last executing test programs: 2.879767686s ago: executing program 0 (id=2872): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, &(0x7f0000000a40)="123c163d8e1379f8f5e165bba2ee644ab23f7b4f158b153d324bdf0c9b46dcdf71dbff5ab31c1c6f0893c609831d792529d1df541e059e5d0817d37e194b61885803c0b6ea461f068ac7704d0296cc46d612a2d6893733e63c529dc8b98806c0c08064d1746cb773379bdb8431", 0x6d, 0x24008000, 0x0, 0x0) sendmmsg$inet(r0, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000002c0)="68377863ac6ea61666eaa696435a75f1626fe3a3acedcaf71527ff51d446daac757559d2d6fc2b90952355ec6c61d718c91784312b1b4771888a0811895b02ffb658934b0bbd6466c9cc04cc7252f1f1deea5a8b9c6797c8f1263db526cf88899f7ecab544662eb34743cefb660a78cb9468d2900b3cda4cca9d89ab6d341d145acf249276dda272407bc98d9e5431316d468b9e4750f2316589dc4de3157592d27fd723a512c85b08035842b75ec422346f9696f4bb3226b0ca75d135ebd8cae46fb83b71c103e1fdcb1934fd1d28b4916abe2c44e2", 0xd6}, {&(0x7f0000000840)="5453b4b759f9d4f4f33bda880b70e0fcdde06223919f4585429ef69078a4956f646ea03bfd4c090a003c01f32b1a175baf38c1eb4572c8b372accf9128062e58ff575546876a2804144c3aea98c4a3533396f87e860de8c66bceb0e6b387ec853b7e91c57587d38436637e702ae18eeccefdcd7a3cdd7bfc327b5d619b57d56afe1628b65e2948af5ee0e3f52746a5aff58bb7c6d253a58bf745584d1bc19fe5e42b5534eab9e9d2587b413e81f68b60f56130f82b327f5fe900e3e1503d7b117ec7d291a81090e6685b066c07bc6b783d1d23a056426d6502133386b51e657046c1c43a2a2c4a7611ee6592a5ee08700d24d832163b3def6c49c580956e51433a0a017d80d68574f8c43477bd9c0363321a7e589e86ffea215c1102cce8ffd1cd39a5f7658f22eee8a114772cb1e3c392d90b1b01ea2bac2c5911f388a774d5d7faaf89cb796c844f8dceb44ca4684f25cc79a3385d5b8e52e2dfed72d1f8c5858ed65c09af541ba111f73dd4fd763614585c1d07fe8e2fd278a0d7bdcc73970afa1d32a6e084f5b6384fca6ef4bb295451f614620c10e0fc235165e49afa57196cd54580ce9bc909dbccd00fe6e514e413a33199b4c9097b413b93660ebeac7b14652b27c364a8591912055ccd170cf22bc35849", 0x1d5}, {&(0x7f0000000ac0)="d48c8225ddfdf2c06c27763617468581389d34126760ba3dd0fe077a7c2ce378dd62cafeeb4ba1493766d09fd561d69a5bf8109ffcd3e43d8c16b9c3fa92d4439c5af1fa4775d01dcf0748a24ab51b52fbe75287abd479bdd154b4efe531a242d90a1ca2799c242bfd4ddd8271448d3415bd3a907ad340dc2fa2471393212d02eb25242808cffdc4e7a646211c18ac8602f5fc1e4f82b72871a8d42f37988365ff226c1523bf01617976acac641421438e16378094c94f2e55a44150d9a358d92606afb12f21a63daadbb143d6ccdae88d53521b9fe51ffa00000000e1f095b85da84acb08bb69065ba688260458a1b6602b23ac9aac14c931157aef573538b3fb4b54c0158313e3b4009fa93c57fe4f9e8ce9c72ac8a72a26e29f081e2c213a57d4143d5306c9e9f9d3e818e13ae35f4ffcb44a4af726f447f2545bc4f350d424812bbcd73617eb6cab3829b690be054e58bdd6", 0x154}, {&(0x7f0000000740)="f52ec22aafecc37a6d9995f1afb5c1727f223f9b84451a110b1dfbf19cc7ed183ba93f6d55645001887fc999262b9c938e22ef5ec46b4b1b535060dcca5cff1f", 0x40}], 0x4}}], 0x1, 0xc0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 2.817109057s ago: executing program 0 (id=2873): bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000c40)={@ifindex, 0xffffffffffffffff, 0x36, 0x2000}, 0x20) 2.763478427s ago: executing program 2 (id=2876): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4001, 0x0, @loopback}, 0x1c) r1 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r1, &(0x7f0000000280)=[{&(0x7f0000000180)="580000001400192340834b84040d8c560a06ffffff47ee7c877adf11c3fa10a67f000000000000000058000b480400945f64009400050038925afc220000800000008004000000ff0109000000fff5dd0000000800160006", 0x58}], 0x1) 2.669853789s ago: executing program 0 (id=2878): socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r2 = syz_open_dev$evdev(&(0x7f00000000c0), 0x3, 0x822b01) ioctl$EVIOCGABS20(r2, 0x40044591, 0x0) r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000000000020de280512000000000001090224000100000009090400010103000000092100000001220500090581030000000000fcddbec01da9109ac39436c635a1a8514c"], 0x0) syz_usb_control_io(r3, 0x0, 0x0) syz_open_dev$evdev(0x0, 0x4, 0x20) r4 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xc7, 0x3d, 0x8a, 0x8, 0x2770, 0x9120, 0x6c77, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x91, 0xb0, 0xe2}}]}}]}}, 0x0) syz_usb_control_io$hid(r4, 0x0, &(0x7f0000000400)={0x2c, &(0x7f0000000240), 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r4, 0x0, 0x0) syz_usb_control_io$hid(r3, &(0x7f00000008c0)={0x24, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x812}}, 0x0, 0x0}, &(0x7f0000000ac0)={0x2c, 0x0, 0x0, &(0x7f0000000980)={0x0, 0x8, 0x1, 0x37}, &(0x7f0000000180)=ANY=[], 0x0}) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, 0x0) io_setup(0x3, &(0x7f00000004c0)=0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x0, 0x8010) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) io_submit(r5, 0xca, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a0012fb, 0x2759, 0x7, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e8000072a, 0x1003f00, 0x0, 0x10}]) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x40) 2.183340866s ago: executing program 1 (id=2880): r0 = syz_io_uring_setup(0x497, &(0x7f0000000000)={0x0, 0x145d, 0x1, 0x0, 0x40037d}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x4, 0x0, 0x0, 0x0, 0x0, {0x2}}) io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0) 2.147493137s ago: executing program 1 (id=2881): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={0x0}}, 0x20000080) 2.061901968s ago: executing program 1 (id=2882): setsockopt$XDP_UMEM_COMPLETION_RING(0xffffffffffffffff, 0x11b, 0x6, 0x0, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) ioctl$BINDER_THREAD_EXIT(0xffffffffffffffff, 0x40046208, 0x0) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) syz_emit_ethernet(0x3a, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xfffffff5, 0x0, 0xfffd, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x18, 0x0, @wg=@data={0x4, 0xe, 0x9}}}}}}, 0x0) recvmsg(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0xf8}], 0x1}, 0x1f00) sendmmsg(r1, &(0x7f0000002400)=[{{&(0x7f0000000280)=@l2tp6={0xa, 0x0, 0x7600, @mcast2, 0x32, 0x2}, 0x80, 0x0}}], 0x40000000000018d, 0x40000) open_tree(0xffffffffffffffff, &(0x7f0000000640)='\x00', 0x81101) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) 1.93885103s ago: executing program 3 (id=2884): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, &(0x7f0000000a40)="123c163d8e1379f8f5e165bba2ee644ab23f7b4f158b153d324bdf0c9b46dcdf71dbff5ab31c1c6f0893c609831d792529d1df541e059e5d0817d37e194b61885803c0b6ea461f068ac7704d0296cc46d612a2d6893733e63c529dc8b98806c0c08064d1746cb773379bdb8431", 0x6d, 0x24008000, 0x0, 0x0) sendmmsg$inet(r0, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000002c0)="68377863ac6ea61666eaa696435a75f1626fe3a3acedcaf71527ff51d446daac757559d2d6fc2b90952355ec6c61d718c91784312b1b4771888a0811895b02ffb658934b0bbd6466c9cc04cc7252f1f1deea5a8b9c6797c8f1263db526cf88899f7ecab544662eb34743cefb660a78cb9468d2900b3cda4cca9d89ab6d341d145acf249276dda272407bc98d9e5431316d468b9e4750f2316589dc4de3157592d27fd723a512c85b08035842b75ec422346f9696f4bb3226b0ca75d135ebd8cae46fb83b71c103e1fdcb1934fd1d28b4916abe2c44e2", 0xd6}, {&(0x7f0000000840)="5453b4b759f9d4f4f33bda880b70e0fcdde06223919f4585429ef69078a4956f646ea03bfd4c090a003c01f32b1a175baf38c1eb4572c8b372accf9128062e58ff575546876a2804144c3aea98c4a3533396f87e860de8c66bceb0e6b387ec853b7e91c57587d38436637e702ae18eeccefdcd7a3cdd7bfc327b5d619b57d56afe1628b65e2948af5ee0e3f52746a5aff58bb7c6d253a58bf745584d1bc19fe5e42b5534eab9e9d2587b413e81f68b60f56130f82b327f5fe900e3e1503d7b117ec7d291a81090e6685b066c07bc6b783d1d23a056426d6502133386b51e657046c1c43a2a2c4a7611ee6592a5ee08700d24d832163b3def6c49c580956e51433a0a017d80d68574f8c43477bd9c0363321a7e589e86ffea215c1102cce8ffd1cd39a5f7658f22eee8a114772cb1e3c392d90b1b01ea2bac2c5911f388a774d5d7faaf89cb796c844f8dceb44ca4684f25cc79a3385d5b8e52e2dfed72d1f8c5858ed65c09af541ba111f73dd4fd763614585c1d07fe8e2fd278a0d7bdcc73970afa1d32a6e084f5b6384fca6ef4bb295451f614620c10e0fc235165e49afa57196cd54580ce9bc909dbccd00fe6e514e413a33199b4c9097b413b93660ebeac7b14652b27c364a8591912055ccd170cf22bc35849", 0x1d5}, {&(0x7f0000000ac0)="d48c8225ddfdf2c06c27763617468581389d34126760ba3dd0fe077a7c2ce378dd62cafeeb4ba1493766d09fd561d69a5bf8109ffcd3e43d8c16b9c3fa92d4439c5af1fa4775d01dcf0748a24ab51b52fbe75287abd479bdd154b4efe531a242d90a1ca2799c242bfd4ddd8271448d3415bd3a907ad340dc2fa2471393212d02eb25242808cffdc4e7a646211c18ac8602f5fc1e4f82b72871a8d42f37988365ff226c1523bf01617976acac641421438e16378094c94f2e55a44150d9a358d92606afb12f21a63daadbb143d6ccdae88d53521b9fe51ffa00000000e1f095b85da84acb08bb69065ba688260458a1b6602b23ac9aac14c931157aef573538b3fb4b54c0158313e3b4009fa93c57fe4f9e8ce9c72ac8a72a26e29f081e2c213a57d4143d5306c9e9f9d3e818e13ae35f4ffcb44a4af726f447f2545bc4f350d424812bbcd73617eb6cab3829b690be054e58bdd6", 0x154}, {&(0x7f0000000740)="f52ec22aafecc37a6d9995f1afb5c1727f223f9b84451a110b1dfbf19cc7ed183ba93f6d55645001887fc999262b9c938e22ef5ec46b4b1b535060dcca5cff1f", 0x40}], 0x4}}], 0x1, 0xc0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 1.883642311s ago: executing program 3 (id=2885): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, r2, 0x9801}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @gre={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @dev}, @IFLA_GRE_TTL={0x5, 0x8, 0x5}]}}}]}, 0x40}}, 0x20000080) sendto$packet(0xffffffffffffffff, &(0x7f0000000000)='1', 0x1, 0x40, &(0x7f0000000200)={0x11, 0x8100, r2, 0x1, 0x0, 0x6, @local}, 0x14) 1.854310811s ago: executing program 2 (id=2886): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x40201, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000380)={'syzkaller1\x00', 0xc201}) ioctl$TUNSETTXFILTER(r0, 0x400454d1, 0x0) 1.835498522s ago: executing program 4 (id=2887): keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'user:', 'syz', 0x20, 0xe8c}, 0x2a, 0xfffffffffffffff9) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) keyctl$instantiate(0xc, 0x0, 0x0, 0x0, 0xfffffffffffffffd) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) 1.780798313s ago: executing program 3 (id=2888): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x12d102, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r0, 0x0) r1 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) r2 = dup(r1) write$binfmt_aout(r2, 0x0, 0xffffffdb) r3 = io_uring_setup(0x4126, &(0x7f00000007c0)={0x0, 0x0, 0x800, 0x0, 0x1000000}) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) io_uring_register$IORING_REGISTER_RING_FDS(r3, 0x13, &(0x7f0000001bc0), 0x2) 1.779472043s ago: executing program 4 (id=2889): r0 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040)) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000500)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x0, 0x5}}, 0x20) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r2, 0xc0884113, &(0x7f0000000240)={0x1, 0x0, 0x200, 0xfffe, 0x2, 0x8, 0x200000000000002f, 0x200, 0x1, 0x2c, 0xffffffff, 0x2}) write$snddsp(r2, &(0x7f0000000180)="891296d9434665bb832ec9be8b42", 0xe) 1.674073774s ago: executing program 2 (id=2890): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40505330, 0x0) 1.673833014s ago: executing program 2 (id=2891): r0 = syz_io_uring_setup(0x497, &(0x7f0000000000)={0x0, 0x145d, 0x1, 0x0, 0x40037d}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x4, 0x0, 0x0, 0x0, 0x0, {0x2}}) io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0) 1.636055895s ago: executing program 2 (id=2892): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={0x0}}, 0x20000080) 1.605451446s ago: executing program 2 (id=2893): r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000380)={'vcan0\x00', 0x0}) r3 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r3, &(0x7f0000000080)={0x1d, r2, 0x0, {0x0, 0x0, 0x4}, 0xfe}, 0x18) sendmsg$can_j1939(r3, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f0000000100)="92034724033eea403a", 0x9}}, 0xee) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000400)={'vcan0\x00', 0x0}) r5 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r5, &(0x7f0000000080)={0x1d, r4, 0x0, {0x0, 0x0, 0x4}, 0xfe}, 0x18) sendmsg$can_j1939(r5, &(0x7f0000000200)={&(0x7f0000000000)={0x1d, r4, 0x0, {0x2, 0xff, 0x1}}, 0x18, &(0x7f00000000c0)={&(0x7f0000000440)}, 0x1, 0x0, 0x0, 0x44000}, 0x4044080) 1.239956681s ago: executing program 1 (id=2894): r0 = syz_open_dev$loop(&(0x7f0000000300), 0x2, 0x2002) writev(r0, &(0x7f00000005c0)=[{&(0x7f0000000880)="d3ff", 0x2}], 0x1) 1.165930082s ago: executing program 1 (id=2895): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, &(0x7f0000000a40)="123c163d8e1379f8f5e165bba2ee644ab23f7b4f158b153d324bdf0c9b46dcdf71dbff5ab31c1c6f0893c609831d792529d1df541e059e5d0817d37e194b61885803c0b6ea461f068ac7704d0296cc46d612a2d6893733e63c529dc8b98806c0c08064d1746cb773379bdb8431", 0x6d, 0x24008000, 0x0, 0x0) sendmmsg$inet(r0, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000002c0)="68377863ac6ea61666eaa696435a75f1626fe3a3acedcaf71527ff51d446daac757559d2d6fc2b90952355ec6c61d718c91784312b1b4771888a0811895b02ffb658934b0bbd6466c9cc04cc7252f1f1deea5a8b9c6797c8f1263db526cf88899f7ecab544662eb34743cefb660a78cb9468d2900b3cda4cca9d89ab6d341d145acf249276dda272407bc98d9e5431316d468b9e4750f2316589dc4de3157592d27fd723a512c85b08035842b75ec422346f9696f4bb3226b0ca75d135ebd8cae46fb83b71c103e1fdcb1934fd1d28b4916abe2c44e26ea72be426c27052e8162120960001", 0xe5}, {&(0x7f0000000840)="5453b4b759f9d4f4f33bda880b70e0fcdde06223919f4585429ef69078a4956f646ea03bfd4c090a003c01f32b1a175baf38c1eb4572c8b372accf9128062e58ff575546876a2804144c3aea98c4a3533396f87e860de8c66bceb0e6b387ec853b7e91c57587d38436637e702ae18eeccefdcd7a3cdd7bfc327b5d619b57d56afe1628b65e2948af5ee0e3f52746a5aff58bb7c6d253a58bf745584d1bc19fe5e42b5534eab9e9d2587b413e81f68b60f56130f82b327f5fe900e3e1503d7b117ec7d291a81090e6685b066c07bc6b783d1d23a056426d6502133386b51e657046c1c43a2a2c4a7611ee6592a5ee08700d24d832163b3def6c49c580956e51433a0a017d80d68574f8c43477bd9c0363321a7e589e86ffea215c1102cce8ffd1cd39a5f7658f22eee8a114772cb1e3c392d90b1b01ea2bac2c5911f388a774d5d7faaf89cb796c844f8dceb44ca4684f25cc79a3385d5b8e52e2dfed72d1f8c5858ed65c09af541ba111f73dd4fd763614585c1d07fe8e2fd278a0d7bdcc73970afa1d32a6e084f5b6384fca6ef4bb295451f614620c10e0fc235165e49afa57196cd54580ce9bc909dbccd00fe6e514e413a33199b4c9097b413b93660ebeac7b14652b27c364a8591912055ccd170cf22bc35849", 0x1d5}, {&(0x7f0000000ac0)="d48c8225ddfdf2c06c27763617468581389d34126760ba3dd0fe077a7c2ce378dd62cafeeb4ba1493766d09fd561d69a5bf8109ffcd3e43d8c16b9c3fa92d4439c5af1fa4775d01dcf0748a24ab51b52fbe75287abd479bdd154b4efe531a242d90a1ca2799c242bfd4ddd8271448d3415bd3a907ad340dc2fa2471393212d02eb25242808cffdc4e7a646211c18ac8602f5fc1e4f82b72871a8d42f37988365ff226c1523bf01617976acac641421438e16378094c94f2e55a44150d9a358d92606afb12f21a63daadbb143d6ccdae88d53521b9fe51ffa00000000e1f095b85da84acb08bb69065ba688260458a1b6602b23ac9aac14c931157aef573538b3fb4b54c0158313e3b4009fa93c57fe4f9e8ce9c72ac8a72a26e29f081e2c213a57d4143d5306c9e9f9d3e818e13ae35f4ffcb44a4af726f447f2545bc4f350d424812bbcd73617eb6cab3829b690be054e58bdd6", 0x154}, {&(0x7f0000000740)="f52ec22aafecc37a6d9995f1afb5c1727f223f9b84451a110b1dfbf19cc7ed183ba93f6d55645001887fc999262b9c938e22ef5ec46b4b1b535060dcca5cff1f", 0x40}], 0x4}}], 0x1, 0xc0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='nv\x00', 0x3) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 1.125167863s ago: executing program 0 (id=2896): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84242, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42) ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000001ac0)={r0, 0x4000, {0x0, 0x0, 0x0, 0x2ead, 0x7fff, 0x0, 0x0, 0x0, 0x4, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e77a68e174ff10000000000000010e200"}}) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0) mbind(&(0x7f0000051000/0x4000)=nil, 0x4000, 0x2, &(0x7f0000000000)=0xa, 0x95, 0x2) 1.077082294s ago: executing program 0 (id=2897): socket$key(0xf, 0x3, 0x2) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) socket$kcm(0xa, 0x2, 0x73) socket$pppoe(0x18, 0x1, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='mountinfo\x00') openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) unshare(0x400) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x7, 0x8, 0x0, 0x0, 0x2}, 0x0, &(0x7f0000000140)={0x1ff, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0xffffffffffffffff}, 0x0, 0x0) 907.840736ms ago: executing program 3 (id=2898): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, r2, 0x9801}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @gre={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @dev}, @IFLA_GRE_TTL={0x5, 0x8, 0x5}]}}}]}, 0x40}}, 0x20000080) sendto$packet(0xffffffffffffffff, &(0x7f0000000000)='1', 0x1, 0x40, &(0x7f0000000200)={0x11, 0x8100, r2, 0x1, 0x0, 0x6, @local}, 0x14) 826.139897ms ago: executing program 3 (id=2899): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4001, 0x0, @loopback}, 0x1c) r1 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r1, &(0x7f0000000280)=[{&(0x7f0000000180)="580000001400192340834b84040d8c560a06ffffff47ee7c877adf11c3fa10a67f000000000000000058000b480400945f64009400050038925afc220000800000008004000000ff0109000000fff5dd0000000800160006", 0x58}], 0x1) 685.92383ms ago: executing program 4 (id=2900): keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'user:', 'syz', 0x20, 0xe8c}, 0x2a, 0xfffffffffffffff9) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_update={'update ', 'default', 0x20, 'trusted:', 'trusted:'}, 0x20, 0xfffffffffffffffd) add_key(0x0, &(0x7f0000000180), &(0x7f0000000100), 0x0, 0xfffffffffffffffe) 644.2075ms ago: executing program 4 (id=2901): r0 = socket$qrtr(0x2a, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000600)={'dummy0\x00', 0x200}) 538.020002ms ago: executing program 4 (id=2902): r0 = syz_io_uring_setup(0x497, &(0x7f0000000000)={0x0, 0x145d, 0x1, 0x0, 0x40037d}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x4, 0x0, 0x0, 0x0, 0x0, {0x2}}) io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0) 528.164632ms ago: executing program 4 (id=2903): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)=@newlink={0x20, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x9801}}, 0x20}}, 0x20000080) 333.011065ms ago: executing program 1 (id=2905): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x8933, &(0x7f0000001880)={'wg0\x00', 0x0}) r3 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000fc0), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000280)={0x40, r3, 0xa29, 0x0, 0x0, {}, [@WGDEVICE_A_IFINDEX={0x8, 0x1, r2}, @WGDEVICE_A_PRIVATE_KEY={0x24}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)={0x40, r3, 0x1, 0x0, 0xfffffffc, {}, [@WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @a}, @WGDEVICE_A_IFINDEX={0x8, 0x1, r2}]}, 0x40}}, 0x0) r4 = syz_open_dev$rtc(&(0x7f0000000140), 0x0, 0x0) ioctl$RTC_WKALM_SET(r4, 0x4028700f, &(0x7f0000000000)={0x0, 0x0, {0x12, 0x3a, 0xe, 0xa, 0x7, 0x5, 0x1, 0x8010000, 0xe755a3d832dace16}}) syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x8e, 0x88, 0x5, 0x20, 0x8086, 0x9500, 0xb6d8, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x1, 0x0, 0x0, 0x15, 0xcc, 0x1c}}]}}]}}, 0x0) r5 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) ioctl$I2C_RDWR(r5, 0x707, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) writev(r5, &(0x7f0000000200)=[{&(0x7f0000000040)="e04235fc19f126fcbea758894eb4", 0xe}, {0x0}], 0x2) 197.159387ms ago: executing program 0 (id=2906): r0 = socket$nl_route(0x10, 0x3, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000380)={'vcan0\x00', 0x0}) r3 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r3, &(0x7f0000000080)={0x1d, r2, 0x0, {0x0, 0x0, 0x4}, 0xfe}, 0x18) sendmsg$can_j1939(r3, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x1a000}}, 0xee) r4 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r4, &(0x7f0000000340)={0x1d, r5, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, r5, {0x10, 0xffeb}, {0x5, 0x1}, {0xfff2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x850) 0s ago: executing program 3 (id=2907): ioctl$VIDIOC_QUERYMENU(0xffffffffffffffff, 0xc02c5625, &(0x7f0000000180)={0x8000, 0xc5fb, @value=0x3}) r0 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) r1 = add_key$keyring(&(0x7f0000000300), &(0x7f00000002c0)={'syz', 0x2}, 0x0, 0x0, r0) r2 = add_key$user(&(0x7f0000000280), &(0x7f0000000300)={'syz', 0x0}, &(0x7f00000001c0)="000000c6d222406b096cc34801000000647418aaf9b9a332f41ec9591b532723", 0x20, r1) r3 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r2, r3, r2}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) kernel console output (not intermixed with test programs): 0043bbed25: rx timeout, send abort [ 142.409799][ T6463] loop1: detected capacity change from 0 to 256 [ 142.508680][ C0] vcan0: j1939_tp_rxtimer: 0x0000000043bbed25: abort rx timeout. Force session deactivation [ 144.097319][ T6485] overlayfs: failed to set xattr on upper [ 144.098916][ T6485] overlayfs: ...falling back to index=off,metacopy=off. [ 144.442673][ T6490] loop0: detected capacity change from 0 to 40427 [ 144.495961][ T6490] F2FS-fs (loop0): Found nat_bits in checkpoint [ 144.514592][ T6490] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 145.469383][ T4303] syz-executor: attempt to access beyond end of device [ 145.469383][ T4303] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 145.492251][ T6508] netlink: 96 bytes leftover after parsing attributes in process `syz.4.521'. [ 145.510622][ T6504] binder: BINDER_SET_CONTEXT_MGR already set [ 145.512269][ T6504] binder: 6503:6504 ioctl 4018620d 20000040 returned -16 [ 145.535201][ T6504] binder: 6503:6504 got transaction to invalid handle, 1 [ 145.538956][ T6504] binder: 6504:6503 cannot find target node [ 145.546732][ T6504] binder: 6503:6504 transaction call to 0:0 failed 99/29201/-22, size 0-0 line 3054 [ 145.557503][ T6504] binder: 6503:6504 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 30) [ 145.560998][ T6504] binder: 6504 RLIMIT_NICE not set [ 145.562335][ T6504] binder: 6503:6504 ioctl c0306201 20001440 returned -11 [ 145.758477][ T4938] binder: undelivered TRANSACTION_ERROR: 29201 [ 145.865817][ T6514] tipc: Started in network mode [ 145.867481][ T6514] tipc: Node identity ac1414aa, cluster identity 4711 [ 145.870084][ T6514] tipc: Enabled bearer , priority 10 [ 145.875856][ T6514] tipc: Enabled bearer , priority 0 [ 145.929541][ T6507] loop3: detected capacity change from 0 to 40427 [ 145.944171][ T6507] F2FS-fs (loop3): Found nat_bits in checkpoint [ 145.962419][ T6507] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 146.353932][ T6528] overlayfs: failed to set xattr on upper [ 146.355639][ T6528] overlayfs: ...falling back to index=off,metacopy=off. [ 146.869483][ T4938] tipc: Node number set to 2886997162 [ 147.101750][ C0] vcan0: j1939_tp_rxtimer: 0x000000004fedde96: rx timeout, send abort [ 147.604087][ C0] vcan0: j1939_tp_rxtimer: 0x000000004fedde96: abort rx timeout. Force session deactivation [ 147.904262][ T6556] binder: 6555:6556 ioctl c0306201 0 returned -14 [ 147.922019][ T6556] binder: 6555:6556 got transaction to invalid handle, 1 [ 147.928491][ T6556] binder: 6556:6555 cannot find target node [ 147.932356][ T6556] binder: 6555:6556 transaction call to 0:0 failed 103/29201/-22, size 0-0 line 3054 [ 147.939683][ T6556] binder: 6555:6556 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 147.955134][ T6556] binder: 6556 RLIMIT_NICE not set [ 147.957870][ T6556] binder: 6555:6556 ioctl c0306201 20001440 returned -11 [ 148.047462][ T4298] syz-executor: attempt to access beyond end of device [ 148.047462][ T4298] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 148.068075][ T4942] binder: undelivered TRANSACTION_ERROR: 29201 [ 148.205485][ T6559] overlayfs: failed to set xattr on upper [ 148.221019][ T6559] overlayfs: ...falling back to index=off,metacopy=off. [ 148.389089][ T6566] tipc: Started in network mode [ 148.390503][ T6566] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711 [ 148.392652][ T6566] tipc: Enabled bearer , priority 0 [ 149.518455][ T4351] tipc: Node number set to 11578026 [ 149.553992][ T6591] overlayfs: failed to set xattr on upper [ 149.555816][ T6591] overlayfs: ...falling back to index=off,metacopy=off. [ 149.678596][ T6594] tipc: Started in network mode [ 149.679986][ T6594] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711 [ 149.684652][ T6596] binder: 6595:6596 ioctl c0306201 0 returned -14 [ 149.692904][ T6596] binder: 6595:6596 got transaction to invalid handle, 1 [ 149.693085][ T6594] tipc: Enabled bearer , priority 0 [ 149.694897][ T6596] binder: 6596:6595 cannot find target node [ 149.706838][ T6596] binder: 6595:6596 transaction call to 0:0 failed 107/29201/-22, size 0-0 line 3054 [ 149.718616][ T6596] binder: 6595:6596 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 149.722160][ T6596] binder: 6596 RLIMIT_NICE not set [ 149.723532][ T6596] binder: 6595:6596 ioctl c0306201 20001440 returned -11 [ 149.786182][ T4351] binder: undelivered TRANSACTION_ERROR: 29201 [ 149.901598][ T6585] loop0: detected capacity change from 0 to 40427 [ 149.939716][ T6585] F2FS-fs (loop0): Found nat_bits in checkpoint [ 149.968416][ T6585] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 150.210656][ T4303] syz-executor: attempt to access beyond end of device [ 150.210656][ T4303] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 150.502102][ C1] vcan0: j1939_tp_rxtimer: 0x0000000059ccece8: rx timeout, send abort [ 150.567756][ T6622] overlayfs: failed to set xattr on upper [ 150.569284][ T6622] overlayfs: ...falling back to index=off,metacopy=off. [ 150.686141][ T4938] tipc: Node number set to 11578026 [ 151.004575][ C1] vcan0: j1939_tp_rxtimer: 0x0000000059ccece8: abort rx timeout. Force session deactivation [ 151.144733][ T6642] binder: 6641:6642 ioctl c0306201 0 returned -14 [ 151.154618][ T6642] binder: 6641:6642 got transaction to invalid handle, 1 [ 151.169998][ T6642] binder: 6642:6641 cannot find target node [ 151.171740][ T6642] binder: 6641:6642 transaction call to 0:0 failed 111/29201/-22, size 0-0 line 3054 [ 151.174622][ T6642] binder: 6641:6642 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 151.188386][ T6642] binder: 6642 RLIMIT_NICE not set [ 151.189824][ T6642] binder: 6641:6642 ioctl c0306201 20001440 returned -11 [ 151.236143][ T4938] binder: undelivered TRANSACTION_ERROR: 29201 [ 151.502944][ T6647] tipc: Started in network mode [ 151.504381][ T6647] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711 [ 151.526234][ T6647] tipc: Enabled bearer , priority 0 [ 151.653942][ T6639] loop2: detected capacity change from 0 to 40427 [ 151.662356][ T6652] overlayfs: failed to set xattr on upper [ 151.663924][ T6652] overlayfs: ...falling back to index=off,metacopy=off. [ 151.695267][ T6639] F2FS-fs (loop2): Found nat_bits in checkpoint [ 151.772519][ T6639] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 152.033965][ T4309] syz-executor: attempt to access beyond end of device [ 152.033965][ T4309] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 152.523401][ T6682] tipc: Enabled bearer , priority 10 [ 152.529761][ T6682] tipc: Enabling of bearer rejected, already enabled [ 152.533806][ T6684] overlayfs: failed to set xattr on upper [ 152.542148][ T6684] overlayfs: ...falling back to index=off,metacopy=off. [ 152.630762][ T6686] binder: 6685:6686 got transaction to invalid handle, 1 [ 152.632717][ T6686] binder: 6686:6685 cannot find target node [ 152.646250][ T4351] tipc: Node number set to 11578026 [ 152.648627][ T6686] binder: 6685:6686 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 152.652055][ T6686] binder: 6686 RLIMIT_NICE not set [ 152.653365][ T6686] binder: 6685:6686 ioctl c0306201 20001440 returned -11 [ 152.983372][ T6693] loop1: detected capacity change from 0 to 40427 [ 153.008729][ T6693] F2FS-fs (loop1): Found nat_bits in checkpoint [ 153.052444][ T6693] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 153.266808][ T4297] syz-executor: attempt to access beyond end of device [ 153.266808][ T4297] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 153.425012][ T6714] tipc: Enabled bearer , priority 10 [ 153.427784][ T6714] tipc: Enabling of bearer rejected, already enabled [ 153.630359][ C0] vcan0: j1939_tp_rxtimer: 0x000000001df47f06: rx timeout, send abort [ 153.699732][ T6722] overlayfs: failed to set xattr on upper [ 153.705424][ T6722] overlayfs: ...falling back to index=off,metacopy=off. [ 154.132767][ C0] vcan0: j1939_tp_rxtimer: 0x000000001df47f06: abort rx timeout. Force session deactivation [ 154.193954][ T6741] binder: 6739:6741 got transaction to invalid handle, 1 [ 154.195958][ T6741] binder_debug: 2 callbacks suppressed [ 154.195967][ T6741] binder: 6741:6739 cannot find target node [ 154.211742][ T6741] binder: 6739:6741 transaction call to 0:0 failed 119/29201/-22, size 0-0 line 3054 [ 154.224916][ T6741] binder: 6739:6741 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 154.239230][ T6741] binder: 6741 RLIMIT_NICE not set [ 154.241015][ T6741] binder: 6739:6741 ioctl c0306201 20001440 returned -11 [ 154.286446][ T4347] binder: undelivered TRANSACTION_ERROR: 29201 [ 154.358065][ T6745] tipc: Enabling of bearer rejected, already enabled [ 154.360498][ T6748] tipc: Enabling of bearer rejected, already enabled [ 154.402532][ T6750] overlayfs: failed to set xattr on upper [ 154.411118][ T6750] overlayfs: ...falling back to index=off,metacopy=off. [ 154.623171][ T6738] loop0: detected capacity change from 0 to 40427 [ 154.658106][ T6738] F2FS-fs (loop0): Found nat_bits in checkpoint [ 154.693384][ T6738] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 155.384504][ T4303] syz-executor: attempt to access beyond end of device [ 155.384504][ T4303] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 155.552387][ T6785] overlayfs: failed to set xattr on upper [ 155.554044][ T6785] overlayfs: ...falling back to index=off,metacopy=off. [ 155.753176][ T6796] tipc: Enabling of bearer rejected, already enabled [ 155.851539][ T6800] binder: 6799:6800 got transaction to invalid handle, 1 [ 155.853483][ T6800] binder: 6800:6799 cannot find target node [ 155.855094][ T6800] binder: 6799:6800 transaction call to 0:0 failed 123/29201/-22, size 0-0 line 3054 [ 155.865974][ T6800] binder: 6799:6800 ioctl c0306201 20001440 returned -11 [ 155.916126][ T4935] binder: undelivered TRANSACTION_ERROR: 29201 [ 156.305954][ C0] vcan0: j1939_tp_rxtimer: 0x0000000001e21188: rx timeout, send abort [ 156.363873][ T6809] loop1: detected capacity change from 0 to 40427 [ 156.521435][ T6817] overlayfs: failed to set xattr on upper [ 156.523026][ T6817] overlayfs: ...falling back to index=off,metacopy=off. [ 156.526459][ T6809] F2FS-fs (loop1): Found nat_bits in checkpoint [ 156.572595][ T6809] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 156.808419][ C0] vcan0: j1939_tp_rxtimer: 0x0000000001e21188: abort rx timeout. Force session deactivation [ 157.010309][ T6827] tipc: Enabling of bearer rejected, already enabled [ 157.182076][ T4297] syz-executor: attempt to access beyond end of device [ 157.182076][ T4297] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 157.241702][ T6838] binder_user_error: 2 callbacks suppressed [ 157.241714][ T6838] binder: 6837:6838 got transaction to invalid handle, 1 [ 157.245371][ T6838] binder: 6838:6837 cannot find target node [ 157.249561][ T6838] binder: 6837:6838 transaction call to 0:0 failed 127/29201/-22, size 0-0 line 3054 [ 157.252527][ T6838] binder: 6837:6838 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 157.256178][ T6838] binder: 6838 RLIMIT_NICE not set [ 157.257674][ T6838] binder: 6837:6838 ioctl c0306201 20001440 returned -11 [ 157.296144][ T4347] binder: undelivered TRANSACTION_ERROR: 29201 [ 157.408931][ T6844] overlayfs: failed to set xattr on upper [ 157.410599][ T6844] overlayfs: ...falling back to index=off,metacopy=off. [ 157.921351][ T6867] tipc: Enabling of bearer rejected, already enabled [ 158.698549][ T6863] loop0: detected capacity change from 0 to 40427 [ 158.711844][ T6878] overlayfs: failed to set xattr on upper [ 158.713480][ T6878] overlayfs: ...falling back to index=off,metacopy=off. [ 158.734792][ C1] vcan0: j1939_tp_rxtimer: 0x0000000072f8eb48: rx timeout, send abort [ 158.745942][ T6863] F2FS-fs (loop0): Found nat_bits in checkpoint [ 158.809958][ T6863] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 159.237260][ C1] vcan0: j1939_tp_rxtimer: 0x0000000072f8eb48: abort rx timeout. Force session deactivation [ 159.308317][ T6900] binder: 6897:6900 got transaction to invalid handle, 1 [ 159.310337][ T6900] binder: 6900:6897 cannot find target node [ 159.311946][ T6900] binder: 6897:6900 transaction call to 0:0 failed 131/29201/-22, size 0-0 line 3054 [ 159.334750][ T6900] binder: 6897:6900 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 159.355869][ T6900] binder: 6900 RLIMIT_NICE not set [ 159.359862][ T6900] binder: 6897:6900 ioctl c0306201 20001440 returned -11 [ 159.438365][ T4303] syz-executor: attempt to access beyond end of device [ 159.438365][ T4303] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 159.477217][ T4351] binder: undelivered TRANSACTION_ERROR: 29201 [ 159.554748][ T6909] overlayfs: failed to set xattr on upper [ 159.559198][ T6909] overlayfs: ...falling back to index=off,metacopy=off. [ 159.898540][ T6917] tipc: Enabling of bearer rejected, already enabled [ 160.413261][ T6937] overlayfs: failed to set xattr on upper [ 160.415172][ T6937] overlayfs: ...falling back to index=off,metacopy=off. [ 160.744993][ T6944] binder: 6942:6944 got transaction to invalid handle, 1 [ 160.761369][ T6944] binder: 6944:6942 cannot find target node [ 160.763108][ T6944] binder: 6942:6944 transaction call to 0:0 failed 135/29201/-22, size 0-0 line 3054 [ 160.781460][ T6944] binder: 6942:6944 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 160.785112][ T6944] binder: 6944 RLIMIT_NICE not set [ 160.810538][ T6944] binder: 6942:6944 ioctl c0306201 20001440 returned -11 [ 160.886373][ T6934] loop4: detected capacity change from 0 to 40427 [ 160.894929][ T6934] F2FS-fs (loop4): Found nat_bits in checkpoint [ 160.907340][ T4433] binder: undelivered TRANSACTION_ERROR: 29201 [ 160.922821][ T6934] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 161.018577][ T6954] tipc: Started in network mode [ 161.020082][ T6954] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711 [ 161.022086][ T6954] tipc: Enabled bearer , priority 0 [ 161.296390][ T4307] syz-executor: attempt to access beyond end of device [ 161.296390][ T4307] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 161.442469][ C0] vcan0: j1939_tp_rxtimer: 0x00000000c19bb471: rx timeout, send abort [ 161.854254][ T6979] tipc: Enabling of bearer rejected, already enabled [ 161.944800][ C0] vcan0: j1939_tp_rxtimer: 0x00000000c19bb471: abort rx timeout. Force session deactivation [ 162.027998][ T6983] Zero length message leads to an empty skb [ 162.384199][ T6997] binder: tried to use weak ref as strong ref [ 162.400001][ T6997] binder: 6993:6997 Acquire 1 refcount change on invalid ref 0 ret -22 [ 162.430091][ T6997] binder: 6993:6997 got transaction to invalid handle, 1 [ 162.478275][ T6997] binder: 6997:6993 cannot find target node [ 162.479964][ T6997] binder: 6993:6997 transaction call to 0:0 failed 138/29201/-22, size 0-0 line 3054 [ 162.561689][ T4938] tipc: Node number set to 11578026 [ 162.577304][ T4433] binder: undelivered TRANSACTION_ERROR: 29201 [ 162.715742][ T7006] tipc: Enabling of bearer rejected, already enabled [ 162.792688][ T6991] loop3: detected capacity change from 0 to 40427 [ 162.808040][ T6991] F2FS-fs (loop3): Found nat_bits in checkpoint [ 162.850633][ T6991] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 163.281338][ T4298] syz-executor: attempt to access beyond end of device [ 163.281338][ T4298] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 163.805817][ T7040] tipc: Enabling of bearer rejected, already enabled [ 163.866420][ T4304] Bluetooth: hci1: command 0x0406 tx timeout [ 163.868231][ T4304] Bluetooth: hci0: command 0x0406 tx timeout [ 163.869916][ T4304] Bluetooth: hci4: command 0x0406 tx timeout [ 163.871554][ T4304] Bluetooth: hci2: command 0x0406 tx timeout [ 163.873244][ T4304] Bluetooth: hci3: command 0x0406 tx timeout [ 163.953764][ C1] vcan0: j1939_tp_rxtimer: 0x00000000e158c2b6: rx timeout, send abort [ 164.019851][ T7050] binder: tried to use weak ref as strong ref [ 164.021643][ T7050] binder: 7048:7050 Acquire 1 refcount change on invalid ref 0 ret -22 [ 164.039269][ T7050] binder: 7048:7050 got transaction to invalid handle, 1 [ 164.041136][ T7050] binder: 7050:7048 cannot find target node [ 164.449479][ T7055] loop0: detected capacity change from 0 to 40427 [ 164.461359][ C1] vcan0: j1939_tp_rxtimer: 0x00000000e158c2b6: abort rx timeout. Force session deactivation [ 164.515904][ T7055] F2FS-fs (loop0): Found nat_bits in checkpoint [ 164.536354][ T7055] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 164.967811][ T7079] tipc: Enabling of bearer rejected, already enabled [ 165.026915][ T4303] syz-executor: attempt to access beyond end of device [ 165.026915][ T4303] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 165.321908][ T7096] binder: tried to use weak ref as strong ref [ 165.327085][ T7096] binder: 7092:7096 Acquire 1 refcount change on invalid ref 0 ret -22 [ 165.340005][ T7096] binder: 7092:7096 got transaction to invalid handle, 1 [ 165.348319][ T7096] binder_debug: 2 callbacks suppressed [ 165.348330][ T7096] binder: 7096:7092 cannot find target node [ 165.351887][ T7096] binder: 7092:7096 transaction call to 0:0 failed 144/29201/-22, size 0-0 line 3054 [ 165.437572][ T4433] binder: undelivered TRANSACTION_ERROR: 29201 [ 165.975048][ T7114] tipc: Enabled bearer , priority 10 [ 165.977773][ T7114] tipc: Enabling of bearer rejected, already enabled [ 166.217369][ T7110] loop0: detected capacity change from 0 to 40427 [ 166.268908][ T7110] F2FS-fs (loop0): Found nat_bits in checkpoint [ 166.310284][ T7110] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 166.452864][ C1] vcan0: j1939_tp_rxtimer: 0x00000000036df07b: rx timeout, send abort [ 166.687203][ T4303] syz-executor: attempt to access beyond end of device [ 166.687203][ T4303] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 166.879440][ T7139] netlink: 44 bytes leftover after parsing attributes in process `syz.3.764'. [ 166.927909][ T7141] binder: 7140:7141 tried to acquire reference to desc 0, got 1 instead [ 166.932945][ T7141] binder: release 7140:7141 transaction 149 in, still active [ 166.944074][ T7141] binder: send failed reply for transaction 149 to 7140:7141 [ 166.947308][ T4351] binder: undelivered TRANSACTION_COMPLETE [ 166.949027][ T4351] binder: undelivered TRANSACTION_ERROR: 29189 [ 166.955335][ C1] vcan0: j1939_tp_rxtimer: 0x00000000036df07b: abort rx timeout. Force session deactivation [ 166.977378][ T7145] tipc: Enabling of bearer rejected, already enabled [ 166.980527][ T7145] tipc: Enabling of bearer rejected, already enabled [ 167.314426][ T7163] netlink: 44 bytes leftover after parsing attributes in process `syz.0.775'. [ 167.586334][ T7172] tipc: Enabled bearer , priority 10 [ 167.593978][ T7172] tipc: Enabling of bearer rejected, already enabled [ 167.847899][ T7158] loop4: detected capacity change from 0 to 40427 [ 167.903635][ T7158] F2FS-fs (loop4): Found nat_bits in checkpoint [ 167.948606][ T7158] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 168.347864][ T4307] syz-executor: attempt to access beyond end of device [ 168.347864][ T4307] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 168.609052][ T7194] netlink: 44 bytes leftover after parsing attributes in process `syz.1.786'. [ 168.611604][ C0] vcan0: j1939_tp_rxtimer: 0x000000009c5bc738: rx timeout, send abort [ 168.731305][ T7198] binder_user_error: 3 callbacks suppressed [ 168.731317][ T7198] binder: 7197:7198 tried to acquire reference to desc 0, got 1 instead [ 168.763225][ T7198] binder: 7197:7198 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 168.772875][ T7198] binder: 7198 RLIMIT_NICE not set [ 168.774249][ T7198] binder: 7198 RLIMIT_NICE not set [ 168.793706][ T7198] binder: release 7197:7198 transaction 154 in, still active [ 168.795684][ T7198] binder: send failed reply for transaction 154 to 7197:7198 [ 168.802911][ T4942] binder: undelivered TRANSACTION_COMPLETE [ 169.113876][ C0] vcan0: j1939_tp_rxtimer: 0x000000009c5bc738: abort rx timeout. Force session deactivation [ 169.185492][ T7214] tipc: Enabling of bearer rejected, already enabled [ 169.326598][ T7210] loop2: detected capacity change from 0 to 40427 [ 169.363254][ T7210] F2FS-fs (loop2): Found nat_bits in checkpoint [ 169.393995][ T7210] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 169.913915][ T4309] syz-executor: attempt to access beyond end of device [ 169.913915][ T4309] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 169.989694][ T7243] tipc: Enabling of bearer rejected, already enabled [ 170.182006][ T7251] binder: 7249:7251 tried to acquire reference to desc 0, got 1 instead [ 170.187941][ T7251] binder: 7249:7251 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 170.192923][ T7251] binder: 7251 RLIMIT_NICE not set [ 170.195502][ T7251] binder: 7251 RLIMIT_NICE not set [ 170.815184][ T7276] tipc: Enabling of bearer rejected, already enabled [ 170.967016][ T7270] loop0: detected capacity change from 0 to 40427 [ 171.017188][ T7270] F2FS-fs (loop0): Found nat_bits in checkpoint [ 171.056280][ T7270] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 171.171628][ C1] vcan0: j1939_tp_rxtimer: 0x00000000f6b698d6: rx timeout, send abort [ 171.673858][ C1] vcan0: j1939_tp_rxtimer: 0x00000000f6b698d6: abort rx timeout. Force session deactivation [ 171.924007][ T4303] syz-executor: attempt to access beyond end of device [ 171.924007][ T4303] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 172.023944][ T7306] tipc: Enabling of bearer rejected, already enabled [ 172.255426][ T7317] binder: 7316:7317 tried to acquire reference to desc 0, got 1 instead [ 172.288488][ T7317] binder: 7316:7317 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 172.303145][ T7322] netlink: 44 bytes leftover after parsing attributes in process `syz.1.839'. [ 172.307371][ T7317] binder_debug: 5 callbacks suppressed [ 172.307380][ T7317] binder: release 7316:7317 transaction 164 in, still active [ 172.310790][ T7317] binder: send failed reply for transaction 164 to 7316:7317 [ 172.351533][ T4347] binder: undelivered TRANSACTION_COMPLETE [ 172.353380][ T4347] binder: undelivered TRANSACTION_ERROR: 29189 [ 172.683250][ T7324] loop2: detected capacity change from 0 to 40427 [ 172.787950][ T7324] F2FS-fs (loop2): Found nat_bits in checkpoint [ 172.825676][ T7324] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 173.622965][ T4309] syz-executor: attempt to access beyond end of device [ 173.622965][ T4309] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 173.632385][ C0] vcan0: j1939_tp_rxtimer: 0x000000008205d154: rx timeout, send abort [ 173.717622][ T7350] tipc: Enabling of bearer rejected, already enabled [ 173.864784][ T7357] netlink: 44 bytes leftover after parsing attributes in process `syz.3.853'. [ 174.134807][ C0] vcan0: j1939_tp_rxtimer: 0x000000008205d154: abort rx timeout. Force session deactivation [ 174.166372][ T7361] binder_user_error: 2 callbacks suppressed [ 174.166384][ T7361] binder: 7360:7361 tried to acquire reference to desc 0, got 1 instead [ 174.182997][ T7361] binder: 7360:7361 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 174.219725][ T7361] binder: 7361 RLIMIT_NICE not set [ 174.226455][ T7361] binder: 7361 RLIMIT_NICE not set [ 174.237260][ T7361] binder: release 7360:7361 transaction 169 in, still active [ 174.239393][ T7361] binder: send failed reply for transaction 169 to 7360:7361 [ 174.260628][ T4938] binder: undelivered TRANSACTION_COMPLETE [ 174.262399][ T4938] binder: undelivered TRANSACTION_ERROR: 29189 [ 174.857638][ T7373] loop3: detected capacity change from 0 to 40427 [ 174.903482][ T7373] F2FS-fs (loop3): Found nat_bits in checkpoint [ 174.966548][ T7373] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 175.004158][ T7384] tipc: Enabling of bearer rejected, already enabled [ 175.099204][ T7390] netlink: 44 bytes leftover after parsing attributes in process `syz.1.865'. [ 175.195214][ T7397] netlink: 8 bytes leftover after parsing attributes in process `syz.0.867'. [ 175.765759][ T7408] binder: 7407:7408 tried to acquire reference to desc 0, got 1 instead [ 175.775750][ T4298] syz-executor: attempt to access beyond end of device [ 175.775750][ T4298] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 175.826753][ T7408] binder: 7407:7408 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 175.852053][ T7408] binder: 7408 RLIMIT_NICE not set [ 175.853586][ T7408] binder: 7408 RLIMIT_NICE not set [ 175.855175][ T7408] binder: release 7407:7408 transaction 174 in, still active [ 175.865998][ T7408] binder: send failed reply for transaction 174 to 7407:7408 [ 176.153164][ T7416] tipc: Enabling of bearer rejected, already enabled [ 176.163068][ T7416] tipc: Enabling of bearer rejected, already enabled [ 176.393604][ C1] vcan0: j1939_tp_rxtimer: 0x0000000037f2c571: rx timeout, send abort [ 176.503369][ T7428] netlink: 8 bytes leftover after parsing attributes in process `syz.0.881'. [ 176.895915][ C1] vcan0: j1939_tp_rxtimer: 0x0000000037f2c571: abort rx timeout. Force session deactivation [ 177.040574][ T7441] tipc: Enabling of bearer rejected, already enabled [ 177.048446][ T7445] tipc: Enabling of bearer rejected, already enabled [ 177.082004][ T7449] binder: 7448:7449 tried to acquire reference to desc 0, got 1 instead [ 177.085659][ T7449] binder: 7448:7449 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 177.171903][ T7453] netlink: 8 bytes leftover after parsing attributes in process `syz.0.892'. [ 177.540053][ T7472] tipc: Enabling of bearer rejected, already enabled [ 177.544347][ T7472] tipc: Enabling of bearer rejected, already enabled [ 178.389442][ T7497] tipc: Enabling of bearer rejected, already enabled [ 178.392991][ T7497] tipc: Enabling of bearer rejected, already enabled [ 178.420069][ T7499] binder_debug: 6 callbacks suppressed [ 178.420080][ T7499] binder: release 7498:7499 transaction 184 in, still active [ 178.424119][ T7499] binder: send failed reply for transaction 184 to 7498:7499 [ 178.436774][ T4433] binder: undelivered TRANSACTION_COMPLETE [ 178.438432][ T4433] binder: undelivered TRANSACTION_ERROR: 29189 [ 178.661466][ C0] vcan0: j1939_tp_rxtimer: 0x000000000dbb6dcb: rx timeout, send abort [ 178.739702][ T7517] netlink: 24 bytes leftover after parsing attributes in process `syz.4.921'. [ 179.103095][ T7524] tipc: Enabling of bearer rejected, already enabled [ 179.116006][ T7524] tipc: Enabling of bearer rejected, already enabled [ 179.501945][ C0] vcan0: j1939_tp_rxtimer: 0x000000000dbb6dcb: abort rx timeout. Force session deactivation [ 179.812991][ T7543] binder_user_error: 6 callbacks suppressed [ 179.813003][ T7543] binder: 7542:7543 tried to acquire reference to desc 0, got 1 instead [ 179.819259][ T7543] binder: 7542:7543 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 179.822860][ T7543] binder: 7543 RLIMIT_NICE not set [ 179.824385][ T7543] binder: 7543 RLIMIT_NICE not set [ 179.826866][ T7543] binder: release 7542:7543 transaction 189 in, still active [ 179.836311][ T7543] binder: send failed reply for transaction 189 to 7542:7543 [ 179.844501][ T4347] binder: undelivered TRANSACTION_COMPLETE [ 179.846312][ T4347] binder: undelivered TRANSACTION_ERROR: 29189 [ 179.964690][ T7550] netlink: 24 bytes leftover after parsing attributes in process `syz.1.935'. [ 179.989403][ T7548] tipc: Enabling of bearer rejected, already enabled [ 179.992821][ T7548] tipc: Enabling of bearer rejected, already enabled [ 181.072047][ T7579] tipc: Enabling of bearer rejected, already enabled [ 181.075546][ T7579] tipc: Enabling of bearer rejected, already enabled [ 181.238439][ T7589] binder: 7588:7589 tried to acquire reference to desc 0, got 1 instead [ 181.242490][ T7589] binder: 7588:7589 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 181.252642][ T7589] binder: 7589 RLIMIT_NICE not set [ 181.254017][ T7589] binder: 7589 RLIMIT_NICE not set [ 181.255609][ T7589] binder: release 7588:7589 transaction 194 in, still active [ 181.258023][ T7589] binder: send failed reply for transaction 194 to 7588:7589 [ 181.330105][ C0] vcan0: j1939_tp_rxtimer: 0x00000000897450ba: rx timeout, send abort [ 181.814900][ T7609] tipc: Enabling of bearer rejected, already enabled [ 181.822672][ T7609] tipc: Enabling of bearer rejected, already enabled [ 181.832422][ C0] vcan0: j1939_tp_rxtimer: 0x00000000897450ba: abort rx timeout. Force session deactivation [ 182.289137][ T7624] netlink: 24 bytes leftover after parsing attributes in process `syz.1.970'. [ 182.476020][ T7631] binder: 7630:7631 tried to acquire reference to desc 0, got 1 instead [ 182.481997][ T7631] binder: 7630:7631 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 182.579944][ T7635] tipc: Enabling of bearer rejected, already enabled [ 182.592874][ T7635] tipc: Enabling of bearer rejected, already enabled [ 182.820230][ T7649] netlink: 24 bytes leftover after parsing attributes in process `syz.2.981'. [ 183.842534][ C0] vcan0: j1939_tp_rxtimer: 0x000000005dab909e: rx timeout, send abort [ 183.993617][ T7669] tipc: Enabling of bearer rejected, already enabled [ 183.997010][ T7669] tipc: Enabling of bearer rejected, already enabled [ 184.172641][ T7677] binder_debug: 6 callbacks suppressed [ 184.172653][ T7677] binder: release 7676:7677 transaction 204 in, still active [ 184.185009][ T7677] binder: send failed reply for transaction 204 to 7676:7677 [ 184.192711][ T4347] binder: undelivered TRANSACTION_COMPLETE [ 184.194354][ T4347] binder: undelivered TRANSACTION_ERROR: 29189 [ 184.384595][ C0] vcan0: j1939_tp_rxtimer: 0x000000005dab909e: abort rx timeout. Force session deactivation [ 184.449673][ T7689] netlink: 24 bytes leftover after parsing attributes in process `syz.3.999'. [ 184.533409][ T7695] tipc: Enabling of bearer rejected, already enabled [ 184.538692][ T7695] tipc: Enabling of bearer rejected, already enabled [ 185.627303][ T7717] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1012'. [ 185.659007][ T7719] tipc: Enabling of bearer rejected, already enabled [ 185.662256][ T7719] tipc: Enabling of bearer rejected, already enabled [ 185.721124][ T7723] binder: 7720:7723 ioctl 4018620d 0 returned -22 [ 185.723324][ T7723] binder_user_error: 6 callbacks suppressed [ 185.723333][ T7723] binder: tried to use weak ref as strong ref [ 185.731995][ T7723] binder: 7720:7723 Acquire 1 refcount change on invalid ref 0 ret -22 [ 185.735420][ T7723] binder: 7720:7723 got transaction to invalid handle, 1 [ 185.738325][ T7723] binder: 7723:7720 cannot find target node [ 185.740439][ T7723] binder: 7720:7723 transaction call to 0:0 failed 207/29201/-22, size 0-0 line 3054 [ 185.744196][ T7723] binder: 7720:7723 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 185.754917][ T7723] binder: 7723 RLIMIT_NICE not set [ 185.756847][ T7723] binder: 7720:7723 ioctl c0306201 20001440 returned -11 [ 185.796534][ T4935] binder: undelivered TRANSACTION_ERROR: 29201 [ 186.679645][ C1] vcan0: j1939_tp_rxtimer: 0x00000000718f5ab6: rx timeout, send abort [ 187.032926][ T7751] tipc: Enabling of bearer rejected, already enabled [ 187.142660][ T7753] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1028'. [ 187.182196][ C1] vcan0: j1939_tp_rxtimer: 0x00000000718f5ab6: abort rx timeout. Force session deactivation [ 187.264306][ T7760] binder: 7759:7760 ioctl 4018620d 0 returned -22 [ 187.266945][ T7760] binder: tried to use weak ref as strong ref [ 187.268660][ T7760] binder: 7759:7760 Acquire 1 refcount change on invalid ref 0 ret -22 [ 187.271926][ T7760] binder: 7759:7760 got transaction to invalid handle, 1 [ 187.286673][ T7760] binder: 7760:7759 cannot find target node [ 187.292662][ T7760] binder: 7759:7760 transaction call to 0:0 failed 210/29201/-22, size 0-0 line 3054 [ 187.318915][ T7760] binder: 7759:7760 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 187.326254][ T7760] binder: 7760 RLIMIT_NICE not set [ 187.327695][ T7760] binder: 7759:7760 ioctl c0306201 20001440 returned -11 [ 187.387480][ T2060] ieee802154 phy0 wpan0: encryption failed: -22 [ 187.436639][ T4433] binder: undelivered TRANSACTION_ERROR: 29201 [ 188.373331][ T7781] tipc: Enabling of bearer rejected, already enabled [ 189.575644][ T7812] binder: 7811:7812 ioctl 4018620d 0 returned -22 [ 189.580314][ T7812] binder: 7812:7811 cannot find target node [ 189.582081][ T7812] binder: 7811:7812 transaction call to 0:0 failed 213/29201/-22, size 0-0 line 3054 [ 189.585081][ T7812] binder: 7811:7812 ioctl c0306201 20001440 returned -11 [ 189.621640][ T4433] binder: undelivered TRANSACTION_ERROR: 29201 [ 189.632560][ T7814] tipc: Enabling of bearer rejected, already enabled [ 189.728946][ C1] vcan0: j1939_tp_rxtimer: 0x00000000f669cb1c: rx timeout, send abort [ 190.231255][ C1] vcan0: j1939_tp_rxtimer: 0x00000000f669cb1c: abort rx timeout. Force session deactivation [ 190.378885][ T7847] tipc: Enabling of bearer rejected, already enabled [ 191.388629][ T7862] binder: 7861:7862 ioctl c0306201 0 returned -14 [ 191.404639][ T7862] binder_user_error: 5 callbacks suppressed [ 191.404656][ T7862] binder: 7861:7862 got transaction to invalid handle, 1 [ 191.412548][ T7862] binder: 7862:7861 cannot find target node [ 191.414167][ T7862] binder: 7861:7862 transaction call to 0:0 failed 217/29201/-22, size 0-0 line 3054 [ 191.430599][ T7862] binder: 7861:7862 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 191.434054][ T7862] binder: 7862 RLIMIT_NICE not set [ 191.435394][ T7862] binder: 7861:7862 ioctl c0306201 20001440 returned -11 [ 191.477148][ T14] binder: undelivered TRANSACTION_ERROR: 29201 [ 192.045380][ T7875] tipc: Enabling of bearer rejected, already enabled [ 192.722055][ C0] vcan0: j1939_tp_rxtimer: 0x00000000b88b524a: rx timeout, send abort [ 193.053024][ T7897] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.1087'. [ 193.075698][ T7897] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1087'. [ 193.081465][ T7897] netlink: 'syz.1.1087': attribute type 1 has an invalid length. [ 193.101605][ T7897] netlink: 'syz.1.1087': attribute type 1 has an invalid length. [ 193.103701][ T7897] netlink: 'syz.1.1087': attribute type 2 has an invalid length. [ 193.105778][ T7897] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1087'. [ 193.218721][ T7903] binder: 7902:7903 ioctl c0306201 0 returned -14 [ 193.224469][ C0] vcan0: j1939_tp_rxtimer: 0x00000000b88b524a: abort rx timeout. Force session deactivation [ 193.237133][ T7903] binder: 7902:7903 got transaction to invalid handle, 1 [ 193.239073][ T7903] binder: 7903:7902 cannot find target node [ 193.240651][ T7903] binder: 7902:7903 transaction call to 0:0 failed 221/29201/-22, size 0-0 line 3054 [ 193.266359][ T7903] binder: 7902:7903 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 193.269891][ T7903] binder: 7903 RLIMIT_NICE not set [ 193.291709][ T7903] binder: 7902:7903 ioctl c0306201 20001440 returned -11 [ 193.556172][ T4351] binder: undelivered TRANSACTION_ERROR: 29201 [ 193.883684][ T7915] tipc: Enabling of bearer rejected, already enabled [ 194.952685][ T7938] binder: 7936:7938 ioctl c0306201 0 returned -14 [ 194.969003][ T7938] binder: 7936:7938 got transaction to invalid handle, 1 [ 194.970957][ T7938] binder: 7938:7936 cannot find target node [ 194.972515][ T7938] binder: 7936:7938 transaction call to 0:0 failed 225/29201/-22, size 0-0 line 3054 [ 194.975408][ T7938] binder: 7936:7938 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 194.986505][ T7938] binder: 7938 RLIMIT_NICE not set [ 194.987921][ T7938] binder: 7936:7938 ioctl c0306201 20001440 returned -11 [ 195.276164][ T4433] binder: undelivered TRANSACTION_ERROR: 29201 [ 195.444737][ T7947] tipc: Enabling of bearer rejected, already enabled [ 196.090134][ C0] vcan0: j1939_tp_rxtimer: 0x00000000907a484f: rx timeout, send abort [ 196.553713][ T7966] netlink: 16178 bytes leftover after parsing attributes in process `syz.4.1120'. [ 196.561887][ T7966] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1120'. [ 196.564509][ T7966] netlink: 'syz.4.1120': attribute type 1 has an invalid length. [ 196.568794][ T7966] netlink: 'syz.4.1120': attribute type 1 has an invalid length. [ 196.570938][ T7966] netlink: 'syz.4.1120': attribute type 2 has an invalid length. [ 196.573180][ T7966] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1120'. [ 196.592390][ C0] vcan0: j1939_tp_rxtimer: 0x00000000907a484f: abort rx timeout. Force session deactivation [ 197.543450][ T7976] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1124'. [ 197.586411][ T7982] binder: 7978:7982 got transaction to invalid handle, 1 [ 197.588573][ T7982] binder: 7982:7978 cannot find target node [ 197.590116][ T7982] binder: 7978:7982 transaction call to 0:0 failed 229/29201/-22, size 0-0 line 3054 [ 197.592818][ T7981] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1125'. [ 197.597039][ T7982] binder: 7978:7982 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 197.600734][ T7982] binder: 7982 RLIMIT_NICE not set [ 197.602339][ T7982] binder: 7978:7982 ioctl c0306201 20001440 returned -11 [ 197.621114][ T7981] 8021q: adding VLAN 0 to HW filter on device team1 [ 197.624617][ T7979] tipc: Enabling of bearer rejected, already enabled [ 197.636306][ T14] binder: undelivered TRANSACTION_ERROR: 29201 [ 198.924948][ T8008] netlink: 16178 bytes leftover after parsing attributes in process `syz.0.1138'. [ 198.934429][ T8010] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1139'. [ 198.940937][ T8008] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1138'. [ 198.943351][ T8008] netlink: 'syz.0.1138': attribute type 1 has an invalid length. [ 198.945521][ T8008] netlink: 'syz.0.1138': attribute type 1 has an invalid length. [ 198.948812][ T8008] netlink: 'syz.0.1138': attribute type 2 has an invalid length. [ 198.952278][ T8008] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1138'. [ 199.039859][ C0] vcan0: j1939_tp_rxtimer: 0x000000006d0f6699: rx timeout, send abort [ 199.080464][ T8019] tipc: Enabling of bearer rejected, already enabled [ 199.190045][ T8027] binder: 8026:8027 got transaction to invalid handle, 1 [ 199.192275][ T8027] binder: 8027:8026 cannot find target node [ 199.206580][ T8027] binder: 8026:8027 transaction call to 0:0 failed 233/29201/-22, size 0-0 line 3054 [ 199.210562][ T8027] binder: 8026:8027 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 199.216874][ T8027] binder: 8027 RLIMIT_NICE not set [ 199.218479][ T8027] binder: 8026:8027 ioctl c0306201 20001440 returned -11 [ 199.289000][ T4942] binder: undelivered TRANSACTION_ERROR: 29201 [ 199.542211][ C0] vcan0: j1939_tp_rxtimer: 0x000000006d0f6699: abort rx timeout. Force session deactivation [ 200.276399][ T8041] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1154'. [ 200.523252][ T8054] tipc: Enabling of bearer rejected, already enabled [ 200.682502][ T8064] binder: 8063:8064 got transaction to invalid handle, 1 [ 200.684414][ T8064] binder: 8064:8063 cannot find target node [ 200.686969][ T8064] binder: 8063:8064 transaction call to 0:0 failed 237/29201/-22, size 0-0 line 3054 [ 200.689922][ T8064] binder: 8063:8064 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 200.693370][ T8064] binder: 8064 RLIMIT_NICE not set [ 200.694751][ T8064] binder: 8063:8064 ioctl c0306201 20001440 returned -11 [ 200.847023][ T4935] binder: undelivered TRANSACTION_ERROR: 29201 [ 201.767804][ T8080] tipc: Enabling of bearer rejected, already enabled [ 201.859457][ C1] vcan0: j1939_tp_rxtimer: 0x000000006c6bb099: rx timeout, send abort [ 202.361796][ C1] vcan0: j1939_tp_rxtimer: 0x000000006c6bb099: abort rx timeout. Force session deactivation [ 202.912797][ T8103] binder: 8102:8103 got transaction to invalid handle, 1 [ 202.915030][ T8103] binder: 8103:8102 cannot find target node [ 202.916805][ T8103] binder: 8102:8103 transaction call to 0:0 failed 241/29201/-22, size 0-0 line 3054 [ 202.919777][ T8103] binder: 8102:8103 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 202.923203][ T8103] binder: 8103 RLIMIT_NICE not set [ 202.924536][ T8103] binder: 8102:8103 ioctl c0306201 20001440 returned -11 [ 202.987410][ T4935] binder: undelivered TRANSACTION_ERROR: 29201 [ 203.145343][ T8116] tipc: Enabling of bearer rejected, already enabled [ 204.355905][ T8147] tipc: Enabling of bearer rejected, already enabled [ 204.578887][ C0] vcan0: j1939_tp_rxtimer: 0x00000000cbe459a9: rx timeout, send abort [ 204.584740][ T8163] binder: 8162:8163 got transaction to invalid handle, 1 [ 204.593283][ T8163] binder: 8163:8162 cannot find target node [ 204.595110][ T8163] binder: 8162:8163 transaction call to 0:0 failed 245/29201/-22, size 0-0 line 3054 [ 204.601412][ T8163] binder: 8162:8163 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 204.608134][ T8163] binder: 8163 RLIMIT_NICE not set [ 204.609720][ T8163] binder: 8162:8163 ioctl c0306201 20001440 returned -11 [ 204.656627][ T4347] binder: undelivered TRANSACTION_ERROR: 29201 [ 204.852625][ T8178] tipc: Enabling of bearer rejected, already enabled [ 205.081354][ C0] vcan0: j1939_tp_rxtimer: 0x00000000cbe459a9: abort rx timeout. Force session deactivation [ 205.784043][ T8193] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1216'. [ 205.950779][ T8205] tipc: Enabling of bearer rejected, already enabled [ 206.022557][ T8209] binder: 8208:8209 got transaction to invalid handle, 1 [ 206.024621][ T8209] binder: 8209:8208 cannot find target node [ 206.045686][ T8209] binder: 8208:8209 transaction call to 0:0 failed 249/29201/-22, size 0-0 line 3054 [ 206.048877][ T8209] binder: 8208:8209 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 206.052357][ T8209] binder: 8209 RLIMIT_NICE not set [ 206.053733][ T8209] binder: 8208:8209 ioctl c0306201 20001440 returned -11 [ 206.256328][ T4942] binder: undelivered TRANSACTION_ERROR: 29201 [ 207.156943][ T8232] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1235'. [ 207.241965][ C1] vcan0: j1939_tp_rxtimer: 0x00000000ed4b7a60: rx timeout, send abort [ 207.315628][ T8244] binder: 8243:8244 tried to acquire reference to desc 0, got 1 instead [ 207.321425][ T8242] tipc: Enabling of bearer rejected, already enabled [ 207.372247][ T8249] binder: release 8243:8249 transaction 254 in, still active [ 207.374322][ T8249] binder: send failed reply for transaction 254 to 8243:8249 [ 207.744231][ C1] vcan0: j1939_tp_rxtimer: 0x00000000ed4b7a60: abort rx timeout. Force session deactivation [ 208.304814][ T8261] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1246'. [ 208.345287][ T8261] 8021q: adding VLAN 0 to HW filter on device team1 [ 208.469335][ T8267] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1249'. [ 208.657263][ T8281] tipc: Enabling of bearer rejected, already enabled [ 209.715182][ T8297] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1263'. [ 209.731892][ T8297] 8021q: adding VLAN 0 to HW filter on device team2 [ 209.785987][ T8304] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1265'. [ 209.848931][ T8308] tipc: Enabling of bearer rejected, already enabled [ 209.910499][ C0] vcan0: j1939_tp_rxtimer: 0x00000000b5b7237d: rx timeout, send abort [ 210.412941][ C0] vcan0: j1939_tp_rxtimer: 0x00000000b5b7237d: abort rx timeout. Force session deactivation [ 210.945557][ T4942] binder: undelivered TRANSACTION_COMPLETE [ 210.947723][ T4942] binder: undelivered TRANSACTION_ERROR: 29189 [ 211.165449][ T8328] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1277'. [ 211.274035][ T8335] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1280'. [ 211.292063][ T8335] 8021q: adding VLAN 0 to HW filter on device team1 [ 211.295751][ T8338] tipc: Enabling of bearer rejected, already enabled [ 211.560487][ T8355] binder_user_error: 3 callbacks suppressed [ 211.560500][ T8355] binder: 8352:8355 tried to acquire reference to desc 0, got 1 instead [ 212.301103][ T8362] binder: 8352:8362 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 212.305291][ T8362] binder: 8362 RLIMIT_NICE not set [ 212.307861][ T8362] binder: 8362 RLIMIT_NICE not set [ 212.351937][ T8365] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1290'. [ 212.519612][ T8371] tipc: Enabling of bearer rejected, already enabled [ 212.647874][ T8377] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1296'. [ 212.658692][ C0] vcan0: j1939_tp_rxtimer: 0x00000000ec3512ee: rx timeout, send abort [ 212.676176][ T8377] 8021q: adding VLAN 0 to HW filter on device team2 [ 213.052136][ T8396] tipc: Enabling of bearer rejected, already enabled [ 213.161131][ C0] vcan0: j1939_tp_rxtimer: 0x00000000ec3512ee: abort rx timeout. Force session deactivation [ 213.940515][ T8406] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1308'. [ 213.967229][ T8406] 8021q: adding VLAN 0 to HW filter on device team1 [ 214.188238][ T8421] tipc: Enabling of bearer rejected, already enabled [ 214.214028][ T8421] tipc: Enabling of bearer rejected, already enabled [ 215.191044][ T4935] binder: release 8352:8362 transaction 259 in, still active [ 215.193167][ T4935] binder: send failed reply for transaction 259 to 8352:8361 [ 215.195659][ T4935] binder: undelivered TRANSACTION_COMPLETE [ 215.199454][ T4935] binder: undelivered TRANSACTION_ERROR: 29189 [ 215.379620][ T8442] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1325'. [ 215.393735][ T8442] 8021q: adding VLAN 0 to HW filter on device team3 [ 215.528650][ T8456] binder: 8455:8456 tried to acquire reference to desc 0, got 1 instead [ 215.531034][ C0] vcan0: j1939_tp_rxtimer: 0x00000000eef30944: rx timeout, send abort [ 215.531825][ T8454] tipc: Enabling of bearer rejected, already enabled [ 215.538180][ T8454] tipc: Enabling of bearer rejected, already enabled [ 215.590029][ T8457] binder: 8455:8457 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 215.593528][ T8457] binder: 8457 RLIMIT_NICE not set [ 215.595035][ T8457] binder: 8457 RLIMIT_NICE not set [ 215.608611][ T8457] binder: release 8455:8457 transaction 264 in, still active [ 215.610739][ T8457] binder: send failed reply for transaction 264 to 8455:8457 [ 216.031094][ C0] vcan0: j1939_tp_rxtimer: 0x00000000eef30944: abort rx timeout. Force session deactivation [ 216.894350][ T8484] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1343'. [ 216.929137][ T8483] tipc: Enabling of bearer rejected, already enabled [ 216.942642][ T8483] tipc: Enabling of bearer rejected, already enabled [ 217.386360][ T4433] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 217.497267][ T8511] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1356'. [ 217.538822][ T8513] tipc: Enabling of bearer rejected, already enabled [ 217.541653][ T8513] tipc: Enabling of bearer rejected, already enabled [ 217.586255][ T4433] usb 1-1: Using ep0 maxpacket: 16 [ 217.592505][ T4433] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 217.595579][ T4433] usb 1-1: config 0 has no interfaces? [ 217.605488][ T4433] usb 1-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 217.614230][ T4433] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 217.618603][ T4433] usb 1-1: Product: syz [ 217.622500][ T4433] usb 1-1: Manufacturer: syz [ 217.625176][ T4433] usb 1-1: SerialNumber: syz [ 217.640817][ T4433] usb 1-1: config 0 descriptor?? [ 217.925405][ T4433] usb 1-1: USB disconnect, device number 2 [ 218.108516][ T8536] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1368'. [ 218.175780][ T8538] tipc: Enabling of bearer rejected, already enabled [ 218.179022][ T8538] tipc: Enabling of bearer rejected, already enabled [ 218.268139][ C0] vcan0: j1939_tp_rxtimer: 0x000000005bae5309: rx timeout, send abort [ 218.532543][ T4433] binder: undelivered TRANSACTION_COMPLETE [ 218.534242][ T4433] binder: undelivered TRANSACTION_ERROR: 29189 [ 218.760922][ T8564] tipc: Enabling of bearer rejected, already enabled [ 218.763787][ T8564] tipc: Enabling of bearer rejected, already enabled [ 218.770602][ C0] vcan0: j1939_tp_rxtimer: 0x000000005bae5309: abort rx timeout. Force session deactivation [ 218.945007][ T8578] binder: 8574:8578 tried to acquire reference to desc 0, got 1 instead [ 218.970020][ T8582] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 218.983600][ T8582] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 219.001206][ T8583] binder: 8574:8583 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 219.005034][ T8583] binder: 8583 RLIMIT_NICE not set [ 219.014980][ T8583] binder: 8583 RLIMIT_NICE not set [ 219.017347][ T8583] binder: release 8574:8583 transaction 269 in, still active [ 219.019354][ T8583] binder: send failed reply for transaction 269 to 8574:8583 [ 219.325153][ T8597] tipc: Enabling of bearer rejected, already enabled [ 219.328595][ T8597] tipc: Enabling of bearer rejected, already enabled [ 219.729123][ T8619] tipc: Enabling of bearer rejected, already enabled [ 219.732152][ T8619] tipc: Enabling of bearer rejected, already enabled [ 220.174272][ T8641] tipc: Enabling of bearer rejected, already enabled [ 220.177562][ T8641] tipc: Enabling of bearer rejected, already enabled [ 220.253866][ T8649] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1421'. [ 220.512574][ C1] vcan0: j1939_tp_rxtimer: 0x00000000c8f5b186: rx timeout, send abort [ 220.747634][ T8669] tipc: Enabling of bearer rejected, already enabled [ 220.750298][ T8672] tipc: Enabling of bearer rejected, already enabled [ 220.792997][ T8674] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1435'. [ 221.015592][ C1] vcan0: j1939_tp_rxtimer: 0x00000000c8f5b186: abort rx timeout. Force session deactivation [ 221.136178][ T8697] tipc: Enabling of bearer rejected, already enabled [ 221.145000][ T8697] tipc: Enabling of bearer rejected, already enabled [ 221.357007][ T8705] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1449'. [ 221.616115][ T8726] tipc: Enabling of bearer rejected, already enabled [ 221.637284][ T8726] tipc: Enabling of bearer rejected, already enabled [ 221.902430][ T4935] binder: undelivered TRANSACTION_COMPLETE [ 221.904226][ T4935] binder: undelivered TRANSACTION_ERROR: 29189 [ 222.238256][ T8754] tipc: Enabling of bearer rejected, already enabled [ 222.245974][ T8754] tipc: Enabling of bearer rejected, already enabled [ 222.392413][ T8767] binder: 8766:8767 tried to acquire reference to desc 0, got 1 instead [ 222.456728][ T8773] binder: 8766:8773 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 222.460268][ T8773] binder: 8773 RLIMIT_NICE not set [ 222.461673][ T8773] binder: 8773 RLIMIT_NICE not set [ 222.465669][ T8773] binder: release 8766:8773 transaction 274 in, still active [ 222.471192][ T8773] binder: send failed reply for transaction 274 to 8766:8773 [ 222.753860][ C1] vcan0: j1939_tp_rxtimer: 0x00000000fb3c2317: rx timeout, send abort [ 222.830887][ T8786] tipc: Enabling of bearer rejected, already enabled [ 222.833592][ T8786] tipc: Enabling of bearer rejected, already enabled [ 223.256188][ C1] vcan0: j1939_tp_rxtimer: 0x00000000fb3c2317: abort rx timeout. Force session deactivation [ 223.388667][ T8816] tipc: Enabling of bearer rejected, already enabled [ 223.394906][ T8816] tipc: Enabling of bearer rejected, already enabled [ 223.799526][ T8846] tipc: Enabling of bearer rejected, already enabled [ 223.808565][ T8846] tipc: Enabling of bearer rejected, already enabled [ 224.249452][ T8877] tipc: Enabling of bearer rejected, already enabled [ 224.253121][ T8877] tipc: Enabling of bearer rejected, already enabled [ 224.387935][ T8889] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1532'. [ 224.630428][ T8906] tipc: Enabling of bearer rejected, already enabled [ 224.633804][ T8906] tipc: Enabling of bearer rejected, already enabled [ 224.793176][ T8918] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1545'. [ 224.930996][ C1] vcan0: j1939_tp_rxtimer: 0x000000005dbab7a9: rx timeout, send abort [ 225.070241][ T8937] tipc: Enabling of bearer rejected, already enabled [ 225.073480][ T8937] tipc: Enabling of bearer rejected, already enabled [ 225.396389][ T4428] binder: undelivered TRANSACTION_COMPLETE [ 225.398162][ T4428] binder: undelivered TRANSACTION_ERROR: 29189 [ 225.433444][ C1] vcan0: j1939_tp_rxtimer: 0x000000005dbab7a9: abort rx timeout. Force session deactivation [ 225.501526][ T8956] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1561'. [ 225.610376][ T8962] tipc: Enabling of bearer rejected, already enabled [ 225.617486][ T8962] tipc: Enabling of bearer rejected, already enabled [ 225.836017][ T8976] binder: 8975:8976 tried to acquire reference to desc 0, got 1 instead [ 225.894633][ T8980] binder: 8975:8980 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 225.900849][ T8980] binder: 8980 RLIMIT_NICE not set [ 225.905441][ T8980] binder: 8980 RLIMIT_NICE not set [ 225.914978][ T8980] binder: release 8975:8980 transaction 279 in, still active [ 225.922030][ T8980] binder: send failed reply for transaction 279 to 8975:8980 [ 226.062338][ T8986] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1574'. [ 226.392981][ T8994] tipc: Enabling of bearer rejected, already enabled [ 226.395869][ T8994] tipc: Enabling of bearer rejected, already enabled [ 226.635969][ T9008] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1585'. [ 226.745943][ T9016] tipc: Enabling of bearer rejected, already enabled [ 227.114269][ T9041] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1599'. [ 227.248911][ C1] vcan0: j1939_tp_rxtimer: 0x0000000013071880: rx timeout, send abort [ 227.454642][ T9049] tipc: Enabling of bearer rejected, already enabled [ 227.751453][ C1] vcan0: j1939_tp_rxtimer: 0x0000000013071880: abort rx timeout. Force session deactivation [ 228.030782][ T9074] tipc: Enabling of bearer rejected, already enabled [ 228.478303][ T9099] tipc: Enabling of bearer rejected, already enabled [ 228.515918][ T9101] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1626'. [ 228.865441][ T4433] binder: undelivered TRANSACTION_COMPLETE [ 228.867312][ T4433] binder: undelivered TRANSACTION_ERROR: 29189 [ 228.991877][ T9125] tipc: Enabling of bearer rejected, already enabled [ 229.106738][ T9129] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1639'. [ 229.325471][ T9141] binder: 9140:9141 tried to acquire reference to desc 0, got 1 instead [ 229.329479][ T9141] binder: 9140:9141 ioctl c0306201 0 returned -14 [ 229.331678][ T9141] binder: 9140:9141 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 229.335347][ T9141] binder: 9141 RLIMIT_NICE not set [ 229.337184][ T9141] binder: 9140:9141 ioctl c0306201 20001440 returned -11 [ 229.471295][ T9147] tipc: Enabling of bearer rejected, already enabled [ 229.512605][ C1] vcan0: j1939_tp_rxtimer: 0x0000000000414d5d: rx timeout, send abort [ 229.534561][ T9149] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1649'. [ 229.612012][ T9153] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1651'. [ 230.014896][ C1] vcan0: j1939_tp_rxtimer: 0x0000000000414d5d: abort rx timeout. Force session deactivation [ 230.041394][ T9175] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1662'. [ 230.044645][ T9173] tipc: Enabling of bearer rejected, already enabled [ 230.250418][ T9187] binder: 9182:9187 tried to acquire reference to desc 0, got 1 instead [ 230.267869][ T9187] binder: 9182:9187 ioctl c0306201 0 returned -14 [ 230.281567][ T9187] binder: 9182:9187 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 230.285239][ T9187] binder: 9187 RLIMIT_NICE not set [ 230.287764][ T9187] binder: 9182:9187 ioctl c0306201 20001440 returned -11 [ 230.469167][ T9201] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1676'. [ 230.554127][ T9207] tipc: Enabling of bearer rejected, already enabled [ 230.818320][ T9228] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1688'. [ 230.982583][ T9237] tipc: Enabling of bearer rejected, already enabled [ 231.204780][ T9251] binder: 9250:9251 tried to acquire reference to desc 0, got 1 instead [ 231.209497][ T9251] binder: 9250:9251 ioctl c0306201 0 returned -14 [ 231.211240][ T9253] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1700'. [ 231.212798][ T9251] binder: 9250:9251 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 231.225150][ T9251] binder: 9251 RLIMIT_NICE not set [ 231.230547][ T9251] binder: 9250:9251 ioctl c0306201 20001440 returned -11 [ 231.325419][ T9260] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1703'. [ 231.328333][ T9260] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1703'. [ 231.331892][ T9260] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1703'. [ 231.334501][ T9260] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1703'. [ 231.737477][ C0] vcan0: j1939_tp_rxtimer: 0x0000000038897eb6: rx timeout, send abort [ 231.785137][ T9281] fuse: Bad value for 'fd' [ 232.187345][ T9308] binder: 9306:9308 tried to acquire reference to desc 0, got 1 instead [ 232.193421][ T9308] binder: 9306:9308 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 232.199690][ T9308] binder: 9308 RLIMIT_NICE not set [ 232.201355][ T9308] binder: 9306:9308 ioctl c0306201 20001440 returned -11 [ 232.232596][ T9310] fuse: Bad value for 'fd' [ 232.239838][ C0] vcan0: j1939_tp_rxtimer: 0x0000000038897eb6: abort rx timeout. Force session deactivation [ 232.666187][ T9340] fuse: Bad value for 'fd' [ 233.125836][ T9369] binder: 9368:9369 tried to acquire reference to desc 0, got 1 instead [ 233.143568][ T9369] binder: 9368:9369 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 233.153831][ T9369] binder: 9369 RLIMIT_NICE not set [ 233.155434][ T9369] binder: 9368:9369 ioctl c0306201 20001440 returned -11 [ 233.878420][ C0] vcan0: j1939_tp_rxtimer: 0x0000000063dd0634: rx timeout, send abort [ 234.074045][ T9399] binder: BINDER_SET_CONTEXT_MGR already set [ 234.075848][ T9399] binder: 9398:9399 ioctl 4018620d 20000040 returned -16 [ 234.080924][ T9399] binder: 9398:9399 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 234.084653][ T9399] binder: 9398:9399 ioctl c0306201 20001440 returned -11 [ 234.380801][ C0] vcan0: j1939_tp_rxtimer: 0x0000000063dd0634: abort rx timeout. Force session deactivation [ 234.674327][ T9423] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 234.683638][ T9423] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 234.743015][ T9427] __nla_validate_parse: 10 callbacks suppressed [ 234.743030][ T9427] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1777'. [ 235.418164][ T9446] binder: 9445:9446 ioctl c0306201 20001440 returned -11 [ 235.712151][ T9452] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1789'. [ 236.165014][ T9472] trusted_key: encrypted_key: insufficient parameters specified [ 236.202281][ C1] vcan0: j1939_tp_rxtimer: 0x00000000c2c2ceb3: rx timeout, send abort [ 236.704517][ C1] vcan0: j1939_tp_rxtimer: 0x00000000c2c2ceb3: abort rx timeout. Force session deactivation [ 237.058582][ T9486] binder_user_error: 4 callbacks suppressed [ 237.058597][ T9486] binder: 9485:9486 tried to acquire reference to desc 0, got 1 instead [ 237.079984][ T9486] binder: 9485:9486 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 237.092992][ T9486] binder: 9486 RLIMIT_NICE not set [ 237.094468][ T9486] binder: 9485:9486 ioctl c0306201 20001440 returned -11 [ 237.797908][ T9508] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1814'. [ 238.222786][ T9524] binder: 9523:9524 tried to acquire reference to desc 0, got 1 instead [ 238.230030][ T9524] binder: 9523:9524 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 238.233613][ T9524] binder: 9524 RLIMIT_NICE not set [ 238.235163][ T9524] binder: 9523:9524 ioctl c0306201 20001440 returned -11 [ 238.483807][ C0] vcan0: j1939_tp_rxtimer: 0x00000000f3b31e77: rx timeout, send abort [ 238.986202][ C0] vcan0: j1939_tp_rxtimer: 0x00000000f3b31e77: abort rx timeout. Force session deactivation [ 239.291447][ T9541] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1827'. [ 239.792865][ T9558] binder: 9557:9558 tried to acquire reference to desc 0, got 1 instead [ 239.802147][ T9558] binder: 9557:9558 ioctl c0306201 0 returned -14 [ 239.804524][ T4433] binder: release 9557:9558 transaction 318 out, still active [ 239.846180][ T4433] binder: undelivered TRANSACTION_COMPLETE [ 240.324348][ T4935] binder: send failed reply for transaction 318, target dead [ 240.543986][ T9574] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1840'. [ 240.834901][ T9589] binder: 9588:9589 tried to acquire reference to desc 0, got 1 instead [ 240.842335][ T9589] binder: 9588:9589 ioctl c0306201 0 returned -14 [ 240.844557][ T4935] binder: release 9588:9589 transaction 323 out, still active [ 240.878994][ T4935] binder: undelivered TRANSACTION_COMPLETE [ 241.300527][ C0] vcan0: j1939_tp_rxtimer: 0x00000000168ed9eb: rx timeout, send abort [ 241.328588][ T9599] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1852'. [ 241.362969][ T4428] binder: send failed reply for transaction 323, target dead [ 241.803092][ C0] vcan0: j1939_tp_rxtimer: 0x00000000168ed9eb: abort rx timeout. Force session deactivation [ 241.901922][ T9627] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1862'. [ 241.926153][ T4428] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 241.982913][ T9631] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1863'. [ 242.004487][ T9633] binder: 9632:9633 tried to acquire reference to desc 0, got 1 instead [ 242.013141][ T9633] binder: 9632:9633 ioctl c0306201 0 returned -14 [ 242.015685][ T14] binder: release 9632:9633 transaction 328 out, still active [ 242.056377][ T14] binder: undelivered TRANSACTION_COMPLETE [ 242.165011][ T9644] device syzkaller1 entered promiscuous mode [ 242.614850][ T4935] binder: send failed reply for transaction 328, target dead [ 243.691330][ T9730] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1874'. [ 243.697226][ T9730] device vlan2 entered promiscuous mode [ 243.698777][ T9730] device bridge0 entered promiscuous mode [ 243.760059][ T9732] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1875'. [ 243.818834][ T9734] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1876'. [ 244.019419][ T9742] binder: 9739:9742 tried to acquire reference to desc 0, got 1 instead [ 244.024332][ T4433] binder: release 9739:9742 transaction 333 out, still active [ 244.212600][ C0] vcan0: j1939_tp_rxtimer: 0x00000000375d1d41: rx timeout, send abort [ 244.662485][ T4428] usb 1-1: unable to get BOS descriptor or descriptor too short [ 244.666003][ T4428] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 244.669977][ T4428] usb 1-1: can't read configurations, error -71 [ 244.715174][ C0] vcan0: j1939_tp_rxtimer: 0x00000000375d1d41: abort rx timeout. Force session deactivation [ 244.824823][ T9765] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1887'. [ 244.833510][ T9765] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1887'. [ 244.849019][ T9764] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1886'. [ 245.849176][ T9822] binder: 9821:9822 tried to acquire reference to desc 0, got 1 instead [ 245.853402][ T4433] binder_debug: 2 callbacks suppressed [ 245.853412][ T4433] binder: release 9821:9822 transaction 338 out, still active [ 245.906165][ T4433] binder: undelivered TRANSACTION_COMPLETE [ 245.963492][ T9827] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1898'. [ 245.966005][ T9827] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1898'. [ 246.002515][ T9829] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1899'. [ 246.215689][ T9838] netlink: 'syz.0.1900': attribute type 10 has an invalid length. [ 246.270461][ T9838] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 246.377569][ T4433] binder: send failed reply for transaction 338, target dead [ 247.117134][ C0] vcan0: j1939_tp_rxtimer: 0x00000000b0d1a19e: rx timeout, send abort [ 247.240527][ T9856] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1910'. [ 247.243143][ T9856] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1910'. [ 247.284665][ T9858] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1911'. [ 247.394362][ T9865] binder: 9864:9865 tried to acquire reference to desc 0, got 1 instead [ 247.398447][ T4433] binder: release 9864:9865 transaction 343 out, still active [ 247.436277][ T4433] binder: undelivered TRANSACTION_COMPLETE [ 247.619773][ C0] vcan0: j1939_tp_rxtimer: 0x00000000b0d1a19e: abort rx timeout. Force session deactivation [ 247.673955][ T9879] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1921'. [ 247.691774][ T9879] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1921'. [ 247.733886][ T9882] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1922'. [ 247.921248][ T4935] binder: send failed reply for transaction 343, target dead [ 248.472002][ T9923] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1933'. [ 248.738354][ T9937] binder: 9936:9937 tried to acquire reference to desc 0, got 1 instead [ 248.757197][ T4428] binder: release 9936:9937 transaction 348 out, still active [ 248.799879][ T4428] binder: undelivered TRANSACTION_COMPLETE [ 248.827221][ T2060] ieee802154 phy0 wpan0: encryption failed: -22 [ 249.104388][ T9947] process 'syz.4.1940' launched '/dev/fd/3' with NULL argv: empty string added [ 249.289138][ T4428] binder: send failed reply for transaction 348, target dead [ 249.375214][ T9962] netlink: 'syz.3.1947': attribute type 4 has an invalid length. [ 249.533090][ C0] vcan0: j1939_tp_rxtimer: 0x000000001da868e9: rx timeout, send abort [ 249.961333][ T9993] binder: 9991:9993 tried to acquire reference to desc 0, got 1 instead [ 249.965491][ T14] binder: release 9991:9993 transaction 353 out, still active [ 250.035399][ C0] vcan0: j1939_tp_rxtimer: 0x000000001da868e9: abort rx timeout. Force session deactivation [ 250.584911][T10022] binder: 10021:10022 tried to acquire reference to desc 0, got 1 instead [ 251.141034][ T14] binder_debug: 4 callbacks suppressed [ 251.141048][ T14] binder: send failed reply for transaction 358, target dead [ 251.986297][T10058] __nla_validate_parse: 11 callbacks suppressed [ 251.986314][T10058] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1981'. [ 251.990451][T10058] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1981'. [ 252.000036][T10061] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1982'. [ 252.092079][ C0] vcan0: j1939_tp_rxtimer: 0x00000000b334c802: rx timeout, send abort [ 252.134826][T10071] binder: 10070:10071 tried to acquire reference to desc 0, got 1 instead [ 252.144077][T10071] binder: 10070:10071 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 252.152809][T10071] binder: 10071 RLIMIT_NICE not set [ 252.154899][ T4428] binder: release 10070:10071 transaction 363 out, still active [ 252.186510][ T4428] binder: undelivered TRANSACTION_COMPLETE [ 252.324719][T10085] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1993'. [ 252.365755][T10087] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1994'. [ 252.417930][T10090] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1996'. [ 252.594564][ C0] vcan0: j1939_tp_rxtimer: 0x00000000b334c802: abort rx timeout. Force session deactivation [ 252.685397][ T4433] binder: send failed reply for transaction 363, target dead [ 252.800050][T10111] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2004'. [ 252.845008][T10115] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2007'. [ 252.970607][T10123] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2010'. [ 253.291450][T10129] binder: 10128:10129 tried to acquire reference to desc 0, got 1 instead [ 253.300887][T10129] binder: 10128:10129 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 253.316244][T10129] binder: 10129 RLIMIT_NICE not set [ 253.325467][ T4935] binder: release 10128:10129 transaction 368 out, still active [ 253.376111][ T4935] binder: undelivered TRANSACTION_COMPLETE [ 253.654902][T10137] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2017'. [ 253.843780][ T4942] binder: send failed reply for transaction 368, target dead [ 254.311289][T10157] fuse: Bad value for 'group_id' [ 254.322601][ C1] vcan0: j1939_tp_rxtimer: 0x00000000027d92dc: rx timeout, send abort [ 254.824940][ C1] vcan0: j1939_tp_rxtimer: 0x00000000027d92dc: abort rx timeout. Force session deactivation [ 255.399448][T10169] binder: 10168:10169 tried to acquire reference to desc 0, got 1 instead [ 255.432051][T10169] binder: 10168:10169 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 255.447531][T10169] binder: 10169 RLIMIT_NICE not set [ 255.449602][ T4935] binder: release 10168:10169 transaction 373 out, still active [ 255.496236][ T4935] binder: undelivered TRANSACTION_COMPLETE [ 255.855198][T10187] fuse: Bad value for 'group_id' [ 255.972156][ T4942] binder: send failed reply for transaction 373, target dead [ 256.786107][T10214] binder: BINDER_SET_CONTEXT_MGR already set [ 256.787953][T10214] binder: 10213:10214 ioctl 4018620d 20000040 returned -16 [ 256.791158][T10214] binder: 10213:10214 got transaction to invalid handle, 1 [ 256.793305][T10214] binder: 10214:10213 cannot find target node [ 256.795037][T10214] binder: 10213:10214 transaction call to 0:0 failed 376/29201/-22, size 0-0 line 3054 [ 256.798518][T10214] binder: 10213:10214 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 256.802154][T10214] binder: 10214 RLIMIT_NICE not set [ 256.803728][T10214] binder: 10213:10214 ioctl c0306201 20001440 returned -11 [ 256.896796][ T4942] binder: undelivered TRANSACTION_ERROR: 29201 [ 256.969241][ C1] vcan0: j1939_tp_rxtimer: 0x0000000080e5dfe6: rx timeout, send abort [ 257.054432][T10222] __nla_validate_parse: 9 callbacks suppressed [ 257.054447][T10222] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2054'. [ 257.089491][T10224] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2055'. [ 257.471647][ C1] vcan0: j1939_tp_rxtimer: 0x0000000080e5dfe6: abort rx timeout. Force session deactivation [ 257.552063][T10239] fuse: Bad value for 'group_id' [ 257.687620][T10244] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2063'. [ 257.832242][T10249] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 257.838975][T10249] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 258.288762][T10251] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2066'. [ 258.359298][T10253] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2067'. [ 258.418015][T10255] binder: BINDER_SET_CONTEXT_MGR already set [ 258.419877][T10255] binder: 10254:10255 ioctl 4018620d 20000040 returned -16 [ 258.423436][T10255] binder: 10254:10255 got transaction to invalid handle, 1 [ 258.425667][T10255] binder: 10255:10254 cannot find target node [ 258.428274][T10255] binder: 10254:10255 transaction call to 0:0 failed 379/29201/-22, size 0-0 line 3054 [ 258.431317][T10255] binder: 10254:10255 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 258.435340][T10255] binder: 10255 RLIMIT_NICE not set [ 258.437551][T10255] binder: 10254:10255 ioctl c0306201 20001440 returned -11 [ 258.497591][ T4428] binder: undelivered TRANSACTION_ERROR: 29201 [ 258.579968][T10267] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2074'. [ 258.641794][T10272] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 258.644285][T10272] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 258.649586][T10272] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2076'. [ 258.652190][T10272] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2076'. [ 258.708472][T10272] device batadv0 entered promiscuous mode [ 258.756851][T10272] device batadv_slave_1 entered promiscuous mode [ 258.758898][T10272] device batadv_slave_1 left promiscuous mode [ 258.760909][T10272] device batadv0 left promiscuous mode [ 258.840045][T10274] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2076'. [ 258.842721][T10274] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2076'. [ 258.888359][T10274] device batadv0 entered promiscuous mode [ 258.916560][T10274] device batadv_slave_1 entered promiscuous mode [ 258.918445][T10274] device batadv_slave_1 left promiscuous mode [ 258.920229][T10274] device batadv0 left promiscuous mode [ 259.154752][T10284] 8021q: VLANs not supported on ip6gre0 [ 259.698996][T10295] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 259.702865][T10295] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 259.755481][ C0] vcan0: j1939_tp_rxtimer: 0x00000000c62edaef: rx timeout, send abort [ 259.949923][T10301] binder: 10300:10301 tried to acquire reference to desc 0, got 1 instead [ 259.954076][ T4942] binder: release 10300:10301 transaction 384 out, still active [ 259.996135][ T4942] binder: undelivered TRANSACTION_COMPLETE [ 260.257889][ C0] vcan0: j1939_tp_rxtimer: 0x00000000c62edaef: abort rx timeout. Force session deactivation [ 260.493039][ T4935] binder: send failed reply for transaction 384, target dead [ 260.650963][T10334] CIFS: VFS: Malformed UNC in devname [ 261.576407][T10351] binder_user_error: 2 callbacks suppressed [ 261.576420][T10351] binder: 10350:10351 tried to acquire reference to desc 0, got 1 instead [ 261.588768][T10351] binder: 10350:10351 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 261.602636][T10351] binder: 10351 RLIMIT_NICE not set [ 261.604617][ T4935] binder: release 10350:10351 transaction 389 out, still active [ 261.852017][ C1] vcan0: j1939_tp_rxtimer: 0x00000000f4e8e311: rx timeout, send abort [ 262.134828][ T4935] binder_debug: 1 callbacks suppressed [ 262.134842][ T4935] binder: send failed reply for transaction 389, target dead [ 262.354410][ C1] vcan0: j1939_tp_rxtimer: 0x00000000f4e8e311: abort rx timeout. Force session deactivation [ 262.431932][ T4351] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 262.459616][T10382] input: syz0 as /devices/virtual/input/input2 [ 262.528760][T10384] __nla_validate_parse: 8 callbacks suppressed [ 262.528774][T10384] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2124'. [ 262.606228][ T4351] usb 1-1: Using ep0 maxpacket: 8 [ 262.608946][ T4351] usb 1-1: config 0 has an invalid interface number: 55 but max is 0 [ 262.611240][ T4351] usb 1-1: config 0 has no interface number 0 [ 262.613259][ T4351] usb 1-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0x80, skipping [ 262.620315][ T4351] usb 1-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0xAB, skipping [ 262.623184][ T4351] usb 1-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 262.627673][ T4351] usb 1-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 262.630148][ T4351] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 262.634565][ T4351] usb 1-1: config 0 descriptor?? [ 262.641648][ T4351] ldusb 1-1:0.55: Interrupt in endpoint not found [ 262.664582][T10388] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2126'. [ 262.807567][T10394] binder: 10393:10394 tried to acquire reference to desc 0, got 1 instead [ 262.811327][T10394] binder: 10393:10394 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 262.814764][T10394] binder: 10394 RLIMIT_NICE not set [ 262.822222][ T4351] binder: release 10393:10394 transaction 394 out, still active [ 262.849396][ T4433] usb 1-1: USB disconnect, device number 5 [ 262.866241][ T4351] binder: undelivered TRANSACTION_COMPLETE [ 263.290459][T10408] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2135'. [ 263.356126][ T4433] binder: send failed reply for transaction 394, target dead [ 263.430047][T10413] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2137'. [ 264.400819][ C0] vcan0: j1939_tp_rxtimer: 0x0000000058130ad6: rx timeout, send abort [ 264.513820][T10437] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2146'. [ 264.532878][T10435] binder: 10434:10435 tried to acquire reference to desc 0, got 1 instead [ 264.541742][T10435] binder: 10434:10435 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 264.545344][T10435] binder: 10435 RLIMIT_NICE not set [ 264.563197][ T4433] binder: release 10434:10435 transaction 399 out, still active [ 264.596228][ T4433] binder: undelivered TRANSACTION_COMPLETE [ 264.794693][T10445] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2150'. [ 264.903238][ C0] vcan0: j1939_tp_rxtimer: 0x0000000058130ad6: abort rx timeout. Force session deactivation [ 264.912689][T10451] device vlan2 entered promiscuous mode [ 264.914414][T10451] device bridge0 entered promiscuous mode [ 265.042805][T10458] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2156'. [ 265.047252][T10458] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2156'. [ 265.050195][T10458] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2156'. [ 265.105641][ T4433] binder: send failed reply for transaction 399, target dead [ 265.136825][T10463] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2158'. [ 265.832492][T10483] 8021q: adding VLAN 0 to HW filter on device bond2 [ 265.846739][T10483] bond2: (slave geneve2): Enslaving as an active interface with an up link [ 265.849692][ T9699] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready [ 265.854764][T10483] device bond2 entered promiscuous mode [ 265.856532][T10483] device geneve2 entered promiscuous mode [ 265.931780][T10488] binder: 10487:10488 tried to acquire reference to desc 0, got 1 instead [ 265.936794][ T4351] binder: release 10487:10488 transaction 404 out, still active [ 265.957186][ T4351] binder: undelivered TRANSACTION_COMPLETE [ 266.455740][ T4351] binder: send failed reply for transaction 404, target dead [ 266.604893][ C1] vcan0: j1939_tp_rxtimer: 0x000000008830e706: rx timeout, send abort [ 266.665652][T10530] device vlan3 entered promiscuous mode [ 266.674168][T10530] device vlan2 entered promiscuous mode [ 266.675605][T10530] device gretap0 entered promiscuous mode [ 266.789169][T10538] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 267.107522][ C1] vcan0: j1939_tp_rxtimer: 0x000000008830e706: abort rx timeout. Force session deactivation [ 267.214740][T10545] binder_user_error: 2 callbacks suppressed [ 267.214752][T10545] binder: 10544:10545 tried to acquire reference to desc 0, got 1 instead [ 267.224039][T10545] binder: 10544:10545 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 267.229639][T10545] binder: 10545 RLIMIT_NICE not set [ 267.231653][ T4433] binder: release 10544:10545 transaction 409 out, still active [ 267.260139][ T4433] binder: undelivered TRANSACTION_COMPLETE [ 267.450871][T10561] fuse: Unknown parameter 'grou00000000000000000000' [ 267.745380][ T4935] binder: send failed reply for transaction 409, target dead [ 267.785971][T10569] __nla_validate_parse: 16 callbacks suppressed [ 267.785986][T10569] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2208'. [ 267.827992][T10569] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2208'. [ 267.874371][T10577] fuse: Bad value for 'user_id' [ 268.086159][T10586] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2216'. [ 268.242970][T10588] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2217'. [ 268.452994][T10592] binder: 10591:10592 tried to acquire reference to desc 0, got 1 instead [ 268.457876][T10592] binder: 10591:10592 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 268.462145][T10592] binder: 10592 RLIMIT_NICE not set [ 268.465674][ T4351] binder: release 10591:10592 transaction 414 out, still active [ 268.516129][ T4351] binder: undelivered TRANSACTION_COMPLETE [ 268.760109][ C0] vcan0: j1939_tp_rxtimer: 0x0000000074b5ac8f: rx timeout, send abort [ 268.804213][T10598] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2222'. [ 268.856231][T10598] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2222'. [ 268.995741][ T4433] binder: send failed reply for transaction 414, target dead [ 269.057125][T10609] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2228'. [ 269.144860][T10612] fuse: Unknown parameter 'grou00000000000000000000' [ 269.262366][ C0] vcan0: j1939_tp_rxtimer: 0x0000000074b5ac8f: abort rx timeout. Force session deactivation [ 269.382019][T10623] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2235'. [ 269.405214][T10623] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2235'. [ 269.501233][T10629] binder: 10628:10629 tried to acquire reference to desc 0, got 1 instead [ 269.505195][T10629] binder: 10628:10629 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 269.523751][T10629] binder: 10629 RLIMIT_NICE not set [ 269.525790][ T14] binder: release 10628:10629 transaction 419 out, still active [ 269.566291][ T14] binder: undelivered TRANSACTION_COMPLETE [ 270.070144][ T14] binder: send failed reply for transaction 419, target dead [ 270.121804][T10645] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2242'. [ 271.034286][T10666] fuse: Unknown parameter 'grou00000000000000000000' [ 271.434883][ C0] vcan0: j1939_tp_rxtimer: 0x000000003868b763: rx timeout, send abort [ 271.717113][T10672] binder: 10671:10672 tried to acquire reference to desc 0, got 1 instead [ 271.721634][ T14] binder: release 10671:10672 transaction 424 out, still active [ 271.937308][ C0] vcan0: j1939_tp_rxtimer: 0x000000003868b763: abort rx timeout. Force session deactivation [ 272.250265][ T14] binder_debug: 1 callbacks suppressed [ 272.250294][ T14] binder: send failed reply for transaction 424, target dead [ 272.566478][T10697] dummy0: mtu less than device minimum [ 272.662119][T10700] fuse: Unknown parameter 'group_i00000000000000000000' [ 273.032643][T10710] __nla_validate_parse: 9 callbacks suppressed [ 273.032659][T10710] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2269'. [ 273.146278][T10712] binder_user_error: 2 callbacks suppressed [ 273.146291][T10712] binder: 10711:10712 tried to acquire reference to desc 0, got 1 instead [ 273.151900][T10712] binder: 10711:10712 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 273.155462][T10712] binder: 10712 RLIMIT_NICE not set [ 273.166719][ T4942] binder: release 10711:10712 transaction 429 out, still active [ 273.216144][ T4942] binder: undelivered TRANSACTION_COMPLETE [ 273.693348][ T4942] binder: send failed reply for transaction 429, target dead [ 273.988950][T10730] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2276'. [ 274.014990][ C0] vcan0: j1939_tp_rxtimer: 0x00000000d4709e9e: rx timeout, send abort [ 274.145797][T10738] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2280'. [ 274.258612][T10742] fuse: Unknown parameter 'group_i00000000000000000000' [ 274.517567][ C0] vcan0: j1939_tp_rxtimer: 0x00000000d4709e9e: abort rx timeout. Force session deactivation [ 274.583665][T10744] binder: 10743:10744 tried to acquire reference to desc 0, got 1 instead [ 274.597565][T10744] binder: 10743:10744 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 274.601201][T10744] binder: 10744 RLIMIT_NICE not set [ 274.603123][ T4942] binder: release 10743:10744 transaction 434 out, still active [ 274.646163][ T4942] binder: undelivered TRANSACTION_COMPLETE [ 274.794148][T10754] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2288'. [ 274.865268][T10756] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2289'. [ 274.871199][T10756] tipc: Resetting bearer [ 275.159946][ T4942] binder: send failed reply for transaction 434, target dead [ 275.569671][T10756] tipc: Disabling bearer [ 275.602342][T10756] team0 (unregistering): Port device team_slave_0 removed [ 275.620992][T10756] team0 (unregistering): Port device team_slave_1 removed [ 275.683828][T10760] netlink: 'syz.1.2289': attribute type 10 has an invalid length. [ 275.813043][T10760] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 275.815638][T10763] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2291'. [ 275.972893][T10783] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2299'. [ 276.143803][T10789] fuse: Unknown parameter 'group_i00000000000000000000' [ 276.166485][T10791] binder: 10790:10791 tried to acquire reference to desc 0, got 1 instead [ 276.170559][T10791] binder: 10790:10791 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 276.174280][T10791] binder: 10791 RLIMIT_NICE not set [ 276.177366][ T4430] binder: release 10790:10791 transaction 439 out, still active [ 276.216154][ T4430] binder: undelivered TRANSACTION_COMPLETE [ 276.583543][ C1] vcan0: j1939_tp_rxtimer: 0x000000009a70a926: rx timeout, send abort [ 276.711491][ T4351] binder: send failed reply for transaction 439, target dead [ 277.032493][T10804] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2308'. [ 277.062161][T10806] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 277.064699][T10806] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 277.086019][ C1] vcan0: j1939_tp_rxtimer: 0x000000009a70a926: abort rx timeout. Force session deactivation [ 277.174955][T10806] device bond0 entered promiscuous mode [ 277.187801][T10806] device bond_slave_0 entered promiscuous mode [ 277.202997][T10806] device bond_slave_1 entered promiscuous mode [ 277.235561][T10810] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2310'. [ 277.351523][T10815] binder: 10814:10815 tried to acquire reference to desc 0, got 1 instead [ 277.367156][ T4430] binder: release 10814:10815 transaction 444 out, still active [ 277.396562][ T4430] binder: undelivered TRANSACTION_COMPLETE [ 277.808631][T10831] fuse: Unknown parameter 'group_id00000000000000000000' [ 277.898503][ T4351] binder: send failed reply for transaction 444, target dead [ 278.057367][T10835] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2321'. [ 278.405765][T10845] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2324'. [ 278.574948][T10842] hub 9-0:1.0: USB hub found [ 278.585289][T10842] hub 9-0:1.0: 8 ports detected [ 279.087562][T10866] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2332'. [ 279.195075][ C1] vcan0: j1939_tp_rxtimer: 0x0000000012a7d55f: rx timeout, send abort [ 279.697370][ C1] vcan0: j1939_tp_rxtimer: 0x0000000012a7d55f: abort rx timeout. Force session deactivation [ 279.904830][T10873] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2335'. [ 280.092121][T10881] fuse: Unknown parameter 'group_id00000000000000000000' [ 280.504828][T10895] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2344'. [ 280.534227][T10895] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2344'. [ 280.733167][T10860] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2330'. [ 281.151923][T10907] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2348'. [ 281.187092][T10907] 8021q: adding VLAN 0 to HW filter on device team2 [ 281.870084][ C1] vcan0: j1939_tp_rxtimer: 0x00000000063dbb98: rx timeout, send abort [ 282.171453][T10925] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2355'. [ 282.198764][T10925] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2355'. [ 282.372552][ C1] vcan0: j1939_tp_rxtimer: 0x00000000063dbb98: abort rx timeout. Force session deactivation [ 282.453089][T10929] fuse: Unknown parameter 'group_id00000000000000000000' [ 282.935242][T10937] 8021q: adding VLAN 0 to HW filter on device team2 [ 283.084429][T10940] netlink: 'syz.1.2362': attribute type 13 has an invalid length. [ 283.529690][T10951] binder_user_error: 2 callbacks suppressed [ 283.529703][T10951] binder: 10934:10951 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 283.535446][T10940] bridge0: port 2(bridge_slave_1) entered disabled state [ 283.538444][T10940] bridge0: port 1(bridge_slave_0) entered disabled state [ 283.538980][T10951] binder: 10951 RLIMIT_NICE not set [ 283.650530][T10955] binder: 10934:10955 unknown command 1074553619 [ 283.659272][T10955] binder: 10934:10955 ioctl c0306201 20000640 returned -22 [ 284.155750][T10940] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 284.184513][T10940] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 284.776369][T10940] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 284.778897][T10940] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 284.781314][T10940] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 284.783765][T10940] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 284.864199][T10954] __nla_validate_parse: 1 callbacks suppressed [ 284.864215][T10954] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2366'. [ 284.878628][T10956] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2366'. [ 284.985911][ C1] vcan0: j1939_tp_rxtimer: 0x000000001ad3b44c: rx timeout, send abort [ 285.073216][T10971] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2373'. [ 285.119124][T10975] fuse: Bad value for 'user_id' [ 285.125791][T10976] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2374'. [ 285.136653][T10976] 8021q: adding VLAN 0 to HW filter on device team0 [ 285.488378][ C1] vcan0: j1939_tp_rxtimer: 0x000000001ad3b44c: abort rx timeout. Force session deactivation [ 285.612159][T10987] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2380'. [ 285.738861][T10994] binder: 10991:10994 ioctl c0306201 0 returned -14 [ 285.746427][T10994] binder: 10991:10994 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 285.762386][T10994] binder: 10994 RLIMIT_NICE not set [ 285.793188][T10997] binder: 10991:10997 ioctl c0306201 0 returned -14 [ 286.454241][ T4314] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 286.457220][ T4314] CPU: 1 PID: 4314 Comm: kworker/u5:8 Not tainted 6.1.141-syzkaller #0 [ 286.459519][ T4314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 286.462294][ T4314] Workqueue: hci1 hci_rx_work [ 286.463613][ T4314] Call trace: [ 286.464526][ T4314] dump_backtrace+0x1c8/0x1f4 [ 286.465838][ T4314] show_stack+0x2c/0x3c [ 286.466953][ T4314] __dump_stack+0x30/0x40 [ 286.468158][ T4314] dump_stack_lvl+0xf8/0x160 [ 286.469389][ T4314] dump_stack+0x1c/0x5c [ 286.470571][ T4314] sysfs_create_dir_ns+0x22c/0x24c [ 286.472015][ T4314] kobject_add_internal+0x5a8/0xb30 [ 286.473481][ T4314] kobject_add+0x134/0x1f8 [ 286.474683][ T4314] device_add+0x3f0/0xf94 [ 286.475818][ T4314] hci_conn_add_sysfs+0xbc/0x1cc [ 286.477133][ T4314] le_conn_complete_evt+0xa24/0xf8c [ 286.478514][ T4314] hci_le_conn_complete_evt+0x114/0x3f8 [ 286.480013][ T4314] hci_le_meta_evt+0x2c0/0x4a4 [ 286.481324][ T4314] hci_event_packet+0x6ac/0xf08 [ 286.482621][ T4314] hci_rx_work+0x324/0xaa0 [ 286.483903][ T4314] process_one_work+0x7f4/0x13a8 [ 286.485285][ T4314] worker_thread+0x8c8/0xfbc [ 286.486496][ T4314] kthread+0x250/0x2d8 [ 286.487602][ T4314] ret_from_fork+0x10/0x20 [ 286.489004][ T4314] kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 286.492621][ T4314] Bluetooth: hci1: failed to register connection device [ 286.677975][T11020] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2392'. [ 286.830079][T11030] fuse: Bad value for 'user_id' [ 287.232360][T11045] binder: 11043:11045 ioctl c0306201 0 returned -14 [ 287.235338][T11045] binder: 11043:11045 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 287.244159][T11045] binder: 11045 RLIMIT_NICE not set [ 287.291937][ C0] vcan0: j1939_tp_rxtimer: 0x000000007aa6a5d8: rx timeout, send abort [ 287.292369][T11046] binder: 11043:11046 ioctl c0306201 0 returned -14 [ 287.794209][ C0] vcan0: j1939_tp_rxtimer: 0x000000007aa6a5d8: abort rx timeout. Force session deactivation [ 287.847270][T11053] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2406'. [ 288.002121][T11074] fuse: Bad value for 'user_id' [ 288.507070][ T4314] Bluetooth: hci1: command 0x2016 tx timeout [ 288.667147][T11095] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2426'. [ 288.977110][T11108] binder: 11104:11108 ioctl c0306201 0 returned -14 [ 288.980171][T11108] binder: 11104:11108 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 288.994206][T11108] binder: 11108 RLIMIT_NICE not set [ 289.039109][T11111] binder: 11104:11111 ioctl c0306201 0 returned -14 [ 289.077420][ T4942] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 289.257615][ T4942] usb 1-1: config 0 has no interfaces? [ 289.259946][ T4942] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 289.262514][ T4942] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 289.264779][ T4942] usb 1-1: Manufacturer: syz [ 289.272085][ T4942] usb 1-1: config 0 descriptor?? [ 289.420129][ C1] vcan0: j1939_tp_rxtimer: 0x000000004dc3c76b: rx timeout, send abort [ 289.480743][ T4428] usb 1-1: USB disconnect, device number 6 [ 289.616767][T11120] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2437'. [ 289.805089][T11131] fuse: Bad value for 'fd' [ 289.922694][ C1] vcan0: j1939_tp_rxtimer: 0x000000004dc3c76b: abort rx timeout. Force session deactivation [ 290.198601][ T27] audit: type=1326 audit(290.170:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11138 comm="syz.0.2446" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=139 compat=0 ip=0xffffa294b81c code=0x7ffc0000 [ 290.210550][ T27] audit: type=1326 audit(290.180:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11138 comm="syz.0.2446" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=139 compat=0 ip=0xffffa294b81c code=0x7ffc0000 [ 290.223342][ T27] audit: type=1326 audit(290.190:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11138 comm="syz.0.2446" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=139 compat=0 ip=0xffffa294b81c code=0x7ffc0000 [ 290.236298][ T27] audit: type=1326 audit(290.190:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11138 comm="syz.0.2446" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=139 compat=0 ip=0xffffa294b81c code=0x7ffc0000 [ 290.248678][ T27] audit: type=1326 audit(290.190:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11138 comm="syz.0.2446" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=139 compat=0 ip=0xffffa294b81c code=0x7ffc0000 [ 290.262321][ T27] audit: type=1326 audit(290.190:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11138 comm="syz.0.2446" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=139 compat=0 ip=0xffffa294b81c code=0x7ffc0000 [ 290.275212][ T27] audit: type=1326 audit(290.190:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11138 comm="syz.0.2446" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=139 compat=0 ip=0xffffa294b81c code=0x7ffc0000 [ 290.289049][ T27] audit: type=1326 audit(290.190:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11138 comm="syz.0.2446" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=139 compat=0 ip=0xffffa294b81c code=0x7ffc0000 [ 290.305114][ T27] audit: type=1326 audit(290.200:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11138 comm="syz.0.2446" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=139 compat=0 ip=0xffffa294b81c code=0x7ffc0000 [ 290.318892][ T27] audit: type=1326 audit(290.200:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11138 comm="syz.0.2446" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=139 compat=0 ip=0xffffa294b81c code=0x7ffc0000 [ 290.691062][T11152] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2449'. [ 291.742502][T11164] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2463'. [ 291.822019][T11167] binder: 11165:11167 ioctl c0306201 0 returned -14 [ 291.827619][T11167] binder: 11165:11167 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 291.833348][T11167] binder: 11167 RLIMIT_NICE not set [ 291.887853][T11166] binder: 11165:11166 ioctl c0306201 0 returned -14 [ 292.079296][ C1] vcan0: j1939_tp_rxtimer: 0x000000007714ef75: rx timeout, send abort [ 292.581644][ C1] vcan0: j1939_tp_rxtimer: 0x000000007714ef75: abort rx timeout. Force session deactivation [ 292.746791][T11185] fuse: Bad value for 'fd' [ 293.481590][T11197] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2465'. [ 293.814646][T11225] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2479'. [ 293.832362][T11227] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 293.835520][T11227] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 293.929878][T11235] fuse: Bad value for 'fd' [ 294.381862][T11240] netlink: 'syz.3.2486': attribute type 17 has an invalid length. [ 294.626389][T11247] netlink: 'syz.3.2487': attribute type 4 has an invalid length. [ 294.939391][T11260] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2493'. [ 295.146774][ C1] vcan0: j1939_tp_rxtimer: 0x000000007c54517a: rx timeout, send abort [ 295.649272][ C1] vcan0: j1939_tp_rxtimer: 0x000000007c54517a: abort rx timeout. Force session deactivation [ 295.653298][T11279] fuse: Bad value for 'fd' [ 295.774271][T11287] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2506'. [ 295.982636][T11297] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2510'. [ 296.631204][T11310] trusted_key: encrypted_key: insufficient parameters specified [ 296.712315][T11312] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2517'. [ 296.734926][T11316] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 296.742089][T11316] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 296.961507][ T27] kauditd_printk_skb: 2793 callbacks suppressed [ 296.961521][ T27] audit: type=1326 audit(296.930:2805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11319 comm="syz.2.2521" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff95d5a9a8 code=0x7ffc0000 [ 296.976165][ T27] audit: type=1326 audit(296.930:2806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11319 comm="syz.2.2521" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=139 compat=0 ip=0xffff96acc81c code=0x7ffc0000 [ 296.990842][ T27] audit: type=1326 audit(296.930:2807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11319 comm="syz.2.2521" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=139 compat=0 ip=0xffff96acc81c code=0x7ffc0000 [ 297.009277][ T27] audit: type=1326 audit(296.930:2808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11319 comm="syz.2.2521" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=139 compat=0 ip=0xffff96acc81c code=0x7ffc0000 [ 297.029764][ T27] audit: type=1326 audit(296.930:2809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11319 comm="syz.2.2521" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=139 compat=0 ip=0xffff96acc81c code=0x7ffc0000 [ 297.034801][T11331] fuse: Bad value for 'fd' [ 297.041297][ T27] audit: type=1326 audit(296.930:2810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11319 comm="syz.2.2521" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=139 compat=0 ip=0xffff96acc81c code=0x7ffc0000 [ 297.059033][ T27] audit: type=1326 audit(296.930:2811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11319 comm="syz.2.2521" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=139 compat=0 ip=0xffff96acc81c code=0x7ffc0000 [ 297.065435][ T27] audit: type=1326 audit(296.930:2812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11319 comm="syz.2.2521" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=139 compat=0 ip=0xffff96acc81c code=0x7ffc0000 [ 297.074257][ T27] audit: type=1326 audit(296.930:2813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11319 comm="syz.2.2521" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=139 compat=0 ip=0xffff96acc81c code=0x7ffc0000 [ 297.084754][ T27] audit: type=1326 audit(296.930:2814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11319 comm="syz.2.2521" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=139 compat=0 ip=0xffff96acc81c code=0x7ffc0000 [ 297.429688][ C0] vcan0: j1939_tp_rxtimer: 0x000000009cd0974c: rx timeout, send abort [ 297.932187][ C0] vcan0: j1939_tp_rxtimer: 0x000000009cd0974c: abort rx timeout. Force session deactivation [ 298.156509][T11342] trusted_key: encrypted_key: insufficient parameters specified [ 298.251613][T11344] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2531'. [ 298.275573][T11344] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2531'. [ 298.347437][T11348] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2542'. [ 298.373157][T11348] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2542'. [ 298.539842][T11358] fuse: Bad value for 'fd' [ 299.431158][T11372] trusted_key: encrypted_key: insufficient parameters specified [ 299.811101][ C0] vcan0: j1939_tp_rxtimer: 0x00000000a9cc4b18: rx timeout, send abort [ 300.074745][T11386] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2547'. [ 300.108317][T11386] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2547'. [ 300.313532][ C0] vcan0: j1939_tp_rxtimer: 0x00000000a9cc4b18: abort rx timeout. Force session deactivation [ 300.747455][T11404] fuse: Invalid rootmode [ 301.593936][T11413] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2558'. [ 301.628306][T11413] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2558'. [ 301.782313][T11426] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2564'. [ 301.933435][T11434] netlink: 136 bytes leftover after parsing attributes in process `syz.2.2567'. [ 301.944841][T11434] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 302.372140][T11440] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 302.470474][T11444] fuse: Invalid rootmode [ 302.540209][T11447] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2572'. [ 302.569984][T11447] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2572'. [ 302.761103][T11456] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 302.768549][T11456] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 303.382924][T11468] device syzkaller0 entered promiscuous mode [ 303.553717][T11473] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 303.888175][ C1] vcan0: j1939_tp_rxtimer: 0x00000000da9c9f24: rx timeout, send abort [ 304.390548][ C1] vcan0: j1939_tp_rxtimer: 0x00000000da9c9f24: abort rx timeout. Force session deactivation [ 304.494415][T11490] fuse: Invalid rootmode [ 305.448054][ T27] kauditd_printk_skb: 3387 callbacks suppressed [ 305.448067][ T27] audit: type=1326 audit(305.420:6202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11493 comm="syz.0.2592" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa1b5a9a8 code=0x7ffc0000 [ 305.455991][ T27] audit: type=1326 audit(305.420:6203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11493 comm="syz.0.2592" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa1b5a9a8 code=0x7ffc0000 [ 305.463125][ T27] audit: type=1326 audit(305.420:6204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11493 comm="syz.0.2592" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=261 compat=0 ip=0xffffa1b5a9a8 code=0x7ffc0000 [ 305.469736][ T27] audit: type=1326 audit(305.420:6205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11493 comm="syz.0.2592" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa1b5a9a8 code=0x7ffc0000 [ 305.481645][ T27] audit: type=1326 audit(305.420:6206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11493 comm="syz.0.2592" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa1b5a9a8 code=0x7ffc0000 [ 305.537118][T11498] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 306.396240][ T4433] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 306.577629][ T4433] usb 1-1: config index 0 descriptor too short (expected 45, got 36) [ 306.579986][ T4433] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 306.582915][ T4433] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 306.587230][ T4433] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 306.589814][ T4433] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 306.593636][ T4433] usb 1-1: config 0 descriptor?? [ 306.595502][T11502] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 306.600414][ T4433] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 309.134239][ T4433] usb 1-1: USB disconnect, device number 7 [ 310.269413][ T2060] ieee802154 phy0 wpan0: encryption failed: -22 [ 310.461342][ C0] vcan0: j1939_tp_rxtimer: 0x000000005e107276: rx timeout, send abort [ 310.963699][ C0] vcan0: j1939_tp_rxtimer: 0x000000005e107276: abort rx timeout. Force session deactivation [ 312.002058][T11515] fuse: Bad value for 'rootmode' [ 314.249082][T11480] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2585'. [ 314.266215][T11483] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2585'. [ 314.269465][T11519] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2603'. [ 314.271933][T11519] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2603'. [ 314.308366][T11519] device dummy0 entered promiscuous mode [ 314.337677][T11519] device batadv_slave_1 entered promiscuous mode [ 314.389397][ T9695] IPv6: ADDRCONF(NETDEV_CHANGE): hsr1: link becomes ready [ 314.393041][T11520] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2603'. [ 314.397948][T11520] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2603'. [ 314.412474][T11529] trusted_key: encrypted_key: keylen parameter is missing [ 314.572592][T11539] fuse: Bad value for 'rootmode' [ 315.142976][T11556] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2618'. [ 315.482946][T11565] trusted_key: encrypted_key: keylen parameter is missing [ 315.713807][ C0] vcan0: j1939_tp_rxtimer: 0x000000005a2c9cf2: rx timeout, send abort [ 315.802440][T11579] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2629'. [ 316.107937][T11589] fuse: Bad value for 'rootmode' [ 316.177140][T11591] trusted_key: encrypted_key: keylen parameter is missing [ 316.216341][ C0] vcan0: j1939_tp_rxtimer: 0x000000005a2c9cf2: abort rx timeout. Force session deactivation [ 316.259798][T11593] netlink: 104 bytes leftover after parsing attributes in process `syz.1.2635'. [ 316.550659][T11607] binder: 11606:11607 unknown command 0 [ 316.551876][T11605] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2640'. [ 316.552348][T11607] binder: 11606:11607 ioctl c0306201 20000280 returned -22 [ 316.679918][T11613] trusted_key: encrypted_key: insufficient parameters specified [ 316.685093][T11613] trusted_key: encrypted_key: keylen parameter is missing [ 316.978999][T11633] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 316.981958][T11633] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 316.984527][T11633] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 316.987814][T11633] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 316.990415][T11633] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 316.994023][T11633] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 316.997074][T11633] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 317.000014][T11633] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 317.005635][T11633] batman_adv: batadv0: Adding interface: ipvlan2 [ 317.012817][T11633] batman_adv: batadv0: The MTU of interface ipvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 317.020097][T11633] batman_adv: batadv0: Interface activated: ipvlan2 [ 317.029788][T11637] batman_adv: batadv0: Adding interface: dummy0 [ 317.031495][T11637] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 317.042210][T11637] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active [ 317.135222][T11644] trusted_key: encrypted_key: insufficient parameters specified [ 317.138527][T11644] trusted_key: encrypted_key: keylen parameter is missing [ 317.835348][T11674] fuse: Unknown parameter 'use00000000000000000000' [ 318.010622][ C0] vcan0: j1939_tp_rxtimer: 0x00000000a998c6a2: rx timeout, send abort [ 318.064828][T11686] trusted_key: encrypted_key: insufficient parameters specified [ 318.071923][T11686] trusted_key: encrypted_key: keylen parameter is missing [ 318.513105][ C0] vcan0: j1939_tp_rxtimer: 0x00000000a998c6a2: abort rx timeout. Force session deactivation [ 318.992517][T11721] fuse: Unknown parameter 'use00000000000000000000' [ 319.024483][T11724] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 319.028486][T11724] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 319.716288][T11726] __nla_validate_parse: 3 callbacks suppressed [ 319.716303][T11726] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2691'. [ 319.833201][ C1] vcan0: j1939_tp_rxtimer: 0x000000003eea7ac9: rx timeout, send abort [ 319.928161][T11738] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2697'. [ 320.098145][T11752] netlink: 104 bytes leftover after parsing attributes in process `syz.1.2702'. [ 320.187241][T11757] fuse: Unknown parameter 'use00000000000000000000' [ 320.295240][T11765] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 320.298083][T11765] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 320.335574][ C1] vcan0: j1939_tp_rxtimer: 0x000000003eea7ac9: abort rx timeout. Force session deactivation [ 320.926681][T11769] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2712'. [ 320.929682][T11771] binder: 11770:11771 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 320.982524][T11773] trusted_key: encrypted_key: insufficient parameters specified [ 320.990521][T11773] trusted_key: encrypted_key: keylen parameter is missing [ 321.379008][T11804] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2726'. [ 321.395401][T11806] trusted_key: encrypted_key: insufficient parameters specified [ 321.404058][T11806] trusted_key: encrypted_key: keylen parameter is missing [ 321.534454][T11814] fuse: Unknown parameter 'user_i00000000000000000000' [ 322.540248][T11834] trusted_key: encrypted_key: insufficient parameters specified [ 322.543908][T11834] trusted_key: encrypted_key: keylen parameter is missing [ 322.640897][T11839] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2741'. [ 322.832811][ C1] vcan0: j1939_tp_rxtimer: 0x00000000fcae94a2: rx timeout, send abort [ 323.167303][T11858] fuse: Unknown parameter 'user_i00000000000000000000' [ 323.197539][T11848] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 323.210511][T11848] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 323.273468][T11850] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 323.276281][T11850] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 323.280560][T11850] netlink: 100 bytes leftover after parsing attributes in process `syz.3.2742'. [ 323.335277][ C1] vcan0: j1939_tp_rxtimer: 0x00000000fcae94a2: abort rx timeout. Force session deactivation [ 323.538550][T11848] could not allocate digest TFM handle poly1305-simd [ 323.838954][T11869] trusted_key: encrypted_key: keylen parameter is missing [ 323.984108][T11875] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2753'. [ 324.583834][T11894] trusted_key: encrypted_key: keylen parameter is missing [ 324.644751][T11899] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2764'. [ 324.673484][T11900] fuse: Unknown parameter 'user_i00000000000000000000' [ 325.523591][ C1] vcan0: j1939_tp_rxtimer: 0x00000000205717c6: rx timeout, send abort [ 325.704253][T11925] trusted_key: encrypted_key: keylen parameter is missing [ 325.887871][T11931] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2778'. [ 325.930934][ T4938] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 326.026030][ C1] vcan0: j1939_tp_rxtimer: 0x00000000205717c6: abort rx timeout. Force session deactivation [ 326.116338][ T4938] usb 1-1: Using ep0 maxpacket: 16 [ 326.124679][ T4938] usb 1-1: config 0 has an invalid interface number: 105 but max is 0 [ 326.127442][ T4938] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 326.130451][ T4938] usb 1-1: config 0 has no interface number 0 [ 326.133994][ T4938] usb 1-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 326.147102][ T4938] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 326.149280][ T4938] usb 1-1: Product: syz [ 326.152352][ T4938] usb 1-1: Manufacturer: syz [ 326.153585][ T4938] usb 1-1: SerialNumber: syz [ 326.162065][ T4938] usb 1-1: config 0 descriptor?? [ 326.167562][ T4938] usb 1-1: Found UVC 0.00 device syz (046d:08f3) [ 326.169538][ T4938] usb 1-1: No valid video chain found. [ 326.269926][T11944] fuse: Unknown parameter 'user_id00000000000000000000' [ 326.307301][T11947] trusted_key: encrypted_key: keylen parameter is missing [ 326.369772][ T4938] usb 1-1: USB disconnect, device number 8 [ 326.559588][T11955] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2790'. [ 326.849834][T11969] trusted_key: encrypted_key: keylen parameter is missing [ 326.993437][T11977] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2801'. [ 327.182863][T11992] trusted_key: encrypted_key: keylen parameter is missing [ 327.283010][T12001] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 327.285499][T12001] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 327.440489][T11999] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 327.443662][T11999] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 327.628327][T12006] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2812'. [ 327.914228][ C0] vcan0: j1939_tp_rxtimer: 0x00000000da2e9c12: rx timeout, send abort [ 327.974542][T12016] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2816'. [ 328.051516][T12018] fuse: Unknown parameter 'user_id00000000000000000000' [ 328.158399][T12022] trusted_key: encrypted_key: keylen parameter is missing [ 328.416624][ C0] vcan0: j1939_tp_rxtimer: 0x00000000da2e9c12: abort rx timeout. Force session deactivation [ 328.504419][T12042] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 328.508336][T12042] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 328.508763][T12040] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 328.523111][T12040] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 328.552659][ T27] audit: type=1326 audit(328.520:6207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12039 comm="syz.4.2827" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffbd35a9a8 code=0x0 [ 328.933727][T12048] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2829'. [ 329.179815][T12054] trusted_key: encrypted_key: keylen parameter is missing [ 329.496210][ T4430] usb 1-1: new full-speed USB device number 9 using dummy_hcd [ 329.581345][T12068] fuse: Unknown parameter 'user_id00000000000000000000' [ 329.654028][T12070] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2840'. [ 329.682639][T12056] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2833'. [ 329.696809][T12056] device batadv0 entered promiscuous mode [ 329.700730][T12056] device macvtap1 entered promiscuous mode [ 329.703680][T12056] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 329.757957][T12056] device batadv0 left promiscuous mode [ 329.821709][ T4430] usb 1-1: unable to get BOS descriptor or descriptor too short [ 329.824975][ T4430] usb 1-1: no configurations [ 329.826564][ T4430] usb 1-1: can't read configurations, error -22 [ 330.365702][T12078] trusted_key: encrypted_key: keylen parameter is missing [ 330.533044][T12087] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 330.539031][T12087] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 330.593176][ T27] audit: type=1326 audit(330.560:6208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12095 comm="syz.0.2851" exe="/root/syz-executor" sig=9 arch=c00000b7 syscall=98 compat=0 ip=0xffffa1b5a9a8 code=0x0 [ 330.782395][ C1] vcan0: j1939_tp_rxtimer: 0x000000000e4b5f73: rx timeout, send abort [ 331.284763][ C1] vcan0: j1939_tp_rxtimer: 0x000000000e4b5f73: abort rx timeout. Force session deactivation [ 331.555016][T12110] fuse: Bad value for 'fd' [ 331.587899][T12114] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 331.821757][ T27] audit: type=1326 audit(331.790:6209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12127 comm="syz.2.2866" exe="/root/syz-executor" sig=9 arch=c00000b7 syscall=98 compat=0 ip=0xffff95d5a9a8 code=0x0 [ 332.681331][T12142] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 332.754797][T12150] fuse: Bad value for 'fd' [ 332.951165][ C0] vcan0: j1939_tp_rxtimer: 0x0000000007f6b041: rx timeout, send abort [ 333.036160][ T4938] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 333.236656][ T4938] usb 1-1: Using ep0 maxpacket: 32 [ 333.239664][ T4938] usb 1-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 333.242814][ T4938] usb 1-1: config 0 interface 0 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0 [ 333.245428][ T4938] usb 1-1: config 0 interface 0 has no altsetting 0 [ 333.247257][ T4938] usb 1-1: New USB device found, idVendor=28de, idProduct=1205, bcdDevice= 0.00 [ 333.256478][ T4938] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 333.260760][ T4938] usb 1-1: config 0 descriptor?? [ 333.453615][ C0] vcan0: j1939_tp_rxtimer: 0x0000000007f6b041: abort rx timeout. Force session deactivation [ 333.650242][T12172] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 333.668187][T12152] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 333.670671][T12152] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 333.702411][T12152] binder: 12151:12152 ioctl 4018620d 0 returned -22 [ 333.713090][ T4938] usbhid 1-1:0.0: can't add hid device: -71 [ 333.714865][ T4938] usbhid: probe of 1-1:0.0 failed with error -71 [ 333.718378][ T4938] usb 1-1: USB disconnect, device number 11 [ 333.731535][ T27] audit: type=1326 audit(333.700:6210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12174 comm="syz.3.2888" exe="/root/syz-executor" sig=9 arch=c00000b7 syscall=98 compat=0 ip=0xffffa955a9a8 code=0x0 [ 334.400131][T12194] fuse: Bad value for 'fd' [ 335.091811][ T4314] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 335.094528][ T4314] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 335.107336][ T4314] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 335.111375][ T4314] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 335.113858][ T4314] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 335.116001][ T4314] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 335.125114][ C0] vcan0: j1939_tp_rxtimer: 0x00000000a2e6325e: rx timeout, send abort [ 335.155426][T12214] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 335.161033][T12214] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 335.288338][T12220] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2906'. [ 335.525659][T12210] chnl_net:caif_netlink_parms(): no params data found [ 335.626180][ C1] ------------[ cut here ]------------ [ 335.627489][ C0] vcan0: j1939_tp_rxtimer: 0x00000000a2e6325e: abort rx timeout. Force session deactivation [ 335.627918][ C1] refcount_t: addition on 0; use-after-free. [ 335.632588][ C1] WARNING: CPU: 1 PID: 0 at lib/refcount.c:25 refcount_warn_saturate+0x134/0x1f8 [ 335.635073][ C1] Modules linked in: [ 335.636165][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.1.141-syzkaller #0 [ 335.638182][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 335.640921][ C1] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 335.643004][ C1] pc : refcount_warn_saturate+0x134/0x1f8 [ 335.644572][ C1] lr : refcount_warn_saturate+0x134/0x1f8 [ 335.646116][ C1] sp : ffff800008017700 [ 335.647233][ C1] x29: ffff800008017700 x28: ffff0000f4ace000 x27: ffff0000d0b6f408 [ 335.649396][ C1] x26: ffff0000d5575780 x25: dfff800000000000 x24: 1fffe0001a16de81 [ 335.651622][ C1] x23: ffff0000f4861400 x22: ffff0000d59bd614 x21: ffff0000dcdc3080 [ 335.653768][ C1] x20: ffff0000d59bd614 x19: ffff800017a32000 x18: ffff800011a7bce0 [ 335.655896][ C1] x17: 0000000000000000 x16: ffff8000082d1c00 x15: 0000000000000000 [ 335.658059][ C1] x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000ff0100 [ 335.660268][ C1] x11: ff0080000819149c x10: 0000000000000000 x9 : aa802a1799607400 [ 335.662485][ C1] x8 : aa802a1799607400 x7 : 0000000000000001 x6 : 0000000000000001 [ 335.664672][ C1] x5 : ffff800008017198 x4 : ffff800015154700 x3 : ffff80000852da40 [ 335.666857][ C1] x2 : 0000000000000001 x1 : 0000000000000101 x0 : 0000000000000000 [ 335.669018][ C1] Call trace: [ 335.669912][ C1] refcount_warn_saturate+0x134/0x1f8 [ 335.671407][ C1] tipc_crypto_xmit+0x1518/0x2014 [ 335.672758][ C1] tipc_crypto_clone_msg+0x98/0x150 [ 335.674188][ C1] tipc_crypto_xmit+0x1684/0x2014 [ 335.675592][ C1] tipc_bearer_xmit_skb+0x1f0/0x384 [ 335.677062][ C1] tipc_disc_timeout+0x4c8/0x608 [ 335.678420][ C1] call_timer_fn+0x1b8/0x964 [ 335.679664][ C1] __run_timers+0x460/0x6bc [ 335.680841][ C1] run_timer_softirq+0x7c/0x114 [ 335.682174][ C1] handle_softirqs+0x318/0xc6c [ 335.683477][ C1] __do_softirq+0x14/0x20 [ 335.684663][ C1] ____do_softirq+0x14/0x20 [ 335.685892][ C1] call_on_irq_stack+0x24/0x4c [ 335.687252][ C1] do_softirq_own_stack+0x20/0x2c [ 335.688630][ C1] __irq_exit_rcu+0x23c/0x43c [ 335.689912][ C1] irq_exit_rcu+0x14/0x84 [ 335.691111][ C1] el1_interrupt+0x38/0x54 [ 335.692345][ C1] el1h_64_irq_handler+0x18/0x24 [ 335.693705][ C1] el1h_64_irq+0x64/0x68 [ 335.694820][ C1] arch_local_irq_enable+0xc/0x18 [ 335.696202][ C1] default_idle_call+0x68/0xdc [ 335.697502][ C1] do_idle+0x1d8/0x4bc [ 335.698597][ C1] cpu_startup_entry+0x5c/0x74 [ 335.699871][ C1] secondary_start_kernel+0x198/0x1c0 [ 335.701292][ C1] __secondary_switched+0xb0/0xb4 [ 335.702673][ C1] irq event stamp: 1028629 [ 335.703850][ C1] hardirqs last enabled at (1028628): [] __up_console_sem+0xb4/0x100 [ 335.706508][ C1] hardirqs last disabled at (1028629): [] el1_dbg+0x24/0x80 [ 335.708932][ C1] softirqs last enabled at (1028554): [] handle_softirqs+0xaf8/0xc6c [ 335.711564][ C1] softirqs last disabled at (1028591): [] __do_softirq+0x14/0x20 [ 335.714153][ C1] ---[ end trace 0000000000000000 ]--- [ 335.715816][ C1] ------------[ cut here ]------------ [ 335.717339][ C1] refcount_t: underflow; use-after-free. [ 335.719191][ C1] WARNING: CPU: 1 PID: 0 at lib/refcount.c:28 refcount_warn_saturate+0x154/0x1f8 [ 335.721653][ C1] Modules linked in: [ 335.722700][ C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G W 6.1.141-syzkaller #0 [ 335.725208][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 335.727889][ C1] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 335.729980][ C1] pc : refcount_warn_saturate+0x154/0x1f8 [ 335.731528][ C1] lr : refcount_warn_saturate+0x154/0x1f8 [ 335.733134][ C1] sp : ffff800008017700 [ 335.734258][ C1] x29: ffff800008017700 x28: ffff0000f4ace000 x27: 0000000000000000 [ 335.736425][ C1] x26: ffff0000d5575780 x25: dfff800000000000 x24: 1fffe0001aaaeafa [ 335.738599][ C1] x23: 1fffe00018148379 x22: ffff0000d0b6f400 x21: 00000000c0000000 [ 335.740792][ C1] x20: ffff0000d59bd614 x19: ffff800017a32000 x18: ffff800011a7bce0 [ 335.742904][ C1] x17: 0000000000000000 x16: ffff8000082d1c00 x15: 0000000000000000 [ 335.745018][ C1] x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000ff0100 [ 335.747165][ C1] x11: ff0080000819149c x10: 0000000000000000 x9 : aa802a1799607400 [ 335.749355][ C1] x8 : aa802a1799607400 x7 : 0000000000000001 x6 : 0000000000000001 [ 335.751532][ C1] x5 : ffff800008017198 x4 : ffff800015154700 x3 : ffff80000a83c7ec [ 335.753705][ C1] x2 : ffff00019f738cd0 x1 : 0000000000000101 x0 : 0000000000000000 [ 335.755885][ C1] Call trace: [ 335.756741][ C1] refcount_warn_saturate+0x154/0x1f8 [ 335.758205][ C1] tipc_crypto_xmit+0x1664/0x2014 [ 335.759549][ C1] tipc_crypto_clone_msg+0x98/0x150 [ 335.760941][ C1] tipc_crypto_xmit+0x1684/0x2014 [ 335.762396][ C1] tipc_bearer_xmit_skb+0x1f0/0x384 [ 335.763876][ C1] tipc_disc_timeout+0x4c8/0x608 [ 335.765265][ C1] call_timer_fn+0x1b8/0x964 [ 335.766543][ C1] __run_timers+0x460/0x6bc [ 335.767740][ C1] run_timer_softirq+0x7c/0x114 [ 335.769075][ C1] handle_softirqs+0x318/0xc6c [ 335.770396][ C1] __do_softirq+0x14/0x20 [ 335.771610][ C1] ____do_softirq+0x14/0x20 [ 335.772844][ C1] call_on_irq_stack+0x24/0x4c [ 335.774172][ C1] do_softirq_own_stack+0x20/0x2c [ 335.775658][ C1] __irq_exit_rcu+0x23c/0x43c [ 335.776947][ C1] irq_exit_rcu+0x14/0x84 [ 335.778125][ C1] el1_interrupt+0x38/0x54 [ 335.779351][ C1] el1h_64_irq_handler+0x18/0x24 [ 335.780662][ C1] el1h_64_irq+0x64/0x68 [ 335.781821][ C1] arch_local_irq_enable+0xc/0x18 [ 335.783257][ C1] default_idle_call+0x68/0xdc [ 335.784533][ C1] do_idle+0x1d8/0x4bc [ 335.785705][ C1] cpu_startup_entry+0x5c/0x74 [ 335.786986][ C1] secondary_start_kernel+0x198/0x1c0 [ 335.788450][ C1] __secondary_switched+0xb0/0xb4 [ 335.789950][ C1] irq event stamp: 1028663 [ 335.791135][ C1] hardirqs last enabled at (1028662): [] __up_console_sem+0xb4/0x100 [ 335.793824][ C1] hardirqs last disabled at (1028663): [] el1_dbg+0x24/0x80 [ 335.796298][ C1] softirqs last enabled at (1028554): [] handle_softirqs+0xaf8/0xc6c [ 335.799005][ C1] softirqs last disabled at (1028591): [] __do_softirq+0x14/0x20 [ 335.801598][ C1] ---[ end trace 0000000000000000 ]--- [ 335.803256][ C1] ------------[ cut here ]------------ [ 335.804769][ C1] refcount_t: saturated; leaking memory. [ 335.806674][ C1] WARNING: CPU: 1 PID: 0 at lib/refcount.c:22 refcount_warn_saturate+0x1b4/0x1f8 [ 335.809137][ C1] Modules linked in: [ 335.810134][ C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G W 6.1.141-syzkaller #0 [ 335.812610][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 335.815260][ C1] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 335.817460][ C1] pc : refcount_warn_saturate+0x1b4/0x1f8 [ 335.819071][ C1] lr : refcount_warn_saturate+0x1b4/0x1f8 [ 335.820618][ C1] sp : ffff8000080178c0 [ 335.821715][ C1] x29: ffff8000080178c0 x28: ffff0000f20bc800 x27: ffff0000d5b95408 [ 335.823893][ C1] x26: ffff0000dcfa4870 x25: dfff800000000000 x24: 1fffe0001ab72a81 [ 335.826104][ C1] x23: ffff0000f4861400 x22: ffff0000d59bd614 x21: 000000007ffffffe [ 335.828263][ C1] x20: ffff0000d59bd614 x19: ffff800017a32000 x18: ffff800011a7bce0 [ 335.830412][ C1] x17: 0000000000000000 x16: ffff8000082d1c00 x15: 0000000000000000 [ 335.832700][ C1] x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000ff0100 [ 335.834977][ C1] x11: ff0080000819149c x10: 0000000000000000 x9 : aa802a1799607400 [ 335.837199][ C1] x8 : aa802a1799607400 x7 : 0000000000000001 x6 : 0000000000000001 [ 335.839449][ C1] x5 : ffff800008017358 x4 : ffff800015154700 x3 : ffff80000a83c7ec [ 335.841607][ C1] x2 : ffff00019f738cd0 x1 : 0000000000000101 x0 : 0000000000000000 [ 335.843813][ C1] Call trace: [ 335.844685][ C1] refcount_warn_saturate+0x1b4/0x1f8 [ 335.846190][ C1] tipc_crypto_xmit+0x1518/0x2014 [ 335.847634][ C1] tipc_bearer_xmit_skb+0x1f0/0x384 [ 335.849036][ C1] tipc_disc_timeout+0x4c8/0x608 [ 335.850373][ C1] call_timer_fn+0x1b8/0x964 [ 335.851668][ C1] __run_timers+0x460/0x6bc [ 335.852974][ C1] run_timer_softirq+0x7c/0x114 [ 335.854339][ C1] handle_softirqs+0x318/0xc6c [ 335.855616][ C1] __do_softirq+0x14/0x20 [ 335.856877][ C1] ____do_softirq+0x14/0x20 [ 335.858052][ C1] call_on_irq_stack+0x24/0x4c [ 335.859323][ C1] do_softirq_own_stack+0x20/0x2c [ 335.860731][ C1] __irq_exit_rcu+0x23c/0x43c [ 335.862021][ C1] irq_exit_rcu+0x14/0x84 [ 335.863165][ C1] el1_interrupt+0x38/0x54 [ 335.864375][ C1] el1h_64_irq_handler+0x18/0x24 [ 335.865731][ C1] el1h_64_irq+0x64/0x68 [ 335.866879][ C1] arch_local_irq_enable+0xc/0x18 [ 335.868281][ C1] default_idle_call+0x68/0xdc [ 335.869587][ C1] do_idle+0x1d8/0x4bc [ 335.870705][ C1] cpu_startup_entry+0x5c/0x74 [ 335.872012][ C1] secondary_start_kernel+0x198/0x1c0 [ 335.873567][ C1] __secondary_switched+0xb0/0xb4 [ 335.874988][ C1] irq event stamp: 1028709 [ 335.876199][ C1] hardirqs last enabled at (1028708): [] __up_console_sem+0xb4/0x100 [ 335.878809][ C1] hardirqs last disabled at (1028709): [] el1_dbg+0x24/0x80 [ 335.881334][ C1] softirqs last enabled at (1028554): [] handle_softirqs+0xaf8/0xc6c [ 335.884048][ C1] softirqs last disabled at (1028591): [] __do_softirq+0x14/0x20 [ 335.886641][ C1] ---[ end trace 0000000000000000 ]--- [ 336.016810][ T9707] ------------[ cut here ]------------ [ 336.018512][ T9707] refcount_t: saturated; leaking memory. [ 336.020387][ T9707] WARNING: CPU: 0 PID: 9707 at lib/refcount.c:19 refcount_warn_saturate+0x174/0x1f8 [ 336.022871][ T9707] Modules linked in: [ 336.023919][ T9707] CPU: 0 PID: 9707 Comm: kworker/u4:26 Tainted: G W 6.1.141-syzkaller #0 [ 336.026458][ T9707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 336.029070][ T9707] Workqueue: netns cleanup_net [ 336.030377][ T9707] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 336.032445][ T9707] pc : refcount_warn_saturate+0x174/0x1f8 [ 336.033982][ T9707] lr : refcount_warn_saturate+0x174/0x1f8 [ 336.035493][ T9707] sp : ffff800021f77280 [ 336.036616][ T9707] x29: ffff800021f77280 x28: 1ffff000043eee58 x27: dfff800000000000 [ 336.038829][ T9707] x26: 00000000c0000000 x25: 00000000c0000000 x24: ffff0000d59bd614 [ 336.041005][ T9707] x23: 0000000000000046 x22: 0000000000000cc0 x21: 000000007ffffffe [ 336.043100][ T9707] x20: ffff0000d59bd614 x19: ffff800017a32000 x18: ffff800011a7bce0 [ 336.045206][ T9707] x17: 0000000000000000 x16: ffff8000082d1c00 x15: 0000000000000000 [ 336.047392][ T9707] x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000ff0100 [ 336.049536][ T9707] x11: ff0080000819149c x10: 0000000000000000 x9 : 23ddb3e9e5bd0900 [ 336.051640][ T9707] x8 : 23ddb3e9e5bd0900 x7 : 0000000000000001 x6 : 0000000000000001 [ 336.053913][ T9707] x5 : ffff800021f76d18 x4 : ffff800015154700 x3 : ffff80000852da40 [ 336.056189][ T9707] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 [ 336.058477][ T9707] Call trace: [ 336.059406][ T9707] refcount_warn_saturate+0x174/0x1f8 [ 336.060924][ T9707] nf_nat_masq_schedule+0x478/0x54c [ 336.062382][ T9707] masq_device_event+0x9c/0xe0 [ 336.063710][ T9707] raw_notifier_call_chain+0xd4/0x164 [ 336.065128][ T9707] dev_close_many+0x2cc/0x440 [ 336.066373][ T9707] unregister_netdevice_many+0x3c4/0x1740 [ 336.067873][ T9707] unregister_netdevice_queue+0x2ac/0x2f8 [ 336.069479][ T9707] nsim_destroy+0x58/0x164 [ 336.070651][ T9707] __nsim_dev_port_del+0x144/0x1a4 [ 336.072121][ T9707] nsim_dev_reload_destroy+0x240/0x43c [ 336.073703][ T9707] nsim_dev_reload_down+0x9c/0xd4 [ 336.075069][ T9707] devlink_reload+0x1b4/0x570 [ 336.076388][ T9707] devlink_pernet_pre_exit+0x118/0x2a8 [ 336.077926][ T9707] cleanup_net+0x470/0xa74 [ 336.079185][ T9707] process_one_work+0x7f4/0x13a8 [ 336.080509][ T9707] worker_thread+0x8c8/0xfbc [ 336.081770][ T9707] kthread+0x250/0x2d8 [ 336.082902][ T9707] ret_from_fork+0x10/0x20 [ 336.084157][ T9707] irq event stamp: 2823700 [ 336.085490][ T9707] hardirqs last enabled at (2823699): [] __up_console_sem+0xb4/0x100 [ 336.088144][ T9707] hardirqs last disabled at (2823700): [] el1_dbg+0x24/0x80 [ 336.090709][ T9707] softirqs last enabled at (2823678): [] pppoe_device_event+0x48c/0x4bc [ 336.093569][ T9707] softirqs last disabled at (2823676): [] pppoe_device_event+0xdc/0x4bc [ 336.096191][ T9707] ---[ end trace 0000000000000000 ]--- [ 336.099480][ T9707] ------------[ cut here ]------------ [ 336.100980][ T9707] WARNING: CPU: 1 PID: 9707 at lib/ref_tracker.c:77 ref_tracker_alloc+0x230/0x3cc [ 336.103469][ T9707] Modules linked in: [ 336.104595][ T9707] CPU: 1 PID: 9707 Comm: kworker/u4:26 Tainted: G W 6.1.141-syzkaller #0 [ 336.107223][ T9707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 336.109946][ T9707] Workqueue: netns cleanup_net [ 336.111225][ T9707] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 336.113355][ T9707] pc : ref_tracker_alloc+0x230/0x3cc [ 336.114785][ T9707] lr : ref_tracker_alloc+0x230/0x3cc [ 336.116195][ T9707] sp : ffff800021f77160 [ 336.117349][ T9707] x29: ffff800021f77240 x28: 1ffff000043eee58 x27: dfff800000000000 [ 336.119558][ T9707] x26: dfff800000000000 x25: ffff7000043eee2c x24: ffff0000db041608 [ 336.121780][ T9707] x23: ffff800021f77160 x22: ffff0000d59bd664 x21: ffff0000db041650 [ 336.123964][ T9707] x20: 0000000000000cc0 x19: ffff0000d59bd618 x18: ffff800011a7bce0 [ 336.126174][ T9707] x17: 0000000000000000 x16: ffff8000082d1c00 x15: ffff800010a233ec [ 336.128336][ T9707] x14: ffff80000d4f3814 x13: 1ffff00002a0e0b1 x12: 0000000000ff0100 [ 336.130618][ T9707] x11: ff0080000aa23d44 x10: 0000000000000000 x9 : ffff80000aa23d44 [ 336.132788][ T9707] x8 : ffff0000cfa95340 x7 : 0000000000000000 x6 : 000000000000003f [ 336.134919][ T9707] x5 : 0000000000000040 x4 : 0000000000000000 x3 : 0000000000000004 [ 336.137076][ T9707] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff800021f77180 [ 336.139207][ T9707] Call trace: [ 336.140089][ T9707] ref_tracker_alloc+0x230/0x3cc [ 336.141407][ T9707] nf_nat_masq_schedule+0x328/0x54c [ 336.142808][ T9707] masq_device_event+0x9c/0xe0 [ 336.144094][ T9707] raw_notifier_call_chain+0xd4/0x164 [ 336.145529][ T9707] dev_close_many+0x2cc/0x440 [ 336.146777][ T9707] unregister_netdevice_many+0x3c4/0x1740 [ 336.148328][ T9707] unregister_netdevice_queue+0x2ac/0x2f8 [ 336.149884][ T9707] nsim_destroy+0x58/0x164 [ 336.151079][ T9707] __nsim_dev_port_del+0x144/0x1a4 [ 336.152443][ T9707] nsim_dev_reload_destroy+0x240/0x43c [ 336.153907][ T9707] nsim_dev_reload_down+0x9c/0xd4 [ 336.155246][ T9707] devlink_reload+0x1b4/0x570 [ 336.156558][ T9707] devlink_pernet_pre_exit+0x118/0x2a8 [ 336.158106][ T9707] cleanup_net+0x470/0xa74 [ 336.159413][ T9707] process_one_work+0x7f4/0x13a8 [ 336.160763][ T9707] worker_thread+0x8c8/0xfbc [ 336.162004][ T9707] kthread+0x250/0x2d8 [ 336.163080][ T9707] ret_from_fork+0x10/0x20 [ 336.164281][ T9707] irq event stamp: 2823746 [ 336.165466][ T9707] hardirqs last enabled at (2823745): [] _raw_spin_unlock_irqrestore+0x48/0xac [ 336.168502][ T9707] hardirqs last disabled at (2823746): [] el1_dbg+0x24/0x80 [ 336.170966][ T9707] softirqs last enabled at (2823736): [] handle_softirqs+0xaf8/0xc6c [ 336.173626][ T9707] softirqs last disabled at (2823703): [] __do_softirq+0x14/0x20 [ 336.176235][ T9707] ---[ end trace 0000000000000000 ]--- [ 336.185018][ T4430] ------------[ cut here ]------------ [ 336.186648][ T4430] WARNING: CPU: 1 PID: 4430 at lib/ref_tracker.c:110 ref_tracker_free+0x484/0x694 [ 336.189233][ T4430] Modules linked in: [ 336.190341][ T4430] CPU: 1 PID: 4430 Comm: kworker/1:11 Tainted: G W 6.1.141-syzkaller #0 [ 336.192991][ T4430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 336.195795][ T4430] Workqueue: events iterate_cleanup_work [ 336.197326][ T4430] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 336.199424][ T4430] pc : ref_tracker_free+0x484/0x694 [ 336.200772][ T4430] lr : ref_tracker_free+0x484/0x694 [ 336.202235][ T4430] sp : ffff800020e27940 [ 336.203367][ T4430] x29: ffff800020e27a40 x28: ffff00019f750800 x27: ffff0000db041600 [ 336.205549][ T4430] x26: dfff800000000000 x25: ffff7000041c4f2c x24: ffff800020e27aa0 [ 336.207792][ T4430] x23: ffff7000041c4f54 x22: ffff800020e27960 x21: ffff0000d59bd664 [ 336.209991][ T4430] x20: ffff0000db041650 x19: ffff0000d59bd618 x18: ffff800011a7bce0 [ 336.212140][ T4430] x17: ffff8000181a1000 x16: ffff8000082d0750 x15: ffff800017c81fc0 [ 336.214383][ T4430] x14: ffff0000cfa95dd8 x13: 1ffff00002a0e0b1 x12: 0000000000ff0100 [ 336.216570][ T4430] x11: ff0080000aa2441c x10: 0000000000000000 x9 : ffff80000aa2441c [ 336.218792][ T4430] x8 : ffff0000d16b9bc0 x7 : 0000000000000000 x6 : 000000000000003f [ 336.221017][ T4430] x5 : 0000000000000040 x4 : 0000000000000000 x3 : 0000000000000004 [ 336.223177][ T4430] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff800020e27980 [ 336.225319][ T4430] Call trace: [ 336.226193][ T4430] ref_tracker_free+0x484/0x694 [ 336.227468][ T4430] iterate_cleanup_work+0xe8/0x230 [ 336.228861][ T4430] process_one_work+0x7f4/0x13a8 [ 336.230261][ T4430] worker_thread+0x8c8/0xfbc [ 336.231512][ T4430] kthread+0x250/0x2d8 [ 336.232618][ T4430] ret_from_fork+0x10/0x20 [ 336.233837][ T4430] irq event stamp: 228440 [ 336.235046][ T4430] hardirqs last enabled at (228439): [] __local_bh_enable_ip+0x1f8/0x380 [ 336.237803][ T4430] hardirqs last disabled at (228440): [] el1_dbg+0x24/0x80 [ 336.240201][ T4430] softirqs last enabled at (228438): [] local_bh_enable+0x10/0x34 [ 336.242808][ T4430] softirqs last disabled at (228436): [] local_bh_disable+0x10/0x34 [ 336.245475][ T4430] ---[ end trace 0000000000000000 ]--- [ 336.300073][ T9707] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 336.418685][ T9707] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 336.577877][ T9707] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 336.691561][ T9707] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 336.946942][ T9707] tipc: Disabling bearer [ 336.950276][ T9707] tipc: Disabling bearer [ 336.953393][ T9707] tipc: Left network mode [ 339.300800][ T9707] device hsr_slave_0 left promiscuous mode [ 339.336346][ T9707] device hsr_slave_1 left promiscuous mode [ 339.416484][ T9707] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 339.418698][ T9707] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 339.422526][ T9707] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 339.424632][ T9707] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 339.427459][ T9707] device bridge_slave_1 left promiscuous mode [ 339.430522][ T9707] bridge0: port 2(bridge_slave_1) entered disabled state [ 339.477365][ T9707] device bridge_slave_0 left promiscuous mode [ 339.479166][ T9707] bridge0: port 1(bridge_slave_0) entered disabled state [ 339.616611][ T9707] device veth1_macvtap left promiscuous mode [ 339.618484][ T9707] device veth0_macvtap left promiscuous mode [ 339.620095][ T9707] device veth1_vlan left promiscuous mode [ 339.621757][ T9707] device veth0_vlan left promiscuous mode [ 343.568912][ T9707] team0 (unregistering): Port device team_slave_1 removed [ 343.778881][ T9707] team0 (unregistering): Port device team_slave_0 removed [ 343.978662][ T9707] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 344.193808][ T9707] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface