last executing test programs: 8.497863682s ago: executing program 1 (id=1273): ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) socket$l2tp6(0xa, 0x2, 0x73) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) openat$nvme_fabrics(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'veth1_to_bond\x00', &(0x7f0000000400)=@ethtool_sset_info={0x2c, 0x10, 0x0, [0x7f00]}}) (fail_nth: 9) 7.844430127s ago: executing program 1 (id=1276): setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r0 = semget$private(0x0, 0x1, 0x0) semctl$SETVAL(0x0, 0x3, 0x10, 0x0) r1 = semget(0x3, 0x3, 0x346) semget$private(0x0, 0x2, 0x84) semctl$GETPID(r1, 0x1, 0xb, 0x0) r2 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$F2FS_IOC_SET_PIN_FILE(r2, 0x5451, 0x0) msgget(0x0, 0x516) semctl$SEM_STAT(0x0, 0x0, 0x12, 0x0) msgget(0x0, 0x2a3) msgsnd(r0, &(0x7f0000000bc0)=ANY=[@ANYBLOB="020000009b3d101ce65f840935e8151247d46035f7bb8df33c0b8e722d2680290b913c61acd574ca2f16294a1b3d692312dcef9be62176854725b4999af8076abd0edb491899766aa02240343d0b8c1ff7a00fc2ef0c3e2b5e817d59035f"], 0xa1, 0x0) write$UHID_CREATE2(0xffffffffffffffff, 0x0, 0x118) r3 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)="ae", 0x1, 0xffffffffffffffff) keyctl$read(0x2, r3, &(0x7f00000000c0)=""/4087, 0xff7) r4 = openat$mice(0xffffffffffffff9c, &(0x7f0000002100), 0x2000) ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000003200)={0x2, 0x0, [{0x2000, 0xaa, &(0x7f0000002140)=""/170}, {0x0, 0x1000, &(0x7f0000002200)=""/4096}]}) openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0) keyctl$read(0xb, r3, &(0x7f00000010c0)=""/4096, 0x1000) 7.508020452s ago: executing program 1 (id=1279): r0 = syz_genetlink_get_family_id$l2tp(&(0x7f00000000c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r0], 0x24}}, 0x0) r2 = syz_io_uring_setup(0x24fb, &(0x7f0000000000)={0x0, 0x0, 0x10100}, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) r6 = io_uring_setup(0x177f, &(0x7f0000000340)) r7 = syz_open_dev$audion(&(0x7f0000000400), 0x101, 0x44a00) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, &(0x7f0000000440)={0x73622a85, 0x100}) r8 = socket(0x2b, 0x1, 0x1) connect$inet6(r8, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x3}, 0x1c) setsockopt$inet6_tcp_TLS_TX(r8, 0x6, 0x1, &(0x7f0000000640)=@gcm_128={{}, "0c4182c8570940d8", "1bc3d9a1f0699375168b4363d4cb9348", "2e4cfdef", "1be6a33f9a5eccc8"}, 0x28) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r9 = socket$nl_route(0x10, 0x3, 0x0) r10 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f00000001c0)={'bridge0\x00', 0x0}) sendmsg$nl_route(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="3800000055002f03020000000000000007000000", @ANYRES32=r11, @ANYBLOB="200001"], 0x38}}, 0x0) r12 = syz_open_dev$evdev(&(0x7f0000000100), 0x6, 0x80000) ioctl$EVIOCGBITSND(r12, 0x80404532, &(0x7f0000000180)=""/13) close_range(r6, 0xffffffffffffffff, 0x0) sendto$inet6(r5, &(0x7f0000000200)="07c9dbc3ef49858631e4d5a90c11518a3c2f8ed1110e0d5c69d8f99de03b1929dd894050353d76a6caabe2b60503c6b0d088db7f232da5ea3c3333b3629cd556e20880efa0cb512d3f85d2579ebe0632a4dab9b141b9f7d66357b01f6f5113194c96fc063349e4f6ed6b867cbbbbc32be873b68ed6a1cdf824e8d15fddb49dc4faf83533cda316fb72eada246f2b66cb819ba7c0be2fdcdc1a603d050dfd1c76ff312e4db74eab2623d50eb7d7c834fe2a7ce5affc08faa32adae9b14bc6f69140e0440de4580940c6e9114c77dda31dffb6e677a88bbe88ec7793156a26789bcb9d14f501531d44d164c62a41b4bc597a2f3e19dacec232b12211173c8b13a5b69095a3d3aa8e5d99a23d8be05ee8c5c52fe0e22dccdc7e8db100cd04ebebda3e6a9684e1269d325e4aa4ba5d9e2c2b425d46e2d26a1ef524d2a9fb0a3fc205c510984a3791d58c0128448f80bcb28d0a4a82525f4b62c6ef7bfa979759b2e59d41034ba1416db4499bc4953387d74ab4b0ea36d973da029c5dd59e4379ac7206d1be30d5534e436bf67f025a6f46fcd2ec0c071e1bc0328c0ffb224992778033bacd8245494dba1fd6a849bef57afb61c969a0d4cf3068cac0fc2551fbc157f7fa0c4626c29f1be34a3e95ffe4ac9d9c50cdcb43f3536109adc52baafd99c22a9db8dde89b2e", 0x1e7, 0x4001, &(0x7f00000000c0)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00', 0x20}, 0x1c) syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r5, 0x0}) io_uring_enter(r2, 0x2d3e, 0x0, 0x0, 0x0, 0x0) setsockopt$inet6_IPV6_RTHDR(0xffffffffffffffff, 0x29, 0x18, &(0x7f0000000240)=ANY=[], 0x8) r13 = open(&(0x7f0000000140)='./bus\x00', 0x400145042, 0x0) ioctl$USBDEVFS_ALLOC_STREAMS(r13, 0x8008551c, &(0x7f0000000040)={0x419a, 0x17, [{0x2, 0x1}, {0x6}, {0x7, 0x1}, {0x8, 0x1}, {}, {0x7, 0x1}, {0xb}, {0x3}, {0x3, 0x1}, {0x4, 0x1}, {0x1, 0x1}, {0xa, 0x1}, {0x6, 0x1}, {0xc}, {0x5, 0x1}, {0x5, 0x1}, {0xa}, {0x5, 0x1}, {0xc, 0x1}, {0x4}, {0x0, 0x1}, {0xd}, {0x4, 0x1}]}) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x12, r13, 0x0) sendmsg$IPSET_CMD_GET_BYNAME(0xffffffffffffffff, &(0x7f0000001280)={0x0, 0x0, 0x0}, 0x20000090) r14 = landlock_create_ruleset(&(0x7f0000000000)={0x0, 0x2}, 0x10, 0x0) landlock_restrict_self(r14, 0x0) socket$inet(0x2, 0x4000000000000001, 0x0) 6.983627516s ago: executing program 1 (id=1282): r0 = creat(&(0x7f0000000080)='./file0\x00', 0x1de) syz_open_dev$amidi(&(0x7f0000000000), 0x2, 0x1) (async) r1 = syz_open_dev$amidi(&(0x7f0000000000), 0x2, 0x1) dup2(r1, r1) (async) r2 = dup2(r1, r1) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000600)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r3, &(0x7f00000021c0)={0x2020}, 0x2020) (async) read$FUSE(r3, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r3, &(0x7f0000000040)={0x50, 0x0, r4, {0x7, 0x1f}}, 0x50) (async) write$FUSE_INIT(r3, &(0x7f0000000040)={0x50, 0x0, r4, {0x7, 0x1f}}, 0x50) syz_fuse_handle_req(r3, &(0x7f0000006380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) close(r3) dup3(r3, r0, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_STATUS32(r2, 0xc0245720, &(0x7f00000000c0)) pidfd_getfd(r0, r0, 0x0) close(r0) socket$nl_xfrm(0x10, 0x3, 0x6) (async) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$ETHTOOL_MSG_CHANNELS_SET(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x20}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000005dc0)=@delchain={0x310, 0x65, 0x0, 0x0, 0x0, {}, [@filter_kind_options=@f_fw={{0x7}, {0x20, 0x2, [@TCA_FW_INDEV={0x14, 0x3, 'hsr0\x00'}, @TCA_FW_CLASSID={0x8}]}}, @filter_kind_options=@f_matchall={{0xd}, {0x1c, 0x2, [@TCA_MATCHALL_FLAGS={0x8}, @TCA_MATCHALL_FLAGS={0x8}, @TCA_MATCHALL_CLASSID={0x8}]}}, @TCA_RATE={0x6}, @TCA_RATE={0x6}, @filter_kind_options=@f_route={{0xa}, {0x27c, 0x2, [@TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_ACT={0x268, 0x6, [@m_ife={0x1d0, 0x0, 0x0, 0x0, {{0x8}, {0x64, 0x2, 0x0, 0x1, [@TCA_IFE_SMAC={0xa, 0x4, @dev}, @TCA_IFE_TYPE={0x6}, @TCA_IFE_PARMS={0x1c}, @TCA_IFE_METALST={0x14, 0x6, [@IFE_META_TCINDEX={0x4, 0x5, @void}, @IFE_META_SKBMARK={0x8}, @IFE_META_TCINDEX={0x4, 0x5, @void}]}, @TCA_IFE_PARMS={0x1c}]}, {0x145, 0x6, "21b2caeba32a6f7c5900697624a17b85a9db3a31b129a4976a84cfb4f5d651fd8aa24a645c8f63c025fcca463a6b79a3d7e6c9a8b89a140805ef63939ac2e37b49004b0dc3b8446aa7038eceef52fe7bdca153fe865c65015a3b208b282c16472e451aa10a8631235c49cae271f5fc8ce5e34d9938e3d5f43ac7a0e31b0acfc73199ca90e81246819f4c740a4fa3247a2af88d6569da09be7179b89f9f024c9f465098a5a52058a431206bee68089bddc13ffe76ff0f000053fa1517700a54d423c13fb6732a5d39c87101b0882ccd8e86eb437849e249675c60d8a9cf9430b6aa206e8116810b35151fce1e1bf48c2b9cbf0728c53ba121a82f52d6365ff203b02c074528c59a49843dd5cd36ce48d9ed8513e383a84e436714bf5d49ab0247f4567ab52f84c8f43d6020d56cb20b8d6a13f35ae9adfe01f0e0a20f555d4aea89"}, {0xc}, {0xc}}}, @m_nat={0x4c, 0x0, 0x0, 0x0, {{0x8}, {0x4}, {0x21, 0x6, "ef93daeef78df7f9a037a0d7a2f92a1cc341deabba437fc636cbf66a84"}, {0xc}, {0xc}}}, @m_ctinfo={0x48, 0x0, 0x0, 0x0, {{0xb}, {0x4}, {0x19, 0x6, "007cbe9797ed2fc991bbda934119c50857fa14f72b"}, {0xc}, {0xc}}}]}]}}]}, 0x310}}, 0x0) r6 = socket(0x10, 0x803, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r9 = socket$inet_udp(0x2, 0x2, 0x0) close(r9) (async) close(r9) socket(0x2, 0x80805, 0x0) write$binfmt_misc(r8, &(0x7f0000000000)=ANY=[], 0xfffffecc) (async) write$binfmt_misc(r8, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(r7, 0x0, r9, 0x0, 0x4ffe6, 0x0) (async) splice(r7, 0x0, r9, 0x0, 0x4ffe6, 0x0) sendto(r6, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) (async) sendto(r6, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r6, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x111}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000000), 0x2200, 0x0) sendmsg$nl_xfrm(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)=ANY=[@ANYBLOB="480000011e0001000000000100000000ff0200000000000000000000000000010000000000000000fc01000000000000000000000000000000000000125cdce5e59ff2648700000000"], 0x40}}, 0x0) execve(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)=[&(0x7f0000000400)='gcB\xc6+\xbf\xcc_\x81 \xd5\xb9\x93L9\x87\x84K\xb9!\x0eX czg\x14\xec*\xed\xa6u\xc4\x14*\xdb_\xe8\\\x96\n\xa6)\v\xf9 \xddb|\xe7\x14\x82\xc3\x90\xf9\r?i\x86Lpw\xba\xe1\v\x1a9G\x04\fpfP\xcf\xee<:C\x1e\\\x1f&\xaf\xea?\x91\a\xea\x8d\x05\x83aJ\xf0v\xc0q\x84\x93il\v\x03\b\xadT\a\x14\xd7\xd5u\x84\x82\xb2\xd4(\x1d\x04\xf2\v\xe9\x8a\xdfU\xd1\x1f\x9b\x1d2mRQ\xea\x90\xa0m#\xa4\x1dy\x9d\xe9\xfa\x06\xa27\x9d;\xe4\xb4\x86\xa7&\xa9c6\x1b\x8d\xa6$\x82\x1b\x9a\x82\xc0o/\x8c\x97\xb9BJh\x9f\xb2\"\x95j\xd7PN\x89\x7f\xc8AB\xc7}T\xbe\xf1\xe7\xe2\xad\xdd\xc2\xb7\xe8Ac*v\xf7\x16\x8fe\xef\x84\xf5\x84\xa9\xeb\xebt\xc3\xf1f\xca\x04*\xec\xfa\xe5b\xeb\xb4\x99\xefSv\x82\xe2\xe3\x02)sP%Z\xad\x83\xda\xbe2\xa9\xf2\x04\xda\nU\x84\xc2\xe3E\xc1\xd8L\xb1r\xb0\xdaH\xf2{\xf6~\x0f\xb9\xdd.\x06W\xd7\x1dG<\x1e\f2c\xf4\xa0d\x11\x88\xee\xcc\x18(\rap\x98?\xb1$\xe9\xe9+\xa6\xfb\xb1\xc61\xf1\xe7m\x91]]\xb26\xbfA\x86\f\x00\x10\x00\x00\xefl&*\"_^5\xd1 H\x17\xf0\xa7\x83}\x92W\xeb\xe5\xa3\xcc\a\x10dxb\xc2\x13mNP\xac]\xc2\xc1\xa8\x1df_\xcax\xbd\xf4m\x1e\x18occU\xb6\\\xf5\xf3\xeb\xa3\x98\f1\x8b\x99\xf0P\x8e\x1b\xe3\x9e\xb9\x0f\xf9\xb0\xadd\x9d=d\x94\xec\xceQx\xdb\xf6zG!3\xd7\x05\xf0=k\xb7vo?1H\x86\x192\xb2&\xa5\x9d\xd7\xbc\x85\a\xfer\x14\x0e\xd9=\xa6\xa1\x03cz>R\x11\xba\xf9\x17\r\x98\ap\xda-\xb0R\t\x93.r/\xce\xa4\rK\xcb\x1aO\x03z$\xbeYvYn\xddI\xe7\x13\x8f\x15\xefL\xba`\x9d\xea\xed\xf0)s\x12r\x9b\xf2&\xf2-\xc6\xec\x96\x19\xc9\xd7\xda\x06\xba\x87\x18\xef+\xcdp\x95\xef\xd9\xb9s\x8b\xf3\x8b\x88<\xa0\xa3\xad\x8c\xaf&iMM\xc5>\xa7v\x17\xdf \xca\x86#\xa7*\xecl\xbfp\xc3x\xc3\xc1r\xbe7\xb5\xa3\xf11[`\xcb7z\xa0P\xd5p\xe9\xddC\xc0\x80=\xd9y\x01\x1c\xe7\x1cdN\xd5x\x89\xc9\xc0\xc4{\x01\xa6o\x9ceZ\xe1\xfa0?\x94\x1f\x9aQ\xf0Lf\x1e\x17A@\x06\x89\xadg+$/V\r\xc9oQ=k\xa0\xa6\\\x00\x99\x94\x10dy\x7f\xd1\xd2\xd04\x96\b\x80/\x9a\xfc\a\'\x83\xb8\xcd\xb1\xf5#\tr\xb4\xc4\x929\x01\xee\xe6\n\x8ba\xde\xdbsAzG\xe86\xfe\x83\x1d\xb3K2\xf0\x8f\xde\x85\x00M&\x00\x00O\x86\xec2/\xea\xe6$(L\x85\xf8Y\xcf,\xa3\x87^\xe1\xd8F\xe4AJ\xaa\x1f\xe9\xff?\x9aF\x97M\x80\xe9LR\xdc\x9f~\xce\xb5\xef\x14M\f#>O\xb44LB\xc6a\x82\xc5\x107\xae\xdb\v\xf7\xc4k\xab\xf8:\x1fj\xa2vf)\xee\xab\xb3C\x92\x8e\x80\xb1\x01\x85\xb1v\xae*\xa7])n)+\xd9\xcf\xe9\x9ag\x8a*u\xe4e?\xf9\x93\x93u\xd2M\xfd\xa1\xc5\xff\xd9\x15-\xabH\x90\x04\xea\x88\"\xfe\v\x1d\xa5}H\xee\xc7\x94\xdb\x02\xf7\t\x92\t5\x1e\xd6~R\x9e\xb5NV)\xa6\x1ff\xde\xbf\x97V\x87\v\x94\xb4\xb0\x7f3\xa3\x85c=\xb0\x8ab\x06\xfa\xe9\xb3\x1d\xc9.\x8br\xf9\xde\xd6\xe6O=}\xa0\x9bb\x03L\x15\xc2W\xb5\x14O\xc8\xff3ZA\xea\xd4\xa9]7\xd8\xed\xc6\xdf\x01\xb3\n8\xbf\xbe\x1e\v\x18\xd9\xb3+X4\xb5S\xe7\xf6oO;\xc5\xc8-\x9e\xb5\xbe\x97\xb4k\xd2n\xfa\xd1\x82\x16\xea\x93\xc7\xb3?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb7\xf2K\xe9\xcf\xc6y\xb00\xe0\xa0\f\xef\x02\xd5 (S\xffhY\"\x83\x05M\x0f\v\xec0B\xa9\xd7\x80\xdaL\xa2Q\x8c\xde\x17* \xf5)tk\xb6\xb9\x86?\x1a\xff\xdc\xecP\xd1w1\xf4a\x00r\x06,\x86S\x11)\xf4\x16W\xd6\x86\x10\x02\x15mod\x854\xd4\'^\xb6\xe9f\xd6:\xfc5%\x16\xc5\xa5\xf1\x11k\xdd{\xaai\x8a\xde\xa6\x18,H\xd8\xe5\xf5g\xe7U\\(\x01\xc5\xde\x1d\x8acHf\x86`9qV|=\xbb\xd1\x95\x0f\x86\xffa\xb1\xdb\x82l\xc3\xcf\x88\xeeJ\xda\x8b0f\xac\xc2n\xd1\')\xf2\xaf\xc0\x06\x01\xb4b\xef\xa8!\xf9\n\xf7{C\xdc`h\b6>\x171\x16\x89\xa8\xe9OC\x7f\xb1\x1c', &(0x7f0000003dc0)='gcB\xc6+\xbf\xcc_\x81 \xd5\xb9\x93L9\x87\x84K\xb9!\x0eX czg\x14\xec*\xed\xa6u\xc4\x14*\xdb_\xe8\\\x96\n\xa6)\v\xf9 \xddb|\xe7\x14\x82\xbc\xc3\x90\xf9\r?i\x86Lpw\xba\xe1\v\x1a9G\x04\fpfP\xcf\xee<:C\x1e\\\x1f&\xafj?\x91\a\xea\x8d\x05\x83aJ\xf0v\xc0q\x84\x93il\v\x03\b\xadT\a\x14\xd7\xd5u\x84\x82\xb2\xd4(\x1d\x04\xf2\v\xe9\x8a\xdfU\xd1\x1f\x9b\x1d2mRQ\xea\x90\xa0m#\xa4\x1dy\x9d\xe9\xfa\x06\xa27\x9d;\xe4\xb4\x86\xa7&\xa9c6\x1b\x8d\xa6$\x82\x1b\x9a\x82\xc0o/\x8c\x97\xb9BJh\x9f\xb2\"\x95j\xd7PN\x89\x7f\xc8AB\xc7}T\xbe\xf1\xe7\xe2\xad\xdd\xc2\xb7\xe8Ac*v\xf7\x16\x8fe\xef\x84\xf5k\xa9\xeb\xebt\xc3\xf1f\xca\x04*\xec\xfa\xe5b\xeb\xb4\x99\xefSv\x82\xe2\xe3\x02)sP%Z\xad\x83\xda\xbe2\xa9\xf2\x04\xda\nU\x84\xc2\xe3E\xc1\xd8L\xb1r\xb0\xdaH\xf2{\xf6~\x0f\xb9\xdd.\x06W\xd7\x1dG<\x1e\f2c\xf4\xa0d\x11\x88\xee\xcc\x18(\rap\x98?\xb1$\xe9\xe9+\xa6\xfb\xb1\xc61\xf1\xe7m\x91]]\xb26\xbfA\x86\f\xda\fi\xc8\xefl&*\"_^5\xd1 H\x17\xf0\xa7\x83}\x92W\xeb\xe5\xa3\xcc\a\x10dxb\xc2\x13mNP\xac]\xc2\xc1\xa8\x1df_\xcax\xbd\xf4m\x1e\x18occU\xb6\\\xf5\xf3\xeb\xa3\x98\f1\x8b\x99\xf0P\x8e\x1b\xe3\x9e\xb9\x0f\xf9\xb0\xadd\x9d=d\x94\xec\xceQx\xdb\xf6zG!3\xd7\x05\xf0=k\xb7vo?1H\x86\x192\xb2&\xa5\x9d\xd7\xbc\x85\a\xfer\x14\x0e\xd9=\xa6\xa1\x03cz>R\x11\xba\xf9\x17\r\x98\ap\xda-\xb0R\t\x93.r/\xce\xa4\rK\xcb\x1aO\x03z$\xbeYvYn\xddI\xe7\x13\x8f\x15\xefL\xba`\x9d\xea\xed\xf0)s\x12r\x9b\xf2&\xf2-\xc6\xec\x96\x19\xc9\xd7\xda\x06\xba\x87\x18\xef+\xcdp\x95\xef\xd9\xb9s\x8b\xf3\x8b\x88<\xa0\xa3\xad\x8c\xaf&iMM\xc5>\xa7v\x17\xdf \xca\x86#\xa7*\xecl\xbfp\xc3x\xc3\xc1r\xbe7\xb5\xa3\xf11[`\xcb7z\xa0P\xd5p\xe9\xddC\xc0\x80=\xd9y\x01\x1c\xe7\x1cdN\xd5x\x89\xc9\xc0\xc4{\x01\xa6o\x9ceZ\xe1\xfa0?\x94\x1f\x9aQ\xf0Lf\x1e\x17A@\x06\x89\xadg+$/V\r\xc9oQ=k\xa0\xa6\\\x00\x99\x94\x10dy\x7f\xd1\xd2\xd04\x96\b\x80/\x9a\xfc\a\'\x83\xb8\xcd\xb1\xf5#\tr\xb4\xc4\x929\x01\xee\xe6\n\x8ba\xde\xdbsAzG\xe86\xfe\x83\x1d\xb3K2\xf0\x8f\xde\x85\x00M&\x00\x00O\x86\xec2/\xea\xe6$(L\x85\xf8Y\xcf,\xa3\x87^\xe1\xd8F\xe4AJ\xaa\x1f\xe9\xff?\x9aF\x97M\x80\xe9LR\xdc\x9f~\xce\xb5\xef\x14M\f#>O\xb44LB\xc6a\x82\xc5\x107\xae\xdb\v\xf7\xc4k\xab\xf8:\x1fj\xa2vf)\xee\xab\xb3C\x92\x8e\x80\xb1\x01\x85\xb1v\xae*\xa7])n)+\xd9\xcf\xe9\x9ag\x8a*u\xe4e?\xf9\x93\x93u\xd2M\xfd\xa1\xc5\xff\xd9\x15-\xabH\x90\x04\xea\x88\"\xfe\v\x1d\xa5}H\xee\xc7\x94\xdb\x02\xf7\t\x92\t5\x1e\x1e\xd6~R\x9e\xb5NV)\xa6\x1ff\xde\xbf\x97V\x87\v\x94\xb4\xb0\x7f3\xa3\x85c=\xb0\x8ab\x06\xfa\xe9\xb3\x1d\xc9.\x8br\xf9\xde\xd6\xe6\x14O\xc8\xff3ZA\xea\xd4\xa9]7\xd8\xed\xc6\xdf\x01\xb3\n8\xbf\xbe\x1e\v\x18\xd9\xb3+X4\xb5S\xe7\xf6oO;\xc5\xc8-\x9e\xb5\xbe\x97\xb4k\xd2n\xfa\xd1\x82\x16\xea\x93\xc7\xb3?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb7\xf2K\xe9\xcf\xc6y\xb00\xe0\xa0\f\xef\x02\xd5 (S\xffhY\"\x83\x05M\x0f\v\xec0B\xa9\xd7\x80\xdaL\xa2Q\x8c\xde\x17* \xf5)tk\xb6\xb9\x86?\x1a\xff\xdc\xecP\xd1w1\xf4a\x00r\x06,\x86S\x11)\xf4\x16W\xd6\x86\x10\x02\x15mod\x854\xd4\'^\xb6\xe9f\xd6:\xfc5%\x16\xc5\xa5\xf1\x11k\xdd{\xaai\x8a\xde\xa6\x18,H\xd8\xe5\xf5g\xe7U\\(\x01\xc5\xde\x1d\x8acHf\x86`9qV|=\xbb\xd1\x95\x0f\x86\xffa\xb1\xdb\x82l\xc3\xcf\x88\xeeJ\xda\x8b0f\xac\xc2n\xd1\')\xf2\xaf\xc0\x06\x01\xb4b\xef\xa8!\xf9\n\xf7{C\xdc`h\b6>\x171\x16\x89\xa8\xe9OC\x7f\xb1\x1c\xd4\xd5\xa7\x7f\xfd\xa8Y\xf0s_\xfb\x00\xa5\xdf\xe9N\xf5\xfb\rO\xe7.\xbf2\xcd\x99\x81\xb9(\x95\xd0\xdb^l}\x85\x93\xfa\x9b\xf3B\'\x19LP\xd0\xa7>K\xc6=\xb4\x8b)\x14\xb2\x81|\xa4k\xca\xe2V\x9d\x7f\xab\xe8wy\x93!P\x00aj\xfa\xf8\x86GK\xe7 \x17\xe4\xd6\xe8\xf0\xf7\x13\xb5j>\x1fW@;!\x8a\x1e\xd2O\xbb=\xa9\x8ePa4\x92E\xa3\x19\xc0^\xb7\x1c\t\xc2[\xd8\bh\x86\x87\xfe\xf6eg5+\xfb\";\xd6\xdb\xfb0\x85\t\xbb\xf78e3\x10\xc3:\xe4Rz\x84\xe0\xdd\xa3\xa4D\xa3\xdd\\S\x87\xaa\xaaU\xbc+X\xb7\x8e\xf6(j\xae\v\x06P\b,\xc4\x1dg3\xa4P\a\xa4\xc7\xa1\x051\xe6+aS\xb7\r\xc2W\x15,\xfd~\xfc\x06B\xecGZ\xb2\x81\xe3kH\x067I\xac\xd2\xa4k\xec1\v\x01uHfKV[\xd8F\xec\xd0 \t\xeb\xf4\xcd\xe9\x8e\x15\x16$\xe6k\xf8tFb\xcc\x92[<\x01\x16\xfe\x8cl\x81\xde\x82\x8e\xe9=\x1c\xe7\xf0\xfc?|\xf7/\xb6\x19\xe9\xf6h\xd7\xbcu\'j\x17(\x87\x1b\xc1XR?\v0l\x85\xd5;9\x96^\x83\xde\f\xdd\xed\xe4\x05\f7w\x8a+\xc7\xc2\xe4}r\xbe\xa6\xd1-\xd0\v\xc5\xe8B\x87\x824\x88\xcew\xa7\x8fOP?_\xb3\x93MM\xb5\xb0f\xd0\x8e\aNS\xb0@\t\nrug\xc2\x90\x196', &(0x7f0000000c40)='gcB\xc6+\xbf\xcc_\x81 \xd5\xb9\x93L9\x87\x84K\xb9!\x0eX czg\x14\xec*\xed\xa6u\xc4\x14*\xdb_\xe8\\\x96\n\xa6)\v\xf9 \xddb|\xe7\x14\x82\xc3\x90\xf9\r?i\x86Lpw\xba\xe1\v\x1a9G\x04\fpfP\xcf\xee<:C\x1e\\\x1f&\xaf\xea?\x91\a\xea\x8d\x05\x83aJ\xf0v\xc0q\x84\x93il\v\x03\b\xadT\a\x14\xd7\xd5u\x84\x82\xb2\xd4(\x1d\x04\xf2\v\xe9\x8a\xdfU\xd1\x1f\x9b\x1d2mRQ\xea\x90\xa0m#\xa4\x1dy\x9d\xe9\xfa\x06\xa27\x9d;\xe4\xb4\x86\xa7&\xa9c6\x1b\x8d\xa6$\x82\x1b\x9a\x82\xc0o/\x8c\x97\xb9BJh\x9f\xb2\"\x95j\xd7PN\x89\x7f\xc8AB\xc7}T\xbe\xf1\xe7\xe2\xad\xdd\xc2\xb7\xe8Ac*v\xf7\x16\x8fe\xef\x84\xf5k\xa9\xeb\xebt\xc3\xf1f\xca\x04*\xec\xfa\xe5b\xeb\xb4\x99\xefSv\x82\xe2\xe3\x02)sP%Z\xad\x83\xda\xbe2\xa9\xf2\x04\xda\nU\x84\xc2\xe3E\xc1\xd8L\xb1r\xb0\xdaH\xf2{\xf6~\x0f\xb9\xdd.\x06W\xd7\x1dG<\x1e\f2c\xf4\xa0d\x11\x88\xee\xcc\x18(\rap\x98?\xb1$\xe9\xe9+\xa6\xfb\xb1\xc61\xf1\xe7m\x91]]\xb26\xbfA\x86\f\xda\fi\xc8\xefl&*\"_^5\xd1 H\x17\xf0\xa7\x83}\x92W\xeb\xe5\xa3\xcc\a\x10dxb\xc2\x13mNP\xac]\xc2\xc1\xa8\x1df_\xcax\xbd\xf4m\x1e\x18occU\xb6\\\xf5\xf3\xeb\xa3\x98\f1\x8b\x99\xf0P\x8e\x1b\xe3\x9e\xb9\x0f\xf9\xb0\xadd\x9d=d\x94\xec\xceQx\xdb\xf6zG!3\xd7\x05\xf0=k\xb7vo?1H\x86\x192\xb2&\xa5\x9d\xd7\xbc\x85\a\xfer\x14\x0e\xd9=\xa6\xa1\x03cz>R\x11\xba\xf9\x17\r\x98\ap\xda-\xb0R\t\x93.r/\xce\xa4\rK\xcb\x1aO\x03z$\xbeYvYn\xddI\xe7\x13\x8f\x15\xefL\xba`\x9d\xea\xed\xf0)s\x12r\x9b\xf2&\xf2-\xc6\xec\x96\x19\xc9\xd7\xda\x06\xba\x87\x18\xef+\xcdp\x95\xef\xd9\xb9s\x8b\xf3\x8b\x88<\xa0\xa3\xad\x8c\xaf&iMM\xc5>\xa7v\x17\xdf \xca\x86#\xa7*\xecl\xbfp\xc3x\xc3\xc1r\xbe7\xb5\xa3\xf11[`\xcb7z\xa0P\xd5p\xe9\xddC\xc0\x80=\xd9y\x01\x1c\xe7\x1cdN\xd5x\x89\xc9\xc0\xc4{\x01\xa6o\x9ceZ\xe1\xfa0?\x94\x1f\x9aQ\xf0Lf\x1e\x17A@\x06\x89\xadg+$/V\r\xc9oQ=k\xa0\xa6\\\x00\x99\x94\x10dy\x7f\xd1\xd2\xd04\x96\b\x80/\x9a\xfc\a\'\x83\xb8\xcd\xb1\xf5#\tr\xb4\xc4\x929\x01\xee\xe6\n\x8ba\xde\xdbsAzG\xe86\xfe\x83\x1d\xb3K2\xf0\x8f\xde\x85\x00M&\x00\x00O\x86\xec2/\xea\xe6$(L\x85\xf8Y\xcf,\xa3\x87^\xe1\xd8F\xe4AJ\xaa\x1f\xe9\xff?\x9aF\x97M\x80\xe9LR\xdc\x9f~\xce\xb5\xef\x14M\f#>O\xb44LB\xc6a\x82\xc5\x107\xae\xdb\v\xf7\xc4k\xab\xf8:\x1fj\xa2vf)\xee\xab\xb3C\x92\x8e\x80\xb1\x01\x85\xb1v\xae*\xa7])n)+\xd9\xcf\xe9\x9ag\x8a*u\xe4e?\xf9\x93\x93u\xd2M\xfd\xa1\xc5\xff\xd9\x15-\xabH\x90\x04\xea\x88\"\xfe\v\x1d\xa5}H\xee\xc7\x94\xdb\x02\xf7\t\x92\t5\x1e\xd6~R\x9e\xb5NV)\xa6\x1ff\xde\xbf\x97V\x87\v\x94\xb4\xb0\x7f3\xa3\x85c=\xb0\x8ab\x06\xfa\xe9\xb3\x1d\xc9.\x8br\xf9\xde\xd6\xe6\x14O\xc8\xff3ZA\xea\xd4\xa9]7\xd8\xed\xc6\xdf\x01\xb3\n8\xbf\xbe\x1e\v\x18\xd9\xb3+X4\xb5S\xe7\xf6oO;\xc5\xc8-\x9e\xb5\xbe\x97\xb4k\xd2n\xfa\xd1\x82\x16\xea\x93\xc7\xb3?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb7\xf2K\xe9\xcf\xc6y\xb00\xe0\xa0\f\xef\x02\xd5 (S\xffhY\"\x83\x05M\x0f\v\xec0B\xa9\xd7\x80\xdaL\xa2Q\x8c\xde\x17* \xf5)tk\xb6\xb9\x86?\x1a\xff\xdc\xecP\xd1w1\xf4a\x00r\x06,\x86S\x11)\xf4\x16W\xd6\x86\x10\x02\x15mod\x854\xd4\'^\xb6\xe9f\xd6:\xfc5%\x16\xc5\xa5\xf1\x11k\xdd{\xaai\x8a\xde\xa6\x18,H\xd8\xe5\xf5g\xe7U\\(\x01\xc5\xde\x1d\x8acHf\x86`9qV|=\xbb\xd1\x95\x0f\x86\xffa\xb1\xdb\x82l\xc3\xcf\x88\xeeJ\xda\x8b0f\xac\xc2n\xd1\')\xf2\xaf\xc0\x06\x01\xb4b\xef\xa8!\xf9\n\xf7{C\xdc`h\b6>\x171\x16\x89\xa8\xe9OC\x7f\xb1\x1c\xd4\xd5\xa7\x7f\xfd\xa8Y\xf0s_\xfb\x00', &(0x7f0000001e80)='gcB\xc6+\xbf\xcc_\x81 \xd5\xb9\x93L9\x87\x84K\xb9!\x0eX czg\x14\xec*\xed\xa6u\xc4\x14*\xdb_\xe8\\\x96\n\xa6)\v\xf9 \xddb|\xe7\x14\x82\xc3\x90\xf9\r?i\x86Lpw\xba\xe1\v\x1a9G\x04\fpfP\xcf\xee<:C\x1e\\\x1f&\xaf\xea?\x91\a\xea\x8d\x05\x83aJ\xf0v\xc0q\x84\x93il\v\x03\b\xadT\a\x14\xd7\xd5u\x84\x82\xb2\xd4(\x1d\x04\xf2\v\xe9\x8a\xdfU\xd1\x1f\x9b\x1d2mRQ\xea\x90\xa0m#\xa4\x1dy\x9d\xe9\xfa\x06\xa27\x9d;\xe4\xb4\x86\xa7&\xa9c6\x1b\x8d\xa6$\x82\x1b\x9a\x82\xc0o/\x8c\x97\xb9BJh\x9f\xb2\"\x95j\xd7PN\x89\x7f\xc8AB\xc7}T\xbe\xf1\xe7\xe2\xad\xdd\xc2\xb7\xe8Ac*v\xf7\x16\x8fe\xef\x84\xf5k\xa9\xeb\xebt\xc3\xf1f\xca*\xec\xfa\xe5b\xeb\xb4\x99\xefSv\x82\xe2\xe3\x02)sP%Z\xad\x83\xda\xbe2\xa9\xf2\x04\xda\nU\x84\xc2\xe3E\xc1\xd8L\xb1r\xb0\xdaH\xf2{\xf6~\x0f\xb9\xdd.\x06W\xd7\x1dG<\x1e\f2c\xf4\xa0d\x11\x88\xee\xcc\x18(\rap\x98?\xb1$\xe9\xe9+\xa6\xfb\xb1\xc61\xf1\xe7m\x91]]\xb26\xbfA\x86\f\xda\fi\xc8\xefl&*\"_^5\xd1 H\x17\xf0\xa7\x83}\x92W\xeb\xe5\xa3\xcc\a\x10dxb\xc2\x13mNP\xac]\xc2\xc1\xa8\x1df_\xcax\xbd\xf4m\x1e\x18occU\xb6\\\xf5\xf3\xeb\xa3\x98\f1\x8b\x99\xf0P\x8e\x1b\xe3\x9e\xb9\x0f\xf9\xb0\xadd\x9d=d\x94\xec\xceQx\xdb\xf6zG!3\xd7\x05\xf0=k\xb7vo?1H\x86\x192\xb2&\xa5\x9d\xd7\xbc\x85\a\xfer\x14\x0e\xd9=\xa6\xa1\x03cz>R\x11\xba\xf9\x17\r\x98\ap\xda-\xb0R\t\x93.r/\xce\xa4\rK\xcb\x1aO\x03z$\xbeYvYn\xddI\xe7\x13\x8f\x15\xefL\xba`\x9d\xea\xed\xf0)s\x12r\x9b\xf2&\xf2-\xc6\xec\x96\x19\xc9\xd7\xda\x06\xba\x87\x18\xef+\xcdp\x95\xef\xd9\xb9s\x8b\xf3\x8b\x88<\xa0\xa3\xad\x8c\xaf&iMM\xc5>\xa7v\x17\xdf \xca\x86#\xa7*\xec\xbe7\xb5\xa3\xf11[`\xcb7z\xa0P\xd5p\xe9\xddC\xc0\x80=\xd9y\x01\x1c\xe7\x1cdN\xd5x\x89\xc9\xc0\xc4{\x01\xa6o\x9ceZ\xe1\xfa0?\x94\x1f\x9aQ\xf0Lf\x1e\x17A@\x06\x89\xadg+$/V\r\xc9oQ=k\xa0\xa6\\\x00\x99\x94\x10dy\x7f\xd1\xd2\xd04\x96\b\x80/\x9a\xfc\a\'\x83\xb8\xcd\xb1\xf5#\tr\xb4\xc4\x929\x01\xee\xe6\n\x8ba\xde\xdbsAzG\xe86\xfe\x83\x1d\xb3K2\xf0\x8f\xde\x85\x00M&\x00\x00O\x86\xec2/\xea\xe6$(L\x85\xf8Y\xcf,\xa3\x87^\xe1\xd8F\xe4AJ\xaa\x1f\xe9\xff?\x9aF\x97M\x80\xe9LR\xdc\x9f~\xce\xb5\xef\x14M\f#>O\xb44LB\xc6a\x82\xc5\x107\xae\xdb\v\xf7\xc4k\xab\xf8:\x1fj\xa2vf)\xee\xab\xb3C\x92\x8e\x80\xb1\x01\x85\xb1v\xae*\xa7])n)+\xd9\xcf\xe9\x9ag\x8a*u\xe4e?\xf9\x93\x93u\xd2M\xfd\xa1\xc5\xff\xd9\x15-\xabH\x90\x04\xea\x88\"\xfe\v\x1d\xa5}H\xee\xc7\x94\xdb\x02\xf7\t\x92\t5\x1e\xd6~R\x9e\xb5NV)\xa6\x1ff\xde\xbf\x97V\x87\v\x94\x94\xb0\x7f3\xa3\x85c=\xb0\x8ab\x06\xfa\xe9\xb3\x1d\xc9.\x8br\xf9\xde\xd6\xe6\x14O\xc8\xff3ZA\xea\xd4\xa9]7\xd8\xed\xc6\xdf\x01\xb3\n8\xbf\xbe\x1e\v\x18\xd9\xb3+X4\xb5S\xe7\xf6oO;\xc5\xc8-\x9e\xb5\xbe\x97\xb4k\xd2n\xfa\xd1\x82\x16\xea\x93\xc7\xb3?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb7\xf2K\xe9\xcf\xc6y\xb00\xe0\xa0\f\xef\x02\xd5 (S\xffhY\"\x83\x05M\x0f\v\xec0B\xa9\xd7\x80\xdaL\xa2Q\x8c\xde\x17* \xf5)tk\xb6\xb9\x86?\x1a\xff\xdc\xecP\xd1w1\xf4a\x00r\x06,\x86S\x11)\xf4\x16W\xd6\x86\x10\x02\x15mod\x854\xd4\'^\xb6\xe9f\xd6:\xfc5%\x16\xc5\xa5\xf1\x11k\xdd{\xaai\x8a\xde\xa6\x18,H\xd8\xe5\xf5g\xe7U\\(\x01\xc5\xde\x1d\x8acHf\x86`9qV|=\xbb\xd1\x95\x0f\x86\xffa\xb1\xdb\x82l\xc3\xcf\x88\xeeJ\xda\x8b0f\xac\xc2n\xd1\')\xf2\xaf\xc0\x06\x01\xb4b\xef\xa8!\xf9\n\xf7{C\xdc`h\b6>\x171\x16\x89\xa8\xe9OC\x7f\xb1\x1c\xd4\xd5\xa7\x7f\xfd\xa8Y\xf0s_\xfb\x00\xec^5c\xd1B\"\x1f\xaeHxU\x9a1z\xe7\xfa\xff\xfb\x1bi\xc92\x88g\xf6G\x9d\x80\x1e\x11\xd1\xa4\x1e\x92\xcd\xf5~&?\xb7mA\x9e?\x17C\xd1u\xfb-\xff\x14\xd1g<\x03\x19\x9a1\xecV`\xba\xe1\x85\xd4o\xdc\x8eK\xe0{\xb3R*Y\x05\x98\x83Vl\x81&\xe7^\xf9T\xf1\x14\xed\xf7\x16\xb8QH\xd9\xd6\x04{\xd2\xe5\x8b\xaaxS\xaf@\xcd\xb1\x87d\xc6\x00', &(0x7f0000001540)='gcB\xc6+\xbf\xcc_\x81 \xd5\xb9\x93L9\x87\x84K\xb9!\x0eX czg\x14\xec*\xed\xa6u\xc4\x14*\xdb_\xe8\\\x96\n\xa6)\v\xf9 \xddb|\xe7\x14\x82\xc3\x90\xf9\r?i\x86Lpw\xba\xe1\v\x1a9G\x04\fpfP\xcf\xee<:C\x1e\\\x1f&\xaf\xea?\x91\a\xea\x8d\x05\x83aJ\xf0v\xc0q\x84\x93il\v\x03\b\xadT\a\x14\xd7\xd5u\x84\x82\xb2\xd4(\x1d\x04\xf2\v\xe9\x8a\xdfU\xd1\x1f\x9b\x1d2mRQ\xea\x90\xa0m#\xa4\x1dy\x9d\xe9\xfa\x06\xa27\x9d;\xe4\xb4\x86\xa7&\xa9c6\x1b\x8d\xa6$\x82\x1b\x9a\x82\xc0o/\x8c\x97\xb9BJh\x9f\xb2\"\x95j\xd7PN\x89\x7f\xc8AB\xc7}T\xbe\xf1\xe7\xe2\xad\xdd\xc2\xb7\xe8Ac*v\xf7\x16\x8fe\xef\x84\xf5k\xa9\xeb\xebt\xc3\xf1f\xca\x04*\xec\xfa\xe5b\xeb\xb4\x99\xefSv\x82\xe2\xe3\x02)sP%Z\xad\x83\xda\xbe2\xa9\xf2\x04\xda\nU\x84\xc2\xe3E\xc1\xd8L\xb1r\xb0\xdaH\xf2{\xf6~\x0f\xb9\xdd.\x06W\xd7\x1dG<\x1e\f2c\xf4\xa0d\x11\x88\xee\xcc\x18(\rap\x98?\xb1$\xe9\xe9+\xa6\xfb\xb1\xc61\xf1\xe7m\x91]]\xb26\xbfA\x86\f\xda\fi\xc8\xefl&*\"_^5\xd1 H\x17\xf0\xa7\x83}\x92W\xeb\xe5\xa3\xcc\a\x10dxb\xc2\x13mNP\xac]\xc2\xc1\xa8\x1df_\xcax\xbd\xf4m\x1e\x18occU\xb6\\\xf5\xf3\xeb\xa3\x98\f1\x8b\x99\xf0P\x8e\x1b\xe3\x9e\xb9\x0f\xf9\xb0\xadd\x9d=d\x94\xec\xceQx\xdb\xf6zG!3\xd7\x05\xf0=k\xb7vo?1H\x86\x192\xb2&\xa5\x9d\xd7\xbc\x85\a\xfer\x14\x0e\xd9=\xa6\xa1\x03cz>R\x11\xba\xf9\x17\r\x98\ap\xda-\xb0R\t\x93.r/\xce\xa4\rK\xcb\x1aO\x03z$\xbeYvYn\xddI\xe7\x13\x8f\x15\xefL\xba`\x9d\xea\xed\xf0)s\x12r\x9b\xf2&\xf2-\xc6\xec\x96\x19\xc9\xd7\xda\x06\xba\x87\x18\xef+\xcdp\x95\xef\xd9\xb9s\x8b\xf3\x8b\x88<\xa0\xa3\xad\x8c\xaf&iMM\xc5>\xa7v\x17\xdf \xca\x86#\xa7*\xecl\xbfp\xc3x\xc3\xc1r\xbe7\xb5\xa3\xf11[`\xcb7z\xa0P\xd5p\xe9\xddC\xc0\x80=\xd9y\x01\x1c\xe7\x1cdN\xd5x\x89\xc9\xc0\xc4{\x01\xa6o\x9ceZ\xe1\xfa0?\x94\x1f\x9aQ\xf0Lf\x1e\x17A@\x06\x89\xadg+$/V\r\xc9oQ=k\xa0\xa6\\\x00\x99\x94\x10dy\x7f\xd1\xd2\xd04\x96\b\x80/\x9a\xfc\a\'\x83\xb8\xcd\xb1\xf5#\tr\xb4\xc4\x92\x1f\x00\xee\xe6\n\x8ba\xde\xdbsAzG\xe86\xfe\x83\x1d\xb3K2\xf0\x8f\xde\x85\x00M&\x00\x00O\x86\xec2/\xea\xe6$(L\x85\xf8Y\xcf,\xa3\x87^\xe1\xd8F\xe4AJ\xaa\x1f\xe9\xff?\x9aF\x97M\x80\xe9LR\xdc\x9f~\xce\xb5\xef\x14M\f#>O\xb44LB\xc6a\x82\xc5\x107\xae\xdb\v\xf7\xc4k\xab\xf8:\x1fj\xa2vf)\xee\xab\xb3C\x92\x8e\x80\xb1\x01\x85\xb1v\xae*\xa7])n)+\xd9\xcf\xe9\x9ag\x8a*u\xe4e?\xf9\x93\x93u\xd2M\xfd\xa1\xc5\xff\xd9\x15-\xabH\x90\x04\xea\x88\"\xfe\v\x1d\xa5}H\xee\xc7\x94\xdb\x02\xf7\t\x92\t5\x1e\xd6~R\x9e\xb5NV)\xa6\x1ff\xde\xbf\x97V\x87\v\x94\xb4\xb0\x7f3\xa3\x85c=\xb0\x8ab\x06\xfa\xe9\xb3\x1d\xc9.\x8br\xf9\xde\xd6\xe6\x14O\xc8\xff3ZA\xea\xd4\xa9]7\xd8\xed\xc6\xdf\x01\xb3\n8\xbf\xbe\x1e\v\x18\xd9\xb3+X4\xb5S\xe7\xf6oO;\xc5\xc8-\x9e\xb5\xbe\x97\xb4k\xd2n\xfa\xd1\x82\x16\xea\x93\xc7\xb3?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb7\xf2K\xe9\xcf\xc6y\xb00\xe0\xa0\f\xef\x02\xd5 (S\xffhY\"\x83\x05M\x0f\v\xec0B\xa9\xd7\x80\xdaL\xa2Q\x8c\xde\x17* \xf5)tk\xb6\xb9\x86?\x1a\xff\xdc\xecP\xd1w1\xf4a\x00r\x06,\x86S\x11)\xf4\x16W\xd6\x86\x10\x02\x15mod\x854\xd4\'^\xb6\xe9f\xd6:\xfc5%\x16\xc5\xa5\xf1\x11k\xdd{\xaai\x8a\xde\xa6\x18,H\xd8\xe5\xf5g\xe7U\\(\x01\xc5\xde\x1d\x8acHf\x86`9qV|=\xbb\xd1\x95\x0f\x86\xffa\xb1\xdb\x82l\xc3\xcf\x88\xeeJ\xda\x8b0f\xac\xc2n\xd1\')\xf2\xaf\xc0\x06\x01\xb4b\xef\xa8!\xf9\n\xf7{C\xdc`h\b6>\x171\x16\x89\xa8\xe9OC\x7f\xb1\x1c\xd4\xd5\xa7\x7f\xfd\xa8Y\xf0s_\xfb\x00', &(0x7f0000003940)='gcB\xc6+\xbf\xcc_\x81 \xd5\xb9\x93L9\x87\x84K\xb9!\x0eX czg\x14\xec*\xed\xa6u\xc4\x14*\xdb_\xe8\\\x96\n\xa6)\v\xf9 \xddb|\xe7\x14\x82\xc3\x90\xf9\r?i\x86Lpw\xba\xe1\v\x1a9G\x04\fpfP\xcf\xee<:C\x1e\\\x1f&\xaf\xea?\x91\a\xea\x8d\x05\x83aJ\xf0v\xc0q\x84\x93il\v\x03\b\xadT\a\x14\xd7\xd5u\x84\x82\xb2\xd4(\x1d\x04\xf2\v\xe9\x8a\xdfU\xd1\x1f\x9b\x1d2mRQ\xea\x90\xa0m#\xa4\x1dy\x9d\xe9\xfa\x06\xa27\x9d;\xe4\xb4\x86\xa7&\xa9c6\x1b\x8d\xa6$\x82\x1b\x9a\x82\xc0o/\x8c\x97\xb9BJh\x9f\xb2\"\x95j\xd7PN\x89\x7f\xc8AB\xc7}T\xbe\xf1\xe7\xe2\xad\xdd\xc2\xb7\xe8Ac*v\xf7\x16\x8fe\xef\x84\xf5\x84\xa9\xeb\xebt\xc3\xf1f\xca\x04*\xec\xfa\xe5b\xeb\xb4\x99\xefSv\x82\xe2\xe3\x02)sP%Z\xad\x83\xda\xbe2\xa9\xf2\x04\xda\nU\x84\xc2\xe3E\xc1\xd8L\xb1r\xb0\xdaH\xf2{\xf6~\x0f\xb9\xdd.\x06W\xd7\x1dG<\x1e\f2c\xf4\xa0d\x11\x88\xee\xcc\x18(\rap\x98?\xb1$\xe9\xe9+\xa6\xfb\xb1\xc61\xf1\xe7m\x91]]\xb26\xbfA\x86\f\x00\x10\x00\x00\xefl&*\"_^5\xd1 H\x17\xf0\xa7\x83}\x92W\xeb\xe5\xa3\xcc\a\x10dxb\xc2\x13mNP\xac]\xc2\xc1\xa8\x1df_\xcax\xbd\xf4m\x1e\x18occU\xb6\\\xf5\xf3\xeb\xa3\x98\f1\x8b\x99\xf0P\x8e\x1b\xe3\x9e\xb9\x0f\xf9\xb0\xadd\x9d=d\x94\xec\xceQx\xdb\xf6zG!3\xd7\x05\xf0=k\xb7vo?1H\x86\x192\xb2&\xa5\x9d\xd7\xbc\x85\a\xfer\x14\x0e\xd9=\xa6\xa1\x03cz>R\x11\xba\xf9\x17\r\x98\ap\xda-\xb0R\t\x93.r/\xce\xa4\rK\xcb\x1aO\x03z$\xbeYvYn\xddI\xe7\x13\x8f\x15\xefL\xba`\x9d\xea\xed\xf0)s\x12r\x9b\xf2&\xf2-\xc6\xec\x96\x19\xc9\xd7\xda\x06\xba\x87\x18\xef+\xcdp\x95\xef\xd9\xb9s\x8b\xf3\x8b\x88<\xa0\xa3\xad\x8c\xaf&iMM\xc5>\xa7v\x17\xdf \xca\x86#\xa7*\xecl\xbfp\xc3x\xc3\xc1r\xbe7\xb5\xa3\xf11[`\xcb7z\xa0P\xd5p\xe9\xddC\xc0\x80=\xd9y\x01\x1c\xe7\x1cdN\xd5x\x89\xc9\xc0\xc4{\x01\xa6o\x9ceZ\xe1\xfa0?\x94\x1f\x9aQ\xf0Lf\x1e\x17A@\x06\x89\xadg+$/V\r\xc9oQ=k\xa0\xa6\\\x00\x99\x94\x10dy\x7f\xd1\xd2\xd04\x96\b\x80/\x9a\xfc\a\'\x83\xb8\xcd\xb1\xf5#\tr\xb4\xc4\x929\x01\xee\xe6\n\x8ba\xde\xdbsAzG\xe86\xfe\x83\x1d\xb3K2\xf0\x8f\xde\x85\x00M&\x00\x00O\x86\xec2/\xea\xe6$(L\x85\xf8Y\xcf,\xa3\x87^\xe1\xd8F\xe4AJ\xaa\x1f\xe9\xff?\x9aF\x97M\x80\xe9LR\xdc\x9f~\xce\xb5\xef\x14M\f#>O\xb44LB\xc6a\x82\xc5\x107\xae\xdb\v\xf7\xc4k\xab\xf8:\x1fj\xa2vf)\xee\xab\xb3C\x92\x8e\x80\xb1\x01\x85\xb1v\xae*\xa7])n)+\xd9\xcf\xe9\x9ag\x8a*u\xe4e?\xf9\x93\x93u\xd2M\xfd\xa1\xc5\xff\xd9\x15-\xabH\x90\x04\xea\x88\"\xfe\v\x1d\xa5}H\xee\xc7\x94\xdb\x02\xf7\t\x92\t5\x1e\xd6~R\x9e\xb5NV)\xa6\x1ff\xde\xbf\x97V\x87\v\x94\xb4\xb0\x7f3\xa3\x85c=\xb0\x8ab\x06\xfa\xe9\xb3\x1d\xc9.\x8br\xf9\xde\xd6\xe6\x14O\xc8\xff3ZA\xea\xd4\xa9]7\xd8\xed\xc6\xdf\x01\xb3\n8\xbf\xbe\x1e\v\x18\xd9\xb3+X4\xb5S\xe7\xf6oO;\xc5\xc8-\x9e\xb5\xbe\x97\xb4k\xd2n\xfa\xd1\x82\x16\xea\x93\xc7\xb3?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb7\xf2K\xe9\xcf\xc6y\xb00\xe0\xa0\f\xef\x02\xd5 (S\xffhY\"\x83\x05M\x0f\v\xec0B\xa9\xd7\x80\xdaL\xa2Q\x8c\xde\x17* \xf5)tk\xb6\xb9\x86?\x1a\xff\xdc\xecP\xd1w1\xf4a\x00r\x06,\x86S\x11)\xf4\x16W\xd6\x86\x10\x02\x15mod\x854\xd4\'^\xb6\xe9f\xd6:\xfc5%\x16\xc5\xa5\xf1\x11k\xdd{\xaai\x8a\xde\xa6\x18,H\xd8\xe5\xf5g\xe7U\\(\x01\xc5\xde\x1d\x8acHf\x86`9qV|=\xbb\xd1\x95\x0f\x86\xffa\xb1\xdb\x82l\xc3\xcf\x88\xeeJ\xda\x8b0f\xac\xc2n\xd1\')\xf2\xaf\xc0\x06\x01\xb4b\xef\xa8!\xf9\n\xf7{C\xdc`h\b6>\x171\x16\x89\xa8\xe9OC\x7f\xb1\x1c\xd4\xd5\xa7\x7f\xfd\xa8Y\xf0s_\xfb\x00', &(0x7f0000000140)='$@\x00'], &(0x7f0000000040)=[&(0x7f0000002680)='gcB\xc6+\xbf\xcc_\x81 \xd5\xb9\x93L9\x87\x84K\xb9!\x0eX czg\x14\xec*\xed\xa6u\xc4\x14*\xdb_\xe8\\\x96\n\xa6)\v\xf9 \xddb|\xe7\x14\x82\xc3\x90\xf9\r?i\x86Lpw\xba\xe1\v\x1a9G\x04\fpfP\xcf\xee<:C\x1e\\\x1f&\xaf\xea?\x91\a\xea\x8d\x05\x83aJ\xf0v\xc0q\x84\x93il\v\x03\b\xadT\a\x14\xd7\xd5u\x84\x82\xb2\xd4(\x1d\x04\xf2\v\xe9\x8a\xdfU\xd1\x1f\x9b\x1d2mRQ\xea\x90\xa0m#\xa4\x1dy\x9d\xe9\xfa\x06\xa27\x9d;\xe4\xb4\x86\xa7&\xa9c6\x1b\x8d\xa6$\x82\x1b\x9a\x82\xc0o/\x8c\x97\xb9BJh\x9f\xb2\"\x95j\xd7PN\x89\x7f\xc8AB\xc7}T\xbe\xf1\xe7\xe2\xad\xdd\b\xb7\xe8Ac*v\xf7\x16\x8fe\xef\x84\xf5k\xa9\xeb\xebt\xc3\xf1f\xca\x04*\xec\xfa\xe5b\xeb\xb4\x99\xefSv\x82\xe2\xe3\x02)sP%Z\xad\x83\xda\xbe2\xa9\xf2\x04\xda\nU\x84\xc2\xe3E\xc1\xd8L\xb1r\xb0\xdaH\xf2{\xf6~\x0f\xb9\xdd.\x06W\xd7\x1dG<\x1e\f2c\xf4\xa0d\x11\x88\xee\xcc\x18(\rap\x98?\xb1$\xe9\xe9+\xa6\xfb\xb1\xc61\xf1\xe7m\x91]]\xb26\xbfA\x86\f\xda\fi\xc8\xefl&*\"_^5\xd1 H\x17\xf0\xa7\x83}\x92W\xeb\xe5\xa3\xcc\a\x10dxb\xc2\x13mNP\xac]\xc2\xc1\xa8\x1df_\xcax\xbd\xf4m\x1e\x18occU\xb6\\\xf5\xf3\xeb\xa3\x98\f1\x8b\x99\xf0P\x8e\x1b\xe3\x9e\xb9\x0f\xf9\xb0\xadd\x9d=d\x94\xec\xceQx\xdb\xf6zG!3\xd7\x05\xf0=k\xb7vo?1H\x86\x192\xb2&\xa5\x9d\xd7\xbc\x85\a\xe1r\x14\x0e\xd9=\xa6\xa1\x03cz>R\x11\xba\xf9\x17\r\x98\ap\xda-\xb0R\t\x93.r/\xce\xa4\rK\xcb\x1aO\x03z$\xbeYvYn\xddI\xe7\x13\x8f\x15\xefL\xba`\x9d\xea\xed\xf0)s\x12r\x9b\xf2&\xf2-\xc6\xec\x96\x19\xc9\xd7\xda\x06\xba\x87\x18\xef+\xcdp\x95\xef\xd9\xb9s\x8b\xf3\x8b\x88<\xa0\xa3\xad\x8c\xaf&iMM\xc5>\xa7v\x17\xdf \xca\x86#\xa7*\xecl\xbfp\xc3x\xc3\xc1r\xbe7\xb5\xa3\xf11[`\xcb7z\xa0P\xd5p\xe9\xddC\xc0\x80=\xd9y\x01\x1c\xe7\x1cdN\xd5x\x89\xc9\xc0\xc4{\x01\xa6o\x9ceZ\xe1\xfa0?\x94\x1f\x9aQ\xf0Lf\x1e\x17A@\x06\x89\xadg+$/V\r\xc9oQ=k\xa0\xa6\\\x00\x99\x94\x10dy\x7f\xd1\xd2\xd04\x96\b\x80/\x9a\xfc\a\'\x83\xb8\xcd\xb1\xf5#\t\x86\xb4\xc4\x929\x01\xee\xe6\n\x8ba\xde\xdbsAzG\xe86\xfe\x93\x1d\xb3K2\xf0\x8f\xde\x85\x00M&\x00\x00O\x86\xec2/\xea\xe6$(L\x85\xf8Y\xcf,\xa3\x87^\xe1\xd8F\xe4AJ\xaa\x1f\xe9\xff?\x9aF\x97M\x80\xe9LR\xdc\x9f~\xce\xb5\xef\x14M\f#>O\xb44LB\xc6a\x82\xc5\x107\xae\xdb\v\xf7\xc4k\xab\xf8:\x1fj\xa2vf)\xee\xab\xb3C\x92\x8e\x80\xb1\x01\x85\xb1v\xae*\xa7])n)+\xd9\xcf\xe9\x9ag\x8a*u\xe4e?\xf9\x93\x93u\xd2M\xfd\xa1\xc5\xff\xd9\x15-\xabH\x90\x04\xea\x88\"\xfe\v\x1d\xa5}H\xee\xc7\x94\xdb\x02\xf7\t\x92\t5\x1e\xd6~R\x9e\xb5NV)\xa6\x1ff\xde\xbf\x97V\x87\v\x94\xb4\xb0\x7f3\xa3\x85c=\xb0\x8ab\x06\xfa\xe9\xb3\x1d\xc9.\x8br\xf9\xde\xd6\xe6\x14O\xc8\xff3ZA\xea\xd4\xa9]7\xd8\xed\xc6\xdf\x01\xb3\n8\xbf\xbe\x1e\v\x18\xd9\xb3+X4\xb5S\xe7\xf6oO;\xc5\xc8-\x9e\xb5\xbe\x97\xb4k\xd2n\xfa\xd1\x82\x16\xea\x93\xc7\xb3?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb7\xf2K\xe9\xcf\xc6y\xb00\xe0\xa0\f\xef\x02\xd5 (S\xffhY\"\x83\x05M\x0f\v\xec0B\xa9\xd7\x80\xdaL\xa2Q\x8c\xde\x17* \xf5)tk\xb6\xb9\x86?\x1a\xff\xdc\xecP\xd1w1\xf4a\x00r\x06,\x86S\x11)\xf4\x16W\xd6\x86\x10\x02\x15mod\x854\xd4\'^\xb6\xe9f\xd6:\xfc5%\x16\xc5\xa5\xf1\x11k\xdd{\xaai\x8a\xde\xa6\x18,H\xd8\xe5\xf5g\xe7U\\(\x01\xc5\xde\x1d\x8acHf\x86`9qV|=\xbb\xd1\x95\x0f\x86\xffa\xb1\xdb\x82l\xc3\xcf\x88\xeeJ\xda\x8b0f\xac\xc2n\xd1\')\xf2\xaf\xc0\x06\x01\xb4b\xef\xa8!\xf9\n\xf7{C\xdc`h\b6>\x171\x16\x89\xa8\xe9OC\x7f\xb1\x1c\xd4\xd5\xa7\x7f\xfd\xa8Y\xf0s_\xfb\x00', &(0x7f0000002b00)='gcB\xc6+\xbf\xcc_\x81 \xd5\xb9\x93L9\x87\x84K\xb9!\x0eX czg\x14\xec*\xed\xa6u\xc4\x14*\xdb_\xe8\\\x96\n\xa6)\v\xf9 \xddb|\xe7\x14\x82\xc3\x90\xf9\r?i\x86Lpw\xba\xe1\v\x1a9G\x04\fpfP\xcf\xee<:C\x1e\\\x1f&\xaf\xea?\x91\a\xea\x8d\x05\x83aJ\xf0v\xc0q\x84\x93il\v\x03\b\xadT\a\x14\xd7\xd5u\x84\x82\xb2\xd4(\x1d\x04\xf2\v\xe9\x8a\xdfU\xd1\x1f\x9b\x1d2mRQ\xea\x90\xa0m#\xa4\x1dy\x9d\xe9\xfa\x06\xa27\x9d;\xe4\xb4\x86\xa7&\xa9c6\x1b\x8d\xa6$\x82\x1b\x9a\x82\xc0o/\x8c\x97\xb9BJh\x9f\xb2\"\x95j\xd7PN\x89\x7f\xc8AB\xc7}T\xbe\xf1\xe7\xe2\xad\xdd\xc2\xb7\xe8Ac*v\xf7\x16\x8fe\xef\x84\xf5k\xa9\xeb\xebt\xc3\xf1f\xca\x04*\xec\xfa\xe5b\xeb\xb4\x99\xefSv\x82\xe2\xe3\x02)sP%Z\xad\x83\xda\xbe2\xa9\xf2\x04\xda\nU\x84\xc2\xe3E\xc1\xd8L\xb1r\xb0\xdaH\xf2{\xf6~\x0f\xb9\xdd.\x06W\xd7\x1dG<\x1e\f2c\xf4\xa0d\x11\x88\xee\xcc\x18(\rap\x98?\xb1$\xe9\xe9+\xa6\xfb\xb1\xc61\xf1\xe7m\x91]]\xb26\xbfA\x86\f\xda\fi\xc8\xefl&*\"_^5\xd1 H\x17\xf0\xa7\x83}\x92W\xeb\xe5\xa3\xcc\a\x10dxb\xc2\x13mNP\xac]\xc2\xc1\xa8\x1df_\xcax\xbd\xf4m\x1e\x18occU\xb6\\\xf5\xf3\xeb\xa3\x98\f1\x8b\x99\xf0P\x8e\x1b\xe3\x9e\xb9\x0f\xf9\xb0\xadd\x9d=d\x94\xec\xceQx\xdb\xf6zG!3\xd7\x05\xf0=k\xb7vo?1H\x86\x192\xb2&\xa5\x9d\xd7\xbc\x85\a\xfer\x14\x0e\xd9=\xa6\xa1\x03cz>R\x11\xba\xf9\x17\r\x98\ap\xda-\xb0R\t\x93.r/\xce\xa4\rK\xcb\x1aO\x03z$\xbeYvYn\xddI\xe7\x13\x8f\x15\xefL\xba`\x9d\xea\xed\xf0)s\x12r\x9b\xf2&\xf2-\xc6\xec\x96\x19\xc9\xd7\xda\x06\xba\x87\x18\xef+\xcdp\x95\xef\xd9\xb9s\x8b\xf3\x8b\x88<\xa0\xa3\xad\x8c\xaf&iMM\xc5>\xa7v\x17\xdf \xca\x86#\xa7*\xecl\xbfp\xc3x\xc3\xc1r\xbe7\xb5\xa3\xf11[`\xcb7z\xa0P\xd5p\xe9\xddC\xc0\x80=\xd9y\x01\x1c\xe7\x1cdN\xd5x\x89\xc9\xc0\xc4{\x01\xa6o\x9ceZ\xe1\xfa0?\x94\x1f\x9aQ\xf0Lf\x1e\x17A@\x06\x89\xadg+$/V\r\xc9oQ=k\xa0\xa6\\\x00\x99\x94\x10dy\x7f\xd1\xd2\xd04\x96\b\x80/\x9a\xfc\a\'\x83\xb8\xcd\xb1\xf5#\tr\xb4\xc4\x929\x01\xee\xe6\n\x8ba\xde\xdbsAzG\xe86\xfe\x83\x1d\xb3K2\xf0\x8f\xde\x85\x00M&\x00\x00O\x86\xec2/\xea\xe6$(L\x85\xf8Y\xcf,\xa3\x87^\xe1\xd8F\xe4AJ\xaa\x1f\xe9\xff?\x9aF\x97M\x80\xe9LR\xdc\x9f~\xce\xb5\xef\x14M\f#>O\xb44LB\xc6a\x82\xc5\x107\xae\xdb\v\xf7\xc4k\xab\xf8:\x1fj\xa2vf)\xee\xab\xb3C\x92\x8e\x80\xb1\x01\x85\xb1v\xae*\xa7])n)+\xd9\xcf\xe9\x9ag\x8a*u\xe4e?\xf9\x93\x93u\xd2M\xfd\xa1\xc5\xff\xd9\x15-\xabH\x90\x04\xea\x88\"\xfe\v\x1d\xa5}H\xee\xc7\x94\xdb\x02\xf7\t\x92\t5\x1e\xd6~R\x9e\xb5NV)\xa6\x1ff\xde\xbf\x97V\x87\v\x94\xb4\xb0\x7f3\xa3\x85c=\xb0\x8ab\x06\xfa\xe9\xb3\x1d\xc9.\x8br\xf9\xde\xd6\xe6\x14O\xc8\xff3ZA\xea\xd4\xa9]7\xd8\xed\xc6\xdf\x01\xb3\n8\xbf\xbe\x1e\v\x18\xd9\xb3+X4\xb5S\xe7\xf6oO;\xc5\xc8-\x9e\xb5\xbe\x97\xb4k\xd2n\xfa\xd1\x82\x16\xea\x93\xc7\xb3?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb7\xf2K\xe9\xcf\xc6y\xb00\xe0\xa0\f\xef\x02\xd5 (S\xffhY\"\x83\x05M\x0f\v\xec0B\xa9\xd7\x80\xdaL\xa2Q\x8c\xde\x17* \xf5)tk\xb6\xb9\x86?\x1a\xff\xdc\xecP\xd1w1\xf4a\x00r\x06,\x86S\x11)\xf4\x16W\xd6\x86\x10\x02\x15mod\x854\xd4\'^\xb6\xe9f\xd6:\xfc5%\x16\xc5\xa5\xf1\x11k\xdd{\xaai\x8a\xde\xa6\x18,H\xd8\xe5\xf5g\xe7U\\(\x01\xc5\xde\x1d\x8acHf\x86`9qV|=\xbb\xd1\x95\x0f\x86\xffa\xb1\xdb\x82l\xc3\xcf\x88\xeeJ\xda\x8b0f\xac\xc2n\xd1\')\xf2\xaf\xc0\x06\x01\xb4b\xef\xa8!\xf9\n\xf7{C\xdc`h\b6>\x171\x16\x89\xa8\xe9OC\x7f\xb1\x1c\xd4\xd5\xa7\x7f\xfd\xa8Y\xf0s_\xfb\x00']) socket$inet6_mptcp(0xa, 0x1, 0x106) 6.808614073s ago: executing program 1 (id=1284): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="0406000000000000005872133b22b9441a168f2463fce7e35d03"], 0x1a) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) syz_open_dev$tty1(0xc, 0x4, 0x1) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0x0, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req={0x8000, 0xffffffff, 0x2, 0x8000}, 0x10) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x6, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x8, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="62000000000000007b0a00ff000000001d0a000000000000950000000000000018100000", @ANYRES32, @ANYBLOB="100000002500000000000000009500000000000000"], &(0x7f0000000140)='GPL\x00', 0xa, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x47, 0x10, 0x0, 0x1e}, 0x2d) bpf$MAP_CREATE(0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) open(0x0, 0x0, 0x0) r1 = syz_open_dev$video(&(0x7f0000003d00), 0x9, 0x0) read(r1, &(0x7f0000000d00)=""/132, 0x84) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000780)={'batadv_slave_1\x00'}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_SIOCOUTQNSD(r3, 0x894b, &(0x7f0000000180)) 6.53989242s ago: executing program 2 (id=1285): r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f000001aa80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) 6.360130626s ago: executing program 1 (id=1288): r0 = open(&(0x7f00000004c0)='./bus\x00', 0x143042, 0x0) ftruncate(r0, 0x3f) syz_io_uring_setup(0x0, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x200000b, 0x59033, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x801) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 5.83857189s ago: executing program 2 (id=1291): sendmmsg$sock(0xffffffffffffffff, &(0x7f00000003c0), 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) getsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000140)) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f00000000c0)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0) epoll_ctl$EPOLL_CTL_DEL(0xffffffffffffffff, 0x2, 0xffffffffffffffff) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-generic\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg$unix(r3, &(0x7f000000a040)=[{{0x0, 0x0, &(0x7f0000003f00)=[{&(0x7f0000000e40)="958d805bf14fbf04e1b3d1e9be4f8326a1d9b63a455073da21a008f67e69228331793783eaae1d33c81a8f2b1e36d3e15c1d298c543326377169b8dc908f10ec82be00df5b8f9097d8ca8fc9fedd586783e79d2de778fb6ad54f6e882fcdf4e6823b1d39807b0efb0a9f00ee6411d8329c82ecbc2be25dd70e6197c3f7b569581c88ba3e1293997a7cf04d0cb5f90eabc7321dccfcad5f112c30b08f6b1ad6874ed256562e3d63ffd7865d46e53df1ef858bc60ba1ad9867f0326dbcbbca3e463fe295f07df1111c57023a8d9d8cae73bfaa5ec45517f6b51bed2444110c2c84ef8a2407145dae8fb5bf47218b272f82529f2cc5b350a96980a63ca16ed42a09d3ea39459ac81302f73cb25a0f3691b8d759613aa72967c4d516fb1a2ccf7c6cec0273768bb849b9eaebc23ee729e0bf06bcac13cc9683bc616b8a4e5077c0d59cd6e2f7e0e95d856b0779873e50d3f03f3272aa8f7e33f7268d8932485b05a713bde55cb5e1654fdad201713bcedb681f6f54a12cd9decbba8441c41919dd3b7b0a0acf6ff93a229729a875b0a0ca44a2e492e700433c1b5749a905c93a7350420cf93132146df1d3bb01c1e8cd8c27a27be3cedb1681bff806899d1392fd2f4db8e3a0dceb0b8f11fe916634701452e6fbdaad62df0d5d94dac750a3ef7e4e15f883ee43b477c12aba8461710781f36c6540efcb827a2a5ebccd25b7892fcbb70c9cf13e71f8037ba448a68314236ce3841679da4082817f68c3bd549a9ca55f83bef2fc216ec6c275a01054e35e7ee1ef74def105755fb7a07d82b62ae6186cb6ab86ad6405a8a4eef879c146e60c4cf79a5f90e5586b7eb288e29835c8697dbf8e63fa4e8215abf7764882cc81a680c9f72bac28bb86efe2c87fda5d510de157f23f504a0da6e649b05ffbedfb3a59a5965f039530ac8c4f053904c08d4c02a2c3ed7691da14e6e712a8e221a2f638df3ae1aa2d7f42414143308fddb30f62c0b56449e9118b5ff9f4eeafecc49ab239750e823ac21af0a8c2891c9ec930daa139ec40fc5a894de2e67c49b19a458032c5809ba3c5a3f1db49f07c488ecfc5c3bb6f2d2f8152b1bc03b362a979b4567e173d9fd7d8e935e8610370c25b634f7874936bec5dd984baf6604a020e5b50bd471309f3d78ab3e7b9b21d80684d0905f788", 0x344}, {&(0x7f0000002e40)="92109e91e19e53f9fb273a91e4064e6047e8a1b784e9f88dad09db1855fde00124dc87cb3e460cad18abbdd31ce629fe83bddf6b08c3fbbf716d5010804aee5fae63ea7fc037c4d07102a207f7b9cb37cbb026c5ec2a4ef475644f1153bf39d3661153a2e2c5", 0x66}], 0x2, &(0x7f0000005300)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYRES32=0xee01, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32=r3], 0x78, 0x24000010}}], 0x1, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) r4 = socket(0x840000000002, 0x3, 0x100) connect$inet(r4, 0x0, 0x0) sendmmsg$inet(r4, &(0x7f0000005240), 0x4000095, 0x0) setsockopt$inet_buf(r4, 0x0, 0x28, 0x0, 0x0) syz_usb_connect$hid(0x5, 0x3f, &(0x7f0000000300)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x10, 0x5ac, 0x224, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x5, 0xb0, 0x3, [{{0x9, 0x4, 0x0, 0xd0, 0x2, 0x3, 0x1, 0x1, 0x63, {0x9, 0x21, 0x9875, 0xa6, 0x1, {0x22, 0x902}}, {{{0x9, 0x5, 0x81, 0x3, 0x10, 0x4, 0x73, 0x2}}, [{{0x9, 0x5, 0x2, 0x3, 0x10, 0x0, 0x81, 0x5}}]}}}]}}]}}, &(0x7f00000008c0)={0xa, &(0x7f0000000340)={0xa, 0x6, 0x200, 0x2, 0x0, 0x6, 0x10, 0x9}, 0xb5, &(0x7f0000000900)=ANY=[@ANYBLOB="050fb500030710020a2708019f100a5b529d692abdc04a87d6c1b9a6c852e6e1eca991213f259e2f9e4e7d772515c3a91a5b578e7c4640616f0d12e56c473611cb60739fbe3f0f5172d5964553083678c5288b886df688a8cc69a74fef8638a8e510c25e8470274d26f391da67513ba37e7f000000219b29fad9a026067c92209f7e0081eaed32af37f6141741a46322091e2e43767cd99fe924d582db998a1ec96f3d9a441b5b6a9ab4d20a100302050007000700302fe953e7cd4e4314d387bddc35b3541e62ee8adde72621ab4548ec24af3ac7287db6d5da417a13807499ef9d9448d0e3eb2ecac4703209db62dd90f80990460bbeeb09257f201435bf7646068a57e67fe641d6b9667aa19a93d239729438134d2d9c68a0b89c7cbb0faba7be83b3ca080cdb66c324083cdeb6f62a6af79271497506"], 0x1, [{0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0xc04}}]}) sendmmsg$inet6(r0, &(0x7f0000000a40)=[{{&(0x7f0000000040)={0xa, 0x4e20, 0x0, @local}, 0x1c, 0x0, 0x0, &(0x7f0000001b00)=ANY=[@ANYBLOB="1800000000000000290000003600000048e0000000000000"], 0x18}}, {{0x0, 0x0, &(0x7f0000001480)=[{0x0}], 0x1}}, {{&(0x7f00000015c0)={0xa, 0x0, 0x3, @local}, 0x1c, &(0x7f0000001a40)=[{0x0}, {&(0x7f0000001640)="88", 0x1}], 0x2}, 0x58f0}, {{0x0, 0x0, 0x0}}], 0x4, 0xc080) r5 = ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x1) ioctl$KDFONTOP_COPY(r5, 0x4b72, &(0x7f0000000180)={0x3, 0x1, 0xe, 0x19, 0x4f, &(0x7f0000000400)}) r6 = socket$packet(0x11, 0x0, 0x300) ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000200)={'bridge_slave_1\x00', &(0x7f00000001c0)=@ethtool_gfeatures={0x3a, 0x3, [{}, {}, {}]}}) r7 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r7, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) openat$cgroup(r7, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000080)={'geneve1\x00'}) 5.041319363s ago: executing program 4 (id=1294): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) getpid() r1 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, 0x0, 0x0, 0x2000c044, &(0x7f0000004ff0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) listen(r1, 0xda90) accept4(r1, 0x0, 0x0, 0x800) socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="ad000000", 0x4) sendmmsg$unix(r3, &(0x7f0000003dc0)=[{{&(0x7f0000000000)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}, {{&(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e, 0x0}, 0x298}], 0x299, 0x0) 4.60038163s ago: executing program 3 (id=1297): sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r3, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0) preadv(r3, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$KVM_RUN(r4, 0xae80, 0x0) 4.15615095s ago: executing program 2 (id=1298): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) (async) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) (async) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r2, 0x0, r4, 0x0, 0xf3a, 0x0) (async) tee(r3, r1, 0x8, 0x0) (async) write$binfmt_script(r4, 0x0, 0xfffffe48) (async) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$int_in(0xffffffffffffffff, 0x0, &(0x7f0000000300)) r6 = syz_io_uring_setup(0x110, &(0x7f0000000140), &(0x7f0000000240)=0x0, &(0x7f0000000280)=0x0) (async) r9 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r9, 0x29, 0x40, &(0x7f0000000b80)=@mangle={'mangle\x00', 0x64, 0x6, 0x5e8, 0x108, 0x420, 0x108, 0x420, 0x2e0, 0x518, 0x518, 0x518, 0x518, 0x518, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@ipv4={'\x00', '\xff\xff', @remote}, [], 0x0, 0x0, 0x0, 0x0, 0x14, 0xfffd, 0x0, 0xb1}}}, {{@uncond, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv6=@remote}}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], [], 'ip_vti0\x00', 'veth0\x00'}, 0x0, 0xa8, 0xf0}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv6=@loopback, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, {{@uncond, 0x0, 0xf8, 0x140, 0x0, {}, [@common=@mh={{0x28}, {"a71e"}}, @common=@eui64={{0x28}}]}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@private1, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@icmp6={{0x28}}]}, @common=@unspec=@NFQUEUE2={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x648) r10 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62581) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r10, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'}) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x0, 0x4, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) writev(r10, &(0x7f00000000c0)=[{&(0x7f0000000000)="268292", 0xb221}], 0x2) (async) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r10, 0x4040534e, &(0x7f0000000080)={0x263}) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) (async) syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_FILES_UPDATE={0x14, 0x0, 0x0, 0x0, 0xfffffffffffffffb, &(0x7f0000000000)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], 0x5}) close_range(r6, r5, 0x2) (async) io_uring_enter(r6, 0x47f6, 0x0, 0x0, 0x0, 0x0) bind$inet6(r5, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) bind$inet6(r5, &(0x7f0000002480)={0xa, 0x4e21, 0x1, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}, 0x1f}, 0x1c) (async) sendto$inet6(r5, 0x0, 0x1e, 0x2200c851, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) (async) getsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@mcast2, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in6=@initdev}}, 0x0) (async) read$FUSE(0xffffffffffffffff, &(0x7f0000000440)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) setsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000200)={0x0, r11, r12}, 0xc) fcntl$setown(r5, 0x8, 0xffffffffffffffff) 3.996692358s ago: executing program 4 (id=1299): syz_io_uring_submit(0x0, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0x124, 0x65, 0x0, 0x0, 0x0, {}, [@TCA_CHAIN={0x8}, @TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_flower={{0xb}, {0x40, 0x2, [@TCA_FLOWER_KEY_ARP_OP={0x5}, @TCA_FLOWER_KEY_ICMPV6_CODE={0x5}, @TCA_FLOWER_KEY_TCP_DST_MASK={0x6}, @TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK={0x14}, @TCA_FLOWER_KEY_UDP_SRC_MASK={0x6}, @TCA_FLOWER_KEY_ICMPV6_TYPE={0x5}]}}, @filter_kind_options=@f_route={{0xa}, {0x90, 0x2, [@TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_POLICE={0x6c, 0x5, [@TCA_POLICE_RATE64={0xc}, @TCA_POLICE_TBF={0x3c}, @TCA_POLICE_RESULT={0x8}, @TCA_POLICE_PEAKRATE64={0xc}, @TCA_POLICE_RATE64={0xc}]}, @TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_IIF={0x8}, @TCA_ROUTE4_CLASSID={0x8}]}}]}, 0x124}}, 0x0) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f00000006c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x5f) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000280)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/106, 0x6a}, {&(0x7f0000000980)=""/73, 0x49}, {0x0}, {&(0x7f00000007c0)=""/154, 0x9a}, {&(0x7f00000001c0)=""/17, 0x11}], 0x8, &(0x7f0000000600)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) 3.957552257s ago: executing program 2 (id=1300): socketpair$unix(0x1, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'veth1_to_bond\x00', &(0x7f0000000400)=@ethtool_sset_info={0x3f, 0x0, 0x0, [0x7f00]}}) 3.596634284s ago: executing program 2 (id=1301): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = socket(0x200000100000011, 0x803, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'xfrm0\x00', 0x0}) sendto$packet(r2, &(0x7f00000000c0)="4dcdc7d96a760000002f00050000000000060000450b21e9e89291df563213e9152234f5623c526156de8ae4ae9150d3d2dd194a", 0x34, 0x0, &(0x7f0000000000)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @dev}, 0x14) syz_open_dev$dri(&(0x7f0000000040), 0x0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='net/ip6_flowlabel\x00') ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) socket(0x10, 0x3, 0x0) ioctl$KVM_CREATE_PIT2(r6, 0x4040ae77, &(0x7f0000000040)) r8 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_PIT(r6, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}]}) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r8, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x2004cb], 0x0, 0x200}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) getdents(r7, &(0x7f0000000200)=""/112, 0x70) ioctl$KVM_RUN(r8, 0xae80, 0x0) r9 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000280), r7) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r2, &(0x7f0000000540)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000500)={&(0x7f00000003c0)={0x104, r9, 0x200, 0x70bd2a, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_ADDR={0x34, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @empty}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @ipv4={'\x00', '\xff\xff', @multicast1}}]}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x8}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x40, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x10}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x4}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @empty}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x9}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r4}]}, @MPTCP_PM_ATTR_ADDR={0x3c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x8}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x7}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r4}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}]}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0xfffffff8}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x4}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x1}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x14, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}]}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x6}]}, 0x104}, 0x1, 0x0, 0x0, 0x24004015}, 0x20004800) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8003}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r10}, @IFLA_MASTER={0x8, 0xa, r10}]}, 0x44}}, 0x0) 3.500073912s ago: executing program 4 (id=1302): syz_emit_vhci(&(0x7f00000002c0)=ANY=[@ANYBLOB="043d0eaaaaaaaaaa10bc205c7f30b257b9b56077dac5989b6963cb480ea7646257012a612c62a8a28b2c0e523427815b13ac93285f3cb016c18f150d2f0a89713e22745d7c30db48e9a979b684fdb54c5a5a1ff99485badc283586ed68c90b12e61f56b8fca5bea17ef38a60aa7b0efbf449c5f171c189c3f7c05aac28a8d0e4f3df3f7550692630902fb0bcb349276cdb"], 0x11) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=ANY=[], 0x590}}], 0x1, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_open_dev$vcsa(&(0x7f0000000100), 0x1ff, 0x142) write$midi(r2, &(0x7f0000000000)="9172", 0x2) write$midi(r2, &(0x7f00000001c0)="9d", 0x3001) write$vhost_msg(r2, &(0x7f0000000600)={0x1, {0x0, 0x0, 0x0}}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r3 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r3, 0x8001000000000000, 0x40, &(0x7f0000000200)=@raw={'raw\x00', 0x8, 0x3, 0x278, 0x0, 0x5, 0x148, 0x0, 0x0, 0x1e0, 0x2a8, 0x2a8, 0x1e0, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x100, 0x128, 0x0, {}, [@common=@unspec=@state={{0x28}}, @common=@unspec=@physdev={{0x68}, {'veth1_to_batadv\x00', {}, 'wlan1\x00'}}]}, @common=@unspec=@MARK={0x28}}, {{@ip={@local, @multicast2, 0x0, 0x0, 'xfrm0\x00', 'team0\x00'}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2d8) recvmmsg(r3, &(0x7f0000000dc0)=[{{&(0x7f0000000040)=@x25={0x9, @remote}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000580)=""/130, 0x82}, {&(0x7f00000000c0)}, {&(0x7f0000000100)=""/50, 0x32}, {&(0x7f0000000680)=""/193, 0xc1}, {&(0x7f0000000780)=""/148, 0x94}, {&(0x7f0000000180)=""/110, 0x6e}, {&(0x7f0000000840)=""/131, 0x83}], 0x7}, 0x8}, {{0x0, 0x0, &(0x7f0000000a40)=[{&(0x7f0000000440)=""/28, 0x1c}, {&(0x7f0000000480)=""/46, 0x2e}, {&(0x7f0000000900)=""/21, 0x15}, {&(0x7f0000001240)=""/4096, 0x1000}, {&(0x7f0000000940)=""/180, 0xb4}, {&(0x7f0000000a00)=""/53, 0x35}], 0x6, &(0x7f0000000ac0)=""/118, 0x76}, 0x60000}, {{&(0x7f0000000b40)=@pppoe={0x18, 0x0, {0x0, @multicast}}, 0x80, &(0x7f0000000c80)=[{&(0x7f0000000bc0)=""/119, 0x77}, {&(0x7f0000000c40)=""/32, 0x20}], 0x2, &(0x7f0000000cc0)=""/216, 0xd8}, 0x8}], 0x3, 0x100, &(0x7f0000000e80)={0x77359400}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000000)={'geneve1\x00', 0x400}) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20088004, &(0x7f0000000280)={0xa, 0x4e20, 0x0, @remote, 0x7}, 0x1c) r4 = openat$vicodec0(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000040)={0x0, 0x80000, 0xffffffffffffffff}) ioctl$DRM_IOCTL_AGP_INFO(r5, 0x80206433, &(0x7f0000000080)=""/12) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, 0x0) ioctl$VIDIOC_G_EXT_CTRLS(r4, 0xc0185647, &(0x7f0000000100)={0xf000000, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x0, 0x0, '\x00', @p_u16=0x0}}) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24) syz_emit_vhci(0x0, 0x9) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x400c031, 0xffffffffffffffff, 0x0) r6 = userfaultfd(0x80001) ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1}) mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4002, 0x4005, &(0x7f0000000000)=0xa636, 0x5, 0x0) ioctl$UFFDIO_COPY(r6, 0xc028aa03, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x3000}) io_uring_setup(0x3c8e, &(0x7f0000000100)) 3.369934298s ago: executing program 0 (id=1303): socket$inet6(0xa, 0x5, 0x80000001) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000001c6a000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a3000000000"], 0x7c}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async, rerun: 64) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) (async, rerun: 64) r1 = openat$uhid(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) write$UHID_CREATE(r1, &(0x7f0000000500)={0x0, {'syz0\x00', 'syz0\x00', 'syz1\x00', &(0x7f0000000400)=""/24, 0x18, 0xe, 0xfffffffc, 0x10000, 0x0, 0x40000}}, 0x120) (async, rerun: 32) syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) (async, rerun: 32) ioctl$HIDIOCGFEATURE(0xffffffffffffffff, 0xc0404807, 0x0) (async) write$UHID_DESTROY(r1, &(0x7f0000000040)={0xc}, 0x4) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) write$binfmt_aout(r2, &(0x7f00000002c0)=ANY=[], 0xc1) (async) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000180), 0x24200) (async, rerun: 32) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000005, 0x13, r2, 0x0) (async, rerun: 32) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)={0x38, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x15f4}]]}, 0x38}}, 0x0) ioctl$BTRFS_IOC_BALANCE_CTL(r3, 0x40049421, 0x0) (async) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={@map=r2, 0x4, 0x1, 0x7f, &(0x7f0000000000)=[0x0], 0x1, 0x0, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000100)=[0x0, 0x0]}, 0x40) syz_open_dev$video4linux(0x0, 0x2, 0x4000) 3.310080275s ago: executing program 3 (id=1304): syz_emit_vhci(&(0x7f00000002c0)=ANY=[@ANYBLOB="043d0eaaaaaaaaaa10bc205c7f30b257b9b56077dac5989b6963cb480ea7646257012a612c62a8a28b2c0e523427815b13ac93285f3cb016c18f150d2f0a89713e22745d7c30db48e9a979b684fdb54c5a5a1ff99485badc283586ed68c90b12e61f56b8fca5bea17ef38a60aa7b0efbf449c5f171c189c3f7c05aac28a8d0e4f3df3f7550692630902fb0bcb349276cdb"], 0x11) r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=ANY=[], 0x590}}], 0x1, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_open_dev$vcsa(&(0x7f0000000100), 0x1ff, 0x142) write$midi(r2, &(0x7f0000000000)="9172", 0x2) write$midi(r2, &(0x7f00000001c0)="9d", 0x3001) write$vhost_msg(r2, &(0x7f0000000600)={0x1, {0x0, 0x0, 0x0}}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r3 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r3, 0x8001000000000000, 0x40, &(0x7f0000000200)=@raw={'raw\x00', 0x8, 0x3, 0x278, 0x0, 0x5, 0x148, 0x0, 0x0, 0x1e0, 0x2a8, 0x2a8, 0x1e0, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x100, 0x128, 0x0, {}, [@common=@unspec=@state={{0x28}}, @common=@unspec=@physdev={{0x68}, {'veth1_to_batadv\x00', {}, 'wlan1\x00'}}]}, @common=@unspec=@MARK={0x28}}, {{@ip={@local, @multicast2, 0x0, 0x0, 'xfrm0\x00', 'team0\x00'}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2d8) recvmmsg(r3, &(0x7f0000000dc0)=[{{&(0x7f0000000040)=@x25={0x9, @remote}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000580)=""/130, 0x82}, {&(0x7f00000000c0)}, {&(0x7f0000000100)=""/50, 0x32}, {&(0x7f0000000680)=""/193, 0xc1}, {&(0x7f0000000780)=""/148, 0x94}, {&(0x7f0000000180)=""/110, 0x6e}, {&(0x7f0000000840)=""/131, 0x83}], 0x7}, 0x8}, {{0x0, 0x0, &(0x7f0000000a40)=[{&(0x7f0000000440)=""/28, 0x1c}, {&(0x7f0000000480)=""/46, 0x2e}, {&(0x7f0000000900)=""/21, 0x15}, {&(0x7f0000001240)=""/4096, 0x1000}, {&(0x7f0000000940)=""/180, 0xb4}, {&(0x7f0000000a00)=""/53, 0x35}], 0x6}, 0x60000}, {{&(0x7f0000000b40)=@pppoe={0x18, 0x0, {0x0, @multicast}}, 0x80, &(0x7f0000000c80)=[{&(0x7f0000000bc0)=""/119, 0x77}, {&(0x7f0000000c40)=""/32, 0x20}], 0x2, &(0x7f0000000cc0)=""/216, 0xd8}, 0x8}], 0x3, 0x100, &(0x7f0000000e80)={0x77359400}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20088004, &(0x7f0000000280)={0xa, 0x4e20, 0x0, @remote, 0x7}, 0x1c) r4 = openat$vicodec0(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000040)={0x0, 0x80000, 0xffffffffffffffff}) ioctl$DRM_IOCTL_AGP_INFO(r5, 0x80206433, &(0x7f0000000080)=""/12) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, 0x0) ioctl$VIDIOC_G_EXT_CTRLS(r4, 0xc0185647, &(0x7f0000000100)={0xf000000, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x98f903, 0x0, '\x00', @p_u16=0x0}}) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24) syz_emit_vhci(0x0, 0x9) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x400c031, 0xffffffffffffffff, 0x0) r6 = userfaultfd(0x80001) ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1}) mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4002, 0x4005, &(0x7f0000000000)=0xa636, 0x5, 0x0) ioctl$UFFDIO_COPY(r6, 0xc028aa03, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x3000}) io_uring_setup(0x3c8e, &(0x7f0000000100)) 2.93046634s ago: executing program 3 (id=1305): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000d84000)={0xa, 0x0, 0x0, @loopback}, 0x1c) openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) dup(0xffffffffffffffff) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{0x0}], 0x1, 0x0, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) recvmmsg(r0, &(0x7f0000000bc0)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000c00)=""/4111, 0xd80}], 0x1}, 0xa00}], 0x1, 0x0, 0x0) 2.892432993s ago: executing program 0 (id=1306): syz_emit_vhci(&(0x7f00000002c0)=ANY=[@ANYBLOB="043d0eaaaaaaaaaa10bc205c7f30b257b9b56077dac5989b6963cb480ea7646257012a612c62a8a28b2c0e523427815b13ac93285f3cb016c18f150d2f0a89713e22745d7c30db48e9a979b684fdb54c5a5a1ff99485badc283586ed68c90b12e61f56b8fca5bea17ef38a60aa7b0efbf449c5f171c189c3f7c05aac28a8d0e4f3df3f7550692630902fb0bcb349276cdb"], 0x11) r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=ANY=[], 0x590}}], 0x1, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_open_dev$vcsa(&(0x7f0000000100), 0x1ff, 0x142) write$midi(r2, &(0x7f0000000000)="9172", 0x2) write$midi(r2, &(0x7f00000001c0)="9d", 0x3001) write$vhost_msg(r2, &(0x7f0000000600)={0x1, {0x0, 0x0, 0x0}}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r3 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r3, 0x8001000000000000, 0x40, &(0x7f0000000200)=@raw={'raw\x00', 0x8, 0x3, 0x278, 0x0, 0x5, 0x148, 0x0, 0x0, 0x1e0, 0x2a8, 0x2a8, 0x1e0, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x100, 0x128, 0x0, {}, [@common=@unspec=@state={{0x28}}, @common=@unspec=@physdev={{0x68}, {'veth1_to_batadv\x00', {}, 'wlan1\x00'}}]}, @common=@unspec=@MARK={0x28}}, {{@ip={@local, @multicast2, 0x0, 0x0, 'xfrm0\x00', 'team0\x00'}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2d8) recvmmsg(r3, &(0x7f0000000dc0)=[{{&(0x7f0000000040)=@x25={0x9, @remote}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000580)=""/130, 0x82}, {&(0x7f00000000c0)}, {&(0x7f0000000100)=""/50, 0x32}, {&(0x7f0000000680)=""/193, 0xc1}, {&(0x7f0000000780)=""/148, 0x94}, {&(0x7f0000000180)=""/110, 0x6e}, {&(0x7f0000000840)=""/131, 0x83}], 0x7}, 0x8}, {{0x0, 0x0, &(0x7f0000000a40)=[{&(0x7f0000000440)=""/28, 0x1c}, {&(0x7f0000000480)=""/46, 0x2e}, {&(0x7f0000000900)=""/21, 0x15}, {&(0x7f0000001240)=""/4096, 0x1000}, {&(0x7f0000000940)=""/180, 0xb4}, {&(0x7f0000000a00)=""/53, 0x35}], 0x6, &(0x7f0000000ac0)=""/118, 0x76}}, {{&(0x7f0000000b40)=@pppoe={0x18, 0x0, {0x0, @multicast}}, 0x80, &(0x7f0000000c80)=[{&(0x7f0000000bc0)=""/119, 0x77}, {&(0x7f0000000c40)=""/32, 0x20}], 0x2, &(0x7f0000000cc0)=""/216, 0xd8}, 0x8}], 0x3, 0x100, &(0x7f0000000e80)={0x77359400}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20088004, &(0x7f0000000280)={0xa, 0x4e20, 0x0, @remote, 0x7}, 0x1c) r4 = openat$vicodec0(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000040)={0x0, 0x80000, 0xffffffffffffffff}) ioctl$DRM_IOCTL_AGP_INFO(r5, 0x80206433, &(0x7f0000000080)=""/12) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, 0x0) ioctl$VIDIOC_G_EXT_CTRLS(r4, 0xc0185647, &(0x7f0000000100)={0xf000000, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x98f903, 0x0, '\x00', @p_u16=0x0}}) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24) syz_emit_vhci(0x0, 0x9) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x400c031, 0xffffffffffffffff, 0x0) r6 = userfaultfd(0x80001) ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1}) mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4002, 0x4005, &(0x7f0000000000)=0xa636, 0x5, 0x0) ioctl$UFFDIO_COPY(r6, 0xc028aa03, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x3000}) io_uring_setup(0x3c8e, &(0x7f0000000100)) 2.891533505s ago: executing program 4 (id=1307): clock_gettime(0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000240)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x8, 0x5ac, 0x240, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x1, 0x2, 0x0, {0x9}}}]}}]}}, &(0x7f0000000580)={0x0, 0x0, 0x9a, &(0x7f0000000900)={0x5, 0xf, 0x9a, 0x3, [@ext_cap={0x7, 0x10, 0x2, 0x14, 0x2, 0x0, 0xfe21}, @generic={0x84, 0x10, 0xa, "2407654c05669e5a45c05dbedfd2661900ee1b38413d864ac493549200b05e16a84471dc065c7a920609c39e3fcd06e4ef547987158b500c778f971e3be76a86c409dc5b298bee8060cd9b7eea3d1a4631234088f79580a2ed025bcd6f2f3465553a61cb25421e56c7296aa468b269e896c5ce1dc118f8546cdf46590d2eea7fa1"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0xe}]}}) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) preadv(r0, &(0x7f0000001880)=[{&(0x7f00000018c0)=""/102400, 0x19000}], 0x1, 0x0, 0x0) close(0xffffffffffffffff) r1 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) syz_usb_connect$hid(0x1, 0x3f, &(0x7f0000000140)=ANY=[@ANYBLOB="12010002000000ffb0b681800c1c31fb030109022d00010140107f0928004001030102060921ff072704407f03090502031004400200"/63], &(0x7f0000000880)={0xa, &(0x7f00000002c0)={0xa, 0x6, 0x201, 0x81, 0x40, 0x1, 0x8, 0x1f}, 0x4b, &(0x7f0000000300)={0x5, 0xf, 0x4b, 0x6, [@ptm_cap={0x3}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x2, 0x3, 0x5, 0x7}, @wireless={0xb, 0x10, 0x1, 0xc, 0x60, 0x5, 0x1f, 0x9, 0xb}, @ss_container_id={0x14, 0x10, 0x4, 0x0, "8fd6a2511cbd8b181604a93ec371c2f3"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0xa, 0x0, 0x23, 0x1000}, @ssp_cap={0x10, 0x10, 0xa, 0x8, 0x1, 0x20, 0xf00f, 0x8000, [0xc0]}]}, 0x6, [{0x4, &(0x7f0000000540)=@lang_id={0x4, 0x3, 0x300a}}, {0x12, &(0x7f00000009c0)=ANY=[@ANYBLOB="1203d447c5c66a85daa0adb21511d26a46cedc2acd3dd2f7d37f565904fe2cf48bbe4ff21dd74f5728344ff716535019fd4db8dd23188226f150338aff62"]}, {0x3e, &(0x7f0000000640)=@string={0x3e, 0x3, "b5d487b0eec7ad5a860adf178b1c358b2c5459584e229ab8f5ee26e610b8444fbc84c47f17005cc2fd5af71ec266fa58a28af72ff217869f3873e373"}}, {0x4, &(0x7f0000000700)=@lang_id={0x4, 0x3, 0x860}}, {0x4, &(0x7f0000000740)=@lang_id={0x4, 0x3, 0x1007}}, {0xe2, &(0x7f0000000780)=@string={0xe2, 0x3, "6e022f05623830342facfa0e642368e0991972a47fc02f8a353ede043d5fe5b314c196c381a02d55a8804b92ba1e23a6b9864601fabc3cd8979554583cc63b31ea9650913fb6eb5c49541ae1f5b9f8af6a4dc40dc64b80e86ed1c7b08831e907c532079e20554ca02bffa061158f335665f006cef180f47cb841bc787d68c943a07d6001b41db55c43474d5c15684b42289f9b4a1a3bd278e131c6f8d47fcf338e8aa8806d34fabc9e1a7690f1f902e1a4e548be9c65ef36084c417428f83dc6cd51048f729f0f0149b6078880cff19816c1eafc62258387a4e814ba170be948"}}]}) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/reserved_size', 0x42, 0x22) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) r5 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r5, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) r6 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000500)={0x2000043}, 0x10) r7 = dup3(r3, r6, 0x80000) write$tun(r7, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='cq_modify\x00', r0}, 0x10) setsockopt$TIPC_GROUP_LEAVE(r5, 0x10f, 0x88) sendto$inet6(r4, &(0x7f0000847fff)='X', 0x1, 0x4000, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmsg$NL80211_CMD_GET_WOWLAN(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x200c0034) recvmmsg(r4, 0x0, 0x0, 0x2, 0x0) write$binfmt_elf32(r3, 0x0, 0x84a) write$UHID_CREATE2(r2, 0x0, 0x119) write$UHID_CREATE(0xffffffffffffffff, &(0x7f0000000380)={0xe, {'syz1\x00', 'syz1\x00', 'syz1\x00', 0x0, 0x0, 0x40, 0x100, 0x7, 0x80, 0x101}}, 0x11c) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f000001ac00)='./file0/../file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x110808c, &(0x7f0000000b40)=ANY=[@ANYBLOB="f8643d", @ANYRESHEX=r6, @ANYRES8=r1, @ANYRESOCT, @ANYBLOB="2c6772e62c705f69643df23d2281eb574a3fdd8b7e958c08e11ef1f248babb63f20854bb8d70fba5c0b39a826eef866a750331b426c5566269029b467f67716a67eafd2276a2ffde5e7453722ad0135b0b11bd592e9e18a274d9dd8846c9c4ff419d0eeee5bcb4600d0abdb21b63b157de64f42c49f624d4c311c5e054208b6de1d7775f63d496f18c42f9f79a35f0778a5ca4c0e6d5d77975fc7adbe1e09f910135cb4ac2d15139e0db23969ab858a67f5f77257a07a2ef9d53efc2e8c9e5a97cfeaaad525814102a5db82148bda890decc52e1409d873065118277c65eb11379f8a177f896f8e5c918a14c994c3f2d60de70343dac5cb4acdf74804d4c39eee0c3a35babdca6ed210e4f94c4688346e2fbc5a5287c515a1317585aec6abd2a5744d4ed3f4dfa0e68159061ebb18fd88182070dbc27bf089230c67c057cebff7fa8056364fbfb1b902e3eb8062c6084ca86ea70177ce6f3", @ANYRESDEC=0x0, @ANYBLOB="f74aa70e017118214289774cecbefeb9a5dd4a98", @ANYRESDEC=0xee01, @ANYRESOCT], 0x0, 0x0, 0x0) r8 = syz_open_procfs(0x0, &(0x7f0000000000)='net\x00') syz_open_procfs$namespace(0x0, &(0x7f00000006c0)='ns/user\x00') bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000600)={{r8}, &(0x7f0000000200), &(0x7f0000000280)='%-010d \x00'}, 0x20) 2.592125981s ago: executing program 3 (id=1308): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$USBDEVFS_FREE_STREAMS(0xffffffffffffffff, 0x802c550a, &(0x7f0000000400)=ANY=[@ANYRESHEX=r0]) r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$VIDIOC_DV_TIMINGS_CAP(r2, 0xc0905664, &(0x7f0000000080)) ioctl$AUTOFS_IOC_FAIL(0xffffffffffffffff, 0x4008550c, 0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000380)="410f30470f01c30f21c2c4e1fb12877000000066baf80cb899463d84ef66bafc0cec420f073e420fc79ab4b6dacb36f2ad65410f0059820f20e035000010000f22e0", 0x42}], 0x1, 0x0, 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) dup(r5) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x1, 0x0, 0x0, 0x0, 0x3, 0x5f, &(0x7f0000000100)=""/95}, 0x90) r6 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r5, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x25) ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000}) r7 = socket$unix(0x1, 0x2, 0x0) bind$unix(r7, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r8 = socket$unix(0x1, 0x2, 0x0) connect$unix(r8, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r8, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x3ec0) ppoll(&(0x7f0000000300), 0x0, 0x0, 0x0, 0x0) readv(r7, &(0x7f0000000000)=[{&(0x7f0000000200)=""/150, 0x96}], 0x1) r9 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) dup(r9) 2.445153946s ago: executing program 0 (id=1309): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000440)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_POWER_SAVE(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000001080)={0x1c, r1, 0x1, 0x0, 0x1c00, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 2.320975538s ago: executing program 2 (id=1310): socketpair$unix(0x1, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'veth1_to_bond\x00', &(0x7f0000000400)=@ethtool_sset_info={0x3f}}) 2.108134859s ago: executing program 0 (id=1311): sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket(0x0, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r3, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0) preadv(r3, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$KVM_RUN(r4, 0xae80, 0x0) 1.147893976s ago: executing program 3 (id=1312): sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) socket(0x0, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$KVM_RUN(r3, 0xae80, 0x0) 827.504357ms ago: executing program 0 (id=1313): r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x4001, 0x0) (async) r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000380)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r1, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r2, 0x0, 0x0, 0x0, 0x0}) (async) ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000140)={0xc, 0x0, 0x0}) ioctl$IOMMU_HWPT_ALLOC$TEST(r1, 0x3b89, &(0x7f00000002c0)={0x18, 0x3, r3, r4, 0x0, 0x0, 0xdead, 0x4, &(0x7f0000000280)}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r4}) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) (async) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x20000023896) (async, rerun: 64) r7 = socket$inet_udplite(0x2, 0x2, 0x88) (rerun: 64) getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000080)={0x0, 0x0}, &(0x7f00000000c0)=0x5) (async, rerun: 32) r9 = syz_open_dev$video4linux(&(0x7f0000000200), 0x0, 0x0) (rerun: 32) ioctl$VIDIOC_SUBDEV_S_FMT(r9, 0xc0585605, &(0x7f0000000080)={0x0, 0x0, {0x0, 0x0, 0x100f}}) ioprio_get$uid(0x2, r8) 616.032794ms ago: executing program 0 (id=1314): socket$packet(0x11, 0x3, 0x300) socket$packet(0x11, 0x0, 0x300) socket$inet6(0xa, 0x0, 0x88) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2}, 0x1c) syz_emit_ethernet(0x83, 0x0, 0x0) recvmsg$unix(0xffffffffffffffff, 0x0, 0x0) recvmsg$unix(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) bind$netlink(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x0, 0x5, 0x0, &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) r2 = eventfd(0x0) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f00000002c0)=""/138, 0x0}) ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r2) ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x1, r2}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000001c80)={0x2, 0x0, [{0xd000, 0xf9, &(0x7f0000000640)=""/249}, {0x86956090991702cc, 0x91, &(0x7f0000001e80)=""/145}]}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000040)="d80000001e0081054e81f782db4cb904021d080006007c09e8fe08a118000e800a00142603600e45aad2c5e38383c39d11b01c1208000f0000000406a80016c0080009400400027c035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a9295", 0xd8}], 0x1}, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r5, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x278, 0x98, 0x8, 0xfa04, 0x98, 0x6c02, 0x1e0, 0x194, 0x194, 0x1e0, 0x194, 0x3, 0x0, {[{{@ip={@broadcast, @broadcast, 0x0, 0x0, 'veth0_to_hsr\x00', 'veth0_virt_wifi\x00', {}, {}, 0x6}, 0x0, 0x70, 0x98, 0x0, {0x0, 0x74020000}}, @common=@inet=@TCPMSS={0x28}}, {{@ip={@multicast2, @dev, 0x0, 0x0, '\x00', 'batadv_slave_0\x00'}, 0x0, 0xe0, 0x148, 0x0, {}, [@common=@unspec=@helper={{0x48}, {0x0, 'amanda\x00'}}, @common=@unspec=@connlabel={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2d8) r6 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt(r6, 0x0, 0x5, &(0x7f0000000f00)="df4c8860a5cccff370123dd7fc6e", 0xe) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_MULTI_BOOLOPT={0xc, 0x2e, {0x3, 0x3}}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x80}, 0x0) 564.038594ms ago: executing program 3 (id=1315): r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_rdma(0x10, 0x3, 0x14) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYRES32=r2, @ANYBLOB="01980000000000002000128008000100677265001400028008000100", @ANYRES32], 0x40}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000ac0)=@newlink={0x30, 0x10, 0x439, 0xe0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x10, 0x12, 0x0, 0x1, @gre={{0x8}, {0x4}}}]}, 0x30}}, 0x0) 165.005012ms ago: executing program 4 (id=1316): connect$inet(0xffffffffffffffff, &(0x7f00000002c0)={0x2, 0x4e24, @loopback}, 0x10) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000200), 0xf000) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) r2 = socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$inet_int(r2, 0x10d, 0xb1, 0x0, &(0x7f00000000c0)) 0s ago: executing program 4 (id=1317): sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03002a000b05d25a806c8c6f94f90424fc601000127a0a000600093582c137153e370c0c188002ac0f0003", 0x2d}], 0x1}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$lock(r0, 0x6, &(0x7f0000002000)={0x1}) fcntl$lock(r0, 0x26, &(0x7f0000000600)={0x0, 0x2, 0x0, 0x2}) fcntl$lock(r0, 0x6, &(0x7f0000000000)) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='comm\x00') syz_usb_connect$printer(0x0, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x2b, &(0x7f0000000200)=ANY=[@ANYBLOB="2b07689fee09ef62644e9c0ef436f3d12f8530448d58456eeb2c4d11e855f8b208fd732a4e90b0bc4ea68f"]}]}) r1 = syz_open_dev$loop(&(0x7f0000000100), 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0) r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000002009040000fd0301000009210000000122010009058103"], 0x0) syz_usb_control_io$hid(r3, 0x0, 0x0) syz_usb_control_io$hid(r3, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="002281"], 0x0}, 0x0) r4 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0) ioctl$HIDIOCSREPORT(r4, 0x81044804, &(0x7f0000000400)={0x1}) syz_usb_control_io$hid(r3, &(0x7f0000000100)={0x24, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0003"], 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r3, &(0x7f00000002c0)={0x24, 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0003040000000403"], 0x0, 0x0}, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) r5 = dup(r1) write$UHID_INPUT(r5, &(0x7f0000001040)={0xfc, {"a2e3ad21ed0d09f91b45090987f70906d038e7ff7fc6e5539b0d3d0e8b089b3f33000e090890e0878f0e1ac6e7049b334a959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b5b070b07580936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383701d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210380106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b6080000007a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb06ffc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b07c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb15da202d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) write$binfmt_misc(r2, &(0x7f0000000040)=ANY=[], 0xe09) r6 = socket(0x10, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r6, 0x89f1, &(0x7f00000001c0)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}, @loopback={0xff00000000000000}}}) ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f00000002c0)={r2, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) kernel console output (not intermixed with test programs): er+0x2a2f/0x4560 [ 326.482525][ T9866] ? __pfx_tun_get_user+0x10/0x10 [ 326.487613][ T9866] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 326.493131][ T9866] ? tun_get+0x1e/0x2f0 [ 326.497371][ T9866] ? tun_get+0x1e/0x2f0 [ 326.501596][ T9866] ? tun_get+0x27d/0x2f0 [ 326.505885][ T9866] tun_chr_write_iter+0x113/0x1f0 [ 326.510942][ T9866] vfs_write+0xa72/0xc90 [ 326.515205][ T9866] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 326.520775][ T9866] ? __pfx_vfs_write+0x10/0x10 [ 326.525577][ T9866] ksys_write+0x1a0/0x2c0 [ 326.529925][ T9866] ? __pfx_ksys_write+0x10/0x10 [ 326.534788][ T9866] ? do_syscall_64+0x100/0x230 [ 326.539573][ T9866] ? do_syscall_64+0xb6/0x230 [ 326.544271][ T9866] do_syscall_64+0xf3/0x230 [ 326.548797][ T9866] ? clear_bhb_loop+0x35/0x90 [ 326.553491][ T9866] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 326.559404][ T9866] RIP: 0033:0x7f2307b7475f [ 326.563835][ T9866] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 8c 02 00 48 [ 326.583553][ T9866] RSP: 002b:00007f23075ff010 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 326.591988][ T9866] RAX: ffffffffffffffda RBX: 00007f2307d03f60 RCX: 00007f2307b7475f [ 326.599970][ T9866] RDX: 000000000000007a RSI: 0000000020000280 RDI: 00000000000000c8 [ 326.607986][ T9866] RBP: 00007f23075ff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 326.616002][ T9866] R10: 000000000000007a R11: 0000000000000293 R12: 0000000000000001 [ 326.623994][ T9866] R13: 000000000000000b R14: 00007f2307d03f60 R15: 00007f2307e2fa78 [ 326.631990][ T9866] [ 326.658006][ T9874] xt_bpf: check failed: parse error [ 326.775522][ T5152] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 326.790628][ T9880] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(7) [ 326.797189][ T9880] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 326.833148][ T9880] vhci_hcd vhci_hcd.0: Device attached [ 326.850977][ T5152] usb 2-1: too many configurations: 135, using maximum allowed: 8 [ 326.864079][ T5152] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 326.882369][ T5152] usb 2-1: can't read configurations, error -61 [ 326.883054][ T9881] vhci_hcd: connection closed [ 326.883706][ T5152] usb usb2-port1: unable to enumerate USB device [ 326.914009][ T35] vhci_hcd: stop threads [ 326.926157][ T9874] netlink: 'syz.4.1032': attribute type 9 has an invalid length. [ 326.935504][ T35] vhci_hcd: release socket [ 326.940084][ T35] vhci_hcd: disconnect device [ 327.522281][ T57] usb 4-1: new low-speed USB device number 25 using dummy_hcd [ 328.100863][ T35] tipc: Subscription rejected, illegal request [ 328.275585][ T9916] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1041'. [ 328.345158][ T9916] vlan2: entered promiscuous mode [ 328.727004][ T9922] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1042'. [ 329.230236][ T928] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 329.318466][ T2814] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 329.414197][ T928] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 329.461528][ T928] usb 2-1: language id specifier not provided by device, defaulting to English [ 329.496007][ T928] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 329.522015][ T928] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 329.558804][ T928] usb 2-1: Product: syz [ 329.574623][ T928] usb 2-1: Manufacturer: 󛪒 [ 329.596485][ T928] usb 2-1: SerialNumber: syz [ 329.644229][ T928] usb 2-1: bad CDC descriptors [ 329.677953][ T2814] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 329.852927][ T928] usb 2-1: USB disconnect, device number 28 [ 329.957703][ T2814] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 330.121439][ T2814] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 330.264686][ T5100] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 330.278060][ T5100] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 330.286712][ T5100] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 330.299222][ T5100] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 330.308455][ T5100] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 330.316138][ T2422] tipc: Subscription rejected, illegal request [ 330.322960][ T5100] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 330.754277][ T2814] bridge_slave_1: left allmulticast mode [ 330.770654][ T2814] bridge_slave_1: left promiscuous mode [ 330.777770][ T2814] bridge0: port 2(bridge_slave_1) entered disabled state [ 330.795473][ T2814] bridge_slave_0: left allmulticast mode [ 330.810425][ T2814] bridge_slave_0: left promiscuous mode [ 330.847218][ T2814] bridge0: port 1(bridge_slave_0) entered disabled state [ 331.448050][ T2814] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 331.460532][ T2814] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 331.472068][ T5163] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 331.482506][ T2814] bond0 (unregistering): Released all slaves [ 331.683795][ T5163] usb 1-1: Using ep0 maxpacket: 8 [ 331.750558][ T5163] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 331.801524][ T5163] usb 1-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 331.860241][ T5163] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 331.917998][ T5163] usb 1-1: config 0 descriptor?? [ 331.950175][ T5163] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 332.422526][ T5100] Bluetooth: hci1: command tx timeout [ 332.871163][ T2814] hsr_slave_0: left promiscuous mode [ 332.914934][ T2814] hsr_slave_1: left promiscuous mode [ 332.977989][ T2814] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 332.992796][ T2814] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 333.015640][ T2814] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 333.031294][ T2814] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 333.091978][ T2814] veth1_macvtap: left promiscuous mode [ 333.097721][ T2814] veth0_macvtap: left promiscuous mode [ 333.108005][ T2814] veth1_vlan: left promiscuous mode [ 333.119708][ T2814] veth0_vlan: left promiscuous mode [ 333.221038][ T5163] gspca_vc032x: reg_w err -71 [ 333.230287][T10003] netlink: 4068 bytes leftover after parsing attributes in process `syz.2.1065'. [ 333.237930][ T5163] vc032x 1-1:0.0: probe with driver vc032x failed with error -71 [ 333.292367][ T5163] usb 1-1: USB disconnect, device number 27 [ 333.303873][ T62] tipc: Subscription rejected, illegal request [ 333.607615][ T5099] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 333.617758][ T5099] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 333.632273][ T5099] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 333.649846][ T5099] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 333.658950][ T5099] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 333.667024][ T5099] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 334.186208][T10018] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1068'. [ 334.278712][ T2814] team0 (unregistering): Port device team_slave_1 removed [ 334.329961][ T2814] team0 (unregistering): Port device team_slave_0 removed [ 334.503144][ T5099] Bluetooth: hci1: command tx timeout [ 335.014522][ T9951] chnl_net:caif_netlink_parms(): no params data found [ 335.035614][T10024] fuse: Bad value for 'rootmode' [ 335.138453][T10024] pimreg: entered allmulticast mode [ 335.194744][T10029] pimreg: left allmulticast mode [ 335.450813][ T9951] bridge0: port 1(bridge_slave_0) entered blocking state [ 335.472451][ T9951] bridge0: port 1(bridge_slave_0) entered disabled state [ 335.482466][ T5096] usb 4-1: new full-speed USB device number 26 using dummy_hcd [ 335.485166][ T9951] bridge_slave_0: entered allmulticast mode [ 335.499613][ T9951] bridge_slave_0: entered promiscuous mode [ 335.510773][ T9951] bridge0: port 2(bridge_slave_1) entered blocking state [ 335.518682][ T9951] bridge0: port 2(bridge_slave_1) entered disabled state [ 335.526555][ T9951] bridge_slave_1: entered allmulticast mode [ 335.537838][ T9951] bridge_slave_1: entered promiscuous mode [ 335.702251][ T5099] Bluetooth: hci3: command tx timeout [ 335.710728][ T5096] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 335.724831][ T9951] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 335.736301][ T5096] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 127, setting to 64 [ 335.752067][ T5096] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 65535, setting to 64 [ 335.763403][ T5096] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 335.772634][ T5096] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 335.779179][ T9951] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 335.794439][T10024] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 335.805150][T10024] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 335.900875][T10010] chnl_net:caif_netlink_parms(): no params data found [ 336.117277][T10024] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1070'. [ 336.159363][ T9951] team0: Port device team_slave_0 added [ 336.189598][ T5096] usb 4-1: USB disconnect, device number 26 [ 336.280272][ T9951] team0: Port device team_slave_1 added [ 336.393022][ T57] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 336.401362][ T9951] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 336.417439][ T9951] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 336.444900][ T9951] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 336.458363][ T9951] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 336.465896][ T9951] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 336.499176][ T9951] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 336.595634][ T5099] Bluetooth: hci1: command tx timeout [ 336.598470][ T57] usb 1-1: Using ep0 maxpacket: 16 [ 336.627526][ T57] usb 1-1: config 1 interface 0 altsetting 208 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 336.643449][ T2814] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 336.671965][ T57] usb 1-1: config 1 interface 0 has no altsetting 0 [ 336.695391][ T57] usb 1-1: New USB device found, idVendor=05ac, idProduct=0224, bcdDevice= 0.40 [ 336.716155][ T57] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 336.750526][ T57] usb 1-1: Product: syz [ 336.787699][ T57] usb 1-1: Manufacturer: syz [ 336.807798][ T57] usb 1-1: SerialNumber: syz [ 336.819858][T10010] bridge0: port 1(bridge_slave_0) entered blocking state [ 336.841287][T10010] bridge0: port 1(bridge_slave_0) entered disabled state [ 336.858252][T10010] bridge_slave_0: entered allmulticast mode [ 336.883344][T10010] bridge_slave_0: entered promiscuous mode [ 336.905748][T10010] bridge0: port 2(bridge_slave_1) entered blocking state [ 336.914252][T10010] bridge0: port 2(bridge_slave_1) entered disabled state [ 336.914485][T10010] bridge_slave_1: entered allmulticast mode [ 336.916144][T10010] bridge_slave_1: entered promiscuous mode [ 336.998262][ T2814] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 337.251040][ T35] tipc: Subscription rejected, illegal request [ 337.298037][ T57] usbhid 1-1:1.0: can't add hid device: -71 [ 337.320797][ T5100] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 337.335860][ T5100] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 337.345597][ T5100] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 337.356455][ T5100] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 337.363768][ T57] usbhid 1-1:1.0: probe with driver usbhid failed with error -71 [ 337.375347][ T5100] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 337.376849][ T2814] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 337.394051][ T57] usb 1-1: USB disconnect, device number 28 [ 337.400694][ T5100] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 337.500522][ T9951] hsr_slave_0: entered promiscuous mode [ 337.575915][ T9951] hsr_slave_1: entered promiscuous mode [ 337.602632][ T9951] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 337.629134][ T9951] Cannot create hsr debugfs directory [ 337.671217][T10010] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 337.734894][ T2814] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 337.789192][ T5100] Bluetooth: hci3: command tx timeout [ 337.831679][T10010] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 338.003510][T10084] netlink: 4068 bytes leftover after parsing attributes in process `syz.3.1079'. [ 338.094861][T10010] team0: Port device team_slave_0 added [ 338.205423][T10010] team0: Port device team_slave_1 added [ 338.219093][T10091] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1080'. [ 338.460223][T10010] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 338.486775][T10010] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 338.534874][T10010] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 338.599878][T10010] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 338.612043][T10010] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 338.642578][T10010] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 338.662571][ T5100] Bluetooth: hci1: command tx timeout [ 338.685904][ T2814] bridge_slave_1: left allmulticast mode [ 338.691718][ T2814] bridge_slave_1: left promiscuous mode [ 338.700815][ T2814] bridge0: port 2(bridge_slave_1) entered disabled state [ 338.711253][ T2814] bridge_slave_0: left allmulticast mode [ 338.717526][ T2814] bridge_slave_0: left promiscuous mode [ 338.723507][ T2814] bridge0: port 1(bridge_slave_0) entered disabled state [ 339.139536][ T2814] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 339.159991][ T2814] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 339.171665][ T2814] bond0 (unregistering): Released all slaves [ 339.213723][T10098] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1082'. [ 339.462278][ T5100] Bluetooth: hci4: command tx timeout [ 339.599779][T10010] hsr_slave_0: entered promiscuous mode [ 339.620312][T10010] hsr_slave_1: entered promiscuous mode [ 339.630355][T10010] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 339.651947][T10010] Cannot create hsr debugfs directory [ 339.862104][ T5100] Bluetooth: hci3: command tx timeout [ 340.206773][ T2814] hsr_slave_0: left promiscuous mode [ 340.215116][ T2814] hsr_slave_1: left promiscuous mode [ 340.231211][ T2814] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 340.242539][ T2814] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 340.263821][ T2814] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 340.282992][ T2814] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 340.309102][ T2814] veth1_macvtap: left promiscuous mode [ 340.314786][ T2814] veth0_macvtap: left promiscuous mode [ 340.320398][ T2814] veth1_vlan: left promiscuous mode [ 340.327927][ T2814] veth0_vlan: left promiscuous mode [ 340.608626][T10112] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1086'. [ 340.855868][ T62] tipc: Subscription rejected, illegal request [ 341.006978][ T2814] team0 (unregistering): Port device team_slave_1 removed [ 341.050317][ T2814] team0 (unregistering): Port device team_slave_0 removed [ 341.542960][ T5100] Bluetooth: hci4: command tx timeout [ 341.815618][T10075] chnl_net:caif_netlink_parms(): no params data found [ 341.829472][ T5100] Bluetooth: hci2: unexpected event 0x06 length: 23 > 3 [ 341.942260][ T5100] Bluetooth: hci3: command tx timeout [ 342.347772][ T9951] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 342.408312][T10124] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 342.414992][T10124] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 342.431701][T10124] vhci_hcd vhci_hcd.0: Device attached [ 342.447004][T10126] usbip_core: unknown command [ 342.451744][T10126] vhci_hcd: unknown pdu 3020988904 [ 342.493146][T10126] usbip_core: unknown command [ 342.508554][ T2422] vhci_hcd: stop threads [ 342.513740][ T2422] vhci_hcd: release socket [ 342.518291][ T9951] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 342.527742][ T2422] vhci_hcd: disconnect device [ 342.552899][ T9951] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 342.691422][ T5099] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 342.704544][T10075] bridge0: port 1(bridge_slave_0) entered blocking state [ 342.712486][T10075] bridge0: port 1(bridge_slave_0) entered disabled state [ 342.714455][ T5099] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 342.719863][T10075] bridge_slave_0: entered allmulticast mode [ 342.735957][ T5099] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 342.737625][T10075] bridge_slave_0: entered promiscuous mode [ 342.761088][ T5099] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 342.763014][ T9951] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 342.769805][ T5099] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 342.784881][ T5099] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 342.885670][T10075] bridge0: port 2(bridge_slave_1) entered blocking state [ 342.900016][T10075] bridge0: port 2(bridge_slave_1) entered disabled state [ 342.910296][T10075] bridge_slave_1: entered allmulticast mode [ 342.920076][T10075] bridge_slave_1: entered promiscuous mode [ 342.959120][T10075] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 342.999516][T10075] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 343.076224][ T2814] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 343.115312][T10075] team0: Port device team_slave_0 added [ 343.182156][ T2814] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 343.200896][T10075] team0: Port device team_slave_1 added [ 343.249368][T10075] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 343.257991][T10075] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 343.286094][T10075] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 343.310585][T10075] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 343.319175][T10075] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 343.345758][T10075] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 343.391521][ T2814] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 343.417824][T10135] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1091'. [ 343.623105][ T5099] Bluetooth: hci4: command tx timeout [ 343.633572][ T2814] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 343.710570][T10075] hsr_slave_0: entered promiscuous mode [ 343.719579][T10075] hsr_slave_1: entered promiscuous mode [ 343.740271][T10010] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 343.777394][T10141] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1094'. [ 343.814586][T10010] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 343.829095][T10010] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 343.898682][T10010] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 343.952906][ T2422] tipc: Subscription rejected, illegal request [ 344.449167][ T2814] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 344.558820][ T2814] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 344.575368][T10132] chnl_net:caif_netlink_parms(): no params data found [ 344.671428][ T2814] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 344.810115][ T2814] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 344.867411][T10154] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 344.874000][T10154] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 344.891369][T10154] vhci_hcd vhci_hcd.0: Device attached [ 344.906434][ T5099] Bluetooth: hci0: command tx timeout [ 344.909072][T10158] usbip_core: unknown command [ 344.917204][T10158] vhci_hcd: unknown pdu 3020988904 [ 344.924150][T10158] usbip_core: unknown command [ 344.929325][ T2457] vhci_hcd: stop threads [ 344.939801][ T2457] vhci_hcd: release socket [ 344.949110][ T9951] 8021q: adding VLAN 0 to HW filter on device bond0 [ 344.959716][ T2457] vhci_hcd: disconnect device [ 344.978641][T10132] bridge0: port 1(bridge_slave_0) entered blocking state [ 344.988050][T10132] bridge0: port 1(bridge_slave_0) entered disabled state [ 344.996529][T10132] bridge_slave_0: entered allmulticast mode [ 345.037916][T10132] bridge_slave_0: entered promiscuous mode [ 345.056864][T10132] bridge0: port 2(bridge_slave_1) entered blocking state [ 345.069952][T10132] bridge0: port 2(bridge_slave_1) entered disabled state [ 345.081694][T10132] bridge_slave_1: entered allmulticast mode [ 345.100127][T10132] bridge_slave_1: entered promiscuous mode [ 345.170789][T10132] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 345.193794][T10132] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 345.244593][ T9951] 8021q: adding VLAN 0 to HW filter on device team0 [ 345.339915][T10132] team0: Port device team_slave_0 added [ 345.419333][T10132] team0: Port device team_slave_1 added [ 345.445938][ T5096] bridge0: port 1(bridge_slave_0) entered blocking state [ 345.453286][ T5096] bridge0: port 1(bridge_slave_0) entered forwarding state [ 345.494080][ T2814] bridge_slave_1: left allmulticast mode [ 345.499875][ T2814] bridge_slave_1: left promiscuous mode [ 345.506903][ T2814] bridge0: port 2(bridge_slave_1) entered disabled state [ 345.529944][ T2814] bridge_slave_0: left allmulticast mode [ 345.539647][ T2814] bridge_slave_0: left promiscuous mode [ 345.552544][ T2814] bridge0: port 1(bridge_slave_0) entered disabled state [ 345.574399][ T2814] bridge_slave_1: left allmulticast mode [ 345.580112][ T2814] bridge_slave_1: left promiscuous mode [ 345.594854][ T2814] bridge0: port 2(bridge_slave_1) entered disabled state [ 345.611355][ T2814] bridge_slave_0: left allmulticast mode [ 345.621753][ T2814] bridge_slave_0: left promiscuous mode [ 345.630042][ T2814] bridge0: port 1(bridge_slave_0) entered disabled state [ 345.703170][ T5099] Bluetooth: hci4: command tx timeout [ 346.434443][T10192] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1101'. [ 346.627041][ T11] tipc: Subscription rejected, illegal request [ 346.992090][ T5099] Bluetooth: hci0: command tx timeout [ 347.023891][ T2814] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 347.072474][ T2814] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 347.096213][ T2814] bond0 (unregistering): Released all slaves [ 347.297778][ T2814] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 347.320124][ T2814] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 347.347245][ T2814] bond0 (unregistering): Released all slaves [ 347.488575][ T5096] bridge0: port 2(bridge_slave_1) entered blocking state [ 347.495860][ T5096] bridge0: port 2(bridge_slave_1) entered forwarding state [ 347.537765][T10010] 8021q: adding VLAN 0 to HW filter on device bond0 [ 347.605275][T10132] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 347.621476][T10132] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 347.652928][T10132] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 347.668363][T10132] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 347.676573][T10132] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 347.703668][T10132] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 347.944444][T10222] FAULT_INJECTION: forcing a failure. [ 347.944444][T10222] name failslab, interval 1, probability 0, space 0, times 0 [ 347.958503][T10222] CPU: 0 PID: 10222 Comm: syz.3.1103 Not tainted 6.10.0-rc7-syzkaller-00003-g4376e966ecb7 #0 [ 347.964283][T10132] hsr_slave_0: entered promiscuous mode [ 347.968695][T10222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 347.984330][T10222] Call Trace: [ 347.987621][T10222] [ 347.990558][T10222] dump_stack_lvl+0x241/0x360 [ 347.995261][T10222] ? __pfx_dump_stack_lvl+0x10/0x10 [ 348.000477][T10222] ? __pfx__printk+0x10/0x10 [ 348.005098][T10222] ? __pfx___might_resched+0x10/0x10 [ 348.010425][T10222] ? __kasan_kmalloc+0x98/0xb0 [ 348.015200][T10222] ? __genradix_ptr_alloc+0x196/0x460 [ 348.020589][T10222] should_fail_ex+0x3b0/0x4e0 [ 348.025288][T10222] ? sctp_auth_asoc_copy_shkeys+0x13b/0x580 [ 348.031197][T10222] should_failslab+0x9/0x20 [ 348.035737][T10222] kmalloc_trace_noprof+0x6c/0x2c0 [ 348.040889][T10222] sctp_auth_asoc_copy_shkeys+0x13b/0x580 [ 348.046632][T10222] sctp_association_new+0x15aa/0x23f0 [ 348.052029][T10222] sctp_connect_new_asoc+0x2d8/0x6c0 [ 348.057337][T10222] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 348.063154][T10222] ? sctp_sendmsg+0xbb9/0x3520 [ 348.067936][T10222] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 348.073491][T10222] ? security_sctp_bind_connect+0x90/0xb0 [ 348.079232][T10222] sctp_sendmsg+0x219a/0x3520 [ 348.084021][T10222] ? __pfx_sctp_sendmsg+0x10/0x10 [ 348.089055][T10222] ? __pfx_aa_sk_perm+0x10/0x10 [ 348.093939][T10222] ? inet_sendmsg+0x330/0x390 [ 348.098649][T10222] __sock_sendmsg+0x1a6/0x270 [ 348.103355][T10222] __sys_sendto+0x3a4/0x4f0 [ 348.107875][T10222] ? __pfx___sys_sendto+0x10/0x10 [ 348.112932][T10222] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 348.118922][T10222] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 348.125360][T10222] __x64_sys_sendto+0xde/0x100 [ 348.130144][T10222] do_syscall_64+0xf3/0x230 [ 348.134664][T10222] ? clear_bhb_loop+0x35/0x90 [ 348.139348][T10222] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 348.145281][T10222] RIP: 0033:0x7f5ee5175bd9 [ 348.149708][T10222] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 348.169951][T10222] RSP: 002b:00007f5ee5f27048 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 348.178378][T10222] RAX: ffffffffffffffda RBX: 00007f5ee5303f60 RCX: 00007f5ee5175bd9 [ 348.186357][T10222] RDX: 0000000000000001 RSI: 0000000020847fff RDI: 0000000000000003 [ 348.194336][T10222] RBP: 00007f5ee5f270a0 R08: 0000000020000080 R09: 000000000000001c [ 348.202403][T10222] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 348.210379][T10222] R13: 000000000000000b R14: 00007f5ee5303f60 R15: 00007f5ee542fa78 [ 348.218370][T10222] [ 348.225850][T10132] hsr_slave_1: entered promiscuous mode [ 348.235628][T10132] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 348.247464][T10132] Cannot create hsr debugfs directory [ 348.297326][T10010] 8021q: adding VLAN 0 to HW filter on device team0 [ 348.438549][ T5150] bridge0: port 1(bridge_slave_0) entered blocking state [ 348.445842][ T5150] bridge0: port 1(bridge_slave_0) entered forwarding state [ 348.469515][ T5150] bridge0: port 2(bridge_slave_1) entered blocking state [ 348.476827][ T5150] bridge0: port 2(bridge_slave_1) entered forwarding state [ 348.916119][ T2814] hsr_slave_0: left promiscuous mode [ 348.923559][ T2814] hsr_slave_1: left promiscuous mode [ 348.933304][ T2814] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 348.940766][ T2814] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 348.958523][ T2814] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 348.970187][ T2814] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 348.998464][ T2814] hsr_slave_0: left promiscuous mode [ 349.009524][ T2814] hsr_slave_1: left promiscuous mode [ 349.019714][ T2814] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 349.036259][ T2814] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 349.048806][ T2814] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 349.061405][ T2814] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 349.062284][ T5099] Bluetooth: hci0: command tx timeout [ 349.138061][ T2814] veth1_macvtap: left promiscuous mode [ 349.144235][ T2814] veth0_macvtap: left promiscuous mode [ 349.150144][ T2814] veth1_vlan: left promiscuous mode [ 349.156281][ T2814] veth0_vlan: left promiscuous mode [ 349.164049][ T2814] veth1_macvtap: left promiscuous mode [ 349.170265][ T2814] veth0_macvtap: left promiscuous mode [ 349.176846][ T2814] veth1_vlan: left promiscuous mode [ 349.182473][ T2814] veth0_vlan: left promiscuous mode [ 349.833559][ T2814] team0 (unregistering): Port device team_slave_1 removed [ 349.879467][ T2814] team0 (unregistering): Port device team_slave_0 removed [ 350.640056][ T2814] team0 (unregistering): Port device team_slave_1 removed [ 350.683215][ T2814] team0 (unregistering): Port device team_slave_0 removed [ 351.142229][ T5099] Bluetooth: hci0: command tx timeout [ 351.238514][ T9951] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 351.334934][T10075] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 351.390397][T10075] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 351.507536][T10075] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 351.556675][T10010] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 351.596201][T10075] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 351.903980][ T9951] veth0_vlan: entered promiscuous mode [ 351.991318][ T9951] veth1_vlan: entered promiscuous mode [ 352.200052][ T9951] veth0_macvtap: entered promiscuous mode [ 352.223519][T10010] veth0_vlan: entered promiscuous mode [ 352.266599][ T5100] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 352.277707][ T5100] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 352.289651][ T5100] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 352.309549][ T5100] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 352.317767][ T5100] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 352.326454][ T5100] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 352.332138][ T9951] veth1_macvtap: entered promiscuous mode [ 352.385459][T10010] veth1_vlan: entered promiscuous mode [ 352.524216][ T9951] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 352.538481][ T9951] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 352.550448][ T9951] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 352.574660][T10075] 8021q: adding VLAN 0 to HW filter on device bond0 [ 352.608443][ T9951] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 352.621127][ T9951] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 352.640006][ T9951] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 352.661708][T10010] veth0_macvtap: entered promiscuous mode [ 352.674319][T10010] veth1_macvtap: entered promiscuous mode [ 352.704662][T10075] 8021q: adding VLAN 0 to HW filter on device team0 [ 352.714189][T10132] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 352.726184][T10132] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 352.756411][ T9951] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 352.765471][ T9951] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 352.777567][ T9951] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 352.786394][ T9951] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 352.799816][T10010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 352.811053][T10010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 352.821120][T10010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 352.832769][T10010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 352.844510][T10010] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 352.859969][T10132] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 352.874252][T10132] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 352.910535][ T57] bridge0: port 1(bridge_slave_0) entered blocking state [ 352.917799][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state [ 352.929872][T10010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 352.941768][T10010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 352.953158][T10010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 352.963974][T10010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 352.975856][T10010] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 353.017096][ T2814] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 353.060124][ T928] bridge0: port 2(bridge_slave_1) entered blocking state [ 353.067360][ T928] bridge0: port 2(bridge_slave_1) entered forwarding state [ 353.108203][T10010] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 353.118262][T10010] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 353.127252][T10010] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 353.139270][T10010] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 353.180263][ T2814] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 353.305605][ T2814] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 353.440996][ T2814] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 353.665213][T10075] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 353.693989][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 353.725664][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 353.839496][T10132] 8021q: adding VLAN 0 to HW filter on device bond0 [ 353.860562][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 353.869051][T10264] chnl_net:caif_netlink_parms(): no params data found [ 353.876091][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 354.071695][ T2814] bridge_slave_1: left allmulticast mode [ 354.077693][ T2814] bridge_slave_1: left promiscuous mode [ 354.083779][ T2814] bridge0: port 2(bridge_slave_1) entered disabled state [ 354.096000][ T2814] bridge_slave_0: left allmulticast mode [ 354.101655][ T2814] bridge_slave_0: left promiscuous mode [ 354.110076][ T2814] bridge0: port 1(bridge_slave_0) entered disabled state [ 354.422630][ T5099] Bluetooth: hci2: command tx timeout [ 354.532754][ T2814] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 354.546439][ T2814] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 354.560294][ T2814] bond0 (unregistering): Released all slaves [ 354.575801][T10132] 8021q: adding VLAN 0 to HW filter on device team0 [ 354.657524][ T2457] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 354.667896][ T2457] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 354.671238][ T5163] bridge0: port 1(bridge_slave_0) entered blocking state [ 354.682449][ T5163] bridge0: port 1(bridge_slave_0) entered forwarding state [ 354.694581][ T5163] bridge0: port 2(bridge_slave_1) entered blocking state [ 354.701755][ T5163] bridge0: port 2(bridge_slave_1) entered forwarding state [ 354.733775][T10264] bridge0: port 1(bridge_slave_0) entered blocking state [ 354.743213][ T2422] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 354.751080][ T2422] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 354.774203][T10264] bridge0: port 1(bridge_slave_0) entered disabled state [ 354.781502][T10264] bridge_slave_0: entered allmulticast mode [ 354.799848][T10264] bridge_slave_0: entered promiscuous mode [ 354.818071][T10264] bridge0: port 2(bridge_slave_1) entered blocking state [ 354.842102][T10264] bridge0: port 2(bridge_slave_1) entered disabled state [ 354.849402][T10264] bridge_slave_1: entered allmulticast mode [ 354.868610][T10264] bridge_slave_1: entered promiscuous mode [ 354.939724][T10075] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 355.051710][T10264] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 355.157617][T10264] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 355.378594][T10264] team0: Port device team_slave_0 added [ 355.467868][T10264] team0: Port device team_slave_1 added [ 355.485895][T10304] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1108'. [ 355.498619][ T2814] hsr_slave_0: left promiscuous mode [ 355.510356][ T2814] hsr_slave_1: left promiscuous mode [ 355.512239][ T45] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 355.524192][ T2814] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 355.531727][ T2814] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 355.543260][ T2814] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 355.550922][ T2814] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 355.593068][ T2814] veth1_macvtap: left promiscuous mode [ 355.598615][ T2814] veth0_macvtap: left promiscuous mode [ 355.609051][ T2814] veth1_vlan: left promiscuous mode [ 355.616043][ T2814] veth0_vlan: left promiscuous mode [ 355.682252][ T45] usb 5-1: device descriptor read/64, error -71 [ 355.712339][ T62] tipc: Subscription rejected, illegal request [ 355.952063][ T45] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 356.112190][ T45] usb 5-1: device descriptor read/64, error -71 [ 356.247480][ T45] usb usb5-port1: attempt power cycle [ 356.357503][ T2814] team0 (unregistering): Port device team_slave_1 removed [ 356.408232][ T2814] team0 (unregistering): Port device team_slave_0 removed [ 356.502120][ T5099] Bluetooth: hci2: command tx timeout [ 356.680412][ T45] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 356.722716][ T45] usb 5-1: device descriptor read/8, error -71 [ 356.937760][T10264] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 356.948201][T10264] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 356.989000][T10264] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 357.008163][ T45] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 357.021691][T10264] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 357.029022][T10264] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 357.056060][T10264] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 357.069509][ T45] usb 5-1: device descriptor read/8, error -71 [ 357.195027][ T45] usb usb5-port1: unable to enumerate USB device [ 357.277210][T10264] hsr_slave_0: entered promiscuous mode [ 357.299778][T10264] hsr_slave_1: entered promiscuous mode [ 357.326453][T10264] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 357.338253][T10264] Cannot create hsr debugfs directory [ 357.351356][T10075] veth0_vlan: entered promiscuous mode [ 357.509524][T10075] veth1_vlan: entered promiscuous mode [ 357.670221][T10132] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 357.916241][T10075] veth0_macvtap: entered promiscuous mode [ 357.974729][T10075] veth1_macvtap: entered promiscuous mode [ 358.045559][T10075] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 358.062089][T10075] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 358.073135][T10075] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 358.086116][T10075] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 358.106325][T10075] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 358.167688][T10075] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 358.198054][T10075] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 358.241253][T10075] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 358.259837][T10075] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 358.273993][T10075] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 358.447671][T10075] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 358.469693][T10075] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 358.494609][T10075] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 358.499334][ T5099] Bluetooth: hci1: unexpected event 0x06 length: 23 > 3 [ 358.505799][T10075] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 358.550264][T10339] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1116'. [ 358.561626][T10132] veth0_vlan: entered promiscuous mode [ 358.582913][ T5099] Bluetooth: hci2: command tx timeout [ 358.676557][T10132] veth1_vlan: entered promiscuous mode [ 358.761375][ T2422] tipc: Subscription rejected, illegal request [ 358.852497][T10264] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 358.879161][T10264] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 358.921164][T10264] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 358.956470][T10264] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 359.054714][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 359.090172][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 359.284960][T10132] veth0_macvtap: entered promiscuous mode [ 359.311400][T10132] veth1_macvtap: entered promiscuous mode [ 359.363680][ T2814] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 359.379057][ T2814] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 359.544135][T10132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 359.573825][T10132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 359.601948][T10132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 359.639821][T10132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 359.673958][T10132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 359.684621][T10132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 359.699001][T10132] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 359.745378][T10132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 359.782930][T10132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 359.811932][T10132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 359.828212][T10132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 359.848632][T10132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 359.856668][T10369] netlink: 'syz.2.1120': attribute type 27 has an invalid length. [ 359.869953][T10132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 359.887772][T10132] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 359.958760][T10132] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 359.967722][T10132] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 359.977359][T10132] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 359.989523][T10132] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 360.191065][T10264] 8021q: adding VLAN 0 to HW filter on device bond0 [ 360.274763][T10264] 8021q: adding VLAN 0 to HW filter on device team0 [ 360.348487][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 360.355756][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 360.393052][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 360.420176][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 360.467150][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 360.474381][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 360.482144][ T5096] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 360.662522][ T5099] Bluetooth: hci2: command tx timeout [ 360.668223][ T5096] usb 5-1: device descriptor read/64, error -71 [ 360.695006][ T2422] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 360.710070][ T2422] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 360.930252][T10264] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 360.952598][ T5096] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 361.119870][T10264] veth0_vlan: entered promiscuous mode [ 361.142713][ T5096] usb 5-1: device descriptor read/64, error -71 [ 361.200170][T10264] veth1_vlan: entered promiscuous mode [ 361.206709][T10405] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1126'. [ 361.282468][ T5096] usb usb5-port1: attempt power cycle [ 361.353741][ T2814] tipc: Subscription rejected, illegal request [ 361.382438][ T5099] Bluetooth: hci1: command tx timeout [ 361.412669][T10264] veth0_macvtap: entered promiscuous mode [ 361.455659][T10413] xt_TCPMSS: Only works on TCP SYN packets [ 361.601722][T10264] veth1_macvtap: entered promiscuous mode [ 361.712563][ T5096] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 361.761227][T10264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 361.773062][ T5153] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 361.795605][ T5096] usb 5-1: device descriptor read/8, error -71 [ 361.798349][T10264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 361.816809][T10264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 361.828677][T10264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 361.849185][T10264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 361.868827][T10264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 361.882307][T10264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 361.894949][T10264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 361.910851][T10264] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 361.939368][T10264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 361.967302][T10264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 361.978839][T10264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 361.999524][T10264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 362.010250][T10264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 362.028576][ T5153] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 362.040295][T10264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 362.056744][ T5153] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 362.062662][T10264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 362.068119][ T5153] usb 2-1: New USB device found, idVendor=06cb, idProduct=73f5, bcdDevice= 0.00 [ 362.087932][ T5153] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 362.095469][T10264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 362.106608][ T5096] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 362.129171][ T5153] usb 2-1: config 0 descriptor?? [ 362.133623][T10264] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 362.163708][ T5096] usb 5-1: device descriptor read/8, error -71 [ 362.184525][T10264] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 362.231545][T10264] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 362.241139][T10264] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 362.258433][T10264] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 362.308850][ T5096] usb usb5-port1: unable to enumerate USB device [ 362.516604][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 362.545950][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 362.613946][ T2422] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 362.626370][ T5153] itetech 0003:06CB:73F5.000C: unknown main item tag 0x0 [ 362.639954][ T5153] itetech 0003:06CB:73F5.000C: unknown main item tag 0x0 [ 362.656733][ T2422] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 362.663782][ T5153] itetech 0003:06CB:73F5.000C: hidraw0: USB HID v0.00 Device [HID 06cb:73f5] on usb-dummy_hcd.1-1/input0 [ 362.902446][ T5153] usb 2-1: USB disconnect, device number 29 [ 363.142974][ T5163] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 363.342055][ T5163] usb 1-1: Using ep0 maxpacket: 8 [ 363.361899][ T5163] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 363.395224][ T5163] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 363.425979][ T5163] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 363.443513][ T5163] usb 1-1: New USB device found, idVendor=05ac, idProduct=0240, bcdDevice= 0.40 [ 363.456706][ T5163] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 363.489917][ T5163] usb 1-1: Product: syz [ 363.516845][ T5163] usb 1-1: Manufacturer: syz [ 363.526239][T10451] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1138'. [ 363.536253][ T5163] usb 1-1: SerialNumber: syz [ 363.591283][ T5163] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input44 [ 363.748454][ T62] tipc: Subscription rejected, illegal request [ 363.880352][T10462] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 363.929203][T10462] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 364.043202][T10465] xt_TCPMSS: Only works on TCP SYN packets [ 364.527747][ T4531] bcm5974 1-1:1.0: could not read from device [ 364.529053][ T4531] bcm5974 1-1:1.0: could not read from device [ 364.535366][ T4531] bcm5974 1-1:1.0: could not read from device [ 364.538215][ T4531] bcm5974 1-1:1.0: could not read from device [ 364.555874][ T5163] usb 1-1: USB disconnect, device number 29 [ 364.753632][T10480] loop0: detected capacity change from 0 to 231 [ 365.054433][ T62] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 365.331476][ T62] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 365.586253][ T62] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 365.833005][ T62] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 366.010012][ T5100] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 366.023618][ T5100] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 366.033638][ T5100] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 366.060972][ T5100] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 366.062090][ T8] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 366.076962][ T5100] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 366.085240][ T5100] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 366.123687][ T25] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 366.152265][ T62] bridge_slave_1: left allmulticast mode [ 366.170440][ T62] bridge_slave_1: left promiscuous mode [ 366.192721][ T62] bridge0: port 2(bridge_slave_1) entered disabled state [ 366.258435][ T62] bridge_slave_0: left allmulticast mode [ 366.267664][ T62] bridge_slave_0: left promiscuous mode [ 366.280194][ T62] bridge0: port 1(bridge_slave_0) entered disabled state [ 366.312127][ T25] usb 2-1: Using ep0 maxpacket: 16 [ 366.322049][ T8] usb 3-1: Using ep0 maxpacket: 8 [ 366.328775][ T25] usb 2-1: config 1 interface 0 altsetting 208 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 366.346989][ T8] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 366.371813][ T8] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 366.375349][ T25] usb 2-1: config 1 interface 0 has no altsetting 0 [ 366.407358][ T25] usb 2-1: New USB device found, idVendor=05ac, idProduct=0224, bcdDevice= 0.40 [ 366.411901][ T8] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 366.423014][ T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 366.484347][ T8] usb 3-1: New USB device found, idVendor=05ac, idProduct=0240, bcdDevice= 0.40 [ 366.492286][ T25] usb 2-1: Product: syz [ 366.511918][ T25] usb 2-1: Manufacturer: syz [ 366.516575][ T25] usb 2-1: SerialNumber: syz [ 366.531395][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 366.558526][ T8] usb 3-1: Product: syz [ 366.570314][ T8] usb 3-1: Manufacturer: syz [ 366.585611][ T8] usb 3-1: SerialNumber: syz [ 366.632958][ T8] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input45 [ 366.887084][T10530] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 366.954231][T10530] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 367.346022][ T5099] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 367.363216][ T5099] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 367.375819][ T5099] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 367.402179][ T5099] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 367.417365][ T5099] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 367.430330][ T5099] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 367.467072][ T4531] bcm5974 3-1:1.0: could not read from device [ 367.505764][ T4531] bcm5974 3-1:1.0: could not read from device [ 367.525158][ T4531] bcm5974 3-1:1.0: could not read from device [ 367.531141][ T8] usb 3-1: USB disconnect, device number 29 [ 367.552741][ T4531] bcm5974 3-1:1.0: could not read from device [ 367.803273][ T62] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 367.816494][ T62] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 367.847149][ T62] bond0 (unregistering): Released all slaves [ 367.925767][ T25] usbhid 2-1:1.0: can't add hid device: -71 [ 367.945282][ T25] usbhid 2-1:1.0: probe with driver usbhid failed with error -71 [ 368.000891][ T25] usb 2-1: USB disconnect, device number 30 [ 368.182560][ T5099] Bluetooth: hci2: command tx timeout [ 368.243329][T10550] FAULT_INJECTION: forcing a failure. [ 368.243329][T10550] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 368.256789][T10550] CPU: 0 PID: 10550 Comm: syz.2.1166 Not tainted 6.10.0-rc7-syzkaller-00003-g4376e966ecb7 #0 [ 368.266987][T10550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 368.277082][T10550] Call Trace: [ 368.280398][T10550] [ 368.283363][T10550] dump_stack_lvl+0x241/0x360 [ 368.288099][T10550] ? __pfx_dump_stack_lvl+0x10/0x10 [ 368.293352][T10550] ? __pfx__printk+0x10/0x10 [ 368.297998][T10550] ? snprintf+0xda/0x120 [ 368.302294][T10550] should_fail_ex+0x3b0/0x4e0 [ 368.307017][T10550] _copy_to_user+0x2f/0xb0 [ 368.311465][T10550] simple_read_from_buffer+0xca/0x150 [ 368.316945][T10550] proc_fail_nth_read+0x1e9/0x250 [ 368.322003][T10550] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 368.327579][T10550] ? rw_verify_area+0x520/0x6b0 [ 368.332456][T10550] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 368.338025][T10550] vfs_read+0x204/0xbc0 [ 368.342212][T10550] ? __pfx_lock_release+0x10/0x10 [ 368.347273][T10550] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 368.353207][T10550] ? __pfx_vfs_read+0x10/0x10 [ 368.357901][T10550] ? __fget_files+0x29/0x470 [ 368.362512][T10550] ? __fget_files+0x3f6/0x470 [ 368.367224][T10550] ksys_read+0x1a0/0x2c0 [ 368.371483][T10550] ? __pfx_ksys_read+0x10/0x10 [ 368.376282][T10550] ? do_syscall_64+0x100/0x230 [ 368.381067][T10550] ? do_syscall_64+0xb6/0x230 [ 368.385781][T10550] do_syscall_64+0xf3/0x230 [ 368.390344][T10550] ? clear_bhb_loop+0x35/0x90 [ 368.395035][T10550] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 368.400957][T10550] RIP: 0033:0x7fc9031746bc [ 368.405383][T10550] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 368.425006][T10550] RSP: 002b:00007fc903f11040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 368.433447][T10550] RAX: ffffffffffffffda RBX: 00007fc903303f60 RCX: 00007fc9031746bc [ 368.441433][T10550] RDX: 000000000000000f RSI: 00007fc903f110b0 RDI: 0000000000000006 [ 368.449425][T10550] RBP: 00007fc903f110a0 R08: 0000000000000000 R09: 0000000000000000 [ 368.457422][T10550] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 368.465432][T10550] R13: 000000000000000b R14: 00007fc903303f60 R15: 00007fc90342fa78 [ 368.473532][T10550] [ 368.563178][ T8] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 368.752698][ T8] usb 5-1: Using ep0 maxpacket: 32 [ 368.760273][ T8] usb 5-1: config index 0 descriptor too short (expected 156, got 27) [ 368.769021][ T8] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 368.782997][ T8] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 368.794909][ T8] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 368.812222][ T8] usb 5-1: config 0 interface 0 has no altsetting 0 [ 368.827766][ T8] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 368.857500][ T8] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 368.867743][ T62] hsr_slave_0: left promiscuous mode [ 368.868290][ T8] usb 5-1: Product: syz [ 368.878501][ T8] usb 5-1: Manufacturer: syz [ 368.884503][ T8] usb 5-1: SerialNumber: syz [ 368.893306][ T8] usb 5-1: config 0 descriptor?? [ 368.905188][ T8] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 368.914676][ T62] hsr_slave_1: left promiscuous mode [ 368.930123][ T8] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 368.959902][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 368.997233][ T62] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 369.027719][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 369.125186][ T62] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 369.189237][ T62] veth1_macvtap: left promiscuous mode [ 369.189335][ T62] veth0_macvtap: left promiscuous mode [ 369.189538][ T62] veth1_vlan: left promiscuous mode [ 369.189696][ T62] veth0_vlan: left promiscuous mode [ 369.275890][ T5096] usb 5-1: USB disconnect, device number 34 [ 369.324306][ T5096] ldusb 5-1:0.0: LD USB Device #0 now disconnected [ 369.542186][ T5099] Bluetooth: hci0: command tx timeout [ 369.542552][T10578] fuse: Bad value for 'rootmode' [ 370.207973][ T62] team0 (unregistering): Port device team_slave_1 removed [ 370.252182][ T62] team0 (unregistering): Port device team_slave_0 removed [ 370.262135][ T5099] Bluetooth: hci2: command tx timeout [ 370.775999][T10574] netlink: 80 bytes leftover after parsing attributes in process `syz.4.1170'. [ 371.141156][T10514] chnl_net:caif_netlink_parms(): no params data found [ 371.497875][T10605] IPVS: Scheduler module ip_vs_ not found [ 371.623553][ T5099] Bluetooth: hci0: command tx timeout [ 371.722965][ T9] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 371.768899][T10514] bridge0: port 1(bridge_slave_0) entered blocking state [ 371.769098][T10514] bridge0: port 1(bridge_slave_0) entered disabled state [ 371.777207][T10514] bridge_slave_0: entered allmulticast mode [ 371.807855][T10514] bridge_slave_0: entered promiscuous mode [ 371.810370][T10539] chnl_net:caif_netlink_parms(): no params data found [ 371.820641][T10514] bridge0: port 2(bridge_slave_1) entered blocking state [ 371.820743][T10514] bridge0: port 2(bridge_slave_1) entered disabled state [ 371.820898][T10514] bridge_slave_1: entered allmulticast mode [ 371.825001][T10514] bridge_slave_1: entered promiscuous mode [ 371.918492][ T9] usb 3-1: Using ep0 maxpacket: 16 [ 371.921045][T10514] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 371.938421][ T9] usb 3-1: config 1 interface 0 altsetting 208 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 371.990226][ T9] usb 3-1: config 1 interface 0 has no altsetting 0 [ 372.025085][ T9] usb 3-1: New USB device found, idVendor=05ac, idProduct=0224, bcdDevice= 0.40 [ 372.035715][ T8] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 372.043740][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 372.049404][T10514] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 372.053688][ T9] usb 3-1: Product: syz [ 372.065161][ T9] usb 3-1: Manufacturer: syz [ 372.069796][ T9] usb 3-1: SerialNumber: syz [ 372.233054][ T8] usb 2-1: Using ep0 maxpacket: 8 [ 372.242787][ T8] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 372.258214][T10514] team0: Port device team_slave_0 added [ 372.266854][ T8] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 372.279595][ T8] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 372.299432][ T8] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 372.342382][ T5099] Bluetooth: hci2: command tx timeout [ 372.367431][ T8] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 372.377003][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 372.397364][ T62] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 372.446053][T10514] team0: Port device team_slave_1 added [ 372.471487][ T9] usbhid 3-1:1.0: can't add hid device: -71 [ 372.487624][ T9] usbhid 3-1:1.0: probe with driver usbhid failed with error -71 [ 372.502807][ T5150] usb 5-1: new low-speed USB device number 35 using dummy_hcd [ 372.502815][ T9] usb 3-1: USB disconnect, device number 30 [ 372.608594][ T8] usb 2-1: GET_CAPABILITIES returned 0 [ 372.616293][ T8] usbtmc 2-1:16.0: can't read capabilities [ 372.618759][T10514] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 372.629915][T10514] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 372.669924][T10514] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 372.709724][ T5150] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 372.717848][ T5150] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 372.721421][ T62] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 372.728977][ T5150] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 372.761331][T10539] bridge0: port 1(bridge_slave_0) entered blocking state [ 372.763622][ T5150] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 372.768893][T10539] bridge0: port 1(bridge_slave_0) entered disabled state [ 372.785403][ T5150] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 372.789887][T10539] bridge_slave_0: entered allmulticast mode [ 372.809560][ T5150] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 372.820589][T10539] bridge_slave_0: entered promiscuous mode [ 372.820803][ T5150] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 372.839533][T10539] bridge0: port 2(bridge_slave_1) entered blocking state [ 372.849845][ T5150] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 372.855415][T10539] bridge0: port 2(bridge_slave_1) entered disabled state [ 372.868481][T10539] bridge_slave_1: entered allmulticast mode [ 372.871177][ T5150] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 372.876492][T10539] bridge_slave_1: entered promiscuous mode [ 372.893676][ T5150] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 372.896754][T10514] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 372.910694][ T5150] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 372.914330][T10514] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 372.920014][ T5150] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 372.952814][T10514] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 372.958286][ T5150] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 372.979723][ T5150] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 372.991583][ T5150] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 373.006873][ T5150] usb 5-1: string descriptor 0 read error: -22 [ 373.013912][ T5150] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 373.029498][ T5150] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 373.048973][ T5150] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux1 [ 373.077315][ T62] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 373.157246][ T5150] usb 2-1: USB disconnect, device number 31 [ 373.265180][ T62] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 373.321369][T10514] hsr_slave_0: entered promiscuous mode [ 373.329461][T10514] hsr_slave_1: entered promiscuous mode [ 373.337070][T10514] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 373.346278][T10514] Cannot create hsr debugfs directory [ 373.356473][T10539] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 373.379915][T10539] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 373.608572][T10539] team0: Port device team_slave_0 added [ 373.625366][T10650] netlink: 'syz.2.1182': attribute type 16 has an invalid length. [ 373.633139][T10539] team0: Port device team_slave_1 added [ 373.653965][T10650] netlink: 64138 bytes leftover after parsing attributes in process `syz.2.1182'. [ 373.703041][ T5099] Bluetooth: hci0: command tx timeout [ 373.719239][T10539] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 373.738393][T10539] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 373.783282][T10539] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 373.812121][T10539] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 373.819329][T10539] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 373.851270][T10539] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 373.953292][T10658] FAULT_INJECTION: forcing a failure. [ 373.953292][T10658] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 373.991454][T10658] CPU: 0 PID: 10658 Comm: syz.1.1183 Not tainted 6.10.0-rc7-syzkaller-00003-g4376e966ecb7 #0 [ 374.001687][T10658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 374.011792][T10658] Call Trace: [ 374.015104][T10658] [ 374.018064][T10658] dump_stack_lvl+0x241/0x360 [ 374.022886][T10658] ? __pfx_dump_stack_lvl+0x10/0x10 [ 374.028154][T10658] ? __pfx__printk+0x10/0x10 [ 374.032787][T10658] ? snprintf+0xda/0x120 [ 374.037072][T10658] should_fail_ex+0x3b0/0x4e0 [ 374.041820][T10658] _copy_to_user+0x2f/0xb0 [ 374.046276][T10658] simple_read_from_buffer+0xca/0x150 [ 374.051683][T10658] proc_fail_nth_read+0x1e9/0x250 [ 374.056726][T10658] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 374.062287][T10658] ? rw_verify_area+0x520/0x6b0 [ 374.067147][T10658] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 374.072703][T10658] vfs_read+0x204/0xbc0 [ 374.076872][T10658] ? __pfx_lock_release+0x10/0x10 [ 374.081916][T10658] ? do_sock_setsockopt+0x3e2/0x720 [ 374.087231][T10658] ? __pfx_vfs_read+0x10/0x10 [ 374.091931][T10658] ? __fget_files+0x29/0x470 [ 374.096549][T10658] ? __fget_files+0x3f6/0x470 [ 374.101248][T10658] ksys_read+0x1a0/0x2c0 [ 374.105506][T10658] ? __pfx_ksys_read+0x10/0x10 [ 374.110313][T10658] ? do_syscall_64+0x100/0x230 [ 374.115098][T10658] ? do_syscall_64+0xb6/0x230 [ 374.119812][T10658] do_syscall_64+0xf3/0x230 [ 374.124335][T10658] ? clear_bhb_loop+0x35/0x90 [ 374.129020][T10658] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 374.134935][T10658] RIP: 0033:0x7f4535d746bc [ 374.139374][T10658] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 374.158991][T10658] RSP: 002b:00007f4536aab040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 374.167419][T10658] RAX: ffffffffffffffda RBX: 00007f4535f03f60 RCX: 00007f4535d746bc [ 374.175398][T10658] RDX: 000000000000000f RSI: 00007f4536aab0b0 RDI: 0000000000000004 [ 374.183379][T10658] RBP: 00007f4536aab0a0 R08: 0000000000000000 R09: 0000000000000000 [ 374.191357][T10658] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000001 [ 374.199335][T10658] R13: 000000000000000b R14: 00007f4535f03f60 R15: 00007f453602fa78 [ 374.207328][T10658] [ 374.307264][T10539] hsr_slave_0: entered promiscuous mode [ 374.315326][T10539] hsr_slave_1: entered promiscuous mode [ 374.326134][T10539] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 374.352048][T10539] Cannot create hsr debugfs directory [ 374.387126][ T62] bridge_slave_1: left allmulticast mode [ 374.393076][ T62] bridge_slave_1: left promiscuous mode [ 374.403392][ T62] bridge0: port 2(bridge_slave_1) entered disabled state [ 374.423509][ T5099] Bluetooth: hci2: command tx timeout [ 374.448134][ T62] bridge_slave_0: left allmulticast mode [ 374.454325][ T62] bridge_slave_0: left promiscuous mode [ 374.460192][ T62] bridge0: port 1(bridge_slave_0) entered disabled state [ 374.885754][ T62] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 374.899992][ T62] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 374.914560][ T62] bond0 (unregistering): Released all slaves [ 375.250454][ T8] usb 5-1: USB disconnect, device number 35 [ 375.712074][ T29] audit: type=1326 audit(1720546885.195:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10683 comm="syz.1.1190" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4535d75bd9 code=0x0 [ 375.795631][ T5099] Bluetooth: hci0: command tx timeout [ 375.805444][T10684] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1190'. [ 375.861730][T10684] vlan2: entered promiscuous mode [ 375.871687][ T45] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 376.111984][ T45] usb 3-1: Using ep0 maxpacket: 8 [ 376.124288][ T45] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 376.144278][ T45] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 376.183084][ T45] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 376.195369][ T45] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 376.240241][ T45] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 376.275782][ T45] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 376.285735][ T62] hsr_slave_0: left promiscuous mode [ 376.302182][ T62] hsr_slave_1: left promiscuous mode [ 376.309651][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 376.322960][ T62] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 376.332496][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 376.339946][ T62] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 376.370176][ T62] veth1_macvtap: left promiscuous mode [ 376.379371][ T62] veth0_macvtap: left promiscuous mode [ 376.387627][ T62] veth1_vlan: left promiscuous mode [ 376.395091][ T62] veth0_vlan: left promiscuous mode [ 376.513662][ T45] usb 3-1: GET_CAPABILITIES returned 0 [ 376.519262][ T45] usbtmc 3-1:16.0: can't read capabilities [ 376.703686][T10697] xt_TCPMSS: Only works on TCP SYN packets [ 377.322944][ T62] team0 (unregistering): Port device team_slave_1 removed [ 377.411778][ T62] team0 (unregistering): Port device team_slave_0 removed [ 377.933628][ T5096] usb 3-1: USB disconnect, device number 31 [ 378.218580][T10514] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 378.335790][T10514] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 378.350260][T10514] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 378.365667][T10514] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 378.388682][T10713] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1197'. [ 378.914625][T10514] 8021q: adding VLAN 0 to HW filter on device bond0 [ 378.994013][ T1247] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.000913][ T1247] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.065303][T10514] 8021q: adding VLAN 0 to HW filter on device team0 [ 379.136416][ T5096] bridge0: port 1(bridge_slave_0) entered blocking state [ 379.143667][ T5096] bridge0: port 1(bridge_slave_0) entered forwarding state [ 379.197092][T10539] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 379.226826][T10539] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 379.264392][T10539] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 379.305589][T10539] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 379.347747][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 379.355007][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 379.392457][ T5150] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 379.623514][ T5150] usb 3-1: Using ep0 maxpacket: 8 [ 379.628176][ T5150] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 379.628238][ T5150] usb 3-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 379.628267][ T5150] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 379.630908][ T5150] usb 3-1: config 0 descriptor?? [ 379.649437][ T5150] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 379.649761][T10514] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 379.697049][T10539] 8021q: adding VLAN 0 to HW filter on device bond0 [ 379.753412][ T25] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 379.761184][T10539] 8021q: adding VLAN 0 to HW filter on device team0 [ 379.839041][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 379.839154][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 379.848978][ T5164] bridge0: port 2(bridge_slave_1) entered blocking state [ 379.849082][ T5164] bridge0: port 2(bridge_slave_1) entered forwarding state [ 379.851142][T10514] veth0_vlan: entered promiscuous mode [ 379.887559][T10514] veth1_vlan: entered promiscuous mode [ 379.982119][ T25] usb 5-1: Using ep0 maxpacket: 8 [ 379.994608][ T25] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 379.994672][ T25] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 379.994701][ T25] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 379.994729][ T25] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 379.994779][ T25] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 379.994832][ T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 380.077057][T10539] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 380.117505][T10514] veth0_macvtap: entered promiscuous mode [ 380.129171][T10514] veth1_macvtap: entered promiscuous mode [ 380.215712][ T25] usb 5-1: GET_CAPABILITIES returned 0 [ 380.230035][ T25] usbtmc 5-1:16.0: can't read capabilities [ 380.267107][T10514] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 380.299071][T10514] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 380.331896][T10514] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 380.331924][T10514] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 380.331945][T10514] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 380.331962][T10514] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 380.335167][T10514] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 380.380004][T10514] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 380.380035][T10514] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 380.380048][T10514] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 380.432055][T10514] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 380.443669][T10514] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 380.456266][T10514] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 380.469712][T10514] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 380.496857][ T9] usb 5-1: USB disconnect, device number 36 [ 380.497467][T10514] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 380.514017][T10514] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 380.524242][T10514] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 380.539118][T10514] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 380.616406][T10539] veth0_vlan: entered promiscuous mode [ 380.623620][ T5099] Bluetooth: hci3: unexpected event 0x06 length: 23 > 3 [ 380.651752][T10539] veth1_vlan: entered promiscuous mode [ 380.824763][ T2457] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 380.850668][ T2457] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 380.889068][ T5150] gspca_vc032x: reg_w err -71 [ 380.894114][ T5150] vc032x 3-1:0.0: probe with driver vc032x failed with error -71 [ 380.997352][ T5150] usb 3-1: USB disconnect, device number 32 [ 381.000442][T10539] veth0_macvtap: entered promiscuous mode [ 381.058100][ T2457] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 381.073409][ T2457] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 381.098373][T10539] veth1_macvtap: entered promiscuous mode [ 381.186421][T10539] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 381.215349][T10539] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 381.258446][T10539] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 381.278975][T10539] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 381.295465][T10539] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 381.314406][T10539] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 381.332478][T10539] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 381.354787][T10539] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 381.394216][T10539] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 381.464081][T10539] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 381.491114][T10539] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 381.563563][T10539] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 381.600428][T10539] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 381.659200][T10539] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 381.695651][T10539] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 381.761259][T10539] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 381.761290][T10539] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 381.767527][T10539] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 381.845683][T10539] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 381.845717][T10539] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 381.845740][T10539] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 381.845762][T10539] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 381.982428][ T5152] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 382.137633][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 382.137662][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 382.173343][ T5152] usb 5-1: config 0 has an invalid interface number: 48 but max is 0 [ 382.173377][ T5152] usb 5-1: config 0 has no interface number 0 [ 382.173409][ T5152] usb 5-1: too many endpoints for config 0 interface 48 altsetting 49: 55, using maximum allowed: 30 [ 382.173449][ T5152] usb 5-1: config 0 interface 48 altsetting 49 has 0 endpoint descriptors, different from the interface descriptor's value: 55 [ 382.173480][ T5152] usb 5-1: config 0 interface 48 has no altsetting 0 [ 382.173518][ T5152] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 382.173545][ T5152] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 382.176184][ T5152] usb 5-1: config 0 descriptor?? [ 382.283626][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 382.283679][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 382.664177][ T5100] Bluetooth: hci3: command 0x2046 tx timeout [ 382.664552][ T5099] Bluetooth: hci3: Opcode 0x2046 failed: -110 [ 382.893755][ T5099] Bluetooth: hci4: unexpected event 0x06 length: 23 > 3 [ 383.102116][ T9] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 383.268195][T10842] xt_TCPMSS: Only works on TCP SYN packets [ 383.374688][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 383.420255][ T9] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 383.475053][ T9] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 383.511658][ T9] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 383.537834][ T9] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 383.575091][ T9] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 383.590560][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 383.842373][T10849] fuse: Bad value for 'group_id' [ 383.889936][ T9] usb 4-1: GET_CAPABILITIES returned 0 [ 383.908896][ T9] usbtmc 4-1:16.0: can't read capabilities [ 384.135165][ T8] usb 4-1: USB disconnect, device number 27 [ 384.404958][T10866] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1229'. [ 384.481068][T10866] vlan2: entered promiscuous mode [ 384.731036][ T5152] usb 5-1: string descriptor 0 read error: -71 [ 384.745267][ T5152] cp210x 5-1:0.48: cp210x converter detected [ 384.756857][ T5152] cp210x 5-1:0.48: failed to get vendor val 0x370b size 1: -71 [ 384.764733][ T5152] cp210x 5-1:0.48: querying part number failed [ 384.774602][ T5152] usb 5-1: cp210x converter now attached to ttyUSB0 [ 384.804036][ T5152] usb 5-1: USB disconnect, device number 37 [ 384.841057][ T5152] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 384.880355][ T5152] cp210x 5-1:0.48: device disconnected [ 384.951241][ T5099] Bluetooth: hci2: unexpected event 0x06 length: 23 > 3 [ 384.982554][ T5100] Bluetooth: hci4: Opcode 0x2046 failed: -110 [ 384.996265][ T5099] Bluetooth: hci4: command 0x2046 tx timeout [ 385.216380][ T5100] Bluetooth: hci3: unexpected event 0x06 length: 23 > 3 [ 385.233679][T10902] FAULT_INJECTION: forcing a failure. [ 385.233679][T10902] name failslab, interval 1, probability 0, space 0, times 0 [ 385.262192][T10903] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1236'. [ 385.312320][ T5152] usb 5-1: new full-speed USB device number 38 using dummy_hcd [ 385.343449][T10902] CPU: 0 PID: 10902 Comm: syz.3.1237 Not tainted 6.10.0-rc7-syzkaller-00003-g4376e966ecb7 #0 [ 385.353677][T10902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 385.363771][T10902] Call Trace: [ 385.367086][T10902] [ 385.370049][T10902] dump_stack_lvl+0x241/0x360 [ 385.374785][T10902] ? __pfx_dump_stack_lvl+0x10/0x10 [ 385.380033][T10902] ? __pfx__printk+0x10/0x10 [ 385.384684][T10902] ? __pfx___might_resched+0x10/0x10 [ 385.390015][T10902] ? prepend_path+0x2f/0xbe0 [ 385.394667][T10902] should_fail_ex+0x3b0/0x4e0 [ 385.399395][T10902] ? tomoyo_encode+0x26f/0x540 [ 385.404198][T10902] should_failslab+0x9/0x20 [ 385.408750][T10902] __kmalloc_noprof+0xd8/0x400 [ 385.413586][T10902] tomoyo_encode+0x26f/0x540 [ 385.418224][T10902] tomoyo_realpath_from_path+0x59e/0x5e0 [ 385.423907][T10902] tomoyo_path_number_perm+0x23a/0x880 [ 385.429424][T10902] ? tomoyo_path_number_perm+0x208/0x880 [ 385.435111][T10902] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 385.441186][T10902] ? __fget_files+0x29/0x470 [ 385.445830][T10902] ? __fget_files+0x3f6/0x470 [ 385.450550][T10902] ? __fget_files+0x29/0x470 [ 385.455188][T10902] security_file_ioctl+0x75/0xb0 [ 385.460152][T10902] __se_sys_ioctl+0x47/0x170 [ 385.464764][T10902] do_syscall_64+0xf3/0x230 [ 385.469288][T10902] ? clear_bhb_loop+0x35/0x90 [ 385.473979][T10902] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 385.479890][T10902] RIP: 0033:0x7f469fd75bd9 [ 385.484435][T10902] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 385.504065][T10902] RSP: 002b:00007f46a0bb2048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 385.512509][T10902] RAX: ffffffffffffffda RBX: 00007f469ff03f60 RCX: 00007f469fd75bd9 [ 385.520506][T10902] RDX: 0000000020000000 RSI: 00000000802c550a RDI: 0000000000000003 [ 385.528506][T10902] RBP: 00007f46a0bb20a0 R08: 0000000000000000 R09: 0000000000000000 [ 385.536502][T10902] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 385.544499][T10902] R13: 000000000000000b R14: 00007f469ff03f60 R15: 00007f46a002fa78 [ 385.552515][T10902] [ 385.590641][ T25] IPVS: starting estimator thread 0... [ 385.602112][T10902] ERROR: Out of memory at tomoyo_realpath_from_path. [ 385.622745][ T5152] usb 5-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 385.631801][ T5152] usb 5-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 385.643029][T10902] usb usb9: usbfs: process 10902 (syz.3.1237) did not claim interface 0 before use [ 385.669475][ T5152] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 385.756664][ T5152] usb 5-1: New USB device found, idVendor=856b, idProduct=0099, bcdDevice= 0.00 [ 385.762225][T10910] IPVS: using max 17 ests per chain, 40800 per kthread [ 385.815141][ T5152] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 386.097329][ T5152] usb 5-1: string descriptor 0 read error: -71 [ 386.099788][ T5152] usb 5-1: 0:2 : does not exist [ 386.142826][ T5152] usb 5-1: USB disconnect, device number 38 [ 386.654976][T10946] netlink: 'syz.1.1245': attribute type 4 has an invalid length. [ 386.783940][T10951] netlink: 'syz.1.1245': attribute type 4 has an invalid length. [ 386.820588][ T5457] udevd[5457]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 386.836828][ T5099] Bluetooth: hci1: unexpected event 0x06 length: 23 > 3 [ 386.851912][ T5152] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 387.063794][ T5152] usb 3-1: Using ep0 maxpacket: 8 [ 387.099540][ T5152] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 387.132414][ T5152] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 387.158876][ T5152] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 387.178227][ T5152] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 387.240120][ T5152] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 387.240159][ T5152] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 387.305435][T10832] Bluetooth: hci3: command 0x2046 tx timeout [ 387.312373][ T5100] Bluetooth: hci3: Opcode 0x2046 failed: -110 [ 387.467364][ T5152] usb 3-1: GET_CAPABILITIES returned 0 [ 387.496803][ T5152] usbtmc 3-1:16.0: can't read capabilities [ 387.717161][ T5152] usb 3-1: USB disconnect, device number 33 [ 387.914351][T10990] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1255'. [ 387.983109][ T29] audit: type=1326 audit(1720546897.485:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10992 comm="syz.4.1257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f348bb75bd9 code=0x7ffc0000 [ 388.043781][T10993] mmap: syz.4.1257 (10993) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 388.074442][ T29] audit: type=1326 audit(1720546897.505:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10992 comm="syz.4.1257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f348bb75bd9 code=0x7ffc0000 [ 388.085397][ T5100] Bluetooth: hci2: unexpected event 0x06 length: 23 > 3 [ 388.096749][ C0] vkms_vblank_simulate: vblank timer overrun [ 388.129159][ T5100] Bluetooth: hci0: unexpected event 0x06 length: 23 > 3 [ 388.143633][ T29] audit: type=1326 audit(1720546897.515:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10992 comm="syz.4.1257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=27 compat=0 ip=0x7f348bb75bd9 code=0x7ffc0000 [ 388.177614][ T29] audit: type=1326 audit(1720546897.515:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10992 comm="syz.4.1257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f348bb75bd9 code=0x7ffc0000 [ 388.200693][ T29] audit: type=1326 audit(1720546897.515:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10992 comm="syz.4.1257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f348bb75bd9 code=0x7ffc0000 [ 388.227849][ T29] audit: type=1326 audit(1720546897.515:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10992 comm="syz.4.1257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f348bb75bd9 code=0x7ffc0000 [ 388.262301][ T29] audit: type=1326 audit(1720546897.515:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10992 comm="syz.4.1257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f348bb75bd9 code=0x7ffc0000 [ 388.311492][ T29] audit: type=1326 audit(1720546897.515:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10992 comm="syz.4.1257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f348bb75bd9 code=0x7ffc0000 [ 388.395558][ T29] audit: type=1326 audit(1720546897.515:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10992 comm="syz.4.1257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f348bb75bd9 code=0x7ffc0000 [ 388.421575][ T29] audit: type=1326 audit(1720546897.525:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10992 comm="syz.4.1257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f348bb75bd9 code=0x7ffc0000 [ 388.570566][T11012] xt_bpf: check failed: parse error [ 388.750927][T11016] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8) [ 388.750989][T11016] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 388.751057][T11016] vhci_hcd vhci_hcd.0: Device attached [ 388.770950][T11021] vhci_hcd: connection closed [ 388.771649][ T62] vhci_hcd: stop threads [ 388.771666][ T62] vhci_hcd: release socket [ 388.771682][ T62] vhci_hcd: disconnect device [ 388.772178][ T5153] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 388.786516][T11012] netlink: 'syz.2.1262': attribute type 9 has an invalid length. [ 388.904343][ T5100] Bluetooth: hci1: command 0x0406 tx timeout [ 388.953532][ T5153] usb 1-1: Using ep0 maxpacket: 32 [ 388.965183][ T5153] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 388.983108][ T5153] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 388.994096][ T5153] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 389.011058][ T5153] usb 1-1: Product: syz [ 389.022456][ T5153] usb 1-1: Manufacturer: syz [ 389.028531][ T5153] usb 1-1: SerialNumber: syz [ 389.040259][T11009] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 389.066224][ T5153] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22 [ 389.317779][T11009] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 389.346927][T11009] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 389.472232][ T9] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 389.580373][T11042] capability: warning: `syz.2.1268' uses 32-bit capabilities (legacy support in use) [ 389.746039][ T9] usb 5-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=14.d4 [ 389.765764][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 389.805094][ T9] usb 5-1: config 0 descriptor?? [ 390.125190][ T9] gs_usb 5-1:0.0: Couldn't send data format (err=-71) [ 390.199197][ T9] gs_usb 5-1:0.0: probe with driver gs_usb failed with error -71 [ 390.238860][ T9] usb 5-1: USB disconnect, device number 39 [ 390.429589][ T5099] Bluetooth: hci4: unexpected event 0x06 length: 23 > 3 [ 390.582191][ T5164] usb 4-1: new full-speed USB device number 28 using dummy_hcd [ 390.691618][T11063] FAULT_INJECTION: forcing a failure. [ 390.691618][T11063] name failslab, interval 1, probability 0, space 0, times 0 [ 390.746612][T11063] CPU: 1 PID: 11063 Comm: syz.1.1273 Not tainted 6.10.0-rc7-syzkaller-00003-g4376e966ecb7 #0 [ 390.756849][T11063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 390.766960][T11063] Call Trace: [ 390.770304][T11063] [ 390.773445][T11063] dump_stack_lvl+0x241/0x360 [ 390.778196][T11063] ? __pfx_dump_stack_lvl+0x10/0x10 [ 390.783455][T11063] ? __pfx__printk+0x10/0x10 [ 390.788114][T11063] should_fail_ex+0x3b0/0x4e0 [ 390.792857][T11063] should_failslab+0x9/0x20 [ 390.797411][T11063] __kmalloc_node_noprof+0xdf/0x440 [ 390.802666][T11063] ? kvmalloc_node_noprof+0x72/0x190 [ 390.808017][T11063] kvmalloc_node_noprof+0x72/0x190 [ 390.813196][T11063] page_pool_create_percpu+0x2b0/0x7c0 [ 390.818722][T11063] __veth_napi_enable_range+0x1d2/0x820 [ 390.824330][T11063] ? __pfx___veth_napi_enable_range+0x10/0x10 [ 390.830461][T11063] ? netif_napi_add_weight+0x96d/0xc30 [ 390.835979][T11063] veth_napi_enable_range+0xce/0x150 [ 390.841408][T11063] veth_set_features+0x1d1/0x2b0 [ 390.846386][T11063] ? __pfx_veth_set_features+0x10/0x10 [ 390.851887][T11063] __netdev_update_features+0x98c/0x18f0 [ 390.857518][ T5164] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 390.857559][ T5164] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 255, setting to 64 [ 390.868483][T11063] ? __pfx___netdev_update_features+0x10/0x10 [ 390.868535][T11063] ? __pfx___might_resched+0x10/0x10 [ 390.868565][T11063] ? __might_fault+0xaa/0x120 [ 390.868598][T11063] ? __pfx_lock_release+0x10/0x10 [ 390.868626][T11063] ? aa_get_newest_label+0xff/0x6f0 [ 390.868666][T11063] ? __might_fault+0xc6/0x120 [ 390.868708][T11063] ethtool_set_one_feature+0x2d6/0x340 [ 390.868736][T11063] ? apparmor_capable+0x138/0x1b0 [ 390.868763][T11063] ? __pfx_ethtool_set_one_feature+0x10/0x10 [ 390.868789][T11063] ? security_capable+0x90/0xb0 [ 390.868834][T11063] dev_ethtool+0x1605/0x1bc0 [ 390.868885][T11063] ? __pfx_dev_ethtool+0x10/0x10 [ 390.868939][T11063] ? dev_load+0x21/0x1f0 [ 390.868971][T11063] dev_ioctl+0x785/0x1340 [ 390.869006][T11063] sock_do_ioctl+0x240/0x460 [ 390.869048][T11063] ? __pfx_sock_do_ioctl+0x10/0x10 [ 390.869105][T11063] sock_ioctl+0x629/0x8e0 [ 390.869141][T11063] ? __pfx_sock_ioctl+0x10/0x10 [ 390.869208][T11063] ? __fget_files+0x29/0x470 [ 390.869242][T11063] ? __fget_files+0x3f6/0x470 [ 390.869270][T11063] ? __fget_files+0x29/0x470 [ 390.869306][T11063] ? bpf_lsm_file_ioctl+0x9/0x10 [ 390.869331][T11063] ? security_file_ioctl+0x87/0xb0 [ 390.898077][ T5164] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 390.901192][T11063] ? __pfx_sock_ioctl+0x10/0x10 [ 390.901238][T11063] __se_sys_ioctl+0xfc/0x170 [ 390.901271][T11063] do_syscall_64+0xf3/0x230 [ 390.909199][ T5164] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 390.911385][T11063] ? clear_bhb_loop+0x35/0x90 [ 390.911418][T11063] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 390.917898][ T5164] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 390.921888][T11063] RIP: 0033:0x7f4535d75bd9 [ 390.921915][T11063] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 390.921935][T11063] RSP: 002b:00007f4536aab048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 390.921962][T11063] RAX: ffffffffffffffda RBX: 00007f4535f03f60 RCX: 00007f4535d75bd9 [ 391.003851][ T5164] usb 4-1: config 0 descriptor?? [ 391.006759][T11063] RDX: 0000000020000040 RSI: 0000000000008946 RDI: 0000000000000005 [ 391.013914][T11053] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 391.016183][T11063] RBP: 00007f4536aab0a0 R08: 0000000000000000 R09: 0000000000000000 [ 391.079127][ T5100] Bluetooth: hci1: unexpected event 0x06 length: 23 > 3 [ 391.080718][T11063] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 391.080743][T11063] R13: 000000000000000b R14: 00007f4535f03f60 R15: 00007f453602fa78 [ 391.080780][T11063] [ 391.156030][T11063] page_pool_create_percpu() gave up with errno -12 [ 391.164581][T11063] veth1_to_bond: set_features() failed (-12); wanted 0x000061164fdd59e9, left 0x000061164fdd19e9 [ 391.434230][ T8] usb 1-1: USB disconnect, device number 30 [ 391.487467][ T5164] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x4 [ 391.556393][ T5164] plantronics 0003:047F:FFFF.000D: No inputs registered, leaving [ 391.605253][ T5164] plantronics 0003:047F:FFFF.000D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 391.646388][T11086] xt_bpf: check failed: parse error [ 391.769966][T11089] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8) [ 391.776552][T11089] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 391.810267][T11089] vhci_hcd vhci_hcd.0: Device attached [ 391.853256][T11093] vhci_hcd: connection closed [ 391.855284][ T2814] vhci_hcd: stop threads [ 391.940324][ T2814] vhci_hcd: release socket [ 391.970257][ T2814] vhci_hcd: disconnect device [ 391.975475][T11086] netlink: 'syz.0.1278': attribute type 9 has an invalid length. [ 392.502878][ T5099] Bluetooth: hci4: Opcode 0x2046 failed: -110 [ 392.510536][ T5100] Bluetooth: hci4: command 0x2046 tx timeout [ 392.860445][ T2422] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 393.108393][ T2422] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 393.418072][ T2422] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 393.558484][ T2422] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 393.625806][ T8] usb 4-1: USB disconnect, device number 28 [ 393.716793][ T45] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 393.898079][ T5099] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 393.909588][ T5099] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 393.918806][ T5099] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 393.931730][ T5099] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 393.952142][ T45] usb 3-1: Using ep0 maxpacket: 16 [ 393.959496][ T2422] bridge_slave_1: left allmulticast mode [ 393.965725][ T5099] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 393.975974][ T5099] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 393.983242][ T45] usb 3-1: config 1 interface 0 altsetting 208 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 393.998774][ T2422] bridge_slave_1: left promiscuous mode [ 394.013604][ T45] usb 3-1: config 1 interface 0 has no altsetting 0 [ 394.023209][ T45] usb 3-1: New USB device found, idVendor=05ac, idProduct=0224, bcdDevice= 0.40 [ 394.026816][ T2422] bridge0: port 2(bridge_slave_1) entered disabled state [ 394.042043][ T45] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 394.051768][ T45] usb 3-1: Product: syz [ 394.056424][ T45] usb 3-1: Manufacturer: syz [ 394.061052][ T45] usb 3-1: SerialNumber: syz [ 394.134707][ T2422] bridge_slave_0: left allmulticast mode [ 394.134740][ T2422] bridge_slave_0: left promiscuous mode [ 394.135019][ T2422] bridge0: port 1(bridge_slave_0) entered disabled state [ 394.323495][ T45] usbhid 3-1:1.0: can't add hid device: -71 [ 394.334593][ T45] usbhid 3-1:1.0: probe with driver usbhid failed with error -71 [ 394.393824][ T45] usb 3-1: USB disconnect, device number 34 [ 394.582158][ T5100] Bluetooth: hci4: command 0x2046 tx timeout [ 395.276438][ T2422] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 395.292711][ T2422] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 395.309743][ T2422] bond0 (unregistering): Released all slaves [ 395.861342][T11182] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 395.899116][T11197] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1303'. [ 395.917689][ T8] hid (null): unknown global tag 0xe [ 395.933675][T11182] kvm: pic: non byte read [ 396.005322][ T8] hid-generic 000E:FFFFFFFC:10000.000E: unknown main item tag 0x0 [ 396.018765][ T8] hid-generic 000E:FFFFFFFC:10000.000E: unknown main item tag 0x0 [ 396.029518][ T8] hid-generic 000E:FFFFFFFC:10000.000E: unknown global tag 0xe [ 396.047675][ T8] hid-generic 000E:FFFFFFFC:10000.000E: item 0 2 1 14 parsing failed [ 396.074827][ T8] hid-generic 000E:FFFFFFFC:10000.000E: probe with driver hid-generic failed with error -22 [ 396.102463][ T5100] Bluetooth: hci3: command tx timeout [ 396.141317][T11182] syz_tun: entered promiscuous mode [ 396.187839][T11182] syz_tun: left promiscuous mode [ 396.387317][T11149] chnl_net:caif_netlink_parms(): no params data found [ 396.774197][ T45] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 396.849015][ T2422] hsr_slave_0: left promiscuous mode [ 396.882311][ T2422] hsr_slave_1: left promiscuous mode [ 396.920808][ T2422] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 396.938767][ T2422] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 396.959943][ T2422] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 396.979966][ T2422] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 396.992081][ T45] usb 5-1: Using ep0 maxpacket: 8 [ 397.007523][ T45] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 397.048202][ T45] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 397.082655][ T45] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 397.110422][ T2422] veth1_macvtap: left promiscuous mode [ 397.132504][ T2422] veth0_macvtap: left promiscuous mode [ 397.138270][ T2422] veth1_vlan: left promiscuous mode [ 397.147048][ T2422] veth0_vlan: left promiscuous mode [ 397.156675][ T45] usb 5-1: New USB device found, idVendor=05ac, idProduct=0240, bcdDevice= 0.40 [ 397.169345][ T45] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 397.196835][ T45] usb 5-1: Product: syz [ 397.201138][ T45] usb 5-1: Manufacturer: syz [ 397.226542][ T45] usb 5-1: SerialNumber: syz [ 397.308215][ T45] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/input/input48 [ 397.660542][T11242] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 397.693594][T11242] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 398.109470][ T4531] bcm5974 5-1:1.0: could not read from device [ 398.143618][ T4531] bcm5974 5-1:1.0: could not read from device [ 398.182131][ T5100] Bluetooth: hci3: command tx timeout [ 398.207485][ T45] usb 5-1: USB disconnect, device number 40 [ 398.219382][ T4531] bcm5974 5-1:1.0: could not read from device [ 398.367960][T11251] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 398.635386][T11259] xt_TCPMSS: Only works on TCP SYN packets [ 399.403996][ T5164] usb 5-1: new high-speed USB device number 41 using dummy_hcd [ 399.616370][ T5164] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 399.627514][ T5164] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 399.638520][ T5164] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 399.648472][ T5164] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 399.668885][ T5164] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 399.679051][ T5164] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 399.687435][ T5164] usb 5-1: Manufacturer: syz [ 399.694793][ T5164] usb 5-1: config 0 descriptor?? [ 400.121798][ T5164] appleir 0003:05AC:8243.000F: unknown main item tag 0x0 [ 400.130549][ T5164] appleir 0003:05AC:8243.000F: No inputs registered, leaving [ 400.144475][ T5164] appleir 0003:05AC:8243.000F: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0 [ 400.263287][ T5100] Bluetooth: hci3: command tx timeout [ 401.048334][T11269] loop0: detected capacity change from 0 to 7 [ 401.055769][T11269] Dev loop0: unable to read RDB block 7 [ 401.062230][T11269] loop0: unable to read partition table [ 401.068307][T11269] loop0: partition table beyond EOD, truncated [ 401.074571][T11269] loop_reread_partitions: partition scan of loop0 (被xڬdƤݡ [ 401.074571][T11269] ) failed (rc=-5) [ 401.511951][ T8] usb 5-1: reset high-speed USB device number 41 using dummy_hcd [ 402.342112][ T5100] Bluetooth: hci3: command tx timeout [ 406.744956][ T8] usb 5-1: device descriptor read/64, error -110 [ 407.012133][ T8] usb 5-1: reset high-speed USB device number 41 using dummy_hcd [ 407.131120][ T5099] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 407.141105][ T5099] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 407.152827][ T5099] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 407.162347][ T5099] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 407.170190][ T5099] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 407.175270][ T8] usb 5-1: device descriptor read/64, error -32 [ 407.178025][ T5099] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 407.462563][ T8] usb 5-1: reset high-speed USB device number 41 using dummy_hcd [ 407.504357][ T8] usb 5-1: device descriptor read/8, error -32 [ 407.772098][ T8] usb 5-1: reset high-speed USB device number 41 using dummy_hcd [ 407.803094][ T8] usb 5-1: device descriptor read/8, error -32 [ 407.923459][ T8] raw-gadget.0 gadget.4: failed to queue suspend event [ 407.932993][ T5164] usb 5-1: USB disconnect, device number 41 [ 407.960361][ T5164] raw-gadget.0 gadget.4: failed to queue reset event [ 408.042088][ T5164] raw-gadget.0 gadget.4: failed to queue resume event [ 408.112012][ T5164] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 408.120952][ C0] raw-gadget.0 gadget.4: ignoring, device is not running [ 408.128568][ T5164] raw-gadget.0 gadget.4: failed to queue reset event [ 408.212939][ T5164] raw-gadget.0 gadget.4: failed to queue resume event [ 408.282056][ T5164] usb 5-1: device descriptor read/64, error -32 [ 408.405567][ T5164] raw-gadget.0 gadget.4: failed to queue suspend event [ 408.412926][ T5164] raw-gadget.0 gadget.4: failed to queue reset event [ 408.493335][ T5164] raw-gadget.0 gadget.4: failed to queue resume event [ 408.584258][ T5164] usb 5-1: new high-speed USB device number 43 using dummy_hcd [ 408.602191][ C0] raw-gadget.0 gadget.4: ignoring, device is not running [ 408.609857][ T5164] raw-gadget.0 gadget.4: failed to queue reset event [ 408.663914][ T5099] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 408.672724][ T5099] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 408.681403][ T5099] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 408.692181][ T5164] raw-gadget.0 gadget.4: failed to queue resume event [ 408.701427][ T5099] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 408.709631][ T5099] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 408.719607][ T5099] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 408.762293][ T5164] usb 5-1: device descriptor read/64, error -32 [ 408.884049][ T5164] raw-gadget.0 gadget.4: failed to queue suspend event [ 408.892450][ T5164] usb usb5-port1: attempt power cycle [ 408.898128][ T5164] raw-gadget.0 gadget.4: failed to queue disconnect event [ 408.942297][ T5164] raw-gadget.0 gadget.4: failed to queue reset event [ 409.032179][ T5164] raw-gadget.0 gadget.4: failed to queue resume event [ 409.047168][ T5164] raw-gadget.0 gadget.4: failed to queue reset event [ 409.142331][ T5099] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 409.153332][ T5099] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 409.161971][ T5099] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 409.176754][ T5099] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 409.185347][ T5099] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 409.194097][ T5099] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 409.272010][ T5164] raw-gadget.0 gadget.4: failed to queue resume event [ 409.302100][ T5100] Bluetooth: hci5: command tx timeout [ 409.342013][ T5164] usb 5-1: new high-speed USB device number 44 using dummy_hcd [ 409.372475][ C0] raw-gadget.0 gadget.4: ignoring, device is not running [ 409.379693][ T5164] usb 5-1: device descriptor read/8, error -32 [ 409.506322][ T5164] raw-gadget.0 gadget.4: failed to queue suspend event [ 409.519695][ T5164] raw-gadget.0 gadget.4: failed to queue reset event [ 409.602080][ T5164] raw-gadget.0 gadget.4: failed to queue resume event [ 409.672008][ T5164] usb 5-1: new high-speed USB device number 45 using dummy_hcd [ 409.704134][ C0] raw-gadget.0 gadget.4: ignoring, device is not running [ 409.715701][ T5164] usb 5-1: device descriptor read/8, error -32 [ 409.842613][ T5164] raw-gadget.0 gadget.4: failed to queue suspend event [ 409.849746][ T5164] usb usb5-port1: unable to enumerate USB device [ 410.166545][ T5099] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 410.177949][ T5099] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 410.186941][ T5099] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 410.196346][ T5099] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 410.206713][ T5099] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3 [ 410.214443][ T5099] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 410.822150][ T5099] Bluetooth: hci6: command tx timeout [ 411.312136][ T5099] Bluetooth: hci7: command tx timeout [ 411.382003][ T5099] Bluetooth: hci5: command tx timeout [ 412.269155][ T5099] Bluetooth: hci8: command tx timeout [ 412.922587][ T5099] Bluetooth: hci6: command tx timeout [ 413.382114][ T5099] Bluetooth: hci7: command tx timeout [ 413.461993][ T5099] Bluetooth: hci5: command tx timeout [ 414.342197][ T5099] Bluetooth: hci8: command tx timeout [ 414.982018][ T5099] Bluetooth: hci6: command tx timeout [ 415.464987][ T5099] Bluetooth: hci7: command tx timeout [ 415.551973][ T5100] Bluetooth: hci5: command tx timeout [ 416.422125][ T5100] Bluetooth: hci8: command tx timeout [ 417.062621][ T5100] Bluetooth: hci6: command tx timeout [ 417.542078][ T5100] Bluetooth: hci7: command tx timeout [ 418.502071][ T5100] Bluetooth: hci8: command tx timeout [ 440.427890][ T1247] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.435490][ T1247] ieee802154 phy1 wpan1: encryption failed: -22 [ 452.742314][ T5099] Bluetooth: hci1: command 0x0406 tx timeout [ 454.198424][ T5099] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 454.209302][ T5099] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 454.220748][ T5099] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 454.229148][ T5099] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 454.237906][ T5099] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3 [ 454.246742][ T5099] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 456.342232][ T5099] Bluetooth: hci9: command tx timeout [ 458.432129][ T5099] Bluetooth: hci9: command tx timeout [ 460.502011][ T5099] Bluetooth: hci9: command tx timeout [ 462.591982][ T5100] Bluetooth: hci9: command tx timeout [ 462.982393][ T5100] Bluetooth: hci4: command 0x2046 tx timeout [ 467.708078][ T5100] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 467.718671][ T5100] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 467.737083][ T5100] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 467.747144][ T5100] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 467.759533][ T5100] Bluetooth: hci10: unexpected cc 0x0c25 length: 249 > 3 [ 467.767450][ T5100] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 468.735578][ T5100] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 468.747366][ T5100] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 468.756701][ T5100] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 468.768263][ T5100] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 468.776710][ T5100] Bluetooth: hci11: unexpected cc 0x0c25 length: 249 > 3 [ 468.784370][ T5100] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 469.730865][ T5100] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 469.740832][ T5100] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 469.750619][ T5100] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 469.759393][ T5100] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 469.767741][ T5100] Bluetooth: hci12: unexpected cc 0x0c25 length: 249 > 3 [ 469.775438][ T5100] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 469.782036][T10832] Bluetooth: hci10: command tx timeout [ 470.219924][T10832] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 470.230527][T10832] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 470.242457][T10832] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 470.252863][T10832] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 470.260889][T10832] Bluetooth: hci13: unexpected cc 0x0c25 length: 249 > 3 [ 470.270359][T10832] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 470.822219][ T5099] Bluetooth: hci11: command tx timeout [ 471.861986][T10832] Bluetooth: hci10: command tx timeout [ 471.868331][ T5099] Bluetooth: hci12: command tx timeout [ 472.342211][ T5099] Bluetooth: hci13: command tx timeout [ 472.901932][ T5099] Bluetooth: hci11: command tx timeout [ 473.942029][ T5099] Bluetooth: hci10: command tx timeout [ 473.942396][T10832] Bluetooth: hci12: command tx timeout [ 474.431986][T10832] Bluetooth: hci13: command tx timeout [ 474.982089][T10832] Bluetooth: hci11: command tx timeout [ 476.022175][T10832] Bluetooth: hci12: command tx timeout [ 476.022238][ T5099] Bluetooth: hci10: command tx timeout [ 476.502044][ T5099] Bluetooth: hci13: command tx timeout [ 477.061937][ T5099] Bluetooth: hci11: command tx timeout [ 478.107535][ T5099] Bluetooth: hci12: command tx timeout [ 478.592077][ T5099] Bluetooth: hci13: command tx timeout [ 488.582004][ T5099] Bluetooth: hci2: command 0x0406 tx timeout [ 493.701930][ T5099] Bluetooth: hci0: command 0x0406 tx timeout [ 501.866608][ T1247] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.879294][ T1247] ieee802154 phy1 wpan1: encryption failed: -22 [ 514.304752][ T5099] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 514.319930][ T5099] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 514.328562][ T5099] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 514.337144][ T5099] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 514.349885][ T5099] Bluetooth: hci14: unexpected cc 0x0c25 length: 249 > 3 [ 514.357847][ T5099] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2 [ 516.432222][ T5099] Bluetooth: hci14: command tx timeout [ 518.502199][ T5099] Bluetooth: hci14: command tx timeout [ 519.301976][ T5099] Bluetooth: hci3: command 0x0406 tx timeout [ 520.582003][T10832] Bluetooth: hci14: command tx timeout [ 522.662132][T10832] Bluetooth: hci14: command tx timeout [ 527.868098][ T5100] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1 [ 527.877505][ T5100] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9 [ 527.890670][ T5100] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9 [ 527.899334][ T5100] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4 [ 527.908342][ T5100] Bluetooth: hci15: unexpected cc 0x0c25 length: 249 > 3 [ 527.920459][ T5100] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2 [ 529.456807][ T5100] Bluetooth: hci16: unexpected cc 0x0c03 length: 249 > 1 [ 529.467633][ T5100] Bluetooth: hci16: unexpected cc 0x1003 length: 249 > 9 [ 529.477043][ T5100] Bluetooth: hci16: unexpected cc 0x1001 length: 249 > 9 [ 529.486680][ T5100] Bluetooth: hci16: unexpected cc 0x0c23 length: 249 > 4 [ 529.497445][ T5100] Bluetooth: hci16: unexpected cc 0x0c25 length: 249 > 3 [ 529.505499][ T5100] Bluetooth: hci16: unexpected cc 0x0c38 length: 249 > 2 [ 529.542074][ T5100] Bluetooth: hci5: command 0x0406 tx timeout [ 529.827705][ T5100] Bluetooth: hci17: unexpected cc 0x0c03 length: 249 > 1 [ 529.838961][ T5100] Bluetooth: hci17: unexpected cc 0x1003 length: 249 > 9 [ 529.847681][ T5100] Bluetooth: hci17: unexpected cc 0x1001 length: 249 > 9 [ 529.858541][ T5100] Bluetooth: hci17: unexpected cc 0x0c23 length: 249 > 4 [ 529.873634][ T5100] Bluetooth: hci17: unexpected cc 0x0c25 length: 249 > 3 [ 529.881241][ T5100] Bluetooth: hci17: unexpected cc 0x0c38 length: 249 > 2 [ 530.022898][T10832] Bluetooth: hci15: command tx timeout [ 530.817001][ T5100] Bluetooth: hci18: unexpected cc 0x0c03 length: 249 > 1 [ 530.828498][ T5100] Bluetooth: hci18: unexpected cc 0x1003 length: 249 > 9 [ 530.837774][ T5100] Bluetooth: hci18: unexpected cc 0x1001 length: 249 > 9 [ 530.852458][ T5100] Bluetooth: hci18: unexpected cc 0x0c23 length: 249 > 4 [ 530.861194][ T5100] Bluetooth: hci18: unexpected cc 0x0c25 length: 249 > 3 [ 530.869810][ T5100] Bluetooth: hci18: unexpected cc 0x0c38 length: 249 > 2 [ 531.542439][ T5100] Bluetooth: hci16: command tx timeout [ 531.959052][ T5100] Bluetooth: hci17: command tx timeout [ 532.102045][ T5100] Bluetooth: hci15: command tx timeout [ 532.902097][ T5101] Bluetooth: hci18: command tx timeout [ 533.622014][ T5101] Bluetooth: hci16: command tx timeout [ 534.022208][ T5101] Bluetooth: hci17: command tx timeout [ 534.182217][ T5101] Bluetooth: hci15: command tx timeout [ 534.662177][ T5101] Bluetooth: hci8: command 0x0406 tx timeout [ 534.669962][ T5101] Bluetooth: hci6: command 0x0406 tx timeout [ 534.676267][T11325] Bluetooth: hci7: command 0x0406 tx timeout [ 534.992054][T10832] Bluetooth: hci18: command tx timeout [ 535.702124][T10832] Bluetooth: hci16: command tx timeout [ 536.102118][T10832] Bluetooth: hci17: command tx timeout [ 536.262072][T10832] Bluetooth: hci15: command tx timeout [ 537.078766][T10832] Bluetooth: hci18: command tx timeout [ 537.782371][T10832] Bluetooth: hci16: command tx timeout [ 538.182280][T10832] Bluetooth: hci17: command tx timeout [ 539.142178][T10832] Bluetooth: hci18: command tx timeout [ 560.101991][ T30] INFO: task dhcpcd:4760 blocked for more than 143 seconds. [ 560.109361][ T30] Not tainted 6.10.0-rc7-syzkaller-00003-g4376e966ecb7 #0 [ 560.124380][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 560.136671][ T30] task:dhcpcd state:D stack:20672 pid:4760 tgid:4760 ppid:4759 flags:0x00000002 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 560.153871][ T30] Call Trace: [ 560.158998][ T30] [ 560.174826][ T30] __schedule+0x17e8/0x4a20 [ 560.179700][ T30] ? __pfx___schedule+0x10/0x10 [ 560.201879][ T30] ? __pfx_lock_release+0x10/0x10 [ 560.207088][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 560.213584][ T30] ? schedule+0x90/0x320 [ 560.217872][ T30] schedule+0x14b/0x320 [ 560.265849][ T30] schedule_preempt_disabled+0x13/0x30 [ 560.281265][ T30] __mutex_lock+0x6a4/0xd70 [ 560.288675][ T30] ? __mutex_lock+0x527/0xd70 [ 560.295527][ T30] ? devinet_ioctl+0x2ce/0x1bc0 [ 560.300450][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 560.305702][ T30] ? bpf_lsm_capable+0x9/0x10 [ 560.310424][ T30] ? security_capable+0x90/0xb0 [ 560.315413][ T30] devinet_ioctl+0x2ce/0x1bc0 [ 560.320173][ T30] ? get_user_ifreq+0x1bb/0x200 [ 560.325118][ T30] inet_ioctl+0x3d7/0x4f0 [ 560.329505][ T30] ? __pfx_inet_ioctl+0x10/0x10 [ 560.334501][ T30] sock_do_ioctl+0x158/0x460 [ 560.339154][ T30] ? __pfx_sock_do_ioctl+0x10/0x10 [ 560.345947][ T30] ? __pfx_lock_release+0x10/0x10 [ 560.351036][ T30] sock_ioctl+0x629/0x8e0 [ 560.360271][ T30] ? __pfx_sock_ioctl+0x10/0x10 [ 560.366224][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 560.378156][ T30] ? bpf_lsm_file_ioctl+0x9/0x10 [ 560.383717][ T30] ? security_file_ioctl+0x87/0xb0 [ 560.388883][ T30] ? __pfx_sock_ioctl+0x10/0x10 [ 560.398784][ T30] __se_sys_ioctl+0xfc/0x170 [ 560.404603][ T30] do_syscall_64+0xf3/0x230 [ 560.409154][ T30] ? clear_bhb_loop+0x35/0x90 [ 560.418913][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 560.431891][ T30] RIP: 0033:0x7f9150a86d49 [ 560.436395][ T30] RSP: 002b:00007ffefc622f38 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 560.446325][ T30] RAX: ffffffffffffffda RBX: 00007f91509b86c0 RCX: 00007f9150a86d49 [ 560.454455][ T30] RDX: 00007ffefc633128 RSI: 0000000000008914 RDI: 0000000000000018 [ 560.462637][ T30] RBP: 00007ffefc6432e8 R08: 00007ffefc6330e8 R09: 00007ffefc633098 [ 560.470651][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 560.478703][ T30] R13: 00007ffefc633128 R14: 0000000000000028 R15: 0000000000008914 [ 560.490512][ T30] [ 560.493751][ T30] INFO: task kworker/0:3:5096 blocked for more than 143 seconds. [ 560.501526][ T30] Not tainted 6.10.0-rc7-syzkaller-00003-g4376e966ecb7 #0 [ 560.509378][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 560.518330][ T30] task:kworker/0:3 state:D stack:21008 pid:5096 tgid:5096 ppid:2 flags:0x00004000 [ 560.528994][ T30] Workqueue: events linkwatch_event [ 560.534513][ T30] Call Trace: [ 560.537828][ T30] [ 560.540793][ T30] __schedule+0x17e8/0x4a20 [ 560.547070][ T30] ? __pfx___schedule+0x10/0x10 [ 560.552366][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 560.558398][ T30] ? __pfx_lock_release+0x10/0x10 [ 560.564040][ T30] ? kick_pool+0x1bd/0x620 [ 560.568540][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 560.574106][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 560.579357][ T30] ? schedule+0x90/0x320 [ 560.584183][ T30] schedule+0x14b/0x320 [ 560.588411][ T30] schedule_preempt_disabled+0x13/0x30 [ 560.597951][ T30] __mutex_lock+0x6a4/0xd70 [ 560.602728][ T30] ? __mutex_lock+0x527/0xd70 [ 560.607460][ T30] ? linkwatch_event+0xe/0x60 [ 560.612253][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 560.617357][ T30] ? process_scheduled_works+0x945/0x1830 [ 560.623205][ T30] linkwatch_event+0xe/0x60 [ 560.627755][ T30] process_scheduled_works+0xa2c/0x1830 [ 560.633433][ T30] ? __pfx_process_scheduled_works+0x10/0x10 [ 560.639487][ T30] ? assign_work+0x364/0x3d0 [ 560.644263][ T30] worker_thread+0x86d/0xd50 [ 560.649780][ T30] ? __kthread_parkme+0x169/0x1d0 [ 560.654943][ T30] ? __pfx_worker_thread+0x10/0x10 [ 560.660100][ T30] kthread+0x2f0/0x390 [ 560.664359][ T30] ? __pfx_worker_thread+0x10/0x10 [ 560.669515][ T30] ? __pfx_kthread+0x10/0x10 [ 560.674208][ T30] ret_from_fork+0x4b/0x80 [ 560.678668][ T30] ? __pfx_kthread+0x10/0x10 [ 560.683414][ T30] ret_from_fork_asm+0x1a/0x30 [ 560.688252][ T30] [ 560.691331][ T30] INFO: task syz-executor:11149 blocked for more than 143 seconds. [ 560.699442][ T30] Not tainted 6.10.0-rc7-syzkaller-00003-g4376e966ecb7 #0 [ 560.710689][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 560.719561][ T30] task:syz-executor state:D stack:21024 pid:11149 tgid:11149 ppid:1 flags:0x00000004 [ 560.729868][ T30] Call Trace: [ 560.733242][ T30] [ 560.736215][ T30] __schedule+0x17e8/0x4a20 [ 560.740793][ T30] ? __pfx___schedule+0x10/0x10 [ 560.746009][ T30] ? __pfx_lock_release+0x10/0x10 [ 560.752052][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 560.757629][ T30] ? schedule+0x90/0x320 [ 560.762049][ T30] schedule+0x14b/0x320 [ 560.766269][ T30] schedule_preempt_disabled+0x13/0x30 [ 560.772607][ T30] __mutex_lock+0x6a4/0xd70 [ 560.777177][ T30] ? __mutex_lock+0x527/0xd70 [ 560.782076][ T30] ? rtnetlink_rcv_msg+0x842/0x1180 [ 560.787331][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 560.793235][ T30] rtnetlink_rcv_msg+0x842/0x1180 [ 560.798318][ T30] ? rtnetlink_rcv_msg+0x208/0x1180 [ 560.804169][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 560.809733][ T30] ? is_bpf_text_address+0x285/0x2a0 [ 560.818836][ T30] ? __pfx_validate_chain+0x10/0x10 [ 560.824275][ T30] ? __pfx_validate_chain+0x10/0x10 [ 560.829525][ T30] ? arch_stack_walk+0x16d/0x1b0 [ 560.834748][ T30] ? mark_lock+0x9a/0x350 [ 560.839167][ T30] ? __pfx_validate_chain+0x10/0x10 [ 560.844505][ T30] ? __lock_acquire+0x1346/0x1fd0 [ 560.849589][ T30] ? mark_lock+0x9a/0x350 [ 560.855033][ T30] ? __lock_acquire+0x1346/0x1fd0 [ 560.860129][ T30] netlink_rcv_skb+0x1e3/0x430 [ 560.865022][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 560.870673][ T30] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 560.876219][ T30] ? netlink_deliver_tap+0x2e/0x1b0 [ 560.881487][ T30] netlink_unicast+0x7ea/0x980 [ 560.886461][ T30] ? __pfx_netlink_unicast+0x10/0x10 [ 560.891834][ T30] ? __virt_addr_valid+0x183/0x520 [ 560.896998][ T30] ? __check_object_size+0x49c/0x900 [ 560.903079][ T30] ? bpf_lsm_netlink_send+0x9/0x10 [ 560.908264][ T30] netlink_sendmsg+0x8db/0xcb0 [ 560.913163][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 560.918608][ T30] ? aa_sock_msg_perm+0x91/0x160 [ 560.927861][ T30] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 560.933520][ T30] ? security_socket_sendmsg+0x87/0xb0 [ 560.939044][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 560.944489][ T30] __sock_sendmsg+0x221/0x270 [ 560.949483][ T30] __sys_sendto+0x3a4/0x4f0 [ 560.954143][ T30] ? __pfx___sys_sendto+0x10/0x10 [ 560.960383][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 560.965721][ T30] ? blkcg_maybe_throttle_current+0x1ab/0xb80 [ 560.972018][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 560.978053][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 560.984558][ T30] __x64_sys_sendto+0xde/0x100 [ 560.989377][ T30] do_syscall_64+0xf3/0x230 [ 560.994032][ T30] ? clear_bhb_loop+0x35/0x90 [ 560.998765][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 561.004792][ T30] RIP: 0033:0x7f8f7bb7796c [ 561.009241][ T30] RSP: 002b:00007f8f7be2f6b0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 561.017758][ T30] RAX: ffffffffffffffda RBX: 00007f8f7c834620 RCX: 00007f8f7bb7796c [ 561.025833][ T30] RDX: 000000000000003c RSI: 00007f8f7c834670 RDI: 0000000000000003 [ 561.038080][ T30] RBP: 0000000000000000 R08: 00007f8f7be2f704 R09: 000000000000000c [ 561.046210][ T30] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 561.054291][ T30] R13: 0000000000000000 R14: 00007f8f7c834670 R15: 0000000000000000 [ 561.063336][ T30] [ 561.066469][ T30] INFO: task syz.2.1310:11229 blocked for more than 144 seconds. [ 561.074276][ T30] Not tainted 6.10.0-rc7-syzkaller-00003-g4376e966ecb7 #0 [ 561.082029][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 561.090754][ T30] task:syz.2.1310 state:D stack:26608 pid:11229 tgid:11228 ppid:10075 flags:0x00000004 [ 561.101069][ T30] Call Trace: [ 561.104448][ T30] [ 561.107401][ T30] __schedule+0x17e8/0x4a20 [ 561.112025][ T30] ? __pfx___schedule+0x10/0x10 [ 561.116917][ T30] ? __pfx_lock_release+0x10/0x10 [ 561.122043][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 561.127548][ T30] ? schedule+0x90/0x320 [ 561.131871][ T30] schedule+0x14b/0x320 [ 561.136065][ T30] schedule_preempt_disabled+0x13/0x30 [ 561.141572][ T30] __mutex_lock+0x6a4/0xd70 [ 561.146613][ T30] ? __mutex_lock+0x527/0xd70 [ 561.151363][ T30] ? dev_ethtool+0x21e/0x1bc0 [ 561.160643][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 561.165968][ T30] ? __kasan_kmalloc+0x98/0xb0 [ 561.170789][ T30] ? dev_ethtool+0x145/0x1bc0 [ 561.175616][ T30] ? kmalloc_trace_noprof+0x19c/0x2c0 [ 561.181059][ T30] dev_ethtool+0x21e/0x1bc0 [ 561.185713][ T30] ? dev_load+0x21/0x1f0 [ 561.189993][ T30] ? __pfx_dev_ethtool+0x10/0x10 [ 561.195070][ T30] ? dev_load+0x21/0x1f0 [ 561.199411][ T30] dev_ioctl+0x785/0x1340 [ 561.203967][ T30] sock_do_ioctl+0x240/0x460 [ 561.208625][ T30] ? __pfx_sock_do_ioctl+0x10/0x10 [ 561.218131][ T30] sock_ioctl+0x629/0x8e0 [ 561.224605][ T30] ? __pfx_sock_ioctl+0x10/0x10 [ 561.229517][ T30] ? __fget_files+0x29/0x470 [ 561.239205][ T30] ? __fget_files+0x3f6/0x470 [ 561.244112][ T30] ? __fget_files+0x29/0x470 [ 561.248762][ T30] ? bpf_lsm_file_ioctl+0x9/0x10 [ 561.259394][ T30] ? security_file_ioctl+0x87/0xb0 [ 561.269452][ T30] ? __pfx_sock_ioctl+0x10/0x10 [ 561.274689][ T30] __se_sys_ioctl+0xfc/0x170 [ 561.279346][ T30] do_syscall_64+0xf3/0x230 [ 561.284020][ T30] ? clear_bhb_loop+0x35/0x90 [ 561.288792][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 561.294815][ T30] RIP: 0033:0x7fc903175bd9 [ 561.299271][ T30] RSP: 002b:00007fc903f11048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 561.308074][ T30] RAX: ffffffffffffffda RBX: 00007fc903303f60 RCX: 00007fc903175bd9 [ 561.316155][ T30] RDX: 0000000020000040 RSI: 0000000000008946 RDI: 0000000000000004 [ 561.324295][ T30] RBP: 00007fc9031e4e60 R08: 0000000000000000 R09: 0000000000000000 [ 561.332386][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 561.340411][ T30] R13: 000000000000000b R14: 00007fc903303f60 R15: 00007fc90342fa78 [ 561.348549][ T30] [ 561.351635][ T30] INFO: task syz.0.1314:11259 blocked for more than 144 seconds. [ 561.359474][ T30] Not tainted 6.10.0-rc7-syzkaller-00003-g4376e966ecb7 #0 [ 561.368102][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 561.380456][ T30] task:syz.0.1314 state:D stack:25024 pid:11259 tgid:11255 ppid:10539 flags:0x00004004 [ 561.391404][ T30] Call Trace: [ 561.395276][ T30] [ 561.398279][ T30] __schedule+0x17e8/0x4a20 [ 561.402949][ T30] ? __pfx___schedule+0x10/0x10 [ 561.407834][ T30] ? __pfx_lock_release+0x10/0x10 [ 561.412973][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 561.418478][ T30] ? schedule+0x90/0x320 [ 561.422830][ T30] schedule+0x14b/0x320 [ 561.427050][ T30] schedule_preempt_disabled+0x13/0x30 [ 561.432727][ T30] __mutex_lock+0x6a4/0xd70 [ 561.437299][ T30] ? __mutex_lock+0x527/0xd70 [ 561.442093][ T30] ? rtnetlink_rcv_msg+0x842/0x1180 [ 561.447348][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 561.452569][ T30] rtnetlink_rcv_msg+0x842/0x1180 [ 561.457756][ T30] ? rtnetlink_rcv_msg+0x208/0x1180 [ 561.463090][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 561.469680][ T30] ? __lock_acquire+0x1346/0x1fd0 [ 561.475106][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 561.486098][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 561.492656][ T30] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 561.498605][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 561.503929][ T30] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 561.509949][ T30] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 561.516410][ T30] ? rcu_preempt_deferred_qs_irqrestore+0x87b/0xc70 [ 561.523151][ T30] netlink_rcv_skb+0x1e3/0x430 [ 561.528026][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 561.533616][ T30] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 561.538961][ T30] ? __rcu_read_unlock+0xa1/0x110 [ 561.544292][ T30] netlink_unicast+0x7ea/0x980 [ 561.549111][ T30] ? __pfx_netlink_unicast+0x10/0x10 [ 561.555098][ T30] ? __virt_addr_valid+0x183/0x520 [ 561.560274][ T30] ? __check_object_size+0x49c/0x900 [ 561.565697][ T30] ? bpf_lsm_netlink_send+0x9/0x10 [ 561.577422][ T30] netlink_sendmsg+0x8db/0xcb0 [ 561.582335][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 561.587679][ T30] ? __import_iovec+0x536/0x820 [ 561.596415][ T30] ? aa_sock_msg_perm+0x91/0x160 [ 561.601408][ T30] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 561.608187][ T30] ? security_socket_sendmsg+0x87/0xb0 [ 561.618636][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 561.627967][ T30] __sock_sendmsg+0x221/0x270 [ 561.634763][ T30] ____sys_sendmsg+0x525/0x7d0 [ 561.639592][ T30] ? __pfx_____sys_sendmsg+0x10/0x10 [ 561.648932][ T30] __sys_sendmsg+0x2b0/0x3a0 [ 561.653723][ T30] ? __pfx___sys_sendmsg+0x10/0x10 [ 561.658910][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 561.672783][ T30] ? do_syscall_64+0x100/0x230 [ 561.677639][ T30] ? do_syscall_64+0xb6/0x230 [ 561.688096][ T30] do_syscall_64+0xf3/0x230 [ 561.692725][ T30] ? clear_bhb_loop+0x35/0x90 [ 561.697437][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 561.715069][ T30] RIP: 0033:0x7f75eeb75bd9 [ 561.719560][ T30] RSP: 002b:00007f75ef97a048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 561.731837][ T30] RAX: ffffffffffffffda RBX: 00007f75eed04110 RCX: 00007f75eeb75bd9 [ 561.739888][ T30] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000008 [ 561.753302][ T30] RBP: 00007f75eebe4e60 R08: 0000000000000000 R09: 0000000000000000 [ 561.761441][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 561.776924][ T30] R13: 000000000000006e R14: 00007f75eed04110 R15: 00007f75eee2fa78 [ 561.787241][ T30] [ 561.790315][ T30] INFO: task syz.3.1315:11263 blocked for more than 145 seconds. [ 561.801889][ T30] Not tainted 6.10.0-rc7-syzkaller-00003-g4376e966ecb7 #0 [ 561.809598][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 561.818544][ T30] task:syz.3.1315 state:D stack:26784 pid:11263 tgid:11261 ppid:10514 flags:0x00004004 [ 561.830960][ T30] Call Trace: [ 561.834629][ T30] [ 561.837708][ T30] __schedule+0x17e8/0x4a20 [ 561.842672][ T30] ? __pfx___schedule+0x10/0x10 [ 561.847588][ T30] ? __pfx_lock_release+0x10/0x10 [ 561.853009][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 561.858550][ T30] ? schedule+0x90/0x320 [ 561.863208][ T30] schedule+0x14b/0x320 [ 561.867415][ T30] schedule_preempt_disabled+0x13/0x30 [ 561.873261][ T30] __mutex_lock+0x6a4/0xd70 [ 561.878767][ T30] ? __mutex_lock+0x527/0xd70 [ 561.883831][ T30] ? rtnetlink_rcv_msg+0x842/0x1180 [ 561.889089][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 561.894512][ T30] rtnetlink_rcv_msg+0x842/0x1180 [ 561.899604][ T30] ? rtnetlink_rcv_msg+0x208/0x1180 [ 561.905202][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 561.910718][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 561.916801][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 561.923215][ T30] ? __local_bh_enable_ip+0x168/0x200 [ 561.928630][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 561.933986][ T30] ? __local_bh_enable_ip+0x168/0x200 [ 561.939414][ T30] ? dev_hard_start_xmit+0x773/0x7e0 [ 561.944949][ T30] ? __dev_queue_xmit+0x2d2/0x3d30 [ 561.950112][ T30] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 561.955965][ T30] ? __dev_queue_xmit+0x2d2/0x3d30 [ 561.961206][ T30] ? __dev_queue_xmit+0x16c9/0x3d30 [ 561.966558][ T30] ? __dev_queue_xmit+0x2d2/0x3d30 [ 561.971726][ T30] ? ref_tracker_free+0x643/0x7e0 [ 561.976856][ T30] netlink_rcv_skb+0x1e3/0x430 [ 561.986504][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 561.992085][ T30] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 561.997465][ T30] ? netlink_deliver_tap+0x2e/0x1b0 [ 562.002894][ T30] netlink_unicast+0x7ea/0x980 [ 562.007755][ T30] ? __pfx_netlink_unicast+0x10/0x10 [ 562.013119][ T30] ? __virt_addr_valid+0x183/0x520 [ 562.018387][ T30] ? __check_object_size+0x49c/0x900 [ 562.024074][ T30] ? bpf_lsm_netlink_send+0x9/0x10 [ 562.029252][ T30] netlink_sendmsg+0x8db/0xcb0 [ 562.034178][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 562.039516][ T30] ? __import_iovec+0x536/0x820 [ 562.044482][ T30] ? aa_sock_msg_perm+0x91/0x160 [ 562.049670][ T30] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 562.055036][ T30] ? security_socket_sendmsg+0x87/0xb0 [ 562.060545][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 562.068788][ T30] __sock_sendmsg+0x221/0x270 [ 562.075489][ T30] ____sys_sendmsg+0x525/0x7d0 [ 562.080329][ T30] ? __pfx_____sys_sendmsg+0x10/0x10 [ 562.087551][ T30] __sys_sendmsg+0x2b0/0x3a0 [ 562.092344][ T30] ? __pfx___sys_sendmsg+0x10/0x10 [ 562.097532][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 562.104584][ T30] ? do_syscall_64+0x100/0x230 [ 562.109500][ T30] ? do_syscall_64+0xb6/0x230 [ 562.114297][ T30] do_syscall_64+0xf3/0x230 [ 562.118841][ T30] ? clear_bhb_loop+0x35/0x90 [ 562.123610][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 562.129546][ T30] RIP: 0033:0x7f469fd75bd9 [ 562.134067][ T30] RSP: 002b:00007f46a0bb2048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 562.142591][ T30] RAX: ffffffffffffffda RBX: 00007f469ff03f60 RCX: 00007f469fd75bd9 [ 562.150627][ T30] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000006 [ 562.158792][ T30] RBP: 00007f469fde4e60 R08: 0000000000000000 R09: 0000000000000000 [ 562.166848][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 562.174994][ T30] R13: 000000000000000b R14: 00007f469ff03f60 R15: 00007f46a002fa78 [ 562.184226][ T30] [ 562.191399][ T30] INFO: task syz.3.1315:11264 blocked for more than 145 seconds. [ 562.200307][ T30] Not tainted 6.10.0-rc7-syzkaller-00003-g4376e966ecb7 #0 [ 562.213273][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 562.225923][ T30] task:syz.3.1315 state:D stack:26800 pid:11264 tgid:11261 ppid:10514 flags:0x00000004 [ 562.238197][ T30] Call Trace: [ 562.241520][ T30] [ 562.248492][ T30] __schedule+0x17e8/0x4a20 [ 562.253323][ T30] ? __pfx___schedule+0x10/0x10 [ 562.258224][ T30] ? __pfx_lock_release+0x10/0x10 [ 562.270876][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 562.276484][ T30] ? schedule+0x90/0x320 [ 562.280810][ T30] schedule+0x14b/0x320 [ 562.291800][ T30] schedule_preempt_disabled+0x13/0x30 [ 562.297328][ T30] __mutex_lock+0x6a4/0xd70 [ 562.307794][ T30] ? __mutex_lock+0x527/0xd70 [ 562.312600][ T30] ? rtnetlink_rcv_msg+0x842/0x1180 [ 562.318118][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 562.329019][ T30] rtnetlink_rcv_msg+0x842/0x1180 [ 562.334168][ T30] ? rtnetlink_rcv_msg+0x208/0x1180 [ 562.339432][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 562.345210][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 562.351242][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 562.363790][ T30] ? __local_bh_enable_ip+0x168/0x200 [ 562.369229][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 562.378977][ T30] ? __local_bh_enable_ip+0x168/0x200 [ 562.384530][ T30] ? dev_hard_start_xmit+0x773/0x7e0 [ 562.390761][ T30] ? __dev_queue_xmit+0x2d2/0x3d30 [ 562.401888][ T30] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 562.407713][ T30] ? __dev_queue_xmit+0x2d2/0x3d30 [ 562.412932][ T30] ? __dev_queue_xmit+0x16c9/0x3d30 [ 562.418181][ T30] ? __dev_queue_xmit+0x2d2/0x3d30 [ 562.423721][ T30] ? ref_tracker_free+0x643/0x7e0 [ 562.428828][ T30] netlink_rcv_skb+0x1e3/0x430 [ 562.433762][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 562.439387][ T30] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 562.445003][ T30] ? netlink_deliver_tap+0x2e/0x1b0 [ 562.450353][ T30] netlink_unicast+0x7ea/0x980 [ 562.455248][ T30] ? __pfx_netlink_unicast+0x10/0x10 [ 562.460575][ T30] ? __virt_addr_valid+0x183/0x520 [ 562.465980][ T30] ? __check_object_size+0x49c/0x900 [ 562.471551][ T30] ? bpf_lsm_netlink_send+0x9/0x10 [ 562.478664][ T30] netlink_sendmsg+0x8db/0xcb0 [ 562.485914][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 562.492579][ T30] ? __import_iovec+0x536/0x820 [ 562.497532][ T30] ? aa_sock_msg_perm+0x91/0x160 [ 562.502668][ T30] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 562.508700][ T30] ? security_socket_sendmsg+0x87/0xb0 [ 562.514306][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 562.519729][ T30] __sock_sendmsg+0x221/0x270 [ 562.525171][ T30] ____sys_sendmsg+0x525/0x7d0 [ 562.530008][ T30] ? __pfx_____sys_sendmsg+0x10/0x10 [ 562.535433][ T30] __sys_sendmsg+0x2b0/0x3a0 [ 562.540073][ T30] ? __pfx___sys_sendmsg+0x10/0x10 [ 562.545858][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 562.552024][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 562.558642][ T30] ? exc_page_fault+0x590/0x8c0 [ 562.563724][ T30] ? do_syscall_64+0xb6/0x230 [ 562.568750][ T30] do_syscall_64+0xf3/0x230 [ 562.573373][ T30] ? clear_bhb_loop+0x35/0x90 [ 562.578106][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 562.586786][ T30] RIP: 0033:0x7f469fd75bd9 [ 562.591260][ T30] RSP: 002b:00007f46a0b91048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 562.603123][ T30] RAX: ffffffffffffffda RBX: 00007f469ff04038 RCX: 00007f469fd75bd9 [ 562.611334][ T30] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 [ 562.619433][ T30] RBP: 00007f469fde4e60 R08: 0000000000000000 R09: 0000000000000000 [ 562.627785][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 562.635882][ T30] R13: 000000000000006e R14: 00007f469ff04038 R15: 00007f46a002fa78 [ 562.644160][ T30] [ 562.647211][ T30] INFO: task syz.4.1317:11268 blocked for more than 145 seconds. [ 562.655043][ T30] Not tainted 6.10.0-rc7-syzkaller-00003-g4376e966ecb7 #0 [ 562.663223][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 562.671993][ T30] task:syz.4.1317 state:D stack:26160 pid:11268 tgid:11267 ppid:9951 flags:0x00000004 [ 562.682479][ T30] Call Trace: [ 562.685878][ T30] [ 562.688839][ T30] __schedule+0x17e8/0x4a20 [ 562.697449][ T30] ? __pfx___schedule+0x10/0x10 [ 562.702483][ T30] ? __pfx_lock_release+0x10/0x10 [ 562.707780][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 562.715577][ T30] ? schedule+0x90/0x320 [ 562.719850][ T30] schedule+0x14b/0x320 [ 562.724165][ T30] schedule_preempt_disabled+0x13/0x30 [ 562.729875][ T30] __mutex_lock+0x6a4/0xd70 [ 562.734584][ T30] ? __mutex_lock+0x527/0xd70 [ 562.739489][ T30] ? dev_ioctl+0x86e/0x1340 [ 562.744211][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 562.749545][ T30] ? dev_load+0x21/0x1f0 [ 562.754010][ T30] dev_ioctl+0x86e/0x1340 [ 562.758395][ T30] sock_ioctl+0x7f2/0x8e0 [ 562.763193][ T30] ? __pfx_sock_ioctl+0x10/0x10 [ 562.768133][ T30] ? __fget_files+0x3f6/0x470 [ 562.772943][ T30] ? __fget_files+0x29/0x470 [ 562.777580][ T30] ? bpf_lsm_file_ioctl+0x9/0x10 [ 562.782631][ T30] ? security_file_ioctl+0x87/0xb0 [ 562.787777][ T30] ? __pfx_sock_ioctl+0x10/0x10 [ 562.792762][ T30] __se_sys_ioctl+0xfc/0x170 [ 562.797403][ T30] do_syscall_64+0xf3/0x230 [ 562.805235][ T30] ? clear_bhb_loop+0x35/0x90 [ 562.809973][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 562.815978][ T30] RIP: 0033:0x7f348bb75bd9 [ 562.820426][ T30] RSP: 002b:00007f348c9d5048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 562.831424][ T30] RAX: ffffffffffffffda RBX: 00007f348bd03f60 RCX: 00007f348bb75bd9 [ 562.847721][ T30] RDX: 00000000200001c0 RSI: 00000000000089f1 RDI: 000000000000000c [ 562.855927][ T30] RBP: 00007f348bbe4e60 R08: 0000000000000000 R09: 0000000000000000 [ 562.869852][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 562.877943][ T30] R13: 000000000000000b R14: 00007f348bd03f60 R15: 00007f348be2fa78 [ 562.886281][ T30] [ 562.889338][ T30] INFO: task syz-executor:11273 blocked for more than 146 seconds. [ 562.897315][ T30] Not tainted 6.10.0-rc7-syzkaller-00003-g4376e966ecb7 #0 [ 562.906034][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 562.917203][ T30] task:syz-executor state:D stack:26784 pid:11273 tgid:11273 ppid:1 flags:0x00000004 [ 562.927526][ T30] Call Trace: [ 562.930840][ T30] [ 562.935946][ T30] __schedule+0x17e8/0x4a20 [ 562.940524][ T30] ? __pfx___schedule+0x10/0x10 [ 562.945518][ T30] ? __pfx_lock_release+0x10/0x10 [ 562.950587][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 562.956184][ T30] ? schedule+0x90/0x320 [ 562.960470][ T30] schedule+0x14b/0x320 [ 562.964783][ T30] schedule_preempt_disabled+0x13/0x30 [ 562.970290][ T30] __mutex_lock+0x6a4/0xd70 [ 562.974984][ T30] ? __mutex_lock+0x527/0xd70 [ 562.979755][ T30] ? register_nexthop_notifier+0x84/0x290 [ 562.986431][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 562.991524][ T30] ? __asan_memset+0x23/0x50 [ 562.996234][ T30] register_nexthop_notifier+0x84/0x290 [ 563.001927][ T30] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 563.008689][ T30] ? __pfx_register_nexthop_notifier+0x10/0x10 [ 563.014967][ T30] ? __asan_memset+0x23/0x50 [ 563.019613][ T30] ops_init+0x359/0x610 [ 563.026059][ T30] setup_net+0x515/0xca0 [ 563.030356][ T30] ? __pfx_down_read_killable+0x10/0x10 [ 563.036040][ T30] ? __pfx_setup_net+0x10/0x10 [ 563.040879][ T30] copy_net_ns+0x4e2/0x7b0 [ 563.047586][ T30] create_new_namespaces+0x425/0x7b0 [ 563.052998][ T30] ? bpf_lsm_capable+0x9/0x10 [ 563.057732][ T30] unshare_nsproxy_namespaces+0x124/0x180 [ 563.063688][ T30] ksys_unshare+0x619/0xc10 [ 563.068260][ T30] ? __pfx_ksys_unshare+0x10/0x10 [ 563.073434][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 563.079470][ T30] ? do_syscall_64+0x100/0x230 [ 563.084418][ T30] __x64_sys_unshare+0x38/0x40 [ 563.089253][ T30] do_syscall_64+0xf3/0x230 [ 563.093906][ T30] ? clear_bhb_loop+0x35/0x90 [ 563.098641][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 563.106296][ T30] RIP: 0033:0x7ff33a377337 [ 563.110763][ T30] RSP: 002b:00007ff33a62ffa8 EFLAGS: 00000206 ORIG_RAX: 0000000000000110 [ 563.119278][ T30] RAX: ffffffffffffffda RBX: 00007ff33a3e4bbf RCX: 00007ff33a377337 [ 563.127408][ T30] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 [ 563.137653][ T30] RBP: 0000000000000000 R08: 00007ff33b037d60 R09: 0000000000000000 [ 563.145848][ T30] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000000000c [ 563.156012][ T30] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000009 [ 563.164140][ T30] [ 563.167227][ T30] INFO: task syz-executor:11276 blocked for more than 146 seconds. [ 563.175204][ T30] Not tainted 6.10.0-rc7-syzkaller-00003-g4376e966ecb7 #0 [ 563.182951][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 563.191643][ T30] task:syz-executor state:D stack:26784 pid:11276 tgid:11276 ppid:1 flags:0x00004004 [ 563.201958][ T30] Call Trace: [ 563.205277][ T30] [ 563.209410][ T30] __schedule+0x17e8/0x4a20 [ 563.214577][ T30] ? __pfx___schedule+0x10/0x10 [ 563.219487][ T30] ? __pfx_lock_release+0x10/0x10 [ 563.224884][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 563.230403][ T30] ? schedule+0x90/0x320 [ 563.234736][ T30] schedule+0x14b/0x320 [ 563.238921][ T30] schedule_preempt_disabled+0x13/0x30 [ 563.246689][ T30] __mutex_lock+0x6a4/0xd70 [ 563.251247][ T30] ? __mutex_lock+0x527/0xd70 [ 563.256023][ T30] ? register_nexthop_notifier+0x84/0x290 [ 563.262059][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 563.267157][ T30] ? __asan_memset+0x23/0x50 [ 563.273800][ T30] register_nexthop_notifier+0x84/0x290 [ 563.279391][ T30] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 563.285399][ T30] ? __pfx_register_nexthop_notifier+0x10/0x10 [ 563.291638][ T30] ? __asan_memset+0x23/0x50 [ 563.296373][ T30] ops_init+0x359/0x610 [ 563.300593][ T30] setup_net+0x515/0xca0 [ 563.307863][ T1247] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.318248][ T30] ? __pfx_down_read_killable+0x10/0x10 [ 563.318528][ T1247] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.330360][ T30] ? __pfx_setup_net+0x10/0x10 [ 563.335264][ T30] copy_net_ns+0x4e2/0x7b0 [ 563.339741][ T30] create_new_namespaces+0x425/0x7b0 [ 563.345417][ T30] ? bpf_lsm_capable+0x9/0x10 [ 563.350260][ T30] unshare_nsproxy_namespaces+0x124/0x180 [ 563.359925][ T30] ksys_unshare+0x619/0xc10 [ 563.368504][ T30] ? __pfx_ksys_unshare+0x10/0x10 [ 563.375633][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 563.381657][ T30] ? do_syscall_64+0x100/0x230 [ 563.396448][ T30] __x64_sys_unshare+0x38/0x40 [ 563.401361][ T30] do_syscall_64+0xf3/0x230 [ 563.406132][ T30] ? clear_bhb_loop+0x35/0x90 [ 563.410855][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 563.423871][ T30] RIP: 0033:0x7f8206577337 [ 563.428351][ T30] RSP: 002b:00007f820682ffa8 EFLAGS: 00000206 ORIG_RAX: 0000000000000110 [ 563.440050][ T30] RAX: ffffffffffffffda RBX: 00007f82065e4bbf RCX: 00007f8206577337 [ 563.451241][ T30] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 [ 563.459487][ T30] RBP: 0000000000000000 R08: 00007f8207237d60 R09: 0000000000000000 [ 563.476087][ T30] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000000000c [ 563.487103][ T30] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000009 [ 563.496528][ T30] [ 563.499588][ T30] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings [ 563.517088][ T30] [ 563.517088][ T30] Showing all locks held in the system: [ 563.526960][ T30] 3 locks held by kworker/0:0/8: [ 563.535878][ T30] #0: ffff888015081948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 563.548527][ T30] #1: ffffc900000d7d00 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 563.565797][ T30] #2: ffffffff8f5e6dc8 (rtnl_mutex){+.+.}-{3:3}, at: reg_check_chans_work+0x91/0xea0 [ 563.576807][ T30] 1 lock held by khungtaskd/30: [ 563.581725][ T30] #0: ffffffff8e333f20 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 563.598801][ T30] 3 locks held by kworker/u8:5/1094: [ 563.605872][ T30] #0: ffff88802a8b0148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 563.618850][ T30] #1: ffffc90004437d00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 563.633697][ T30] #2: ffffffff8f5e6dc8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x19/0x30 [ 563.643399][ T30] 4 locks held by kworker/u8:7/2422: [ 563.648731][ T30] 1 lock held by klogd/4535: [ 563.653501][ T30] #0: ffff8880b943e798 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xb0/0x140 [ 563.663570][ T30] 1 lock held by dhcpcd/4760: [ 563.668283][ T30] #0: ffffffff8f5e6dc8 (rtnl_mutex){+.+.}-{3:3}, at: devinet_ioctl+0x2ce/0x1bc0 [ 563.677662][ T30] 2 locks held by getty/4848: [ 563.682424][ T30] #0: ffff88802faf80a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 563.694635][ T30] #1: ffffc90002f162f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 563.705082][ T30] 3 locks held by kworker/0:3/5096: [ 563.710320][ T30] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 563.724314][ T30] #1: ffffc90004217d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 563.735435][ T30] #2: ffffffff8f5e6dc8 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 563.745600][ T30] 1 lock held by syz-executor/11149: [ 563.750919][ T30] #0: ffffffff8f5e6dc8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x842/0x1180 [ 563.760653][ T30] 1 lock held by syz.2.1310/11229: [ 563.765834][ T30] #0: ffffffff8f5e6dc8 (rtnl_mutex){+.+.}-{3:3}, at: dev_ethtool+0x21e/0x1bc0 [ 563.775056][ T30] 1 lock held by syz.0.1314/11259: [ 563.780201][ T30] #0: ffffffff8f5e6dc8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x842/0x1180 [ 563.789862][ T30] 1 lock held by syz.3.1315/11263: [ 563.795179][ T30] #0: ffffffff8f5e6dc8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x842/0x1180 [ 563.807219][ T30] 1 lock held by syz.3.1315/11264: [ 563.812458][ T30] #0: ffffffff8f5e6dc8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x842/0x1180 [ 563.822910][ T30] 1 lock held by syz.4.1317/11268: [ 563.828057][ T30] #0: ffffffff8f5e6dc8 (rtnl_mutex){+.+.}-{3:3}, at: dev_ioctl+0x86e/0x1340 [ 563.838179][ T30] 2 locks held by syz-executor/11273: [ 563.843680][ T30] #0: ffffffff8f5da590 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c6/0x7b0 [ 563.854355][ T30] #1: ffffffff8f5e6dc8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 563.864775][ T30] 2 locks held by syz-executor/11276: [ 563.870174][ T30] #0: ffffffff8f5da590 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c6/0x7b0 [ 563.879734][ T30] #1: ffffffff8f5e6dc8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 563.890038][ T30] 2 locks held by syz-executor/11279: [ 563.895535][ T30] #0: ffffffff8f5da590 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c6/0x7b0 [ 563.905089][ T30] #1: ffffffff8f5e6dc8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 563.917222][ T30] 2 locks held by syz-executor/11282: [ 563.922713][ T30] #0: ffffffff8f5da590 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c6/0x7b0 [ 563.933469][ T30] #1: ffffffff8f5e6dc8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 563.945457][ T30] 2 locks held by syz-executor/11286: [ 563.950949][ T30] #0: ffffffff8f5da590 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c6/0x7b0 [ 563.960544][ T30] #1: ffffffff8f5e6dc8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 563.971696][ T30] 2 locks held by syz-executor/11292: [ 563.977302][ T30] #0: ffffffff8f5da590 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c6/0x7b0 [ 563.986837][ T30] #1: ffffffff8f5e6dc8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 563.997021][ T30] 2 locks held by syz-executor/11296: [ 564.002474][ T30] #0: ffffffff8f5da590 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c6/0x7b0 [ 564.012359][ T30] #1: ffffffff8f5e6dc8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 564.024871][ T30] 2 locks held by syz-executor/11299: [ 564.031566][ T30] #0: ffffffff8f5da590 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c6/0x7b0 [ 564.041183][ T30] #1: ffffffff8f5e6dc8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 564.051347][ T30] 2 locks held by syz-executor/11302: [ 564.057860][ T30] #0: ffffffff8f5da590 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c6/0x7b0 [ 564.067410][ T30] #1: ffffffff8f5e6dc8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 564.078587][ T30] 2 locks held by syz-executor/11308: [ 564.084074][ T30] #0: ffffffff8f5da590 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c6/0x7b0 [ 564.093674][ T30] #1: ffffffff8f5e6dc8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 564.103853][ T30] 2 locks held by syz-executor/11314: [ 564.109257][ T30] #0: ffffffff8f5da590 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c6/0x7b0 [ 564.118940][ T30] #1: ffffffff8f5e6dc8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 564.130375][ T30] 2 locks held by syz-executor/11318: [ 564.138023][ T30] #0: ffffffff8f5da590 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c6/0x7b0 [ 564.147623][ T30] #1: ffffffff8f5e6dc8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 564.157795][ T30] 2 locks held by syz-executor/11321: [ 564.164550][ T30] #0: ffffffff8f5da590 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c6/0x7b0 [ 564.174137][ T30] #1: ffffffff8f5e6dc8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 564.185329][ T30] 2 locks held by syz-executor/11324: [ 564.190729][ T30] #0: ffffffff8f5da590 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c6/0x7b0 [ 564.200302][ T30] #1: ffffffff8f5e6dc8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 564.210442][ T30] [ 564.212877][ T30] ============================================= [ 564.212877][ T30] [ 564.221318][ T30] NMI backtrace for cpu 0 [ 564.225659][ T30] CPU: 0 PID: 30 Comm: khungtaskd Not tainted 6.10.0-rc7-syzkaller-00003-g4376e966ecb7 #0 [ 564.235579][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 564.245649][ T30] Call Trace: [ 564.248941][ T30] [ 564.251887][ T30] dump_stack_lvl+0x241/0x360 [ 564.256628][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 564.261864][ T30] ? __pfx__printk+0x10/0x10 [ 564.266478][ T30] ? vprintk_emit+0x631/0x770 [ 564.271218][ T30] ? __pfx_vprintk_emit+0x10/0x10 [ 564.276292][ T30] nmi_cpu_backtrace+0x49c/0x4d0 [ 564.281275][ T30] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 564.286770][ T30] ? _printk+0xd5/0x120 [ 564.290958][ T30] ? __pfx__printk+0x10/0x10 [ 564.295576][ T30] ? __wake_up_klogd+0xcc/0x110 [ 564.300457][ T30] ? __pfx__printk+0x10/0x10 [ 564.305153][ T30] ? __rcu_read_unlock+0xa1/0x110 [ 564.310194][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 564.316202][ T30] nmi_trigger_cpumask_backtrace+0x198/0x320 [ 564.322221][ T30] watchdog+0xfde/0x1020 [ 564.326501][ T30] ? watchdog+0x1ea/0x1020 [ 564.330959][ T30] ? __pfx_watchdog+0x10/0x10 [ 564.335662][ T30] kthread+0x2f0/0x390 [ 564.339777][ T30] ? __pfx_watchdog+0x10/0x10 [ 564.344508][ T30] ? __pfx_kthread+0x10/0x10 [ 564.349203][ T30] ret_from_fork+0x4b/0x80 [ 564.353721][ T30] ? __pfx_kthread+0x10/0x10 [ 564.358380][ T30] ret_from_fork_asm+0x1a/0x30 [ 564.363209][ T30] [ 564.367439][ T30] Sending NMI from CPU 0 to CPUs 1: [ 564.373228][ C1] NMI backtrace for cpu 1 [ 564.373242][ C1] CPU: 1 PID: 62 Comm: kworker/u8:4 Not tainted 6.10.0-rc7-syzkaller-00003-g4376e966ecb7 #0 [ 564.373263][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 564.373276][ C1] Workqueue: bat_events batadv_nc_worker [ 564.373305][ C1] RIP: 0010:__lock_acquire+0x717/0x1fd0 [ 564.373329][ C1] Code: 10 84 c0 0f 85 1f 13 00 00 48 8b 04 24 8b 28 41 89 ec ff cd 0f 88 a5 00 00 00 89 eb 83 fd 31 73 7b 48 8d 04 9b 48 8d 5c c6 20 <48> 89 d8 48 c1 e8 03 0f b6 04 10 84 c0 75 18 8b 1b 41 0f b6 04 16 [ 564.373346][ C1] RSP: 0018:ffffc900015d7850 EFLAGS: 00000097 [ 564.373361][ C1] RAX: 0000000000000000 RBX: ffff888018370b00 RCX: 0000000000000002 [ 564.373374][ C1] RDX: dffffc0000000000 RSI: ffff888018370ae0 RDI: ffffffff92fa7658 [ 564.373389][ C1] RBP: 0000000000000000 R08: ffffffff92fa765f R09: 1ffffffff25f4ecb [ 564.373403][ C1] R10: dffffc0000000000 R11: fffffbfff25f4ecc R12: 0000000000000001 [ 564.373416][ C1] R13: ffff888018370000 R14: 1ffff1100306e16a R15: ffff888018370b50 [ 564.373431][ C1] FS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 564.373447][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 564.373461][ C1] CR2: 000056145ccf8220 CR3: 000000000e132000 CR4: 00000000003506f0 [ 564.373477][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 564.373489][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 564.373501][ C1] Call Trace: [ 564.373509][ C1] [ 564.373517][ C1] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 564.373538][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 564.373560][ C1] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 564.373587][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 564.373609][ C1] ? nmi_handle+0x14f/0x5a0 [ 564.373637][ C1] ? nmi_handle+0x2a/0x5a0 [ 564.373665][ C1] ? __lock_acquire+0x717/0x1fd0 [ 564.373684][ C1] ? default_do_nmi+0x63/0x160 [ 564.373705][ C1] ? exc_nmi+0x123/0x1f0 [ 564.373724][ C1] ? end_repeat_nmi+0xf/0x53 [ 564.373757][ C1] ? __lock_acquire+0x717/0x1fd0 [ 564.373777][ C1] ? __lock_acquire+0x717/0x1fd0 [ 564.373798][ C1] ? __lock_acquire+0x717/0x1fd0 [ 564.373818][ C1] [ 564.373824][ C1] [ 564.373839][ C1] lock_acquire+0x1ed/0x550 [ 564.373858][ C1] ? batadv_nc_purge_paths+0xe8/0x3b0 [ 564.373887][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 564.373906][ C1] ? __local_bh_disable_ip+0x187/0x220 [ 564.373925][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 564.373949][ C1] ? batadv_nc_purge_paths+0xe8/0x3b0 [ 564.373973][ C1] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 564.373991][ C1] ? __local_bh_enable_ip+0x168/0x200 [ 564.374009][ C1] ? batadv_nc_purge_paths+0x30f/0x3b0 [ 564.374033][ C1] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 564.374053][ C1] ? batadv_nc_purge_paths+0xe8/0x3b0 [ 564.374078][ C1] _raw_spin_lock_bh+0x35/0x50 [ 564.374103][ C1] ? batadv_nc_purge_paths+0xe8/0x3b0 [ 564.374126][ C1] ? __pfx_batadv_nc_to_purge_nc_path_coding+0x10/0x10 [ 564.374152][ C1] batadv_nc_purge_paths+0xe8/0x3b0 [ 564.374183][ C1] batadv_nc_worker+0x328/0x610 [ 564.374205][ C1] ? batadv_nc_worker+0xcb/0x610 [ 564.374229][ C1] ? process_scheduled_works+0x945/0x1830 [ 564.374247][ C1] process_scheduled_works+0xa2c/0x1830 [ 564.374280][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 564.374304][ C1] ? assign_work+0x364/0x3d0 [ 564.374324][ C1] worker_thread+0x86d/0xd50 [ 564.374348][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 564.374369][ C1] ? __kthread_parkme+0x169/0x1d0 [ 564.374391][ C1] ? __pfx_worker_thread+0x10/0x10 [ 564.374411][ C1] kthread+0x2f0/0x390 [ 564.374433][ C1] ? __pfx_worker_thread+0x10/0x10 [ 564.374452][ C1] ? __pfx_kthread+0x10/0x10 [ 564.374474][ C1] ret_from_fork+0x4b/0x80 [ 564.374498][ C1] ? __pfx_kthread+0x10/0x10 [ 564.374520][ C1] ret_from_fork_asm+0x1a/0x30 [ 564.374555][ C1] [ 564.379960][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 564.766869][ T30] CPU: 0 PID: 30 Comm: khungtaskd Not tainted 6.10.0-rc7-syzkaller-00003-g4376e966ecb7 #0 [ 564.776774][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 564.786837][ T30] Call Trace: [ 564.790116][ T30] [ 564.793046][ T30] dump_stack_lvl+0x241/0x360 [ 564.797736][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 564.802940][ T30] ? __pfx__printk+0x10/0x10 [ 564.807529][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 564.813526][ T30] ? vscnprintf+0x5d/0x90 [ 564.817861][ T30] panic+0x349/0x860 [ 564.821759][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 564.827910][ T30] ? __pfx_panic+0x10/0x10 [ 564.832341][ T30] ? tick_nohz_tick_stopped+0x82/0xb0 [ 564.837802][ T30] ? __irq_work_queue_local+0x137/0x410 [ 564.843348][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 564.848728][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 564.854906][ T30] ? nmi_trigger_cpumask_backtrace+0x2d4/0x320 [ 564.861104][ T30] ? nmi_trigger_cpumask_backtrace+0x2d9/0x320 [ 564.867285][ T30] watchdog+0x101d/0x1020 [ 564.871619][ T30] ? watchdog+0x1ea/0x1020 [ 564.876039][ T30] ? __pfx_watchdog+0x10/0x10 [ 564.880715][ T30] kthread+0x2f0/0x390 [ 564.884782][ T30] ? __pfx_watchdog+0x10/0x10 [ 564.889454][ T30] ? __pfx_kthread+0x10/0x10 [ 564.894061][ T30] ret_from_fork+0x4b/0x80 [ 564.898488][ T30] ? __pfx_kthread+0x10/0x10 [ 564.903084][ T30] ret_from_fork_asm+0x1a/0x30 [ 564.907861][ T30] [ 564.911249][ T30] Kernel Offset: disabled [ 564.915605][ T30] Rebooting in 86400 seconds..