T4372] binder_debug: 14 callbacks suppressed [ 93.405631][ T4372] binder: undelivered TRANSACTION_ERROR: 29201 [ 93.427307][ T6960] device ipip0 entered promiscuous mode [ 93.504438][ T11] device hsr_slave_0 left promiscuous mode [ 93.597835][ T11] device hsr_slave_1 left promiscuous mode [ 93.642439][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 93.643884][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 93.645751][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 93.647041][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 93.656127][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.689814][ T7003] netlink: 12 bytes leftover after parsing attributes in process `syz.0.858'. [ 93.694591][ T11] device bridge_slave_0 left promiscuous mode [ 93.696228][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.730361][ T11] device hsr_slave_0 left promiscuous mode [ 93.751900][ T11] device hsr_slave_1 left promiscuous mode [ 93.782793][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 93.784189][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 93.785996][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 93.787399][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 93.789025][ T11] device bridge_slave_1 left promiscuous mode [ 93.790661][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.813701][ T7015] binder_user_error: 6 callbacks suppressed [ 93.813712][ T7015] binder: 7014:7015 tried to acquire reference to desc 0, got 1 instead [ 93.816515][ T7015] binder: 7014:7015 ioctl c0306201 0 returned -14 [ 93.819124][ T7015] binder: 7014:7015 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 93.821230][ T7015] binder: 7015 RLIMIT_NICE not set [ 93.842923][ T11] device bridge_slave_0 left promiscuous mode [ 93.844063][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.870653][ T7016] binder: 7014:7016 got transaction to invalid handle, 3 [ 93.872348][ T7016] binder: 7016:7014 cannot find target node [ 93.873809][ T7016] binder: 7014:7016 transaction call to 0:0 failed 362/29201/-22, size 0-0 line 3045 [ 93.875750][ T7016] binder: undelivered TRANSACTION_ERROR: 29201 [ 93.895132][ T11] device hsr_slave_0 left promiscuous mode [ 93.932369][ T11] device hsr_slave_1 left promiscuous mode [ 94.011886][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 94.013374][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 94.015836][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 94.017005][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 94.022073][ T11] device bridge_slave_1 left promiscuous mode [ 94.023115][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.062662][ T11] device bridge_slave_0 left promiscuous mode [ 94.063920][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.201871][ T11] device veth1_macvtap left promiscuous mode [ 94.203259][ T11] device veth0_macvtap left promiscuous mode [ 94.204485][ T11] device veth1_vlan left promiscuous mode [ 94.205468][ T11] device veth0_vlan left promiscuous mode [ 94.301916][ T11] device veth1_macvtap left promiscuous mode [ 94.303112][ T11] device veth0_macvtap left promiscuous mode [ 94.304205][ T11] device veth1_vlan left promiscuous mode [ 94.305640][ T11] device veth0_vlan left promiscuous mode [ 94.352605][ T11] device veth1_macvtap left promiscuous mode [ 94.353862][ T11] device veth0_macvtap left promiscuous mode [ 94.356008][ T11] device veth1_vlan left promiscuous mode [ 94.356978][ T11] device veth0_vlan left promiscuous mode [ 94.674140][ T7032] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 94.677030][ T7032] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 96.674297][ T11] team0 (unregistering): Port device team_slave_1 removed [ 96.832598][ T11] team0 (unregistering): Port device team_slave_0 removed [ 96.992703][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 97.196717][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 98.664928][ T11] bond0 (unregistering): Released all slaves [ 101.063874][ T11] team0 (unregistering): Port device team_slave_1 removed [ 101.237317][ T11] team0 (unregistering): Port device team_slave_0 removed [ 101.433424][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 101.646174][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 103.213455][ T11] bond0 (unregistering): Released all slaves [ 105.514255][ T11] team0 (unregistering): Port device team_slave_1 removed [ 105.676180][ T11] team0 (unregistering): Port device team_slave_0 removed [ 105.832893][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 106.032600][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 107.583340][ T11] bond0 (unregistering): Released all slaves [ 108.151060][ T7064] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 108.152763][ T7064] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 108.158106][ T7065] binder: 7061:7065 tried to acquire reference to desc 0, got 1 instead [ 108.161588][ T7065] binder: 7061:7065 ioctl c0306201 0 returned -14 [ 108.168942][ T7065] binder: 7061:7065 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 108.178431][ T7065] binder: 7065 RLIMIT_NICE not set [ 108.220432][ T7073] binder: 7061:7073 got transaction to invalid handle, 3 [ 108.221588][ T7073] binder: 7073:7061 cannot find target node [ 108.223274][ T7073] binder: 7061:7073 transaction call to 0:0 failed 367/29201/-22, size 0-0 line 3045 [ 108.225034][ T7073] binder: undelivered TRANSACTION_ERROR: 29201 [ 108.714585][ T7132] device syzkaller0 entered promiscuous mode [ 108.926121][ T7161] netlink: 28 bytes leftover after parsing attributes in process `syz.7.903'. [ 109.001442][ T7167] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 109.013059][ T7167] netlink: 4 bytes leftover after parsing attributes in process `syz.7.906'. [ 109.028722][ T7167] netlink: 348 bytes leftover after parsing attributes in process `syz.7.906'. [ 109.030294][ T7167] netlink: 4 bytes leftover after parsing attributes in process `syz.7.906'. [ 109.168662][ T7188] device syzkaller0 entered promiscuous mode [ 109.261893][ T1514] usb 1-1: new full-speed USB device number 16 using dummy_hcd [ 109.320913][ T7205] binder: 7204:7205 tried to acquire reference to desc 0, got 1 instead [ 109.323171][ T7205] binder: 7204:7205 ioctl c0306201 0 returned -14 [ 109.333755][ T7205] binder: 7204:7205 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 109.335727][ T7205] binder: 7205 RLIMIT_NICE not set [ 109.385374][ T7213] binder: 7204:7213 got transaction to invalid handle, 3 [ 109.386628][ T7213] binder: 7213:7204 cannot find target node [ 109.387659][ T7213] binder: 7204:7213 transaction call to 0:0 failed 372/29201/-22, size 0-0 line 3045 [ 109.389516][ T7213] binder: undelivered TRANSACTION_ERROR: 29201 [ 109.458872][ T1514] usb 1-1: config 1 has an invalid interface number: 62 but max is 1 [ 109.460227][ T1514] usb 1-1: config 1 has an invalid interface number: 139 but max is 1 [ 109.461549][ T1514] usb 1-1: config 1 has an invalid interface association descriptor of length 7, skipping [ 109.467467][ T1514] usb 1-1: config 1 has no interface number 0 [ 109.468382][ T1514] usb 1-1: config 1 has no interface number 1 [ 109.469414][ T1514] usb 1-1: config 1 interface 62 altsetting 227 has an invalid endpoint with address 0x0, skipping [ 109.471075][ T1514] usb 1-1: config 1 interface 139 altsetting 134 has an invalid endpoint with address 0x0, skipping [ 109.474978][ T1514] usb 1-1: config 1 interface 62 has no altsetting 0 [ 109.476146][ T1514] usb 1-1: config 1 interface 139 has no altsetting 0 [ 109.492866][ T1514] usb 1-1: New USB device found, idVendor=2caf, idProduct=13a3, bcdDevice=bd.dc [ 109.494438][ T1514] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 109.495983][ T1514] usb 1-1: Product: syz [ 109.496871][ T1514] usb 1-1: Manufacturer: syz [ 109.510605][ T1514] usb 1-1: SerialNumber: syz [ 109.551897][ T7232] netlink: 104 bytes leftover after parsing attributes in process `syz.7.927'. [ 109.675276][ T7249] raw_sendmsg: syz.5.932 forgot to set AF_INET. Fix it! [ 109.701691][ T7253] netlink: 12 bytes leftover after parsing attributes in process `syz.8.933'. [ 109.738266][ T1514] ftdi_sio 1-1:1.62: FTDI USB Serial Device converter detected [ 109.739873][ T1514] ftdi_sio ttyUSB0: unknown device type: 0xbddc [ 109.753984][ T1514] usb 1-1: bad CDC descriptors [ 109.755356][ T1514] usb 1-1: bad CDC descriptors [ 109.756527][ T1514] ftdi_sio 1-1:1.139: FTDI USB Serial Device converter detected [ 109.758012][ T1514] ftdi_sio ttyUSB1: unknown device type: 0xbddc [ 109.773166][ T1514] usb 1-1: USB disconnect, device number 16 [ 109.774631][ T1514] ftdi_sio 1-1:1.62: device disconnected [ 109.776011][ T1514] ftdi_sio 1-1:1.139: device disconnected [ 109.823114][ T7268] netlink: 'syz.5.937': attribute type 2 has an invalid length. [ 109.824435][ T7268] netlink: 16 bytes leftover after parsing attributes in process `syz.5.937'. [ 110.276985][ T7323] xt_hashlimit: size too large, truncated to 1048576 [ 110.563542][ T7350] binder: BINDER_SET_CONTEXT_MGR already set [ 110.564642][ T7350] binder: 7349:7350 ioctl 4018620d 20004a80 returned -16 [ 110.574593][ T7350] binder: tried to use weak ref as strong ref [ 110.575740][ T7350] binder: 7349:7350 Acquire 1 refcount change on invalid ref 0 ret -22 [ 110.637424][ T7362] binder: 7362:7349 cannot find target node [ 110.638546][ T7362] binder: 7349:7362 transaction call to 0:0 failed 375/29201/-22, size 0-0 line 3045 [ 110.640159][ T7362] binder: undelivered TRANSACTION_ERROR: 29201 [ 110.833323][ T7366] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 110.838795][ T7366] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 110.916060][ T7371] device syzkaller0 entered promiscuous mode [ 110.918824][ T7371] 0: reclassify loop, rule prio 0, protocol 800 [ 125.932536][ T2062] ieee802154 phy0 wpan0: encryption failed: -22 [ 125.933758][ T2062] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.121701][ C0] watchdog: BUG: soft lockup - CPU#0 stuck for 23s! [syz.7.958:7335] [ 132.122998][ C0] Modules linked in: [ 132.123598][ C0] irq event stamp: 1010503 [ 132.124393][ C0] hardirqs last enabled at (1010502): [] timekeeping_get_ns+0x124/0x3b4 [ 132.126166][ C0] hardirqs last disabled at (1010503): [] el1_interrupt+0x24/0x54 [ 132.127815][ C0] softirqs last enabled at (1216): [] local_bh_enable+0x10/0x34 [ 132.129461][ C0] softirqs last disabled at (1222): [] local_bh_disable+0x10/0x34 [ 132.131154][ C0] CPU: 0 PID: 7335 Comm: syz.7.958 Not tainted syzkaller #0 [ 132.132446][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 132.134271][ C0] pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 132.135740][ C0] pc : cake_heapify+0x128/0x530 [ 132.136593][ C0] lr : cake_heapify+0x108/0x530 [ 132.137362][ C0] sp : ffff800021166db0 [ 132.138045][ C0] x29: ffff800021166dc0 x28: 0000000000000000 x27: 00000000000198d0 [ 132.139356][ C0] x26: 0000000000000b28 x25: ffff0000e2c6192a x24: 0000000000000594 [ 132.140688][ C0] x23: dfff800000000000 x22: 0000000000000b29 x21: 0000000000000000 [ 132.142099][ C0] x20: ffff0000e2c602d0 x19: 0000000000000594 x18: 0000000000000000 [ 132.143492][ C0] x17: ffff80001835b000 x16: ffff8000082d92bc x15: ffff800017e3c000 [ 132.144780][ C0] x14: 0000000000000001 x13: 1ffff00002a44071 x12: 0000000000ff0100 [ 132.146136][ C0] x11: ff00800010066bc0 x10: 0000000000000002 x9 : 0000000000000002 [ 132.147525][ C0] x8 : 1fffe0001c58c325 x7 : ffff8000083c1bd4 x6 : 0000000000000000 [ 132.148870][ C0] x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000 [ 132.150260][ C0] x2 : 0000000000000002 x1 : 0000000000000594 x0 : 0000000000001000 [ 132.151643][ C0] Call trace: [ 132.152150][ C0] cake_heapify+0x128/0x530 [ 132.152897][ C0] cake_enqueue+0x3464/0x680c [ 132.153660][ C0] netem_dequeue+0xa78/0x1080 [ 132.154431][ C0] __qdisc_run+0x1cc/0x133c [ 132.155158][ C0] __dev_queue_xmit+0xc40/0x3118 [ 132.155967][ C0] dev_queue_xmit+0x24/0x34 [ 132.156685][ C0] packet_sendmsg+0x2f9c/0x3fd0 [ 132.157526][ C0] __sys_sendto+0x324/0x440 [ 132.158333][ C0] __arm64_sys_sendto+0xd8/0xf8 [ 132.159205][ C0] invoke_syscall+0x98/0x2b4 [ 132.159988][ C0] el0_svc_common+0x138/0x258 [ 132.160797][ C0] do_el0_svc+0x58/0x130 [ 132.161518][ C0] el0_svc+0x58/0x128 [ 132.162183][ C0] el0t_64_sync_handler+0x84/0xf0 [ 132.162978][ C0] el0t_64_sync+0x18c/0x190 [ 132.163764][ C0] Kernel panic - not syncing: softlockup: hung tasks [ 132.164948][ C0] CPU: 0 PID: 7335 Comm: syz.7.958 Tainted: G L syzkaller #0 [ 132.166478][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 132.168057][ C0] Call trace: [ 132.168520][ C0] dump_backtrace+0x1c0/0x1ec [ 132.169319][ C0] show_stack+0x2c/0x3c [ 132.170023][ C0] __dump_stack+0x30/0x40 [ 132.170780][ C0] dump_stack_lvl+0xf4/0x15c [ 132.171597][ C0] dump_stack+0x1c/0x5c [ 132.172267][ C0] panic+0x2f8/0x7ac [ 132.172917][ C0] softlockup_fn+0x0/0x120 [ 132.173693][ C0] __hrtimer_run_queues+0x408/0xc3c [ 132.174554][ C0] hrtimer_interrupt+0x2bc/0xb5c [ 132.175373][ C0] arch_timer_handler_virt+0x74/0x88 [ 132.176333][ C0] handle_percpu_devid_irq+0x174/0x34c [ 132.177266][ C0] generic_handle_domain_irq+0xe0/0x140 [ 132.178239][ C0] gic_handle_irq+0x70/0x1d4 [ 132.178985][ C0] call_on_irq_stack+0x30/0x48 [ 132.179764][ C0] do_interrupt_handler+0xd4/0x138 [ 132.180647][ C0] el1_interrupt+0x34/0x54 [ 132.181368][ C0] el1h_64_irq_handler+0x18/0x24 [ 132.182230][ C0] el1h_64_irq+0x64/0x68 [ 132.182951][ C0] cake_heapify+0x128/0x530 [ 132.183791][ C0] cake_enqueue+0x3464/0x680c [ 132.184534][ C0] netem_dequeue+0xa78/0x1080 [ 132.185281][ C0] __qdisc_run+0x1cc/0x133c [ 132.186090][ C0] __dev_queue_xmit+0xc40/0x3118 [ 132.186882][ C0] dev_queue_xmit+0x24/0x34 [ 132.187643][ C0] packet_sendmsg+0x2f9c/0x3fd0 [ 132.188427][ C0] __sys_sendto+0x324/0x440 [ 132.189259][ C0] __arm64_sys_sendto+0xd8/0xf8 [ 132.190141][ C0] invoke_syscall+0x98/0x2b4 [ 132.190909][ C0] el0_svc_common+0x138/0x258 [ 132.191767][ C0] do_el0_svc+0x58/0x130 [ 132.192501][ C0] el0_svc+0x58/0x128 [ 132.193161][ C0] el0t_64_sync_handler+0x84/0xf0 [ 132.194003][ C0] el0t_64_sync+0x18c/0x190 [ 132.194718][ C0] SMP: stopping secondary CPUs [ 132.195499][ C0] Kernel Offset: disabled [ 132.196212][ C0] CPU features: 0x080000,000f0097,a65bfea7 [ 132.197235][ C0] Memory Limit: none [ 132.208901][ C0] [ 132.209250][ C0] ================================ [ 132.210091][ C0] WARNING: inconsistent lock state [ 132.210932][ C0] syzkaller #0 Tainted: G L [ 132.211893][ C0] -------------------------------- [ 132.212813][ C0] inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage. [ 132.213902][ C0] syz.7.958/7335 [HC1[1]:SC0[2]:HE0:SE0] takes: [ 132.214942][ C0] ffff8000152612f8 (efi_rt_lock){?...}-{2:2}, at: virt_efi_set_variable_nonblocking+0x74/0x16c [ 132.216729][ C0] {HARDIRQ-ON-W} state was registered at: [ 132.217692][ C0] lock_acquire+0x20c/0x63c [ 132.218469][ C0] _raw_spin_lock+0x54/0x6c [ 132.219270][ C0] efi_call_rts+0x3c8/0x9d8 [ 132.219966][ C0] process_one_work+0x7f8/0x13a4 [ 132.220772][ C0] worker_thread+0x8c4/0xfec [ 132.221551][ C0] kthread+0x250/0x2d8 [ 132.222279][ C0] ret_from_fork+0x10/0x20 [ 132.223024][ C0] irq event stamp: 1010503 [ 132.223741][ C0] hardirqs last enabled at (1010502): [] timekeeping_get_ns+0x124/0x3b4 [ 132.225372][ C0] hardirqs last disabled at (1010503): [] el1_interrupt+0x24/0x54 [ 132.226806][ C0] softirqs last enabled at (1216): [] local_bh_enable+0x10/0x34 [ 132.228408][ C0] softirqs last disabled at (1222): [] local_bh_disable+0x10/0x34 [ 132.230058][ C0] [ 132.230058][ C0] other info that might help us debug this: [ 132.231457][ C0] Possible unsafe locking scenario: [ 132.231457][ C0] [ 132.232711][ C0] CPU0 [ 132.233242][ C0] ---- [ 132.233801][ C0] lock(efi_rt_lock); [ 132.234402][ C0] [ 132.234925][ C0] lock(efi_rt_lock); [ 132.235594][ C0] [ 132.235594][ C0] *** DEADLOCK *** [ 132.235594][ C0] [ 132.236847][ C0] 4 locks held by syz.7.958/7335: [ 132.237712][ C0] #0: ffff8000153f7320 (rcu_read_lock_bh){....}-{1:2}, at: rcu_lock_acquire+0x18/0x54 [ 132.239353][ C0] #1: ffff0000f9d48108 (&sch->root_lock_key#201){+...}-{2:2}, at: __dev_queue_xmit+0x9a4/0x3118 [ 132.241244][ C0] #2: ffff8000153f72c0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x10/0x4c [ 132.242915][ C0] #3: ffff8000172c8648 (&psinfo->buf_lock){....}-{2:2}, at: pstore_dump+0x180/0x820 [ 132.244490][ C0] [ 132.244490][ C0] stack backtrace: [ 132.245433][ C0] CPU: 0 PID: 7335 Comm: syz.7.958 Tainted: G L syzkaller #0 [ 132.246993][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 132.248731][ C0] Call trace: [ 132.249285][ C0] dump_backtrace+0x1c0/0x1ec [ 132.250090][ C0] show_stack+0x2c/0x3c [ 132.250876][ C0] __dump_stack+0x30/0x40 [ 132.251597][ C0] dump_stack_lvl+0xf4/0x15c [ 132.252376][ C0] dump_stack+0x1c/0x5c [ 132.253043][ C0] print_usage_bug+0x4c0/0x6d8 [ 132.253877][ C0] mark_lock_irq+0x850/0xab0 [ 132.254647][ C0] mark_lock+0x224/0x320 [ 132.255358][ C0] __lock_acquire+0xa4c/0x6800 [ 132.256149][ C0] lock_acquire+0x20c/0x63c [ 132.256914][ C0] _raw_spin_lock+0x54/0x6c [ 132.257685][ C0] virt_efi_set_variable_nonblocking+0x74/0x16c [ 132.258743][ C0] efivar_set_variable_locked+0x1d0/0x204 [ 132.259779][ C0] efi_pstore_write+0x298/0x39c [ 132.260649][ C0] pstore_dump+0x5b0/0x820 [ 132.261438][ C0] kmsg_dump+0x170/0x260 [ 132.262115][ C0] panic+0x384/0x7ac [ 132.262774][ C0] softlockup_fn+0x0/0x120 [ 132.263537][ C0] __hrtimer_run_queues+0x408/0xc3c [ 132.264443][ C0] hrtimer_interrupt+0x2bc/0xb5c [ 132.265326][ C0] arch_timer_handler_virt+0x74/0x88 [ 132.266242][ C0] handle_percpu_devid_irq+0x174/0x34c [ 132.267176][ C0] generic_handle_domain_irq+0xe0/0x140 [ 132.268109][ C0] gic_handle_irq+0x70/0x1d4 [ 132.268839][ C0] call_on_irq_stack+0x30/0x48 [ 132.269679][ C0] do_interrupt_handler+0xd4/0x138 [ 132.270546][ C0] el1_interrupt+0x34/0x54 [ 132.271337][ C0] el1h_64_irq_handler+0x18/0x24 [ 132.272149][ C0] el1h_64_irq+0x64/0x68 [ 132.272916][ C0] cake_heapify+0x128/0x530 [ 132.273658][ C0] cake_enqueue+0x3464/0x680c [ 132.274433][ C0] netem_dequeue+0xa78/0x1080 [ 132.275186][ C0] __qdisc_run+0x1cc/0x133c [ 132.275915][ C0] __dev_queue_xmit+0xc40/0x3118 [ 132.276721][ C0] dev_queue_xmit+0x24/0x34 [ 132.277537][ C0] packet_sendmsg+0x2f9c/0x3fd0 [ 132.278330][ C0] __sys_sendto+0x324/0x440 [ 132.279100][ C0] __arm64_sys_sendto+0xd8/0xf8 [ 132.279924][ C0] invoke_syscall+0x98/0x2b4 [ 132.280706][ C0] el0_svc_common+0x138/0x258 [ 132.281548][ C0] do_el0_svc+0x58/0x130 [ 132.282300][ C0] el0_svc+0x58/0x128 [ 132.282985][ C0] el0t_64_sync_handler+0x84/0xf0 [ 132.283863][ C0] el0t_64_sync+0x18c/0x190 [ 132.569353][ C0] Rebooting in 86400 seconds..