last executing test programs: 4.7911725s ago: executing program 3 (id=2106): syz_usb_connect(0x2, 0x3d, &(0x7f0000000100)={{0x12, 0x1, 0x0, 0x19, 0x79, 0x2e, 0x20, 0x7b4, 0x10a, 0x102, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2b, 0x1, 0x0, 0x0, 0x0, 0x44, [{{0x9, 0x4, 0xbd, 0x0, 0x2, 0x34, 0x67, 0xc3, 0x0, [], [{{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [@generic={0x7, 0x5, "e37e1b82e6"}]}}, {{0x9, 0x5, 0xb, 0x2}}]}}]}}]}}, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) 4.18198694s ago: executing program 3 (id=2108): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0f00000004000000040000001200000000000000", @ANYRES32, @ANYRES16=r0, @ANYRESHEX=r0, @ANYRESHEX=r0, @ANYBLOB="00000000522b1eaf0000000000000000000000000000000000000000e8a9afe6eb346381377be0782cbcb956408cb2d570f9f4b3e7c66d7f351b2a039e24c3d90ea4b673bc877f563dcccba4f2c9931e3ebcbb8f904df040fecb93b165f7a4a15237adbf721ae9257c484f01c69c0fac6afcaa670c7af187a7b732eefb02aa30ad8f8f2c4557af3545a0a789f441751268a551453b92fc3c3304995a349dea234491098691a1b62fa3c7ae71781bd6a56b022a3652081b4cf6882c97b45f666a1c0546fc438331e5f8fab504e66f157726abe8e1928f8ba58eb0b1ec31383b06e61233add5a344114b29b4f504e9ec95dc56454c6e101eb7e5f0c25f05e16c978fd9cf5cdcb933952b4af96f07a8f4921af7546e69f9c6c2c5622572c9e661d7c1a64f4d9fd865c7d2026abff655e82cde5324c7ebca6e94dd5af6a803ca182a4ae81d1b9b0c3d78902bdadfe1ffd13eb35f"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x481, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, 0x0, 0x40) syz_genetlink_get_family_id$netlbl_unlabel(0x0, 0xffffffffffffffff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r5 = io_uring_setup(0x253d, &(0x7f0000000280)={0x0, 0x547a, 0x8, 0x0, 0x3ca}) r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) connect(r6, &(0x7f0000000300)=@rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x8}, 0x80) close_range(r5, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) 3.357978227s ago: executing program 4 (id=2126): socket$inet_dccp(0x2, 0x6, 0x0) r0 = socket$inet(0x10, 0x2000000002, 0x0) sendmsg(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000300)="240000002e00074c8bfffd946fa2830022200afffffffffffff000e50c1be3a20400007e280000005e00ff03c81f8374b4a04181f2d0fdcad693d58d31d42c0b3ad0c1846e6db77c29", 0x49}], 0x1}, 0x0) 3.324485032s ago: executing program 4 (id=2127): syz_usb_connect(0x0, 0x4d, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000735aca105e042107c4900102030109023b00010000000009040000000e0100000524020201052403"], 0x0) 3.312323401s ago: executing program 3 (id=2129): unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, 0x0) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000000700ff020000000000000000000000000001000000000000000000000000000000000000000000000000860090780000000000000000000000000000ee3f000000002b036f8c006e75021d683910c3090b3188a7c747eb2278a273c1b800294429118927"], 0xfdef) 3.150130047s ago: executing program 1 (id=2130): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="240000002000010300001000000000"], 0x24}, 0x1, 0x0, 0x0, 0x24040080}, 0x0) r1 = socket$inet6(0x10, 0x3, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x4008031, 0xffffffffffffffff, 0x0) sendmsg(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000001500)="5500000020007fafb72d13b2a4a2719302000000030b43026c26236925000400fe7f0000bd2dca8a9848a3c728f1c46b7b31afdc1338d509000000000100005ae583de0dd7d8319f98af84fda542e718f94b929ade", 0x55}], 0x1}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="2800000021000100000000000000000002"], 0x28}}, 0x0) 2.936450469s ago: executing program 1 (id=2131): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='scalable\x00', 0x9) sendmmsg$inet(r0, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f00000011c0)="93bffce623851797a8dc79018d7716840ffc6941c667f6d345b18bc896d8f016f5f206bb2b0eb2fe32d2f0048678cd35ef833c35225ff95a94770a6845b091e69f243dea0d601c54e9c93ee3568b89a3427c84262ff67b679ccac305b5cea1dcd151d7bb5754603b6b0e362d8041bdc6152926", 0x73}, {&(0x7f0000000e00)="ec75d081fcb7e79634ec1a1abfdebb6a38b0c57cc77b83d2eea81aad8f73b36abc2019cb08fcaaec9647a07d0a0965f0f1e39afd84e7e2523aaded5e09aa1e36fcc90c269ad6d38d576191", 0x4b}], 0x2}}], 0x1, 0xc0) sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27) 2.814205021s ago: executing program 0 (id=2136): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) r2 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000040)={r3, 0x2, 0x4, 0x9, 0x0, 0x3ff, 0xffff, 0x286, {0x0, @in6={{0xa, 0x4e24, 0x455d, @remote, 0x554d9e56}}, 0x2, 0x10000, 0x2, 0x8f, 0x3f}}, &(0x7f0000000100)=0xb0) 2.802549138s ago: executing program 2 (id=2137): openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket(0x400000000010, 0x3, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f0000000040)=0x12, 0x4) r2 = shmget$private(0x0, 0x13000, 0x1, &(0x7f0000feb000/0x13000)=nil) r3 = shmat(r2, &(0x7f0000ff7000/0x3000)=nil, 0x400c) mremap(&(0x7f0000ff6000/0x3000)=nil, 0x3000, 0x1000, 0x3, &(0x7f0000fff000/0x1000)=nil) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = memfd_create(&(0x7f0000000240)='+\x8b\x8a\xa9\x16\x11\x91J\xbc+ \x18\x17\xc2:}\xa3\x9bO\xdd\xdf\xdf\x92\xd5\xed\xb4\x17\xe5\xd6\x9a\xb2\xd8\x9ba\xde\xb2.F\xc0\x99}|\xaf\xd3\x1d\x84[*_\x9f\x9d\xb0rYP\x1b\x9f \xe0\x9cgq\x103\x89\x11\x87Rv\x169\xdf\xe3>B\x04\x00\x00\x00W\xd3\xec\xfb\xdf?\xa2\x90+\xa4!\xb2\xf2\xff\x90\a\xc3\x12\xc4;\xffh\xf1x=\xb9c\xce\x03h\xdap\x88U\x1788\x82\xd7\xfd\x83\x00Sx\x91%\x99_\xfe\xd4c\x83\x86\x0f\xa4a-\xaf\x9e\xd9\xef\xe0)]\x00F\xfa\x03\xbc4\xc4\x9a\v\x03\x8b\xa4\xf3\x8f\xf4\"\'\xd3\a9\x14H}j&~\xe9\x16\x83o\xbd\xab\xcd[\xbd\xcb\x04\xfc\xe7\xe3\x9e?\x12\xf0\xf4\x83M3\xd88\x92?@\v\xe6\xd1\xd2\xe4\xde\xdaUeJ\x9fR\xd1`\xfa\xc8\v\xed\xfd\x0e\xc8\x89W\x847\x88\x82\x94\x14\xe33\xb7H\xc8b\xd6@3F#\xb7\x04C\x8dm\t\x16a\x0fI\xf4\xfe\xf8\x06j\x19Pz&\xb8\x0f\x98`W\xdb\xc6\"81A\xa4\x8bT\xf1\xcb\xab\xa3\t\xef\xdf&\x0e\xad\x03\x123.\xc2V\xaa\xd5\xf8\xde\x8aV\xa4p{\xcez\xa2\x92\xdb8*wLO\f\x97X\x05\x9a\xc2\xe8\x85\x9d\xcb\xc8\xf0\xc4\x01\x03\xe3?\x9f1\xf4\xfb\xa5y`KB\xdf\xae#\x94C\a\x04\xea\xccG\xf2\b\x8f\xf7\xb1\xe96\x90\xf5P\xa4\'\xce\xe3\xa24\x196\xc5Q\xa1K\x95\xd6\xfal\xe9\xd1\\\r&\xb2c\xb3\x8d\xa7\xb7\xa8\x03S\xbd\xdd\b{\xae\f\x10\xc2\xbb\xd0\xdd*\xa3\xb4\fJ\x00X\xab`N; LF\xa5D\xee\xdf\x7f\x80p\xf6o\x1c\xbdXR\xf2\xa0\x81a\xa1\xe1B\x93Xn\xaf\xfc\x05?\xab\xac\x91x\xa8#\xe1\xbeQ\xd1^\x9b\xb9)\xd3\n\xf7(3!\x18\b\xc0\xaampRl\xfdQ\x03\x8c\xd5\xe4\\\xed\x9a\xd1?\xd21\xc8\x90\x1dl|\xd1\x14\xbc3\xe0\x1e\x0e\xe6\x88Y\x99K\x93\x1c@_P\x8c\xc7\x9eZ\xb74KT:\x8a\xdbJ#w\x18\x14\x00\x93\x86\xa5wo\xf6M\xe7D\xf4*\xe3X\x1d\x19\x83\xa7w\xc7+7\x89s\xed\x8a\xd7O\xdd\rhh`\xc0\xa8$\x06pu\xa0\xd0L\x0ez@I\xb8\x83\xb2f\x93j\a0I\xc8l\xe5\x9b\x06\xb5\xac`d\xa3\xcf/\x14\x10\xab\xab\t\xec\xc1c\fA\xaf\x14\xef\xbap@*7\x86\xdf\',\x03Y\xb1$\xf0\xb5}\xf0\x82%)9`\x8f\x04\x85m\x80\xd2\xcf@\x06}\xea\xe7w`\xa5\x11\x9f\x9b\x9e\x8f\xb7cb\x1a\xe1\xcf\x87\x1c\\\xf5\xc21\xf7\x82C*\xd5;\x00\x00\x00\x00\x03\xba\xe3\xdc\x92\'\x8e\xd5\x7fG\xfd.\x91\x89T\x99t\xd4d,\xd5\x92O\xf1\xafT!Y\x8e\\\xac\xf7\x11R\x05p\x1a\"\r\xe9\xe5\x8b&\x0f\x8c\xfb\xef\xf8\xd5\x18\xde\xeb\xe5\x19\xdd\xebQ8\xc5iS+\x06D\x16\xfe\xf5.\xe5\v\x89\xb0\"\xa3M\xe9\x81\x11P\xdb\xc4\xc2y\x14\x04\x06\xf6\f\xb0\xecz\x8d`\xb5\x9b\xb43\xcc1\xa7\x9e\xa8\xb5\'\xc6MAe\x0f\xd1\xfcG\xc2/\xe8\xe9t\xcaQ\xf1\fI\x1chM\xc1\x92\xe3\xc3\x01M\xc8/\xefJ\xcb\xd0]\f\xff\xf5\x92\xce\x97Z\xea\xe8\x99\xfa\x96\xce\xa7\x02\xad\xa2\xce\x955\xeaNg\x02\xcd\xfd\x1a}.\xd3\"x\x89/8H\xc2\x93B\na)\x86\xa9U\xa0\xb7\x18\xfb\xe9\xd1\x97', 0x3) write$binfmt_misc(r5, &(0x7f0000000740), 0xff67) sendfile(r4, r5, &(0x7f0000000000), 0xfffb) fcntl$addseals(r5, 0x409, 0x8) ftruncate(r5, 0x3f) lseek(r5, 0x0, 0x4) r6 = syz_create_resource$binfmt(&(0x7f0000000040)='./file0\x00') openat$binfmt(0xffffff9c, r6, 0x41, 0x1ff) execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) shmdt(r3) sendmsg$WG_CMD_SET_DEVICE(r0, 0x0, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) ioctl$VIDIOC_S_DV_TIMINGS(0xffffffffffffffff, 0xc0845657, &(0x7f0000000100)={0x0, @bt={0x7, 0xfffffffe, 0x0, 0x2, 0x1, 0xa, 0xc, 0xcb3f, 0x3, 0x3, 0xbead, 0x200, 0x4, 0x3, 0x8, 0x28, {0x1000, 0x7}, 0xc, 0x4}}) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="5c01000021000100000000000000000000000000000000000000ffffe0000001fe8000"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000530b097600000c0111"], 0x15c}}, 0x0) sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000300)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) 2.723425946s ago: executing program 0 (id=2138): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f00000004c0)={@flat=@weak_binder={0x77622a85, 0x0, 0xfffffffffffffffe}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) read$FUSE(r4, &(0x7f0000005180)={0x2020}, 0x2020) 2.722435241s ago: executing program 0 (id=2139): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0f00000004000000040000001200000000000000", @ANYRES32, @ANYRES16=r0, @ANYRESHEX=r0, @ANYRESHEX=r0, @ANYBLOB="00000000522b1eaf0000000000000000000000000000000000000000e8a9afe6eb346381377be0782cbcb956408cb2d570f9f4b3e7c66d7f351b2a039e24c3d90ea4b673bc877f563dcccba4f2c9931e3ebcbb8f904df040fecb93b165f7a4a15237adbf721ae9257c484f01c69c0fac6afcaa670c7af187a7b732eefb02aa30ad8f8f2c4557af3545a0a789f441751268a551453b92fc3c3304995a349dea234491098691a1b62fa3c7ae71781bd6a56b022a3652081b4cf6882c97b45f666a1c0546fc438331e5f8fab504e66f157726abe8e1928f8ba58eb0b1ec31383b06e61233add5a344114b29b4f504e9ec95dc56454c6e101eb7e5f0c25f05e16c978fd9cf5cdcb933952b4af96f07a8f4921af7546e69f9c6c2c5622572c9e661d7c1a64f4d9fd865c7d2026abff655e82cde5324c7ebca6e94dd5af6a803ca182a4ae81d1b9b0c3d78902bdadfe1ffd13eb35f"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x481, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, 0x0, 0x40) syz_genetlink_get_family_id$netlbl_unlabel(0x0, 0xffffffffffffffff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r5 = io_uring_setup(0x253d, &(0x7f0000000280)={0x0, 0x547a, 0x8, 0x0, 0x3ca}) r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) connect(r6, &(0x7f0000000300)=@rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x8}, 0x80) close_range(r5, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) 2.670097478s ago: executing program 4 (id=2140): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0) syz_emit_ethernet(0x3a, &(0x7f0000000180)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x64, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0xc2, 0x1, 0x0, 0x0, {[@sack={0x5, 0x2}, @generic={0x2, 0x2}]}}}}}}}, 0x0) 2.633912505s ago: executing program 4 (id=2141): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="240000002000010300001000000000"], 0x24}, 0x1, 0x0, 0x0, 0x24040080}, 0x0) r1 = socket$inet6(0x10, 0x3, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x4008031, 0xffffffffffffffff, 0x0) sendmsg(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000001500)="5500000020007fafb72d13b2a4a2719302000000030b43026c26236925000400fe7f0000bd2dca8a9848a3c728f1c46b7b31afdc1338d509000000000100005ae583de0dd7d8319f98af84fda542e718f94b929ade", 0x55}], 0x1}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="2800000021000100000000000000000002"], 0x28}}, 0x0) 2.549934192s ago: executing program 2 (id=2142): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16=r2, @ANYBLOB="01e5c300000000fb04003b1c210008000300", @ANYRES32=r1, @ANYBLOB="2c0433005000de295b3acba52ee4080211000001"], 0x448}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 2.330101467s ago: executing program 2 (id=2143): r0 = socket$pppl2tp(0x18, 0x1, 0x1) socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$xdp(0x2c, 0x3, 0x0) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) r3 = dup(r2) write$UHID_INPUT(r3, &(0x7f0000002080)={0xc, {"a2e3ad214fc752f91b2538f70e06d038e7ff7fc6e5539b3250078b089b3908386d090890e0878f0e1ac6e7049b3367959b619a240d5b67f3988f7e0319520100ffe8d178708c523c921b1b5b31330d095d0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4040d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a4d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d606495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07840900000000000000f5c8f4ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c000003716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f22b625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a605fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b611fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47afed367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x2, &(0x7f00000000c0), 0x20) connect$pppl2tp(r0, 0x0, 0x0) syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r4, 0x0, 0x20) r5 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r5, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @dev}, 0x2}}, 0x2e) sendmsg$nl_xfrm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0x84}, 0x20004004) r6 = socket$inet6(0xa, 0x3, 0x20) r7 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_int(r7, 0x6, 0x7, &(0x7f0000000040)=0xc, 0x4) r8 = socket$inet(0x2, 0x3, 0x2) getsockopt$sock_cred(r8, 0x1, 0x24, 0x0, 0x0) sendmmsg$inet6(r6, 0xfffffffffffffffe, 0x0, 0x890) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, &(0x7f0000000300)={0x0, 0x1, r4, 0xffffffff, 0x80000}) 2.274203693s ago: executing program 3 (id=2144): unshare(0x40600) r0 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, 0x0, 0x0) 2.122278423s ago: executing program 3 (id=2145): r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000004c0)={0x1c, &(0x7f0000000500)=ANY=[], 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000000180), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 2.034504212s ago: executing program 1 (id=2146): r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000100)=@nameseq={0x1e, 0x1, 0x2, {0x1, 0x4}}, 0x10) 1.89865364s ago: executing program 1 (id=2147): r0 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000004c0)=ANY=[@ANYRES32, @ANYBLOB="5cea34e3091fa18d5d9ef90ea7a6461a031daadfce60bc23203aaec411ff060e3e030618ba17d4b58a066e9cbe005d6d3efdc9e14a0823d382425e6144f5e354ffa1eb940e7971cea686691bb0d16fec17ae7b67a87f557ecd8ae5917dc897ad762f82729793985147125b749894fc08f136154097b19f45a248ea916ad8edac21ab2ea76287967c5b55a65825dd1770e3442230f60f8acb2729fd85c48a98e5bfae65dc0d1f4a75e412ffd662115936a7d21ad35b78533e3f43e1de471f00a160ca"], 0x90}}, 0x0) r1 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, 0x0, 0x0) sendmsg(r0, &(0x7f00000000c0)={0x0, 0x9506, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0x5dc}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) 1.891404586s ago: executing program 2 (id=2148): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7b, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='scalable\x00', 0x9) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200047fd, &(0x7f0000000040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x13}}, 0x10) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @remote, 0x7}, 0x1c) sendmmsg$inet6(r1, &(0x7f0000000000)=[{{&(0x7f0000004d40)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0}}, {{0x0, 0x0, &(0x7f0000008b80)=[{0x0, 0x3e}, {&(0x7f0000008900)='y', 0x1}], 0x2}}], 0x2, 0x4008040) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r2 = socket(0x1000000000000010, 0x80802, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001100)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000200000000000c00095000000000000002ba728041598d6fbd30cb599e83d24a3aa81d36b26fb0b71d0e6adfefcf1d8f7faf75e0f226bd99eea7960717142fa9ea4318123741c4a0e168c1886d0d4d94f2f4e345c652fbc16ee988e6e0dc8cedf3ce99fbfbf9b0a4def23d410f6296b32a334388107200759cda9036b4e369a9e152ddcc7f05a5f3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c3b35967deabe802f5ab3e89bd6c662ed4048d3b3e22278d00031e5388ee5c867ddd58211d6ececb0cd2b6d357b85a0218ce740068725837074e098ee207d2f73902fbcfcf49822775985bf32d715f5888b24efa000000000000ffffffdf000000000000000000000089a7b9b00000000000000000000000000000b27cf3d1848a54d7132be1ffb0adf9deab29ea3323aa9fdfb52faf449c3bfd09000000b91ab219efdebb7b3de8f67581cf796a1d4223b9ff7ffcad3f6c962b9f292324b7ab7f91a31cf41ab11f12fb1e0a494034127de7c6592df1a6c64d8f20a67745409e011f1264d43e153b3d34899f40159e800ea2474b544035a30b23bcee46762c2093bcc9eae5dff5adbdee3e980026c96f80ee1a74e04bde740750fa4d9aaa705989b8e673e3296e52d337c56abf1128744bab6677fcb78e313841ec309baed0495f06d058a75fa4c81e5c9f42d9383e41d277b10392a912ffaf6f658f3fadd16286744f839c3f128f8f92d0992239eafce5c1b3f97a297c9e49a0c3510ef74080e6d1e0c8a868a353409e34d3e82279637598f37ad380a447483cac394c7bbdcd0e3b1c39b6e00916de48a4e70f03cc4146a77af02c1d4cef5379da860aed8477dfa8ceefb405005c6977c78cdbf37704ec73755539280b064bda154910fe050038ec9e47de89298b7bf4d769ccc18eede00e8ca5457870eb30d211e23ccc8e06cd58b61799257ab55ff413c86ba9affb12ec757c7234c270246c87a901160e6c07bc6cf8809c3a0d46ff7f008000000000ad1e1f493354b2822b98371d000000167d78e65b90eba0768e825972ea3b774a1467c89fa0f82e8440105051e5510a33dcda5e143fbfff161c12ca389cbe4c51b3fa00675cd1b66c5fd9c26a54d43fa050645bd9109b7e7131421c0f39113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a84a4e3344b155cc20f49e298727340e97cdefb40e56e9cfad973347d0de7ba4754ff231a1b033d8f931ba3442b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf46306f2ef79b8d4c2ff030000000000000007b82e6044f643068cd47ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c99220002af8c5e53d52c83ac3fa7c3a3ee6c08384865b66d2b4dcb5dd9cba16b64ebbbf8702ae12c77e6e34991a225c120a3c950942fe0bc9f2a1a7506d35e5b439edeb7088aeda890cf8a4a6f31ba6d9b8cb098f935bdcbb29fd0f1a342c9eed00000000ab6648a9dea0b6c91996d65da6c24a702a86c814459f3cdaaf99000000000000000000bfb32c826563c518d0ad23bc83ba3f3757210a057eff7615c868bd7d74233da1a3b56d4e04a7ec4792b1c4cffddbbdcfdd23ab5268f1b3d08ebb8ce498cbaaf5aaab812201d1aba3d70471fcd9b466569f3ef72f39d87fcccab514fc02b70be8629c9b73ce7bc4be7f8be71cb7b2d0a4acff8f6abe7dbad64dfa44966945d93c33b038ce0d890f851811e387723a25dda119f64b35e71c5400000000000000000000000000000034c751ebdf3f20a95b817ea3df3d6c0002a41783058e56c70afe8016b3dd9dc7785b36e609f173cc6b893ecd138289709839747837d6a6283b3452c57a5d44cacd363589845637071320921d22c1663964eddec902fc7cc33158bc306d8c3bdae8108a23d2dc96a5cdb518f58832ec0906aaec43659c79c8ad37b0f961f3beaa3e02f7762c5dd633d13b5e487e996597b2ab42c898b7dd8390e13b395aacce4683e55bcfe8c17615257364365fd48bd77da79e52ce9adfe6dca9c42c4d719347f39ef006c2df747ee6adb7cd04faf05c36de72354c64ebaf28a3de18607ebc4b70f50f71dae565749568a23319232dc213342fb472"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000000)=r3, 0x4) sendmsg(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000140)="5500000018007fd500fe01b2a4a280930a06000000a843089100fe800c00080008001100080000002d000f009b2c136ef75afb83de448daa72540d8102d2c55327c43ab82286ef1fdd20642383656d4d2449155037", 0x55}], 0x1}, 0x0) sendto$inet(r0, &(0x7f0000000700)="0c268a927f1f6588b967481241ba78600a34f65ac618ded8974895abeaf4b4834ff959bcecc7a95425a3a07e758044ab4ea6f7c555d88fecf90b037511bf746bec66ba", 0x994b6e03113064ae, 0x0, 0x0, 0x0) recvmsg(r0, &(0x7f0000001500)={0x0, 0xa, &(0x7f0000002200)=[{&(0x7f00000035c0)=""/4106, 0x200045ca}], 0x1, 0x0, 0x46, 0x407006}, 0x104) 1.891053134s ago: executing program 4 (id=2149): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000500)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000000)) mmap$dsp(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x9, 0x11, r0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000140)) ioctl$SNDCTL_DSP_GETIPTR(r0, 0x800c5011, &(0x7f0000000040)) mlock2(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0) 1.8184855s ago: executing program 0 (id=2150): openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) r0 = syz_open_dev$vivid(&(0x7f0000000100), 0x1, 0x2) r1 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000280)={0x4000}, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000010c0)=ANY=[@ANYBLOB="200000001600010a00000000000000000a0000000c0000800800", @ANYRES16=r0], 0x20}}, 0x0) 1.789858347s ago: executing program 0 (id=2151): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c250000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000000), 0xfea7) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x1, 0x10012, r3, 0x0) r4 = socket$pppl2tp(0x18, 0x1, 0x1) r5 = socket$pppl2tp(0x18, 0x1, 0x1) r6 = socket$inet_udp(0x2, 0x2, 0x0) connect$pppl2tp(r5, &(0x7f0000000980)=@pppol2tpin6={0x18, 0x1, {0x0, r6, 0x1, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x32) connect$pppl2tp(r4, &(0x7f0000000980)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}, 0x1, 0x3}}, 0x26) getsockopt$bt_BT_SECURITY(r4, 0x111, 0x4, 0x0, 0x20001100) 1.788876191s ago: executing program 1 (id=2152): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) syz_open_procfs$userns(r3, &(0x7f0000000300)) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095000000000000007eba521fb0ec4d39ac64443a2f35563e79d33e2470a6957d373becac05b54c"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='uid_map\x00') bpf$PROG_LOAD(0x5, 0x0, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) r8 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r8, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc) setsockopt$inet_msfilter(r8, 0x0, 0x29, &(0x7f00000000c0)=ANY=[@ANYBLOB="e0000002ac1414aa0000000003"], 0x1c) sendmsg$TIPC_NL_KEY_SET(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="0100000000000000000003000000400880002c0004001400010002000000ac1414aa00000000000000001400020002000000e000000200000000000000000d0001007564703a73797a3200000002"], 0x54}}, 0x0) r9 = socket$netlink(0x10, 0x3, 0x0) r10 = socket(0x10, 0x803, 0x0) getsockname$packet(r10, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) getsockname$packet(r10, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x6b) sendmsg$nl_route(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000007c0)=ANY=[@ANYBLOB="3800000010000507000000000004000000000000", @ANYRES32=r11, @ANYBLOB="03000016010000001800120008000100736974000c00"], 0x38}}, 0x0) write$UHID_SET_REPORT_REPLY(r5, 0x0, 0xbb) 1.727781593s ago: executing program 2 (id=2153): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dcbeec0696c37b64e3b24da3183dbe97e805165c0f63cdc2e82818254950ee03568b88091e6a86450545c0e18e09"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000180)={r1, r0, 0x2, 0x0, @void}, 0x10) socket$inet6_udp(0xa, 0x2, 0x0) 1.626206058s ago: executing program 2 (id=2154): unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, 0x0) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000000700ff020000000000000000000000000001000000000000000000000000000000000000000000000000860090780000000000000000000000000000ee3f000000002b036f8c006e75021d683910c3090b3188a7c747eb2278a273c1b800294429118927"], 0xfdef) 474.401968ms ago: executing program 0 (id=2155): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000ed180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000440)=ANY=[@ANYBLOB="8fcacb7907051175f37538e486dd6300800701082c00db5b686158bbcfe8875a060300000023000000000000000000000000ac1414aa"], 0xfdef) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) write$cgroup_subtree(r1, &(0x7f0000000440)=ANY=[@ANYBLOB="8fedcb5d07081175f37538e486dd6372ce22fdb96c"], 0xfdef) 474.110155ms ago: executing program 3 (id=2156): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='scalable\x00', 0x9) sendmmsg$inet(r0, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f00000011c0)="93bffce623851797a8dc79018d7716840ffc6941c667f6d345b18bc896d8f016f5f206bb2b0eb2fe32d2f0048678cd35ef833c35225ff95a94770a6845b091e69f243dea0d601c54e9c93ee3568b89a3427c84262ff67b679ccac305b5cea1dcd151d7bb5754603b6b0e362d8041bdc61529260e6c4046", 0x77}, {&(0x7f0000000e00)="ec75d081fcb7e79634ec1a1abfdebb6a38b0c57cc77b83d2eea81aad8f73b36abc2019cb08fcaaec9647a07d0a0965f0f1e39afd84e7e2523aaded5e09aa1e36fcc90c269ad6d38d576191", 0x4b}], 0x2}}], 0x1, 0xc0) sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27) 207.756493ms ago: executing program 1 (id=2157): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = msgget(0x0, 0x0) msgrcv(r1, &(0x7f0000000200)={0x0, ""/108}, 0x70, 0x3, 0x800) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'macsec0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000680)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=r4, @ANYBLOB="000001"], 0x50}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="a800000013000100"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000008000d00280a000060001980140004006b2e4f2fdd8733dc1c1639228919eb5e2efc02007b5d2f215d290000140005004af57c15cd92d389e606fce6a0eebda514000400f4d8d35abbd4fab3a3614be8a496bd8f140005008ebcd2c7e1cf0421ab20db4c32c4330605001000040000001400030076657468315f6d616376746170"], 0xa8}}, 0x0) 0s ago: executing program 4 (id=2158): bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x0, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000008000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7020000140000fbb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x2d) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0614000004000000ff0f00000700000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) ioctl$sock_SIOCADDDLCI(0xffffffffffffffff, 0x8980, &(0x7f00000004c0)={'gretap0\x00', 0x8}) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) io_submit(0x0, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x2000000000, 0x4, 0x0, 0x1, 0x0, r3, &(0x7f0000000040)="0200ffff0000", 0x6, 0x0, 0x0, 0x2}]) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) ioctl$FS_IOC_GETFSLABEL(r4, 0x400452c8, &(0x7f0000000100)) kernel console output (not intermixed with test programs): xpected cc 0x0c23 length: 249 > 4 [ 310.089237][ T6431] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 310.091371][ T6431] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 310.261295][ T2342] ieee802154 phy0 wpan0: encryption failed: -22 [ 310.262818][ T2342] ieee802154 phy1 wpan1: encryption failed: -22 [ 311.050648][ T6431] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 311.054523][ T6431] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 311.057960][ T6431] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 311.060323][ T6431] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 311.064870][ T6431] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 311.067408][ T6431] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 311.135912][ T6431] Bluetooth: hci0: command tx timeout [ 311.277859][ T9700] smc: net device lo applied user defined pnetid SYZ2 [ 311.357518][ T9725] netlink: 48 bytes leftover after parsing attributes in process `syz.4.838'. [ 311.359879][ T9725] netlink: 48 bytes leftover after parsing attributes in process `syz.4.838'. [ 311.581933][ T9737] loop2: detected capacity change from 0 to 512 [ 312.206945][ T6424] Bluetooth: hci2: command tx timeout [ 312.620635][ T9717] chnl_net:caif_netlink_parms(): no params data found [ 312.656139][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 313.145783][ T6431] Bluetooth: hci3: command tx timeout [ 313.215707][ T6431] Bluetooth: hci0: command tx timeout [ 313.309055][ T7056] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 313.330933][ T9713] chnl_net:caif_netlink_parms(): no params data found [ 313.371978][ T9721] chnl_net:caif_netlink_parms(): no params data found [ 313.480072][ T7056] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 313.609163][ T7056] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 313.622613][ T9717] bridge0: port 1(bridge_slave_0) entered blocking state [ 313.624477][ T9717] bridge0: port 1(bridge_slave_0) entered disabled state [ 313.626494][ T9717] bridge_slave_0: entered allmulticast mode [ 313.628658][ T9717] bridge_slave_0: entered promiscuous mode [ 313.632127][ T9717] bridge0: port 2(bridge_slave_1) entered blocking state [ 313.633928][ T9717] bridge0: port 2(bridge_slave_1) entered disabled state [ 313.642305][ T9717] bridge_slave_1: entered allmulticast mode [ 313.645210][ T9717] bridge_slave_1: entered promiscuous mode [ 313.649813][ T9721] bridge0: port 1(bridge_slave_0) entered blocking state [ 313.651633][ T9721] bridge0: port 1(bridge_slave_0) entered disabled state [ 313.653533][ T9721] bridge_slave_0: entered allmulticast mode [ 313.662056][ T9721] bridge_slave_0: entered promiscuous mode [ 313.668595][ T9713] bridge0: port 1(bridge_slave_0) entered blocking state [ 313.670398][ T9713] bridge0: port 1(bridge_slave_0) entered disabled state [ 313.672306][ T9713] bridge_slave_0: entered allmulticast mode [ 313.674876][ T9713] bridge_slave_0: entered promiscuous mode [ 313.685346][ T9713] bridge0: port 2(bridge_slave_1) entered blocking state [ 313.687580][ T9713] bridge0: port 2(bridge_slave_1) entered disabled state [ 313.689456][ T9713] bridge_slave_1: entered allmulticast mode [ 313.691669][ T9713] bridge_slave_1: entered promiscuous mode [ 313.738903][ T7056] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 313.751518][ T9779] netlink: 28 bytes leftover after parsing attributes in process `syz.2.852'. [ 313.754603][ T9721] bridge0: port 2(bridge_slave_1) entered blocking state [ 313.756609][ T9721] bridge0: port 2(bridge_slave_1) entered disabled state [ 313.758523][ T9721] bridge_slave_1: entered allmulticast mode [ 313.760552][ T9721] bridge_slave_1: entered promiscuous mode [ 313.779838][ T9717] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 313.803915][ T9713] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 313.808110][ T9713] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 313.836226][ T9713] team0: Port device team_slave_0 added [ 313.841235][ T9717] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 313.844811][ T9713] team0: Port device team_slave_1 added [ 313.863273][ T9721] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 313.874538][ T9721] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 313.921025][ T9713] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 313.922820][ T9713] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 313.952930][ T9713] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 313.991679][ T9721] team0: Port device team_slave_0 added [ 314.005443][ T9721] team0: Port device team_slave_1 added [ 314.020759][ T9717] team0: Port device team_slave_0 added [ 314.022991][ T9713] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 314.024806][ T9713] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 314.032758][ T9713] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 314.068111][ T9717] team0: Port device team_slave_1 added [ 314.069842][ T9797] netlink: 28 bytes leftover after parsing attributes in process `syz.2.860'. [ 314.153855][ T30] audit: type=1326 audit(314.130:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9801 comm="syz.2.861" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff9794a9a8 code=0x0 [ 314.157265][ T9713] hsr_slave_0: entered promiscuous mode [ 314.186124][ T9713] hsr_slave_1: entered promiscuous mode [ 314.226244][ T9721] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 314.228039][ T9721] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 314.234270][ T9721] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 314.255789][ T6431] Bluetooth: hci2: command tx timeout [ 314.260820][ T9803] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 314.306633][ T9803] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 315.225820][ T6431] Bluetooth: hci3: command tx timeout [ 315.295773][ T6431] Bluetooth: hci0: command tx timeout [ 315.750072][ T7056] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 315.799870][ T7056] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 315.842697][ T7056] bond0 (unregistering): (slave dummy0): Releasing backup interface [ 315.879222][ T7056] bond0 (unregistering): Released all slaves [ 315.884239][ T9721] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 315.886237][ T9721] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 315.892548][ T9721] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 315.896367][ T9717] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 315.898282][ T9717] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 315.904628][ T9717] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 315.955530][ T9717] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 315.957962][ T9717] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 315.964323][ T9717] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 316.179131][ T9721] hsr_slave_0: entered promiscuous mode [ 316.206231][ T9721] hsr_slave_1: entered promiscuous mode [ 316.245780][ T9721] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 316.248067][ T9721] Cannot create hsr debugfs directory [ 316.287713][ T9717] hsr_slave_0: entered promiscuous mode [ 316.326556][ T9717] hsr_slave_1: entered promiscuous mode [ 316.335763][ T6431] Bluetooth: hci2: command tx timeout [ 316.365666][ T9717] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 316.367718][ T9717] Cannot create hsr debugfs directory [ 316.664672][ T7056] hsr_slave_0: left promiscuous mode [ 316.698782][ T7056] hsr_slave_1: left promiscuous mode [ 316.785772][ T7056] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 316.788013][ T7056] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 316.790846][ T7056] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 316.792752][ T7056] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 316.805206][ T7056] veth1_macvtap: left promiscuous mode [ 316.806831][ T7056] veth0_macvtap: left promiscuous mode [ 316.808321][ T7056] veth1_vlan: left promiscuous mode [ 316.809656][ T7056] veth0_vlan: left promiscuous mode [ 317.306089][ T6431] Bluetooth: hci3: command tx timeout [ 317.375726][ T6431] Bluetooth: hci0: command tx timeout [ 318.425791][ T6431] Bluetooth: hci2: command tx timeout [ 318.560262][ T7056] team0 (unregistering): Port device team_slave_1 removed [ 318.759255][ T7056] team0 (unregistering): Port device team_slave_0 removed [ 319.381677][ T6431] Bluetooth: hci3: command tx timeout [ 321.049322][ T9713] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 321.198316][ T9713] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 321.346347][ T9713] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 321.458090][ T9713] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 321.473151][ T9854] binder: 9850:9854 tried to acquire reference to desc 0, got 1 instead [ 321.694040][ T9713] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 321.718666][ T9713] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 321.725235][ T9872] netlink: 28 bytes leftover after parsing attributes in process `syz.2.868'. [ 321.741919][ T9713] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 321.748618][ T9713] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 321.847514][ T8] binder: release 9850:9854 transaction 12 out, still active [ 321.849388][ T8] binder: undelivered TRANSACTION_COMPLETE [ 321.864979][ T6417] binder: send failed reply for transaction 12, target dead [ 322.120952][ T9891] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 322.165793][ T9891] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 322.512389][ T7056] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 322.627679][ T7056] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 322.748903][ T7056] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 322.867868][ T7056] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 323.017944][ T9713] 8021q: adding VLAN 0 to HW filter on device bond0 [ 323.025212][ T9713] 8021q: adding VLAN 0 to HW filter on device team0 [ 323.084597][ T7393] bridge0: port 1(bridge_slave_0) entered blocking state [ 323.086563][ T7393] bridge0: port 1(bridge_slave_0) entered forwarding state [ 323.111904][ T7393] bridge0: port 2(bridge_slave_1) entered blocking state [ 323.113810][ T7393] bridge0: port 2(bridge_slave_1) entered forwarding state [ 323.133749][ T9717] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 323.151885][ T9717] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 323.157642][ T9717] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 323.164460][ T9717] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 323.177264][ T9925] netlink: 28 bytes leftover after parsing attributes in process `syz.2.876'. [ 323.307136][ T7056] bridge_slave_1: left allmulticast mode [ 323.308534][ T7056] bridge_slave_1: left promiscuous mode [ 323.310032][ T7056] bridge0: port 2(bridge_slave_1) entered disabled state [ 323.350812][ T7056] bridge_slave_0: left allmulticast mode [ 323.352287][ T7056] bridge_slave_0: left promiscuous mode [ 323.353719][ T7056] bridge0: port 1(bridge_slave_0) entered disabled state [ 323.372910][ T7056] bridge_slave_1: left allmulticast mode [ 323.378230][ T7056] bridge_slave_1: left promiscuous mode [ 323.380312][ T7056] bridge0: port 2(bridge_slave_1) entered disabled state [ 323.396980][ T9932] binder: 9929:9932 tried to acquire reference to desc 0, got 1 instead [ 323.397125][ T7056] bridge_slave_0: left allmulticast mode [ 323.400644][ T7056] bridge_slave_0: left promiscuous mode [ 323.402140][ T7056] bridge0: port 1(bridge_slave_0) entered disabled state [ 323.842269][ T9949] loop4: detected capacity change from 0 to 512 [ 323.846142][ T9949] ext4: Unknown parameter 'noacl' [ 327.018914][ T7056] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 327.060793][ T7056] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 327.099505][ T7056] bond0 (unregistering): Released all slaves [ 327.918816][ T7056] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 327.968797][ T7056] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 328.019311][ T7056] bond0 (unregistering): Released all slaves [ 328.055269][ T9956] netlink: 28 bytes leftover after parsing attributes in process `syz.2.884'. [ 328.122494][ T9713] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 328.225178][ T9717] 8021q: adding VLAN 0 to HW filter on device bond0 [ 328.232218][ T9717] 8021q: adding VLAN 0 to HW filter on device team0 [ 328.292119][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 328.293969][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 328.322888][ T9973] binder: 9967:9973 tried to acquire reference to desc 0, got 1 instead [ 328.558559][ T6790] bridge0: port 2(bridge_slave_1) entered blocking state [ 328.560524][ T6790] bridge0: port 2(bridge_slave_1) entered forwarding state [ 328.604539][ T9713] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 328.620784][ T9713] veth0_vlan: entered promiscuous mode [ 328.625209][ T9713] veth1_vlan: entered promiscuous mode [ 328.635949][ T9713] veth0_macvtap: entered promiscuous mode [ 328.639224][ T9713] veth1_macvtap: entered promiscuous mode [ 328.650700][ T9713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 328.653563][ T9713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 328.656005][ T9713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 328.658878][ T9713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 328.661582][ T9713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 328.664181][ T9713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 328.667695][ T9713] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 328.672020][ T9713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 328.674862][ T9713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 328.677604][ T9713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 328.680248][ T9713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 328.682735][ T9713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 328.685390][ T9713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 328.692496][ T9713] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 328.696561][ T9713] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 328.698848][ T9713] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 328.701086][ T9713] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 328.703157][ T9713] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 328.764522][T10003] netlink: 'syz.2.888': attribute type 1 has an invalid length. [ 328.767909][T10003] netlink: 84 bytes leftover after parsing attributes in process `syz.2.888'. [ 328.923781][ T9721] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 328.947074][ T9721] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 328.951047][ T9721] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 328.979554][ T9721] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 329.144176][ T9713] batman_adv: The newly added mac address (08:02:11:00:00:00) already exists on: macsec1 [ 329.155742][ T9713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 329.173632][ T6790] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 329.181385][ T6790] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 329.228340][T10035] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 329.244510][ T9717] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 329.278441][ T6790] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 329.280638][ T6790] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 329.331294][T10035] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 330.140261][ T9721] 8021q: adding VLAN 0 to HW filter on device bond0 [ 330.173982][ T9717] veth0_vlan: entered promiscuous mode [ 330.184476][ T9717] veth1_vlan: entered promiscuous mode [ 330.195520][ T9717] veth0_macvtap: entered promiscuous mode [ 330.208260][ T9717] veth1_macvtap: entered promiscuous mode [ 330.266646][ T9717] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 330.269587][ T9717] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 330.271862][ T9717] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 330.274704][ T9717] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 330.278135][ T9717] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 330.281078][ T9717] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 330.283640][ T9717] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 330.324446][ T9717] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 330.343165][ T9717] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 330.358743][ T9717] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 330.361570][ T9717] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 330.364084][ T9717] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 330.398729][ T9717] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 330.401214][ T9717] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 330.420599][ T9717] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 330.432724][ T9717] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 330.439911][ T9717] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 330.453439][ T9717] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 330.462125][ T9717] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 330.464334][ T9717] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 330.471511][ T9717] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 330.473681][ T9717] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 330.511083][ T9721] 8021q: adding VLAN 0 to HW filter on device team0 [ 330.532806][T10068] binder: 10065:10068 tried to acquire reference to desc 0, got 1 instead [ 330.574628][ T7056] hsr_slave_0: left promiscuous mode [ 330.589563][T10076] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 330.625887][T10076] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 330.640326][T10076] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 330.646490][ T7056] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 330.648531][ T7056] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 330.658913][ T7056] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 330.660871][ T7056] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 330.679650][ T7056] hsr_slave_0: left promiscuous mode [ 330.690224][T10076] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 330.727452][ T7056] hsr_slave_1: left promiscuous mode [ 330.805951][ T7056] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 330.808210][ T7056] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 330.811389][ T7056] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 330.816377][ T7056] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 330.837948][ T7056] veth1_macvtap: left promiscuous mode [ 330.839441][ T7056] veth0_macvtap: left promiscuous mode [ 330.841116][ T7056] veth1_vlan: left promiscuous mode [ 330.842469][ T7056] veth0_vlan: left promiscuous mode [ 330.860720][ T7056] veth1_macvtap: left promiscuous mode [ 330.862313][ T7056] veth0_macvtap: left promiscuous mode [ 330.863066][T10082] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 330.863882][ T7056] veth1_vlan: left promiscuous mode [ 330.867251][ T7056] veth0_vlan: left promiscuous mode [ 330.916314][T10082] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 331.235449][T10084] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 331.265952][T10084] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 331.967258][T10092] Invalid ELF header magic: != ELF [ 332.912702][T10096] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 332.970576][T10096] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 333.033137][ T7056] team0 (unregistering): Port device team_slave_1 removed [ 333.228488][ T7056] team0 (unregistering): Port device team_slave_0 removed [ 333.496274][T10098] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 333.537364][T10098] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 334.070842][T10100] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 334.125864][T10100] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 334.735330][T10103] binder: 10101:10103 got transaction to invalid handle, 1 [ 334.739848][T10103] binder: 10103:10101 cannot find target node [ 334.741321][T10103] binder: 10101:10103 transaction call to 0:0 failed 32/29201/-22, size 72-24 line 3145 [ 334.918673][ T10] binder: undelivered TRANSACTION_ERROR: 29201 [ 334.959424][T10106] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 334.997345][T10106] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 335.531032][T10108] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 335.565963][T10108] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 336.116086][T10110] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 336.135911][T10110] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 336.666402][T10112] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 336.707220][T10112] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 337.190564][ T7056] team0 (unregistering): Port device team_slave_1 removed [ 337.313357][T10119] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 337.376614][T10119] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 337.384073][ T7056] team0 (unregistering): Port device team_slave_0 removed [ 337.582531][T10119] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 337.626483][T10119] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 338.183990][T10123] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 338.257207][T10123] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 338.840717][T10129] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 338.877004][T10129] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 339.497367][ T457] bridge0: port 1(bridge_slave_0) entered blocking state [ 339.499162][ T457] bridge0: port 1(bridge_slave_0) entered forwarding state [ 339.512607][T10091] netlink: 20 bytes leftover after parsing attributes in process `syz.2.900'. [ 339.520592][T10093] bridge0: port 1(bridge_slave_1) entered blocking state [ 339.522712][T10093] bridge0: port 1(bridge_slave_1) entered disabled state [ 339.524715][T10093] bridge_slave_1: entered allmulticast mode [ 339.546389][T10093] bridge_slave_1: entered promiscuous mode [ 339.548530][T10093] bridge0: port 1(bridge_slave_1) entered blocking state [ 339.550420][T10093] bridge0: port 1(bridge_slave_1) entered forwarding state [ 339.553826][T10094] bridge0: port 2(veth1_to_bond) entered blocking state [ 339.556115][T10094] bridge0: port 2(veth1_to_bond) entered disabled state [ 339.558192][T10094] veth1_to_bond: entered allmulticast mode [ 339.560489][T10094] veth1_to_bond: entered promiscuous mode [ 339.562535][T10131] netlink: 4 bytes leftover after parsing attributes in process `syz.1.917'. [ 339.565087][T10135] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 339.657258][ T457] bridge0: port 2(bridge_slave_1) entered blocking state [ 339.658951][ T457] bridge0: port 2(bridge_slave_1) entered forwarding state [ 339.691973][ T9721] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 339.705718][ T9721] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 339.770469][ T9717] batman_adv: The newly added mac address (08:02:11:00:00:00) already exists on: macsec1 [ 339.773090][ T9717] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 339.850029][ T457] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 339.852199][ T457] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 339.920143][ T6789] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 339.922173][ T6789] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 339.948260][T10159] loop1: detected capacity change from 0 to 512 [ 340.069417][T10164] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 340.089828][ T9721] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 340.134163][T10164] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 340.141665][ T9721] veth0_vlan: entered promiscuous mode [ 340.161215][ T9721] veth1_vlan: entered promiscuous mode [ 340.182040][T10167] bridge_slave_0: left allmulticast mode [ 340.183737][T10167] bridge_slave_0: left promiscuous mode [ 340.185292][T10167] bridge0: port 1(bridge_slave_0) entered disabled state [ 340.190650][T10167] bridge_slave_1: left allmulticast mode [ 340.192192][T10167] bridge_slave_1: left promiscuous mode [ 340.193780][T10167] bridge0: port 2(bridge_slave_1) entered disabled state [ 340.209407][T10167] bond0: (slave bond_slave_0): Releasing backup interface [ 340.261697][T10167] bond0: (slave bond_slave_1): Releasing backup interface [ 340.323873][T10167] team0: Port device team_slave_0 removed [ 340.341758][T10167] team0: Port device team_slave_1 removed [ 340.343929][T10167] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 340.346259][T10167] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 340.349023][T10167] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 340.351016][T10167] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 340.423067][ T9721] veth0_macvtap: entered promiscuous mode [ 340.437193][ T9721] veth1_macvtap: entered promiscuous mode [ 340.451589][ T9721] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 340.454472][ T9721] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 340.457350][ T9721] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 340.460226][ T9721] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 340.464041][ T9721] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 340.469973][ T9721] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 340.486552][ T9721] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 340.496109][ T9721] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 340.500053][ T9721] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 340.509252][ T9721] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 340.536268][ T9721] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 340.540950][ T9721] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 340.546485][ T9721] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 340.552049][ T9721] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 340.653629][ T9721] batman_adv: The newly added mac address (08:02:11:00:00:00) already exists on: macsec1 [ 340.658176][ T9721] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 340.699141][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 340.701565][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 340.765677][ T6790] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 340.767731][ T6790] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 341.255816][ T27] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 341.547337][ T27] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 341.550959][ T27] usb 1-1: New USB device found, idVendor=056a, idProduct=0315, bcdDevice= 0.00 [ 341.588600][ T27] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 341.764790][ T27] usb 1-1: config 0 descriptor?? [ 341.892993][T10221] loop3: detected capacity change from 0 to 512 [ 342.524277][ T27] usb 1-1: USB disconnect, device number 3 [ 342.642909][T10270] hsr0: entered allmulticast mode [ 342.645446][T10270] hsr_slave_0: entered allmulticast mode [ 342.648192][T10270] hsr_slave_1: entered allmulticast mode [ 342.887412][T10289] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 342.927703][T10294] netlink: 4 bytes leftover after parsing attributes in process `syz.2.979'. [ 342.927751][T10289] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 343.049821][T10300] loop1: detected capacity change from 0 to 512 [ 343.227276][T10305] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 343.266170][T10305] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 343.805132][T10313] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 343.871111][T10313] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 343.935916][T10211] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 344.115463][ T8] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 344.121998][T10329] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 344.129001][ T8] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 344.144964][ T8] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz0] on syz1 [ 344.157768][T10333] loop3: detected capacity change from 0 to 512 [ 344.159854][T10333] ext4: Unknown parameter 'noacl' [ 344.166030][T10329] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 344.935296][T10339] binder: tried to use weak ref as strong ref [ 344.937077][T10339] binder: 10336:10339 Acquire 1 refcount change on invalid ref 0 ret -22 [ 344.939776][T10339] binder: 10336:10339 got transaction to invalid handle, 1 [ 344.943300][T10339] binder: 10339:10336 cannot find target node [ 344.944880][T10339] binder: 10336:10339 transaction call to 0:0 failed 35/29201/-22, size 72-24 line 3145 [ 345.083695][T10346] loop4: detected capacity change from 0 to 512 [ 345.140114][ T27] binder: undelivered TRANSACTION_ERROR: 29201 [ 345.302205][T10373] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 345.347758][T10375] binder: 10365:10375 IncRefs 0 refcount change on invalid ref 2 ret -22 [ 345.350114][T10375] binder: 10365:10375 ioctl c0306201 20000080 returned -14 [ 345.364004][T10373] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 345.370179][T10377] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1009'. [ 345.374765][T10377] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 345.386645][T10377] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 345.389169][T10377] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 345.391447][T10377] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 345.394060][T10377] geneve2: entered promiscuous mode [ 345.395556][T10377] geneve2: entered allmulticast mode [ 345.525733][ T8] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 345.676409][ T8] usb 1-1: Using ep0 maxpacket: 16 [ 345.680330][ T8] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 345.682932][ T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 345.686111][ T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 345.688584][ T8] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 345.690875][ T8] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 345.694786][ T8] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 345.697249][ T8] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 345.699133][ T8] usb 1-1: Manufacturer: syz [ 345.701698][ T8] usb 1-1: config 0 descriptor?? [ 346.192917][T10398] binder: 10396:10398 tried to acquire reference to desc 0, got 1 instead [ 346.212406][T10398] binder_alloc: 10396: binder_alloc_buf, no vma [ 346.213939][T10398] binder: cannot allocate buffer: vma cleared, target dead or dying [ 346.213987][T10398] binder: 10396:10398 transaction call to 10396:0 failed 42/29189/-3, size 72-24 line 3333 [ 346.443621][T10409] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 346.455707][ T10] binder: undelivered TRANSACTION_ERROR: 29189 [ 346.487365][T10409] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 346.498109][T10412] loop7: detected capacity change from 0 to 16384 [ 346.687854][T10427] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1028'. [ 346.736756][T10419] loop7: detected capacity change from 16384 to 0 [ 346.783692][T10434] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 346.819957][T10434] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 347.048654][T10445] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 347.087245][T10445] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 347.120475][T10446] binder: 10442:10446 tried to acquire reference to desc 0, got 1 instead [ 347.123298][T10446] binder_alloc: 10442: binder_alloc_buf, no vma [ 347.124993][T10446] binder: cannot allocate buffer: vma cleared, target dead or dying [ 347.125023][T10446] binder: 10442:10446 transaction call to 10442:0 failed 47/29189/-3, size 72-24 line 3333 [ 347.447249][T10459] "syz.4.1040" (10459) uses obsolete ecb(arc4) skcipher [ 347.450252][ T27] binder: undelivered TRANSACTION_ERROR: 29189 [ 347.700015][T10477] misc userio: Invalid payload size [ 347.804398][T10484] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1050'. [ 347.897666][T10492] "syz.3.1054" (10492) uses obsolete ecb(arc4) skcipher [ 348.117066][T10506] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 348.266688][T10520] "syz.2.1067" (10520) uses obsolete ecb(arc4) skcipher [ 348.275910][T10516] misc userio: Invalid payload size [ 348.293733][ T8] Registered IR keymap rc-hauppauge [ 348.298327][T10523] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 348.328772][T10523] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 348.355710][ T8] rc_core: Loaded IR protocol module ir-rc5-decoder, but protocol rc-5 still not available [ 348.358635][ T8] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 348.375867][ T8] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 348.404496][ T8] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 348.419604][ T8] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input8 [ 348.435144][ T8] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 348.455719][ T8] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 348.476024][ T8] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 348.502497][ T8] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 348.520676][ T8] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 348.536216][ T8] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 348.557721][ T8] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 348.578990][ T8] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 348.603350][ T8] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 348.619211][ T8] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 348.641965][ T8] mceusb 1-1:0.0: Registered with mce emulator interface version 1 [ 348.644103][ T8] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 348.648727][ T8] usb 1-1: USB disconnect, device number 4 [ 348.763932][T10553] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 348.807011][T10553] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 348.868205][T10555] "syz.1.1081" (10555) uses obsolete ecb(arc4) skcipher [ 349.043796][T10561] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 349.108833][T10561] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 349.202634][T10563] misc userio: Invalid payload size [ 349.439759][T10573] netlink: 'syz.2.1089': attribute type 1 has an invalid length. [ 349.460868][T10573] 8021q: adding VLAN 0 to HW filter on device bond1 [ 349.578612][T10578] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1090'. [ 349.589621][T10573] vlan2: entered promiscuous mode [ 349.591045][T10573] bond1: entered promiscuous mode [ 349.592383][T10573] vlan2: entered allmulticast mode [ 349.593720][T10573] bond1: entered allmulticast mode [ 349.659758][T10584] "syz.3.1092" (10584) uses obsolete ecb(arc4) skcipher [ 349.869544][T10605] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 349.895877][T10605] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 349.912817][ T6790] bridge0: port 2(bridge_slave_1) entered disabled state [ 350.038209][T10619] "syz.4.1106" (10619) uses obsolete ecb(arc4) skcipher [ 351.617168][T10690] bond0: (slave macvlan2): Error -98 calling set_mac_address [ 352.170512][T10726] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1151'. [ 352.178014][T10726] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1151'. [ 352.295549][T10728] binder: 10727:10728 tried to acquire reference to desc 0, got 1 instead [ 352.307800][T10728] binder: 10727:10728 got transaction with invalid data ptr [ 352.313395][T10728] binder: 10727:10728 transaction async to 10727:0 failed 53/29201/-14, size 0-24 line 3436 [ 352.325159][T10728] binder_alloc: 10727: pid 10727 spamming oneway? 1 buffers allocated for a total size of 4096 [ 352.333608][ T6769] binder: release 10727:10728 transaction 52 out, still active [ 352.339217][ T6769] binder: undelivered TRANSACTION_COMPLETE [ 352.362008][ T6769] binder: send failed reply for transaction 52, target dead [ 352.364419][ T6769] binder: undelivered transaction 54, process died. [ 352.522096][T10731] input: syz0 as /devices/virtual/input/input10 [ 353.273479][T10757] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 353.316197][T10757] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 353.454615][ C0] IPv4: Oversized IP packet from 172.20.20.24 [ 353.597363][T10778] loop2: detected capacity change from 0 to 512 [ 353.611171][T10778] ext4: Unknown parameter 'noacl' [ 354.469994][T10793] infiniband syz1: set down [ 354.471547][T10793] infiniband syz1: added bond_slave_1 [ 354.507758][T10793] RDS/IB: syz1: added [ 354.509651][T10793] smc: adding ib device syz1 with port count 1 [ 354.511825][T10793] smc: ib device syz1 port 1 has pnetid [ 355.417438][T10826] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 355.474506][T10829] loop3: detected capacity change from 0 to 512 [ 355.488748][T10829] ext4: Unknown parameter 'noacl' [ 356.271054][T10842] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1199'. [ 357.161570][T10864] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 357.271425][T10864] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 357.354233][T10886] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1221'. [ 357.700748][T10923] netlink: 'syz.2.1233': attribute type 4 has an invalid length. [ 357.746412][T10923] netlink: 'syz.2.1233': attribute type 4 has an invalid length. [ 357.823022][T10929] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1236'. [ 357.830074][T10929] bridge_slave_1: left allmulticast mode [ 357.831880][T10929] bridge_slave_1: left promiscuous mode [ 357.835805][T10929] bridge0: port 2(bridge_slave_1) entered disabled state [ 357.839444][T10929] bridge_slave_0: left allmulticast mode [ 357.840919][T10929] bridge_slave_0: left promiscuous mode [ 357.842361][T10929] bridge0: port 1(bridge_slave_0) entered disabled state [ 358.290596][T10968] binder: 10967:10968 tried to acquire reference to desc 0, got 1 instead [ 358.297671][ T10] binder: release 10967:10968 transaction 59 out, still active [ 358.299681][ T10] binder: undelivered TRANSACTION_COMPLETE [ 358.301120][ T10] binder: undelivered TRANSACTION_COMPLETE [ 358.322139][ T10] binder: send failed reply for transaction 59, target dead [ 358.324051][ T10] binder: undelivered transaction 60, process died. [ 358.327566][T10970] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1251'. [ 358.398821][T10976] input: syz1 as /devices/virtual/input/input11 [ 358.417882][ T6419] Bluetooth: hci7: command 0x0406 tx timeout [ 358.419732][ T6419] Bluetooth: hci8: command 0x0406 tx timeout [ 358.435246][T10978] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1255'. [ 358.448950][T10978] bridge_slave_1: left allmulticast mode [ 358.454910][T10978] bridge_slave_1: left promiscuous mode [ 358.459115][T10978] bridge0: port 2(bridge_slave_1) entered disabled state [ 358.485328][T10978] bridge_slave_0: left allmulticast mode [ 358.489134][T10978] bridge_slave_0: left promiscuous mode [ 358.492608][T10978] bridge0: port 1(bridge_slave_0) entered disabled state [ 358.697334][T10997] binder: 10996:10997 tried to acquire reference to desc 0, got 1 instead [ 358.700990][ T6500] binder: release 10996:10997 transaction 65 out, still active [ 358.704606][ T6500] binder: undelivered TRANSACTION_COMPLETE [ 358.714368][ T6500] binder: undelivered TRANSACTION_COMPLETE [ 358.733019][ T6500] binder: send failed reply for transaction 65, target dead [ 358.736998][ T6500] binder: undelivered transaction 66, process died. [ 359.396576][T11035] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1276'. [ 359.411914][T11037] netlink: 'syz.3.1277': attribute type 2 has an invalid length. [ 359.572948][ T6431] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 359.579651][ T6431] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 359.582452][ T6431] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 359.593821][ T6431] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 359.597672][ T6431] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 359.599684][ T6431] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 359.752584][T11055] netlink: 'syz.3.1284': attribute type 3 has an invalid length. [ 359.959419][T11068] binder: 11067:11068 tried to acquire reference to desc 0, got 1 instead [ 359.969982][T11068] binder: 11067:11068 got transaction with invalid data ptr [ 359.976575][T11068] binder_alloc: 11067: pid 11067 spamming oneway? 1 buffers allocated for a total size of 4096 [ 360.271667][ T38] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 360.378550][ T38] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 360.494461][ T38] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 360.523739][T11044] chnl_net:caif_netlink_parms(): no params data found [ 360.577791][T11099] binder: 11098:11099 tried to acquire reference to desc 0, got 1 instead [ 360.581377][T11099] binder: 11098:11099 got transaction with invalid data ptr [ 360.583758][T11099] binder_alloc: 11098: pid 11098 spamming oneway? 1 buffers allocated for a total size of 4096 [ 360.616056][ T38] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 360.710987][T11044] bridge0: port 1(bridge_slave_0) entered blocking state [ 360.718300][T11044] bridge0: port 1(bridge_slave_0) entered disabled state [ 360.722812][T11044] bridge_slave_0: entered allmulticast mode [ 360.726965][T11044] bridge_slave_0: entered promiscuous mode [ 360.735397][T11044] bridge0: port 2(bridge_slave_1) entered blocking state [ 360.742167][T11044] bridge0: port 2(bridge_slave_1) entered disabled state [ 360.755989][T11044] bridge_slave_1: entered allmulticast mode [ 360.766355][T11044] bridge_slave_1: entered promiscuous mode [ 360.812339][T11044] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 360.817069][T11044] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 360.868599][T11044] team0: Port device team_slave_0 added [ 360.877349][T11044] team0: Port device team_slave_1 added [ 360.916370][T11122] netlink: 22 bytes leftover after parsing attributes in process `syz.3.1307'. [ 360.924950][T11044] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 360.941023][T11044] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 360.956092][T11044] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 360.967290][ T38] bridge_slave_1: left allmulticast mode [ 360.968982][ T38] bridge_slave_1: left promiscuous mode [ 360.970547][ T38] bridge0: port 2(bridge_slave_1) entered disabled state [ 360.977343][ T38] bridge_slave_0: left allmulticast mode [ 360.978878][ T38] bridge_slave_0: left promiscuous mode [ 360.983028][ T38] bridge0: port 1(bridge_slave_0) entered disabled state [ 361.488715][T11133] binder: 11132:11133 got transaction to invalid handle, 1 [ 361.491642][T11133] binder: 11132:11133 got transaction to invalid handle, 1 [ 361.616983][ T6431] Bluetooth: hci1: command tx timeout [ 362.112938][T11147] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 362.145920][T11147] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 362.572691][ T38] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 362.608342][ T38] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 362.658463][ T38] bond0 (unregistering): Released all slaves [ 362.664188][T11044] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 362.666914][T11044] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 362.673622][T11044] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 362.689889][T11127] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1309'. [ 362.937148][T11171] binder: 11170:11171 got transaction to invalid handle, 1 [ 362.940911][T11171] binder: 11170:11171 got transaction to invalid handle, 1 [ 363.008882][T11044] hsr_slave_0: entered promiscuous mode [ 363.052485][T11044] hsr_slave_1: entered promiscuous mode [ 363.076408][T11044] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 363.081831][T11044] Cannot create hsr debugfs directory [ 363.278173][ T38] batman_adv: batadv0: Interface deactivated: macsec1 [ 363.281322][ T38] mac80211_hwsim hwsim52 wlan0 (unregistering): left allmulticast mode [ 363.338982][ T38] batman_adv: batadv0: Removing interface: macsec1 [ 363.501464][T11196] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 363.560153][T11196] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 363.696727][ T6431] Bluetooth: hci1: command tx timeout [ 363.747807][ T38] hsr_slave_0: left promiscuous mode [ 363.775473][T11214] binder: 11212:11214 got transaction to invalid handle, 1 [ 363.779057][ T38] hsr_slave_1: left promiscuous mode [ 363.780917][T11214] binder_debug: 16 callbacks suppressed [ 363.780930][T11214] binder: 11214:11212 cannot find target node [ 363.783837][T11214] binder: 11212:11214 transaction call to 0:0 failed 92/29201/-22, size 0-0 line 3145 [ 363.795435][T11214] binder: 11212:11214 got transaction to invalid handle, 1 [ 363.798657][T11214] binder: 11214:11212 cannot find target node [ 363.800282][T11214] binder: 11212:11214 transaction async to 0:0 failed 93/29201/-22, size 0-0 line 3145 [ 363.803346][ T6473] binder: undelivered TRANSACTION_ERROR: 29201 [ 363.835711][ T38] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 363.837644][ T38] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 363.844104][ T38] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 363.852821][ T38] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 363.872375][ T38] veth1_macvtap: left promiscuous mode [ 363.874074][ T38] veth0_macvtap: left promiscuous mode [ 363.875721][ T38] veth1_vlan: left promiscuous mode [ 363.877217][ T38] veth0_vlan: left promiscuous mode [ 364.949017][T11233] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1339'. [ 364.951509][T11233] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1339'. [ 364.953849][T11233] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1339'. [ 364.956337][T11233] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1339'. [ 365.109581][T11237] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1341'. [ 365.206407][T11241] binder: tried to use weak ref as strong ref [ 365.207997][T11241] binder: 11240:11241 Acquire 1 refcount change on invalid ref 0 ret -22 [ 365.212516][T11241] binder: 11240:11241 got transaction to invalid handle, 1 [ 365.214356][T11241] binder: 11241:11240 cannot find target node [ 365.217135][T11241] binder: 11240:11241 transaction call to 0:0 failed 96/29201/-22, size 0-0 line 3145 [ 365.220083][T11241] binder: 11240:11241 got transaction to invalid handle, 1 [ 365.222090][T11241] binder: 11241:11240 cannot find target node [ 365.223416][T11241] binder: 11240:11241 transaction async to 0:0 failed 97/29201/-22, size 0-0 line 3145 [ 365.232945][ T6500] binder: undelivered TRANSACTION_ERROR: 29201 [ 365.688946][ T38] team0 (unregistering): Port device team_slave_1 removed [ 365.775766][ T6424] Bluetooth: hci1: command tx timeout [ 365.867606][ T38] team0 (unregistering): Port device team_slave_0 removed [ 366.805725][ T27] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 366.967214][ T27] usb 1-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 366.970144][ T27] usb 1-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 366.972859][ T27] usb 1-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 366.976265][ T27] usb 1-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 366.979242][ T27] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 366.996612][T11257] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 367.857036][ T6424] Bluetooth: hci1: command 0x0419 tx timeout [ 368.121921][T11259] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1348'. [ 368.130135][T11261] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1348'. [ 368.135121][T11262] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1348'. [ 368.181104][T11268] loop1: detected capacity change from 0 to 512 [ 368.183368][T11268] ext4: Unknown parameter 'noacl' [ 368.917275][ T27] aiptek 1-1:17.0: Aiptek using 400 ms programming speed [ 368.920111][ T27] input: Aiptek as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:17.0/input/input12 [ 369.082049][T11281] binder: 11279:11281 got transaction to invalid handle, 1 [ 369.083967][T11281] binder: 11281:11279 cannot find target node [ 369.085750][T11281] binder: 11279:11281 transaction call to 0:0 failed 100/29201/-22, size 0-0 line 3145 [ 369.089099][T11281] binder: 11279:11281 got transaction to invalid handle, 1 [ 369.091061][T11281] binder: 11281:11279 cannot find target node [ 369.094367][T11281] binder: 11279:11281 transaction async to 0:0 failed 101/29201/-22, size 0-0 line 3145 [ 369.125488][ T6473] binder: undelivered TRANSACTION_ERROR: 29201 [ 369.174992][ T27] usb 1-1: USB disconnect, device number 5 [ 369.176657][ C1] aiptek 1-1:17.0: aiptek_irq - usb_submit_urb failed with result -19 [ 369.297219][T11044] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 369.303892][T11044] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 369.307719][T11044] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 369.311879][T11044] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 369.492077][T11044] 8021q: adding VLAN 0 to HW filter on device bond0 [ 369.504981][T11044] 8021q: adding VLAN 0 to HW filter on device team0 [ 369.530674][ T457] bridge0: port 1(bridge_slave_0) entered blocking state [ 369.532522][ T457] bridge0: port 1(bridge_slave_0) entered forwarding state [ 369.540521][ T457] bridge0: port 2(bridge_slave_1) entered blocking state [ 369.542356][ T457] bridge0: port 2(bridge_slave_1) entered forwarding state [ 369.653473][T11319] [U] [ 369.654581][T11319] [U] [ 369.655508][T11319] [U] [ 369.656289][T11319] [U] [ 369.659213][T11319] [U] [ 369.659983][T11319] [U] [ 369.660693][T11319] [U] [ 369.661413][T11319] [U] [ 369.662300][T11319] [U] [ 369.662988][T11319] [U] [ 369.663715][T11319] [U] [ 369.664466][T11319] [U] [ 369.670890][T11319] [U] [ 369.671619][T11319] [U] [ 369.672343][T11319] [U] [ 369.673058][T11319] [U] [ 369.673790][T11319] [U] [ 369.674513][T11319] [U] [ 369.675254][T11319] [U] [ 369.675938][T11319] [U] [ 369.691950][T11319] [U] [ 369.692665][T11319] [U] [ 369.693427][T11319] [U] [ 369.694081][T11319] [U] [ 369.694719][T11319] [U] [ 369.695464][T11319] [U] [ 369.696180][T11319] [U] [ 369.696872][T11319] [U] [ 369.717038][T11319] [U] [ 369.717077][T11319] [U] [ 369.717095][T11319] [U] [ 369.717113][T11319] [U] [ 369.717209][T11319] [U] [ 369.717227][T11319] [U] [ 369.717245][T11319] [U] [ 369.717262][T11319] [U] [ 369.717332][T11319] [U] [ 369.717349][T11319] [U] [ 369.717367][T11319] [U] [ 369.717384][T11319] [U] [ 369.717464][T11319] [U] [ 369.717482][T11319] [U] [ 369.717500][T11319] [U] [ 369.717517][T11319] [U] [ 369.717587][T11319] [U] [ 369.717605][T11319] [U] [ 369.717622][T11319] [U] [ 369.717639][T11319] [U] [ 369.717719][T11319] [U] [ 369.717736][T11319] [U] [ 369.717754][T11319] [U] [ 369.717771][T11319] [U] [ 369.717840][T11319] [U] [ 369.717858][T11319] [U] [ 369.717875][T11319] [U] [ 369.717892][T11319] [U] [ 369.717992][T11319] [U] [ 369.718011][T11319] [U] [ 369.718028][T11319] [U] [ 369.718046][T11319] [U] [ 369.718115][T11319] [U] [ 369.718132][T11319] [U] [ 369.718150][T11319] [U] [ 369.718167][T11319] [U] [ 369.718246][T11319] [U] [ 369.718264][T11319] [U] [ 369.718281][T11319] [U] [ 369.718298][T11319] [U] [ 369.718368][T11319] [U] [ 369.718385][T11319] [U] [ 369.718402][T11319] [U] [ 369.718420][T11319] [U] [ 369.718499][T11319] [U] [ 369.718516][T11319] [U] [ 369.718534][T11319] [U] [ 369.718551][T11319] [U] [ 369.718621][T11319] [U] [ 369.718638][T11319] [U] [ 369.718655][T11319] [U] [ 369.718673][T11319] [U] [ 369.718752][T11319] [U] [ 369.718769][T11319] [U] [ 369.718787][T11319] [U] [ 369.718804][T11319] [U] [ 369.718874][T11319] [U] [ 369.718891][T11319] [U] [ 369.718919][T11319] [U] [ 369.718936][T11319] [U] [ 369.719019][T11319] [U] [ 369.719037][T11319] [U] [ 369.719054][T11319] [U] [ 369.719071][T11319] [U] [ 369.719140][T11319] [U] [ 369.719157][T11319] [U] [ 369.719175][T11319] [U] [ 369.719192][T11319] [U] [ 369.719270][T11319] [U] [ 369.719288][T11319] [U] [ 369.719305][T11319] [U] [ 369.719322][T11319] [U] [ 369.719392][T11319] [U] [ 369.719409][T11319] [U] [ 369.719426][T11319] [U] [ 369.719443][T11319] [U] [ 369.719522][T11319] [U] [ 369.719539][T11319] [U] [ 369.719556][T11319] [U] [ 369.719574][T11319] [U] [ 369.719643][T11319] [U] [ 369.719660][T11319] [U] [ 369.719677][T11319] [U] [ 369.719695][T11319] [U] [ 369.719773][T11319] [U] [ 369.719791][T11319] [U] [ 369.719808][T11319] [U] [ 369.719825][T11319] [U] [ 369.719901][T11319] [U] [ 369.719919][T11319] [U] [ 369.719936][T11319] [U] [ 369.719953][T11319] [U] [ 369.720034][T11319] [U] [ 369.720052][T11319] [U] [ 369.720069][T11319] [U] [ 369.720087][T11319] [U] [ 369.720144][T11319] [U] [ 369.720161][T11319] [U] [ 369.720179][T11319] [U] [ 369.777513][T11044] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 369.830561][T11334] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 369.833100][T11318] [U] [ 369.879985][ C0] vkms_vblank_simulate: vblank timer overrun [ 369.908321][T11334] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 369.936776][ T6424] Bluetooth: hci1: command 0x0419 tx timeout [ 369.943400][T11341] loop0: detected capacity change from 0 to 512 [ 370.160485][T11044] veth0_vlan: entered promiscuous mode [ 370.183807][T11044] veth1_vlan: entered promiscuous mode [ 370.184565][T11352] loop1: detected capacity change from 0 to 512 [ 370.196202][T11352] ext4: Unknown parameter 'noacl' [ 370.203789][T11044] veth0_macvtap: entered promiscuous mode [ 370.247344][T11044] veth1_macvtap: entered promiscuous mode [ 370.271014][T11044] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 370.285509][T11044] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 370.298907][T11044] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 370.311158][T11044] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 370.322270][T11044] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 370.334179][T11044] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 370.350510][T11044] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 370.357197][T11044] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 370.363452][T11044] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 370.372829][T11044] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 370.380031][T11044] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 370.382368][T11044] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 370.384787][T11044] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 370.391302][T11044] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 371.107470][ T1750] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 371.109379][ T1750] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 371.135101][T11369] "syz.2.1368" (11369) uses obsolete ecb(arc4) skcipher [ 371.148991][ T38] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 371.164673][ T38] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 371.271699][T11379] loop2: detected capacity change from 0 to 512 [ 371.429082][T11392] loop0: detected capacity change from 0 to 512 [ 371.430888][T11392] ext4: Unknown parameter 'noacl' [ 371.867989][ T2342] ieee802154 phy0 wpan0: encryption failed: -22 [ 371.870507][ T2342] ieee802154 phy1 wpan1: encryption failed: -22 [ 372.015905][ T6431] Bluetooth: hci1: command 0x0419 tx timeout [ 373.176559][T11432] loop4: detected capacity change from 0 to 512 [ 373.371982][T11438] loop1: detected capacity change from 0 to 512 [ 373.378794][T11438] ext4: Unknown parameter 'noacl' [ 374.256090][T11445] "syz.3.1394" (11445) uses obsolete ecb(arc4) skcipher [ 374.558125][T11460] macvlan2: entered allmulticast mode [ 374.563377][T11460] veth1_to_bridge: entered promiscuous mode [ 374.571830][T11460] veth1_to_bridge: entered allmulticast mode [ 374.577981][T11460] bond0: (slave macvlan2): Enslaving as an active interface with an up link [ 374.653863][T11460] bond0: entered promiscuous mode [ 374.655263][T11460] bond_slave_0: entered promiscuous mode [ 374.661738][T11460] bond_slave_1: entered promiscuous mode [ 374.670986][T11460] macvlan2: entered promiscuous mode [ 375.203485][T11474] loop1: detected capacity change from 0 to 512 [ 375.211308][T11474] ext4: Unknown parameter 'noacl' [ 375.978728][T11484] "syz.2.1409" (11484) uses obsolete ecb(arc4) skcipher [ 376.222045][T11494] binder: 11493:11494 Release 1 refcount change on invalid ref 0 ret -22 [ 376.445408][T11514] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1419'. [ 376.583214][T11519] loop3: detected capacity change from 0 to 512 [ 376.589948][T11519] ext4: Unknown parameter 'noacl' [ 377.446775][T11531] "syz.3.1424" (11531) uses obsolete ecb(arc4) skcipher [ 377.776707][T11553] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1431'. [ 377.855450][T11557] bond1: entered promiscuous mode [ 377.860017][T11557] bond1: entered allmulticast mode [ 377.861705][T11557] 8021q: adding VLAN 0 to HW filter on device bond1 [ 377.884485][T11560] loop4: detected capacity change from 0 to 512 [ 377.911939][T11560] ext4: Unknown parameter 'noacl' [ 378.785785][T11573] "syz.4.1439" (11573) uses obsolete ecb(arc4) skcipher [ 378.991036][T11569] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 379.017014][T11579] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1442'. [ 379.028602][T11569] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 379.190687][T11589] syz_tun: entered promiscuous mode [ 379.194816][T11589] syz_tun: left promiscuous mode [ 379.300108][T11587] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1446'. [ 379.302365][T11587] bridge_slave_1: left allmulticast mode [ 379.303948][T11587] bridge_slave_1: left promiscuous mode [ 379.309655][T11595] loop2: detected capacity change from 0 to 512 [ 379.311662][T11595] ext4: Unknown parameter 'noacl' [ 379.313288][T11587] bridge0: port 2(bridge_slave_1) entered disabled state [ 379.320115][T11587] bridge_slave_0: left allmulticast mode [ 379.321730][T11587] bridge_slave_0: left promiscuous mode [ 379.323307][T11587] bridge0: port 1(bridge_slave_0) entered disabled state [ 380.623982][T11629] loop4: detected capacity change from 0 to 512 [ 380.629413][T11629] ext4: Unknown parameter 'noacl' [ 381.926511][T11646] binder: BINDER_SET_CONTEXT_MGR already set [ 381.928377][T11646] binder: 11645:11646 ioctl 4018620d 20000040 returned -16 [ 382.862528][T11689] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1481'. [ 382.903786][T11693] binder: 11692:11693 got transaction to invalid handle, 1 [ 382.909491][T11693] binder: 11693:11692 cannot find target node [ 382.911433][T11693] binder: 11692:11693 transaction call to 0:0 failed 106/29201/-22, size 0-0 line 3145 [ 382.915156][T11693] binder: 11692:11693 got transaction to invalid handle, 1 [ 382.918509][T11693] binder: 11693:11692 cannot find target node [ 382.920230][T11693] binder: 11692:11693 transaction async to 0:0 failed 107/29201/-22, size 0-0 line 3145 [ 382.934660][ T10] binder: undelivered TRANSACTION_ERROR: 29201 [ 383.290114][T11711] binder: BINDER_SET_CONTEXT_MGR already set [ 383.312153][T11711] binder: 11700:11711 ioctl 4018620d 20000040 returned -16 [ 383.363109][T11719] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1493'. [ 383.549183][T11721] loop1: detected capacity change from 0 to 512 [ 384.069493][T11726] netlink: 'syz.0.1493': attribute type 4 has an invalid length. [ 384.071682][T11726] netlink: 17 bytes leftover after parsing attributes in process `syz.0.1493'. [ 384.105167][T11719] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1493'. [ 384.778111][T11752] tmpfs: Unknown parameter '/dev/v4l-subdev#' [ 384.912549][T11753] binder: 11749:11753 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 384.941172][T11753] binder: 11749:11753 got transaction to invalid handle, 1 [ 384.943190][T11753] binder: 11753:11749 cannot find target node [ 384.944685][T11753] binder: 11749:11753 transaction call to 0:0 failed 111/29201/-22, size 72-24 line 3145 [ 385.046670][ T6500] binder: undelivered TRANSACTION_ERROR: 29201 [ 385.047212][T11758] loop0: detected capacity change from 0 to 512 [ 385.679298][T11776] pim6reg1: entered promiscuous mode [ 385.682959][T11776] pim6reg1: entered allmulticast mode [ 386.121644][T11786] tmpfs: Unknown parameter '/dev/v4l-subdev#' [ 386.345990][T11794] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 386.416555][T11794] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 386.453684][T11797] binder: 11787:11797 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 386.488089][T11797] binder: 11787:11797 got transaction to invalid handle, 1 [ 386.493520][T11797] binder: 11797:11787 cannot find target node [ 386.504820][T11797] binder: 11787:11797 transaction call to 0:0 failed 114/29201/-22, size 72-24 line 3145 [ 386.538268][T11796] pim6reg1: entered promiscuous mode [ 386.539633][T11796] pim6reg1: entered allmulticast mode [ 386.588805][T11794] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 386.625968][T11794] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 386.676343][T11805] loop0: detected capacity change from 0 to 512 [ 387.127795][T11819] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1531'. [ 388.221042][T11852] binder: 11848:11852 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 388.237376][T11852] binder: 11848:11852 got transaction to invalid handle, 1 [ 388.245661][T11852] binder_debug: 1 callbacks suppressed [ 388.245674][T11852] binder: 11852:11848 cannot find target node [ 388.268553][T11852] binder: 11848:11852 transaction call to 0:0 failed 117/29201/-22, size 72-24 line 3145 [ 388.704966][ T6769] binder: undelivered TRANSACTION_ERROR: 29201 [ 388.851149][T11863] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1545'. [ 388.853456][T11863] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1545'. [ 388.907985][T11865] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 389.076869][T11865] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 389.768016][T11872] loop1: detected capacity change from 0 to 512 [ 390.440105][T11893] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 390.465803][T11893] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 390.755739][ T10] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 390.907518][ T10] usb 1-1: config 0 interface 0 has no altsetting 0 [ 390.909132][ T10] usb 1-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75 [ 390.911338][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 390.914952][ T10] usb 1-1: config 0 descriptor?? [ 392.063205][T11914] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 392.099792][T11914] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 392.143553][ T6431] Bluetooth: hci3: link tx timeout [ 392.145235][ T6431] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa [ 392.149386][ T6431] Bluetooth: hci3: link tx timeout [ 392.150663][ T6431] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 392.181345][ T10] radio-keene 1-1:0.0: V4L2 device registered as radio2 [ 392.214186][T11921] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 392.256246][T11921] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 392.298379][T11921] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 392.356463][T11921] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 392.404025][ T6769] usb 1-1: USB disconnect, device number 6 [ 392.480125][T11927] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 392.508245][T11927] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 392.648240][T11929] loop2: detected capacity change from 0 to 512 [ 393.930408][T11951] binder: 11948:11951 ioctl 4018620d 0 returned -22 [ 393.932710][T11951] binder: 11948:11951 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 393.936455][T11951] binder: 11948:11951 got transaction to invalid handle, 1 [ 393.938405][T11951] binder: 11951:11948 cannot find target node [ 393.940018][T11951] binder: 11948:11951 transaction call to 0:0 failed 120/29201/-22, size 0-0 line 3145 [ 393.942740][T11951] binder: 11948:11951 got transaction to invalid handle, 1 [ 393.944460][T11951] binder: 11951:11948 cannot find target node [ 393.946469][T11951] binder: 11948:11951 transaction async to 0:0 failed 121/29201/-22, size 0-0 line 3145 [ 393.954164][ T6417] binder: undelivered TRANSACTION_ERROR: 29201 [ 393.972388][T11955] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1580'. [ 394.191221][ T6424] Bluetooth: hci3: command 0x0406 tx timeout [ 394.248300][T11973] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 394.306053][T11973] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 394.327259][T11978] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 394.351484][ T6500] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 394.376174][T11978] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 394.495702][ T6500] usb 1-1: Using ep0 maxpacket: 16 [ 394.498852][ T6500] usb 1-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 394.501510][ T6500] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 394.510927][ T6500] usb 1-1: config 0 descriptor?? [ 394.518948][ T6500] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 394.958786][T11985] binder: BINDER_SET_CONTEXT_MGR already set [ 394.960313][T11985] binder: 11984:11985 ioctl 4018620d 20000040 returned -16 [ 394.962912][T11985] binder: 11984:11985 got transaction to invalid handle, 1 [ 394.964639][T11985] binder: 11985:11984 cannot find target node [ 394.975813][T11985] binder: 11984:11985 transaction call to 0:0 failed 123/29201/-22, size 0-0 line 3145 [ 394.983361][ T10] binder: undelivered TRANSACTION_ERROR: 29201 [ 395.694192][T11990] loop2: detected capacity change from 0 to 512 [ 396.415655][ T6424] Bluetooth: hci3: command 0x0406 tx timeout [ 396.772765][T12023] binder: BINDER_SET_CONTEXT_MGR already set [ 396.774491][T12023] binder: 12021:12023 ioctl 4018620d 20000040 returned -16 [ 396.780420][T12023] binder: 12021:12023 got transaction to invalid handle, 1 [ 396.782658][T12023] binder: 12023:12021 cannot find target node [ 396.784357][T12023] binder: 12021:12023 transaction call to 0:0 failed 125/29201/-22, size 0-0 line 3145 [ 396.989440][ T6431] Bluetooth: hci1: unknown advertising packet type: 0x72 [ 396.989505][ T6431] Bluetooth: hci1: Dropping invalid advertising data [ 396.993213][ T6431] Bluetooth: hci1: Malformed LE Event: 0x02 [ 397.880997][T12055] binder: BINDER_SET_CONTEXT_MGR already set [ 397.884972][T12055] binder: 12054:12055 ioctl 4018620d 20000040 returned -16 [ 397.913133][T12055] binder: 12054:12055 got transaction to invalid handle, 1 [ 398.026736][T12065] [U] [ 398.027456][T12065] [U] [ 398.028184][T12065] [U] [ 398.028892][T12065] [U] [ 398.029851][T12065] [U] [ 398.030644][T12065] [U] [ 398.031400][T12065] [U] [ 398.032085][T12065] [U] [ 398.033072][T12065] [U] [ 398.033783][T12065] [U] [ 398.034514][T12065] [U] [ 398.035262][T12065] [U] [ 398.036375][T12065] [U] [ 398.037161][T12065] [U] [ 398.037842][T12065] [U] [ 398.038572][T12065] [U] [ 398.039607][T12065] [U] [ 398.040375][T12065] [U] [ 398.041092][T12065] [U] [ 398.041801][T12065] [U] [ 398.044213][T12065] [U] [ 398.044988][T12065] [U] [ 398.045775][T12065] [U] [ 398.046473][T12065] [U] [ 398.049436][T12065] [U] [ 398.050203][T12065] [U] [ 398.050911][T12065] [U] [ 398.051618][T12065] [U] [ 398.052561][T12065] [U] [ 398.053332][T12065] [U] [ 398.054098][T12065] [U] [ 398.054828][T12065] [U] [ 398.059528][T12065] [U] [ 398.060379][T12065] [U] [ 398.061083][T12065] [U] [ 398.061795][T12065] [U] [ 398.062767][T12065] [U] [ 398.063469][T12065] [U] [ 398.064156][T12065] [U] [ 398.064862][T12065] [U] [ 398.068053][T12065] [U] [ 398.068760][T12065] [U] [ 398.069487][T12065] [U] [ 398.070224][T12065] [U] [ 398.071269][T12065] [U] [ 398.071943][T12065] [U] [ 398.072637][T12065] [U] [ 398.073367][T12065] [U] [ 398.074685][T12065] [U] [ 398.075427][T12065] [U] [ 398.076151][T12065] [U] [ 398.076838][T12065] [U] [ 398.087671][T12065] [U] [ 398.087698][T12065] [U] [ 398.087715][T12065] [U] [ 398.087733][T12065] [U] [ 398.087826][T12065] [U] [ 398.087845][T12065] [U] [ 398.087862][T12065] [U] [ 398.087879][T12065] [U] [ 398.087964][T12065] [U] [ 398.087984][T12065] [U] [ 398.088001][T12065] [U] [ 398.088018][T12065] [U] [ 398.088109][T12065] [U] [ 398.088128][T12065] [U] [ 398.088146][T12065] [U] [ 398.088163][T12065] [U] [ 398.088234][T12065] [U] [ 398.088251][T12065] [U] [ 398.088268][T12065] [U] [ 398.088286][T12065] [U] [ 398.088367][T12065] [U] [ 398.088386][T12065] [U] [ 398.088403][T12065] [U] [ 398.088420][T12065] [U] [ 398.088490][T12065] [U] [ 398.088507][T12065] [U] [ 398.088525][T12065] [U] [ 398.088542][T12065] [U] [ 398.088622][T12065] [U] [ 398.088639][T12065] [U] [ 398.088657][T12065] [U] [ 398.088674][T12065] [U] [ 398.088743][T12065] [U] [ 398.088760][T12065] [U] [ 398.088778][T12065] [U] [ 398.088795][T12065] [U] [ 398.088873][T12065] [U] [ 398.088891][T12065] [U] [ 398.088914][T12065] [U] [ 398.088932][T12065] [U] [ 398.089002][T12065] [U] [ 398.089020][T12065] [U] [ 398.089037][T12065] [U] [ 398.089054][T12065] [U] [ 398.089138][T12065] [U] [ 398.089156][T12065] [U] [ 398.089173][T12065] [U] [ 398.089190][T12065] [U] [ 398.089260][T12065] [U] [ 398.089277][T12065] [U] [ 398.089295][T12065] [U] [ 398.089312][T12065] [U] [ 398.089392][T12065] [U] [ 398.089410][T12065] [U] [ 398.089427][T12065] [U] [ 398.089444][T12065] [U] [ 398.089513][T12065] [U] [ 398.089531][T12065] [U] [ 398.089548][T12065] [U] [ 398.089565][T12065] [U] [ 398.089643][T12065] [U] [ 398.089661][T12065] [U] [ 398.089678][T12065] [U] [ 398.089695][T12065] [U] [ 398.089765][T12065] [U] [ 398.089782][T12065] [U] [ 398.089799][T12065] [U] [ 398.089816][T12065] [U] [ 398.089894][T12065] [U] [ 398.089918][T12065] [U] [ 398.089935][T12065] [U] [ 398.089959][T12065] [U] [ 398.090017][T12065] [U] [ 398.090034][T12065] [U] [ 398.090051][T12065] [U] [ 398.113629][ T6500] gspca_sonixj: reg_w1 err -71 [ 398.113674][ T6500] sonixj 1-1:0.0: probe with driver sonixj failed with error -71 [ 398.115474][ T6500] usb 1-1: USB disconnect, device number 7 [ 398.218424][T12064] [U] [ 398.243503][ T30] audit: type=1326 audit(398.220:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12069 comm="syz.1.1619" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb4d4a9a8 code=0x7ffc0000 [ 398.251555][ T30] audit: type=1326 audit(398.220:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12069 comm="syz.1.1619" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb4d4a9a8 code=0x7ffc0000 [ 398.260110][ T30] audit: type=1326 audit(398.220:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12069 comm="syz.1.1619" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=293 compat=0 ip=0xffffb4d4a9a8 code=0x7ffc0000 [ 398.267542][ T30] audit: type=1326 audit(398.220:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12069 comm="syz.1.1619" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb4d4a9a8 code=0x7ffc0000 [ 398.273160][ T30] audit: type=1326 audit(398.220:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12069 comm="syz.1.1619" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=293 compat=0 ip=0xffffb4d4a9a8 code=0x7ffc0000 [ 398.281459][ T30] audit: type=1326 audit(398.220:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12069 comm="syz.1.1619" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb4d4a9a8 code=0x7ffc0000 [ 398.288694][ T30] audit: type=1326 audit(398.220:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12069 comm="syz.1.1619" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=425 compat=0 ip=0xffffb4d4a9a8 code=0x7ffc0000 [ 398.293945][ T30] audit: type=1326 audit(398.220:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12069 comm="syz.1.1619" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=222 compat=0 ip=0xffffb4d4a9dc code=0x7ffc0000 [ 398.301347][ T30] audit: type=1326 audit(398.220:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12069 comm="syz.1.1619" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb4d4a9a8 code=0x7ffc0000 [ 398.742815][T12081] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 398.785939][T12081] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 398.798610][ T30] audit: type=1326 audit(398.780:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12079 comm="syz.4.1622" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff9e14a9a8 code=0x0 [ 398.934789][T12090] binder: 12089:12090 ioctl c0306201 0 returned -14 [ 398.939103][T12090] binder: 12089:12090 got transaction to invalid handle, 1 [ 398.941567][T12090] binder: 12089:12090 got transaction to invalid handle, 1 [ 399.755859][T12105] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 399.776650][T12105] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 400.330155][T12118] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1635'. [ 400.354638][T12118] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1635'. [ 400.551109][T12120] binder: 12119:12120 ioctl c0306201 0 returned -14 [ 400.556638][T12120] binder: 12119:12120 got transaction to invalid handle, 1 [ 400.558567][T12120] binder_debug: 9 callbacks suppressed [ 400.558577][T12120] binder: 12120:12119 cannot find target node [ 400.561662][T12120] binder: 12119:12120 transaction call to 0:0 failed 136/29201/-22, size 0-0 line 3145 [ 400.564883][T12120] binder: 12119:12120 got transaction to invalid handle, 1 [ 400.568297][T12120] binder: 12120:12119 cannot find target node [ 400.570072][T12120] binder: 12119:12120 transaction async to 0:0 failed 137/29201/-22, size 0-0 line 3145 [ 400.573251][ T6500] binder: undelivered TRANSACTION_ERROR: 29201 [ 400.611693][T12122] netlink: 'syz.3.1638': attribute type 1 has an invalid length. [ 400.614011][T12122] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1638'. [ 400.707336][T12128] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1637'. [ 400.972557][T12138] binder: 12131:12138 tried to acquire reference to desc 0, got 1 instead [ 401.665510][ T6500] binder: release 12131:12138 transaction 142 out, still active [ 401.669601][ T6500] binder: undelivered TRANSACTION_COMPLETE [ 401.714171][ T6500] binder: send failed reply for transaction 142, target dead [ 401.754703][T12147] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 401.795976][T12147] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 401.802262][T12150] loop2: detected capacity change from 0 to 512 [ 401.863783][T12153] binder: 12152:12153 ioctl c0306201 0 returned -14 [ 401.889598][T12153] binder: BINDER_SET_CONTEXT_MGR already set [ 401.891301][T12153] binder: 12152:12153 ioctl 4018620d 20000040 returned -16 [ 401.900450][T12153] binder: 12152:12153 Acquire 1 refcount change on invalid ref 0 ret -22 [ 401.905444][T12153] binder: 12152:12153 got transaction to invalid handle, 1 [ 401.908917][T12153] binder: 12153:12152 cannot find target node [ 401.910553][T12153] binder: 12152:12153 transaction call to 0:0 failed 148/29201/-22, size 0-0 line 3145 [ 401.913404][T12153] binder: 12152:12153 got transaction to invalid handle, 1 [ 401.952906][T12157] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1650'. [ 402.006440][ T6500] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 402.157062][ T6500] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 402.162871][ T6500] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 402.166191][ T6500] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 402.168598][ T6500] usb 1-1: Product: syz [ 402.169972][ T6500] usb 1-1: Manufacturer: syz [ 402.171403][ T6500] usb 1-1: SerialNumber: syz [ 402.442221][T12170] binder: 12168:12170 tried to acquire reference to desc 0, got 1 instead [ 402.838035][T12176] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 402.936012][T12176] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 403.004622][T12176] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 403.241486][T12176] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 403.360954][ T6500] cdc_ncm 1-1:1.0: failed to get mac address [ 403.366864][ T6500] cdc_ncm 1-1:1.0: bind() failure [ 403.486484][ T6500] cdc_ncm 1-1:1.1: probe with driver cdc_ncm failed with error -71 [ 403.548100][ T6500] cdc_mbim 1-1:1.1: probe with driver cdc_mbim failed with error -71 [ 403.562237][ T6500] usbtest 1-1:1.1: probe with driver usbtest failed with error -71 [ 403.570986][ T6500] usb 1-1: USB disconnect, device number 8 [ 403.586182][ T9969] udevd[9969]: setting owner of /dev/bus/usb/001/008 to uid=0, gid=0 failed: No such file or directory [ 403.726051][T12194] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 403.766190][T12194] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 404.075925][T12202] loop3: detected capacity change from 0 to 512 [ 404.219249][T12205] binder: 12203:12205 tried to acquire reference to desc 0, got 1 instead [ 405.790120][T12247] binder: 12240:12247 tried to acquire reference to desc 0, got 1 instead [ 405.961498][ T6500] binder_debug: 9 callbacks suppressed [ 405.961516][ T6500] binder: release 12240:12247 transaction 172 out, still active [ 405.965385][ T6500] binder: undelivered TRANSACTION_COMPLETE [ 405.985044][ T6500] binder: send failed reply for transaction 172, target dead [ 406.296261][T12264] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 406.335855][T12264] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 406.612119][T12279] binder: 12273:12279 tried to acquire reference to desc 0, got 1 instead [ 406.820519][T12291] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1701'. [ 406.836785][T12291] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1701'. [ 406.869438][ T6417] binder: release 12273:12279 transaction 181 out, still active [ 406.871730][ T6417] binder: undelivered TRANSACTION_COMPLETE [ 406.882022][ T6769] binder: send failed reply for transaction 181, target dead [ 406.913734][T12294] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1704'. [ 407.252652][T12305] netlink: 'syz.4.1704': attribute type 4 has an invalid length. [ 407.254806][T12305] netlink: 17 bytes leftover after parsing attributes in process `syz.4.1704'. [ 407.259963][T12294] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1704'. [ 407.269604][T12304] netlink: 'syz.3.1705': attribute type 10 has an invalid length. [ 407.295916][ T6500] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 407.365037][T12304] team0: Port device wlan1 added [ 407.450653][ T6500] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 407.453500][ T6500] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 407.458604][ T6500] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 407.461113][ T6500] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 407.464341][ T6500] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 407.472721][ T6500] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 407.480073][ T6500] usb 1-1: config 0 descriptor?? [ 407.895163][ T6500] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving [ 407.923662][ T6500] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 408.125823][T12334] netlink: 'syz.2.1716': attribute type 4 has an invalid length. [ 408.128051][T12334] netlink: 17 bytes leftover after parsing attributes in process `syz.2.1716'. [ 408.142009][T12333] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1716'. [ 408.224796][T12336] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 408.257301][T12336] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 408.344030][ T6424] Bluetooth: hci1: unexpected event for opcode 0x2029 [ 408.609130][ T6424] Bluetooth: hci1: unexpected event for opcode 0x080d [ 408.776808][T12362] netlink: 'syz.4.1727': attribute type 4 has an invalid length. [ 408.778651][T12362] netlink: 17 bytes leftover after parsing attributes in process `syz.4.1727'. [ 408.801863][T12361] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1727'. [ 408.831381][T12366] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1729'. [ 408.970879][T12378] netlink: 'syz.4.1735': attribute type 15 has an invalid length. [ 409.114116][T12390] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 409.156039][T12390] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 409.246242][ T6471] usb 1-1: reset high-speed USB device number 9 using dummy_hcd [ 409.804882][ T30] audit: type=1326 audit(409.780:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12398 comm="syz.4.1743" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff9e14a9a8 code=0x0 [ 409.879303][T12400] netlink: 'syz.2.1741': attribute type 4 has an invalid length. [ 410.749012][ T6417] usb 1-1: USB disconnect, device number 9 [ 410.766601][ T6424] Bluetooth: hci1: unexpected cc 0x2007 length: 100 > 2 [ 410.768743][ T6424] Bluetooth: hci1: unexpected event for opcode 0x2007 [ 411.141223][T12444] netlink: 'syz.0.1755': attribute type 4 has an invalid length. [ 411.177944][T12446] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 411.226432][T12446] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 411.239931][T12445] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 411.252955][T12450] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 411.306677][T12450] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 411.351736][T12455] binder: 12454:12455 ioctl c0306201 0 returned -14 [ 411.354097][T12455] binder: 12454:12455 got transaction to invalid handle, 1 [ 411.360230][T12455] binder: 12455:12454 cannot find target node [ 411.361956][T12455] binder: 12454:12455 transaction call to 0:0 failed 189/29201/-22, size 0-0 line 3145 [ 411.373057][T12455] binder: 12454:12455 got transaction to invalid handle, 1 [ 411.375029][T12455] binder: 12455:12454 cannot find target node [ 411.383230][T12455] binder: 12454:12455 transaction async to 0:0 failed 190/29201/-22, size 0-0 line 3145 [ 411.393336][ T6417] binder: undelivered TRANSACTION_ERROR: 29201 [ 411.918520][T12483] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 411.947269][T12483] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 412.153239][T12483] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 412.187257][T12483] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 412.416610][ T6424] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 412.419956][ T6424] Bluetooth: hci1: Injecting HCI hardware error event [ 412.422542][ T6424] Bluetooth: hci1: hardware error 0x00 [ 412.484818][T12485] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 412.526007][T12485] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 412.590528][T12489] binder: 12488:12489 ioctl c0306201 0 returned -14 [ 412.592806][T12489] binder: 12488:12489 got transaction to invalid handle, 1 [ 412.594739][T12489] binder: 12489:12488 cannot find target node [ 412.596777][T12489] binder: 12488:12489 transaction call to 0:0 failed 194/29201/-22, size 0-0 line 3145 [ 412.599828][T12489] binder: 12488:12489 got transaction to invalid handle, 1 [ 412.601817][T12489] binder: 12489:12488 cannot find target node [ 412.603685][T12489] binder: 12488:12489 transaction async to 0:0 failed 195/29201/-22, size 0-0 line 3145 [ 412.607765][ T6473] binder: undelivered TRANSACTION_ERROR: 29201 [ 412.708508][T12497] __nla_validate_parse: 6 callbacks suppressed [ 412.708526][T12497] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1776'. [ 412.727995][T12495] fuse: Bad value for 'fd' [ 412.742175][T12495] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 412.766663][T12501] binder: 12500:12501 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 412.933096][T12519] binder: 12518:12519 got transaction to invalid handle, 1 [ 412.935486][T12519] binder: 12518:12519 got transaction to invalid handle, 1 [ 413.327721][T12532] loop4: detected capacity change from 0 to 512 [ 413.652142][T12535] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1790'. [ 413.664537][T12535] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1790'. [ 414.028079][T12549] binder: 12548:12549 got transaction to invalid handle, 1 [ 414.038739][T12549] binder: 12548:12549 got transaction to invalid handle, 1 [ 414.317000][T12573] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1804'. [ 414.341651][T12573] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1804'. [ 414.577731][ T6424] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 414.615288][T12587] binder: 12586:12587 got transaction to invalid handle, 1 [ 414.813815][T12601] loop2: detected capacity change from 0 to 512 [ 414.834735][ T6424] Bluetooth: hci2: unexpected cc 0x2007 length: 100 > 2 [ 415.965158][T12643] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 416.006491][T12643] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 416.084617][T12647] netlink: 'syz.2.1829': attribute type 4 has an invalid length. [ 416.086864][T12647] netlink: 17 bytes leftover after parsing attributes in process `syz.2.1829'. [ 416.092072][T12641] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1829'. [ 416.149036][ T1761] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 416.202209][T12653] loop3: detected capacity change from 0 to 512 [ 416.405730][ T1761] usb 1-1: Using ep0 maxpacket: 32 [ 416.410723][ T1761] usb 1-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 416.413403][ T1761] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 416.416863][ T1761] usb 1-1: Product: syz [ 416.420370][ T1761] usb 1-1: Manufacturer: syz [ 416.422895][ T1761] usb 1-1: SerialNumber: syz [ 416.430736][ T1761] usb 1-1: config 0 descriptor?? [ 416.436516][ T1761] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 417.296115][ T6424] Bluetooth: hci7: command 0x0406 tx timeout [ 417.436644][T12680] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 417.476367][T12680] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 417.507819][T12682] netlink: 'syz.2.1844': attribute type 4 has an invalid length. [ 417.510074][T12682] netlink: 17 bytes leftover after parsing attributes in process `syz.2.1844'. [ 417.516340][T12678] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1844'. [ 417.614829][T12684] netlink: 'syz.2.1846': attribute type 17 has an invalid length. [ 417.645341][T12686] loop4: detected capacity change from 0 to 512 [ 417.886209][T12691] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 417.935945][T12691] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 418.232263][T12707] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1854'. [ 418.411544][T12712] netlink: 'syz.2.1856': attribute type 4 has an invalid length. [ 418.413562][T12712] netlink: 17 bytes leftover after parsing attributes in process `syz.2.1856'. [ 418.419051][T12711] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1856'. [ 418.528319][T12718] loop2: detected capacity change from 0 to 512 [ 418.805075][T12731] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 418.840663][T12731] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 418.869334][ T1761] gspca_ov534_9: reg_r err -71 [ 418.913177][T12740] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1868'. [ 418.914785][ T6431] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 418.919460][ T6431] Bluetooth: hci2: Injecting HCI hardware error event [ 418.923327][T12740] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1868'. [ 418.923699][ T6431] Bluetooth: hci2: hardware error 0x00 [ 419.048659][ T1761] gspca_ov534_9: Unknown sensor 0000 [ 419.048709][ T1761] ov534_9 1-1:0.0: probe with driver ov534_9 failed with error -22 [ 419.053619][ T1761] usb 1-1: USB disconnect, device number 10 [ 419.098287][T12754] loop2: detected capacity change from 0 to 512 [ 419.267366][T12758] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 419.309027][T12758] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 419.467774][T12769] binder_user_error: 1 callbacks suppressed [ 419.467789][T12769] binder: 12768:12769 tried to acquire reference to desc 0, got 1 instead [ 419.472428][T12769] binder: 12768:12769 got transaction with invalid data ptr [ 419.474395][T12769] binder_debug: 15 callbacks suppressed [ 419.474406][T12769] binder: 12768:12769 transaction async to 12768:0 failed 216/29201/-14, size 0-24 line 3436 [ 419.482433][T12769] binder_alloc: 12768: pid 12768 spamming oneway? 1 buffers allocated for a total size of 4096 [ 419.485731][ T8] binder: undelivered TRANSACTION_COMPLETE [ 419.493307][ T6473] binder: undelivered transaction 217, process died. [ 419.665805][ T1761] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 419.817071][ T1761] usb 1-1: New USB device found, idVendor=093a, idProduct=2626, bcdDevice= d.b4 [ 419.819410][ T1761] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 419.827042][ T1761] usb 1-1: config 0 descriptor?? [ 419.832761][ T1761] gspca_main: gspca_pac7302-2.14.0 probing 093a:2626 [ 419.855443][T12776] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 419.895848][T12776] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 420.168238][T12784] loop3: detected capacity change from 0 to 512 [ 420.290231][T12786] binder: 12785:12786 ioctl c0306201 0 returned -14 [ 420.294076][T12786] binder: 12785:12786 got transaction to invalid handle, 1 [ 420.299887][T12786] binder: 12786:12785 cannot find target node [ 420.301576][T12786] binder: 12785:12786 transaction call to 0:0 failed 221/29201/-22, size 72-24 line 3145 [ 420.305396][ T6473] binder: undelivered TRANSACTION_ERROR: 29201 [ 420.443455][T12794] binder: 12793:12794 tried to acquire reference to desc 0, got 1 instead [ 420.446712][T12794] binder: 12793:12794 got transaction with invalid data ptr [ 420.448701][T12794] binder: 12793:12794 transaction async to 12793:0 failed 226/29201/-14, size 0-24 line 3436 [ 420.452576][T12794] binder_alloc: 12793: pid 12793 spamming oneway? 1 buffers allocated for a total size of 4096 [ 420.453067][ T1761] gspca_pac7302: reg_w() failed i: ff v: 01 error -71 [ 420.456944][ T6769] binder: undelivered TRANSACTION_COMPLETE [ 420.458111][ T1761] gspca_pac7302 1-1:0.0: probe with driver gspca_pac7302 failed with error -71 [ 420.462270][ T1761] usb 1-1: USB disconnect, device number 11 [ 420.469690][ T6769] binder: undelivered transaction 227, process died. [ 420.488327][T12797] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 420.515942][T12797] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 420.524134][T12796] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 420.527049][T12791] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 420.568293][T12796] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 421.041995][T12814] binder: 12813:12814 ioctl c0306201 0 returned -14 [ 421.046590][T12814] binder: 12813:12814 got transaction to invalid handle, 1 [ 421.048774][T12814] binder: 12814:12813 cannot find target node [ 421.159331][T12822] binder: 12821:12822 tried to acquire reference to desc 0, got 1 instead [ 421.162566][T12822] binder: 12821:12822 got transaction with invalid data ptr [ 421.165042][T12822] binder_alloc: 12821: pid 12821 spamming oneway? 1 buffers allocated for a total size of 4096 [ 421.169568][T12818] netlink: 'syz.2.1901': attribute type 10 has an invalid length. [ 421.199140][T12824] loop0: detected capacity change from 0 to 512 [ 421.205547][T12826] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 421.218199][ T6431] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 421.308259][T12826] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 421.346749][T12818] team0: Port device wlan1 added [ 421.549485][T12838] binder: 12837:12838 ioctl c0306201 0 returned -14 [ 421.553299][T12838] binder: 12837:12838 got transaction to invalid handle, 1 [ 421.591005][T12841] binder: 12840:12841 got transaction to invalid handle, 1 [ 421.615406][T12843] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 421.666196][T12843] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 421.706115][T12842] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 421.734823][ T1761] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 421.885688][ T1761] usb 1-1: Using ep0 maxpacket: 8 [ 421.889701][ T1761] usb 1-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 421.894601][ T1761] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 421.898503][ T1761] usb 1-1: Product: syz [ 421.899496][ T1761] usb 1-1: Manufacturer: syz [ 421.900645][ T1761] usb 1-1: SerialNumber: syz [ 421.903963][ T1761] usb 1-1: config 0 descriptor?? [ 421.910208][ T1761] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 422.242626][T12861] loop4: detected capacity change from 0 to 512 [ 422.730630][T12876] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1925'. [ 422.806616][T12880] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 422.835953][T12880] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 424.580620][T12903] binder_user_error: 1 callbacks suppressed [ 424.580635][T12903] binder: 12902:12903 got transaction to invalid handle, 1 [ 424.584568][T12903] binder_debug: 14 callbacks suppressed [ 424.584580][T12903] binder: 12903:12902 cannot find target node [ 424.588754][T12903] binder: 12902:12903 transaction call to 0:0 failed 253/29201/-22, size 72-24 line 3145 [ 424.598723][ T6473] binder: undelivered TRANSACTION_ERROR: 29201 [ 424.643643][T12905] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 424.707709][T12905] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 424.870344][ T1761] gspca_sonixj: reg_w1 err -71 [ 424.915769][ T1761] sonixj 1-1:0.0: probe with driver sonixj failed with error -71 [ 424.919344][ T1761] usb 1-1: USB disconnect, device number 12 [ 424.981773][T12912] loop3: detected capacity change from 0 to 512 [ 425.620529][ T6424] Bluetooth: hci3: command 0x0406 tx timeout [ 426.243220][T12933] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 426.286014][T12933] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 426.372600][T12936] binder: 12935:12936 got transaction to invalid handle, 1 [ 426.374512][T12936] binder: 12936:12935 cannot find target node [ 426.376762][T12936] binder: 12935:12936 transaction call to 0:0 failed 257/29201/-22, size 72-24 line 3145 [ 426.380481][ T8] binder: undelivered TRANSACTION_ERROR: 29201 [ 426.392449][T12938] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1947'. [ 426.594554][T12950] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 426.646525][T12950] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 427.605769][T12964] loop3: detected capacity change from 0 to 512 [ 427.657659][T12966] binder: 12965:12966 tried to acquire reference to desc 0, got 1 instead [ 427.661120][T12966] binder: 12965:12966 ioctl c0306201 0 returned -14 [ 427.741661][ T1761] binder: release 12965:12966 transaction 262 out, still active [ 427.743721][ T1761] binder: undelivered TRANSACTION_COMPLETE [ 427.745299][ T1761] binder: undelivered TRANSACTION_COMPLETE [ 427.788042][ T6769] binder: send failed reply for transaction 262, target dead [ 427.820287][T12972] binder: 12971:12972 got transaction to invalid handle, 1 [ 427.903429][T12986] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 427.955915][T12986] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 428.065709][ T6769] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 428.216683][ T6769] usb 1-1: Using ep0 maxpacket: 32 [ 428.225230][ T6769] usb 1-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 428.227871][ T6769] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 428.229891][ T6769] usb 1-1: Product: syz [ 428.230871][ T6769] usb 1-1: Manufacturer: syz [ 428.232026][ T6769] usb 1-1: SerialNumber: syz [ 428.234802][ T6769] usb 1-1: config 0 descriptor?? [ 428.246841][ T6769] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 428.690330][T13005] binder: 13004:13005 tried to acquire reference to desc 0, got 1 instead [ 428.942697][T13011] binder: 13010:13011 got transaction to invalid handle, 1 [ 428.951066][T13013] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 428.975981][T13013] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 429.342187][T13030] syzkaller0: entered allmulticast mode [ 429.370290][T13030] syzkaller0 (unregistering): left allmulticast mode [ 429.624853][ T6431] Bluetooth: hci3: unexpected cc 0x2007 length: 100 > 2 [ 429.627614][ T6431] Bluetooth: hci3: unexpected event for opcode 0x2007 [ 430.282639][T13066] binder: 13065:13066 tried to acquire reference to desc 0, got 1 instead [ 430.493796][T13073] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 430.504131][T13071] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1998'. [ 430.510647][ T6769] gspca_stk1135: reg_w 0x2ff err -71 [ 430.516610][ T6769] gspca_stk1135: serial bus timeout: status=0x00 [ 430.518709][ T6769] gspca_stk1135: Sensor write failed [ 430.522492][ T6769] gspca_stk1135: serial bus timeout: status=0x00 [ 430.525420][ T6769] gspca_stk1135: Sensor write failed [ 430.527261][T13073] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 430.531913][ T6769] gspca_stk1135: serial bus timeout: status=0x00 [ 430.541714][ T6769] gspca_stk1135: Sensor read failed [ 430.543205][ T6769] gspca_stk1135: serial bus timeout: status=0x00 [ 430.545399][ T6769] gspca_stk1135: Sensor read failed [ 430.547160][ T6769] gspca_stk1135: Detected sensor type unknown (0x0) [ 430.548964][ T6769] gspca_stk1135: serial bus timeout: status=0x00 [ 430.550572][ T6769] gspca_stk1135: Sensor read failed [ 430.551919][ T6769] gspca_stk1135: serial bus timeout: status=0x00 [ 430.553483][ T6769] gspca_stk1135: Sensor read failed [ 430.554821][ T6769] gspca_stk1135: serial bus timeout: status=0x00 [ 430.556891][ T6769] gspca_stk1135: Sensor write failed [ 430.559430][ T6769] gspca_stk1135: serial bus timeout: status=0x00 [ 430.562314][ T6769] gspca_stk1135: Sensor write failed [ 430.564963][ T6769] stk1135 1-1:0.0: probe with driver stk1135 failed with error -71 [ 430.573561][ T6769] usb 1-1: USB disconnect, device number 13 [ 430.675196][T13079] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 430.707755][T13079] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 431.033919][T13089] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 431.078428][T13089] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 431.114092][ T6769] binder_debug: 12 callbacks suppressed [ 431.114110][ T6769] binder: release 13065:13066 transaction 282 out, still active [ 431.117741][ T6769] binder: undelivered TRANSACTION_COMPLETE [ 431.133141][ T8] binder: send failed reply for transaction 282, target dead [ 431.135126][ T8] binder: undelivered transaction 283, process died. [ 431.211826][T13100] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 431.235898][T13100] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 431.335798][ T1761] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 431.485761][ T1761] usb 1-1: Using ep0 maxpacket: 32 [ 431.489520][ T1761] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 431.492527][ T1761] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 431.497058][ T1761] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 431.500339][ T1761] usb 1-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 431.503207][ T1761] usb 1-1: Product: syz [ 431.504443][ T1761] usb 1-1: Manufacturer: syz [ 431.511014][ T1761] hub 1-1:4.0: USB hub found [ 431.682813][T13106] vhci_hcd: Wrong hub descriptor type for USB 3.0 roothub. [ 431.724733][ T1761] hub 1-1:4.0: 2 ports detected [ 432.044020][T13122] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2016'. [ 432.693255][T13121] binder: 13120:13121 tried to acquire reference to desc 0, got 1 instead [ 432.724052][T13130] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 432.756297][T13130] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 432.765894][ T1761] hub 1-1:4.0: hub_hub_status failed (err = -32) [ 432.768322][ T1761] hub 1-1:4.0: config failed, can't get hub status (err -32) [ 432.859864][ T6769] binder: release 13120:13121 transaction 288 out, still active [ 432.862379][ T6769] binder: undelivered TRANSACTION_COMPLETE [ 432.868936][ T6769] binder: undelivered TRANSACTION_COMPLETE [ 432.873054][ T6769] binder: send failed reply for transaction 288, target dead [ 432.874998][ T6769] binder: undelivered transaction 289, process died. [ 432.889085][T13140] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2027'. [ 432.891414][T13140] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2027'. [ 432.952835][T13147] netlink: 'syz.3.2024': attribute type 4 has an invalid length. [ 432.955060][T13147] netlink: 17 bytes leftover after parsing attributes in process `syz.3.2024'. [ 432.973174][T13133] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2024'. [ 433.145724][ T2342] ieee802154 phy0 wpan0: encryption failed: -22 [ 433.147417][ T2342] ieee802154 phy1 wpan1: encryption failed: -22 [ 433.206458][T13160] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 433.237099][T13160] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 433.548910][T13169] binder: 13168:13169 tried to acquire reference to desc 0, got 1 instead [ 433.698557][ T6431] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 433.702765][ T6431] Bluetooth: hci3: Injecting HCI hardware error event [ 433.821011][T13173] netlink: 'syz.2.2038': attribute type 12 has an invalid length. [ 433.834840][T13173] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 433.943949][T13173] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 434.171913][T13186] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 434.216012][T13186] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 434.374818][ T6473] binder: release 13168:13169 transaction 294 out, still active [ 434.382389][ T8] usb 1-1: reset high-speed USB device number 14 using dummy_hcd [ 434.395236][ T8] usb 1-1: device reset changed ep0 maxpacket size! [ 434.408046][ T8] usb 1-1: USB disconnect, device number 14 [ 434.716413][ T8] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 434.866954][ T8] usb 1-1: config 0 has an invalid interface number: 75 but max is 0 [ 434.869082][ T8] usb 1-1: config 0 has no interface number 0 [ 434.872384][ T8] usb 1-1: New USB device found, idVendor=14aa, idProduct=0221, bcdDevice=4c.2f [ 434.875006][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 434.877343][ T8] usb 1-1: Product: syz [ 434.878507][ T8] usb 1-1: Manufacturer: syz [ 434.881057][ T8] usb 1-1: SerialNumber: syz [ 434.894249][ T8] usb 1-1: config 0 descriptor?? [ 434.919338][ T8] dvb-usb: found a 'WideView WT-220U PenType Receiver (Typhoon/Freecom)' in warm state. [ 434.922204][ T8] dvb-usb: bulk message failed: -22 (2/0) [ 434.924073][ T8] dvb-usb: will use the device's hardware PID filter (table count: 15). [ 434.928800][ T8] dvbdev: DVB: registering new adapter (WideView WT-220U PenType Receiver (Typhoon/Freecom)) [ 434.931645][ T8] usb 1-1: media controller created [ 434.934947][ T8] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 434.954413][ T8] usb 1-1: DVB: registering adapter 1 frontend 0 (WideView USB DVB-T)... [ 434.957429][ T8] dvbdev: dvb_create_media_entity: media entity 'WideView USB DVB-T' registered. [ 434.966098][ T8] Registered IR keymap rc-dtt200u [ 434.969866][ T8] rc rc0: WideView WT-220U PenType Receiver (Typhoon/Freecom) as /devices/platform/dummy_hcd.0/usb1/1-1/rc/rc0 [ 434.973602][ T8] input: WideView WT-220U PenType Receiver (Typhoon/Freecom) as /devices/platform/dummy_hcd.0/usb1/1-1/rc/rc0/input14 [ 434.988165][ T8] dvb-usb: schedule remote query interval to 300 msecs. [ 434.990060][ T8] dvb-usb: WideView WT-220U PenType Receiver (Typhoon/Freecom) successfully initialized and connected. [ 435.147565][T13188] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 435.185910][T13188] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 435.220054][ T6473] usb 1-1: USB disconnect, device number 15 [ 435.312750][ T6473] dvb-usb: WideView WT-220U PenType Receiver (Typh successfully deinitialized and disconnected. [ 435.559172][T13208] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 435.645837][T13208] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 435.786089][T13212] netlink: 'syz.4.2052': attribute type 4 has an invalid length. [ 435.790775][T13212] netlink: 17 bytes leftover after parsing attributes in process `syz.4.2052'. [ 435.801298][T13206] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2052'. [ 435.843001][T13218] binder: 13217:13218 tried to acquire reference to desc 0, got 1 instead [ 436.095830][ T6473] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 436.184751][T13229] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2060'. [ 436.255949][ T6473] usb 1-1: Using ep0 maxpacket: 8 [ 436.266441][ T6473] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 436.272170][ T6473] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 436.282293][ T6473] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 436.288389][ T6473] usb 1-1: config 0 descriptor?? [ 436.510348][ T6473] iowarrior 1-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 436.669756][ T8] binder_debug: 4 callbacks suppressed [ 436.669773][ T8] binder: release 13217:13218 transaction 300 out, still active [ 436.673103][ T8] binder: undelivered TRANSACTION_COMPLETE [ 436.678514][ T8] binder: undelivered TRANSACTION_COMPLETE [ 436.681917][ T6473] binder: send failed reply for transaction 300, target dead [ 436.690419][ T6473] binder: undelivered transaction 301, process died. [ 436.839813][ T8] usb 1-1: USB disconnect, device number 16 [ 436.839930][ C1] iowarrior 1-1:0.0: iowarrior_callback - usb_submit_urb failed with result -19 [ 436.851335][ T8] iowarrior 1-1:0.0: I/O-Warror #0 now disconnected [ 437.024086][T13247] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 437.297475][T13254] netlink: 'syz.4.2067': attribute type 4 has an invalid length. [ 437.299584][T13254] netlink: 17 bytes leftover after parsing attributes in process `syz.4.2067'. [ 437.305145][T13251] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2067'. [ 437.458870][T13265] binder: 13263:13265 tried to acquire reference to desc 0, got 1 instead [ 437.699025][T13280] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2078'. [ 437.835823][T13288] netlink: 'syz.3.2079': attribute type 4 has an invalid length. [ 437.837945][T13288] netlink: 17 bytes leftover after parsing attributes in process `syz.3.2079'. [ 437.860655][T13282] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2079'. [ 438.283226][ T6473] binder: release 13263:13265 transaction 306 out, still active [ 438.294399][ T6473] binder: undelivered TRANSACTION_COMPLETE [ 438.306665][ T8] binder: send failed reply for transaction 306, target dead [ 438.308707][ T8] binder: undelivered transaction 307, process died. [ 438.535250][T13316] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 438.606482][T13316] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 438.618586][ T30] audit: type=1326 audit(438.600:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13315 comm="syz.2.2092" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff9794a9a8 code=0x0 [ 439.007298][T13322] netlink: 'syz.0.2093': attribute type 4 has an invalid length. [ 439.009289][T13322] netlink: 17 bytes leftover after parsing attributes in process `syz.0.2093'. [ 439.014659][T13320] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2093'. [ 439.280412][T13332] binder: 13329:13332 tried to acquire reference to desc 0, got 1 instead [ 439.283524][T13332] binder: cannot allocate buffer: no space left [ 439.508812][ T27] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 439.581154][ T6431] Bluetooth: hci3: unexpected cc 0x2007 length: 100 > 2 [ 439.583194][ T6431] Bluetooth: hci3: unexpected event for opcode 0x2007 [ 439.655670][ T27] usb 1-1: Using ep0 maxpacket: 16 [ 439.659889][ T27] usb 1-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 439.662229][ T27] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 439.664143][ T27] usb 1-1: Product: syz [ 439.665289][ T27] usb 1-1: Manufacturer: syz [ 439.666626][ T27] usb 1-1: SerialNumber: syz [ 439.669565][ T27] usb 1-1: config 0 descriptor?? [ 439.672399][ T27] ssu100 1-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 440.095056][T13351] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 440.146197][T13351] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 440.382301][T13355] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 440.415876][T13355] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 440.680747][T13357] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 440.685164][ T27] ssu100 1-1:0.0: probe with driver ssu100 failed with error -71 [ 440.693573][ T27] usb 1-1: USB disconnect, device number 17 [ 440.719175][T13357] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 441.027792][T13361] binder: 13360:13361 tried to acquire reference to desc 0, got 1 instead [ 441.259780][T13374] binder: 13372:13374 got transaction to invalid handle, 1 [ 441.515733][T13387] syz_tun: entered promiscuous mode [ 441.518948][T13387] syz_tun: left promiscuous mode [ 441.646120][T13392] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 441.697865][T13392] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 441.781362][T13402] binder: 13401:13402 got transaction to invalid handle, 1 [ 441.785470][T13402] binder_debug: 14 callbacks suppressed [ 441.785484][T13402] binder: 13402:13401 cannot find target node [ 441.805637][T13402] binder: 13401:13402 transaction call to 0:0 failed 329/29201/-22, size 72-24 line 3145 [ 441.809574][ T8] binder: undelivered TRANSACTION_ERROR: 29201 [ 441.873258][T13408] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 441.915999][T13408] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 441.933578][T13410] openvswitch: netlink: Flow key attr not present in new flow. [ 442.157797][T13415] netlink: 'syz.1.2130': attribute type 4 has an invalid length. [ 442.159855][T13415] netlink: 17 bytes leftover after parsing attributes in process `syz.1.2130'. [ 442.171068][T13414] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2130'. [ 442.261494][T13419] netlink: 4272 bytes leftover after parsing attributes in process `syz.2.2132'. [ 442.263824][T13419] netlink: del zone limit has 4 unknown bytes [ 442.322107][T13423] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2133'. [ 442.411925][T13431] binder: 13430:13431 got transaction to invalid handle, 1 [ 442.413878][T13431] binder: 13431:13430 cannot find target node [ 442.416468][T13431] binder: 13430:13431 transaction call to 0:0 failed 333/29201/-22, size 72-24 line 3145 [ 442.420814][ T8] binder: undelivered TRANSACTION_ERROR: 29201 [ 442.939282][T13448] syz.2.2143: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0 [ 442.939615][T13448] CPU: 0 UID: 0 PID: 13448 Comm: syz.2.2143 Not tainted 6.12.0-rc1-syzkaller-g2d8bce6e34be #0 [ 442.939633][T13448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 442.939642][T13448] Call trace: [ 442.939647][T13448] dump_backtrace+0x1b8/0x1e4 [ 442.939665][T13448] show_stack+0x2c/0x3c [ 442.939675][T13448] dump_stack_lvl+0xe4/0x150 [ 442.939689][T13448] dump_stack+0x1c/0x28 [ 442.939700][T13448] warn_alloc+0x220/0x3a4 [ 442.939716][T13448] __vmalloc_node_range_noprof+0x114/0xfd8 [ 442.939729][T13448] vmalloc_user_noprof+0x100/0x15c [ 442.939741][T13448] xskq_create+0xd4/0x170 [ 442.939753][T13448] xsk_init_queue+0xb0/0x118 [ 442.939763][T13448] xsk_setsockopt+0x500/0x944 [ 442.939778][T13448] do_sock_setsockopt+0x2a0/0x4e0 [ 442.939790][T13448] __sys_setsockopt+0x128/0x1a8 [ 442.939800][T13448] __arm64_sys_setsockopt+0xb8/0xd4 [ 442.939811][T13448] invoke_syscall+0x98/0x2b8 [ 442.939822][T13448] el0_svc_common+0x130/0x23c [ 442.939836][T13448] do_el0_svc+0x48/0x58 [ 442.939846][T13448] el0_svc+0x54/0x168 [ 442.939857][T13448] el0t_64_sync_handler+0x84/0x108 [ 442.939870][T13448] el0t_64_sync+0x190/0x194 [ 442.952133][T13448] Mem-Info: [ 442.952149][T13448] active_anon:34537 inactive_anon:10850 isolated_anon:0 [ 442.952149][T13448] active_file:3639 inactive_file:15870 isolated_file:0 [ 442.952149][T13448] unevictable:768 dirty:216 writeback:0 [ 442.952149][T13448] slab_reclaimable:10052 slab_unreclaimable:95332 [ 442.952149][T13448] mapped:27120 shmem:41690 pagetables:1150 [ 442.952149][T13448] sec_pagetables:0 bounce:0 [ 442.952149][T13448] kernel_misc_reclaimable:0 [ 442.952149][T13448] free:1399923 free_pcp:464 free_cma:7360 [ 442.952189][T13448] Node 0 active_anon:138148kB inactive_anon:43400kB active_file:14556kB inactive_file:63480kB unevictable:3072kB isolated(anon):0kB isolated(file):0kB mapped:108480kB dirty:864kB writeback:0kB shmem:166760kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9424kB pagetables:4600kB sec_pagetables:0kB all_unreclaimable? no [ 442.952226][T13448] Node 0 DMA free:3076532kB boost:0kB min:20856kB low:26068kB high:31280kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3145728kB managed:3080192kB mlocked:0kB bounce:0kB free_pcp:256kB local_pcp:0kB free_cma:29440kB [ 442.952275][T13448] lowmem_reserve[]: 0 0 3489 0 0 [ 442.952314][T13448] Node 0 Normal free:2523160kB boost:0kB min:24196kB low:30244kB high:36292kB reserved_highatomic:0KB active_anon:138148kB inactive_anon:43400kB active_file:14556kB inactive_file:63480kB unevictable:3072kB writepending:864kB present:5242880kB managed:3577908kB mlocked:0kB bounce:0kB free_pcp:1600kB local_pcp:1356kB free_cma:0kB [ 442.952356][T13448] lowmem_reserve[]: 0 0 0 0 0 [ 442.952394][T13448] Node 0 DMA: 1*4kB (U) 0*8kB 1*16kB (U) 1*32kB (U) 0*64kB 1*128kB (U) 3*256kB (UC) 1*512kB (C) 1*1024kB (U) 1*2048kB (U) 750*4096kB (MC) = 3076532kB [ 442.955212][T13448] Node 0 Normal: 55*4kB (UE) 280*8kB (UME) 262*16kB (UME) 195*32kB (UME) 274*64kB (UME) 116*128kB (UME) 59*256kB (UM) 124*512kB (UME) 23*1024kB (UME) 12*2048kB (UME) 574*4096kB (UM) = 2523100kB [ 442.955378][T13448] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 442.955391][T13448] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=32768kB [ 442.955404][T13448] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 442.955417][T13448] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=64kB [ 442.955429][T13448] 61132 total pagecache pages [ 442.955437][T13448] 0 pages in swap cache [ 442.955443][T13448] Free swap = 124708kB [ 442.955455][T13448] Total swap = 124996kB [ 442.955462][T13448] 2097152 pages RAM [ 442.955469][T13448] 0 pages HighMem/MovableOnly [ 442.955475][T13448] 432627 pages reserved [ 442.955482][T13448] 8192 pages cma reserved [ 442.955489][T13448] 0 pages hwpoisoned [ 442.985130][T13451] netlink: 'syz.4.2141': attribute type 4 has an invalid length. [ 442.985151][T13451] netlink: 17 bytes leftover after parsing attributes in process `syz.4.2141'. [ 443.002677][T13441] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2141'. [ 443.050682][T13453] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 443.154738][T13453] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 443.343118][T13461] netlink: 'syz.2.2148': attribute type 15 has an invalid length. [ 444.413015][ T6431] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 444.416407][ T6431] Bluetooth: hci3: Injecting HCI hardware error event [ 444.421391][T13475] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2152'. [ 445.422726][T13490] [ 445.423444][T13490] ====================================================== [ 445.425289][T13490] WARNING: possible circular locking dependency detected [ 445.427175][T13490] 6.12.0-rc1-syzkaller-g2d8bce6e34be #0 Not tainted [ 445.428871][T13490] ------------------------------------------------------ [ 445.430710][T13490] syz.4.2158/13490 is trying to acquire lock: [ 445.432255][T13490] ffff8000928827e8 (rfcomm_mutex){+.+.}-{3:3}, at: rfcomm_dlc_exists+0xb0/0x32c [ 445.434606][T13490] [ 445.434606][T13490] but task is already holding lock: [ 445.436387][T13490] ffff8000928861a8 (rfcomm_ioctl_mutex){+.+.}-{3:3}, at: rfcomm_dev_ioctl+0x25c/0x231c [ 445.438939][T13490] [ 445.438939][T13490] which lock already depends on the new lock. [ 445.438939][T13490] [ 445.441481][T13490] [ 445.441481][T13490] the existing dependency chain (in reverse order) is: [ 445.443764][T13490] [ 445.443764][T13490] -> #3 (rfcomm_ioctl_mutex){+.+.}-{3:3}: [ 445.445887][T13490] __mutex_lock_common+0x190/0x21a0 [ 445.447352][T13490] mutex_lock_nested+0x2c/0x38 [ 445.448734][T13490] rfcomm_dev_ioctl+0x25c/0x231c [ 445.450085][T13490] rfcomm_sock_ioctl+0x98/0xf0 [ 445.451428][T13490] sock_do_ioctl+0x134/0x2d0 [ 445.452719][T13490] sock_ioctl+0x4ec/0x838 [ 445.453968][T13490] __arm64_sys_ioctl+0x14c/0x1c8 [ 445.455390][T13490] invoke_syscall+0x98/0x2b8 [ 445.456720][T13490] el0_svc_common+0x130/0x23c [ 445.458115][T13490] do_el0_svc+0x48/0x58 [ 445.459378][T13490] el0_svc+0x54/0x168 [ 445.460525][T13490] el0t_64_sync_handler+0x84/0x108 [ 445.462031][T13490] el0t_64_sync+0x190/0x194 [ 445.463315][T13490] [ 445.463315][T13490] -> #2 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}: [ 445.465741][T13490] lock_sock_nested+0x5c/0x11c [ 445.467148][T13490] rfcomm_sk_state_change+0x60/0x2c8 [ 445.468605][T13490] __rfcomm_dlc_close+0x234/0x608 [ 445.470072][T13490] rfcomm_dlc_close+0x100/0x194 [ 445.471411][T13490] __rfcomm_sock_close+0x138/0x258 [ 445.472807][T13490] rfcomm_sock_shutdown+0xa8/0x214 [ 445.474290][T13490] rfcomm_sock_release+0x58/0x114 [ 445.475756][T13490] sock_close+0xa4/0x1e8 [ 445.477017][T13490] __fput+0x1bc/0x75c [ 445.478193][T13490] ____fput+0x20/0x30 [ 445.479351][T13490] task_work_run+0x230/0x2e0 [ 445.480642][T13490] get_signal+0x1350/0x152c [ 445.481849][T13490] do_signal+0x26c/0x4c44 [ 445.483168][T13490] do_notify_resume+0x74/0x1f4 [ 445.484537][T13490] el0_svc+0xac/0x168 [ 445.485668][T13490] el0t_64_sync_handler+0x84/0x108 [ 445.487121][T13490] el0t_64_sync+0x190/0x194 [ 445.488390][T13490] [ 445.488390][T13490] -> #1 (&d->lock#2){+.+.}-{3:3}: [ 445.490303][T13490] __mutex_lock_common+0x190/0x21a0 [ 445.491800][T13490] mutex_lock_nested+0x2c/0x38 [ 445.493161][T13490] __rfcomm_dlc_close+0x1f8/0x608 [ 445.494553][T13490] rfcomm_dlc_close+0x100/0x194 [ 445.495917][T13490] __rfcomm_sock_close+0x138/0x258 [ 445.497416][T13490] rfcomm_sock_shutdown+0xa8/0x214 [ 445.498883][T13490] rfcomm_sock_release+0x58/0x114 [ 445.500281][T13490] sock_close+0xa4/0x1e8 [ 445.501509][T13490] __fput+0x1bc/0x75c [ 445.502622][T13490] ____fput+0x20/0x30 [ 445.503815][T13490] task_work_run+0x230/0x2e0 [ 445.505167][T13490] get_signal+0x1350/0x152c [ 445.506544][T13490] do_signal+0x26c/0x4c44 [ 445.507828][T13490] do_notify_resume+0x74/0x1f4 [ 445.509252][T13490] el0_svc+0xac/0x168 [ 445.510434][T13490] el0t_64_sync_handler+0x84/0x108 [ 445.511834][T13490] el0t_64_sync+0x190/0x194 [ 445.513164][T13490] [ 445.513164][T13490] -> #0 (rfcomm_mutex){+.+.}-{3:3}: [ 445.515218][T13490] __lock_acquire+0x33f8/0x77c8 [ 445.516693][T13490] lock_acquire+0x240/0x728 [ 445.518092][T13490] __mutex_lock_common+0x190/0x21a0 [ 445.519594][T13490] mutex_lock_nested+0x2c/0x38 [ 445.520983][T13490] rfcomm_dlc_exists+0xb0/0x32c [ 445.522337][T13490] rfcomm_dev_ioctl+0xd64/0x231c [ 445.523776][T13490] rfcomm_sock_ioctl+0x98/0xf0 [ 445.525162][T13490] sock_do_ioctl+0x134/0x2d0 [ 445.526400][T13490] sock_ioctl+0x4ec/0x838 [ 445.527609][T13490] __arm64_sys_ioctl+0x14c/0x1c8 [ 445.529055][T13490] invoke_syscall+0x98/0x2b8 [ 445.530398][T13490] el0_svc_common+0x130/0x23c [ 445.531681][T13490] do_el0_svc+0x48/0x58 [ 445.532912][T13490] el0_svc+0x54/0x168 [ 445.534130][T13490] el0t_64_sync_handler+0x84/0x108 [ 445.535660][T13490] el0t_64_sync+0x190/0x194 [ 445.537023][T13490] [ 445.537023][T13490] other info that might help us debug this: [ 445.537023][T13490] [ 445.539514][T13490] Chain exists of: [ 445.539514][T13490] rfcomm_mutex --> sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM --> rfcomm_ioctl_mutex [ 445.539514][T13490] [ 445.543355][T13490] Possible unsafe locking scenario: [ 445.543355][T13490] [ 445.545258][T13490] CPU0 CPU1 [ 445.546671][T13490] ---- ---- [ 445.548062][T13490] lock(rfcomm_ioctl_mutex); [ 445.549225][T13490] lock(sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM); [ 445.551306][T13490] lock(rfcomm_ioctl_mutex); [ 445.553186][T13490] lock(rfcomm_mutex); [ 445.554158][T13490] [ 445.554158][T13490] *** DEADLOCK *** [ 445.554158][T13490] [ 445.556230][T13490] 2 locks held by syz.4.2158/13490: [ 445.557622][T13490] #0: ffff0000f708b258 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: rfcomm_sock_ioctl+0x88/0xf0 [ 445.560741][T13490] #1: ffff8000928861a8 (rfcomm_ioctl_mutex){+.+.}-{3:3}, at: rfcomm_dev_ioctl+0x25c/0x231c [ 445.563412][T13490] [ 445.563412][T13490] stack backtrace: [ 445.564961][T13490] CPU: 1 UID: 0 PID: 13490 Comm: syz.4.2158 Not tainted 6.12.0-rc1-syzkaller-g2d8bce6e34be #0 [ 445.567691][T13490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 445.570328][T13490] Call trace: [ 445.571166][T13490] dump_backtrace+0x1b8/0x1e4 [ 445.572373][T13490] show_stack+0x2c/0x3c [ 445.573474][T13490] dump_stack_lvl+0xe4/0x150 [ 445.574680][T13490] dump_stack+0x1c/0x28 [ 445.575701][T13490] print_circular_bug+0x154/0x1c0 [ 445.576914][T13490] check_noncircular+0x310/0x404 [ 445.578191][T13490] __lock_acquire+0x33f8/0x77c8 [ 445.579482][T13490] lock_acquire+0x240/0x728 [ 445.580626][T13490] __mutex_lock_common+0x190/0x21a0 [ 445.582038][T13490] mutex_lock_nested+0x2c/0x38 [ 445.583302][T13490] rfcomm_dlc_exists+0xb0/0x32c [ 445.584599][T13490] rfcomm_dev_ioctl+0xd64/0x231c [ 445.585931][T13490] rfcomm_sock_ioctl+0x98/0xf0 [ 445.587191][T13490] sock_do_ioctl+0x134/0x2d0 [ 445.588522][T13490] sock_ioctl+0x4ec/0x838 [ 445.589686][T13490] __arm64_sys_ioctl+0x14c/0x1c8 [ 445.590975][T13490] invoke_syscall+0x98/0x2b8 [ 445.592259][T13490] el0_svc_common+0x130/0x23c [ 445.593552][T13490] do_el0_svc+0x48/0x58 [ 445.594693][T13490] el0_svc+0x54/0x168 [ 445.595681][T13490] el0t_64_sync_handler+0x84/0x108 [ 445.596939][T13490] el0t_64_sync+0x190/0x194