last executing test programs: 1m19.59079625s ago: executing program 1 (id=1812): syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000000)='./file1\x00', 0x810, &(0x7f0000000140)={[{@nossd_spread}, {@nodatacow}, {@enospc_debug}, {@nossd}, {@nodatasum}, {@autodefrag}, {@user_subvol_rm}, {@max_inline={'max_inline', 0x3d, [0x6d, 0x33, 0x78, 0x39, 0x65, 0x36]}}]}, 0x1, 0x50f3, &(0x7f000000a2c0)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734fVCUoXQKNkkNY6beL22gUQtVdaUqhEpzbqhoCqi2NhrsnjBjm1KjEJkbCIaIShtkJIPRRhFUc0HqBWISAoIFymOUHlEVEUBBAqtIQoipSQRaYIUqtl7z+ydc3cefqzx0t9P8s6Z+Z/nnYfn3HvnXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/h4Feu+dtm8Ud/e96zL1w8fsWetRe/et15pz4ZwsTM4x1ZuKP/xtvHf373uffseWD1HfcdPv+jvXm5PB4Gqn868zs3xFoPLw7h/o4QutPAisEs0JPfH4z1vW8whFPCbKBWYrI/K5E2HL7fF8K+MBuoVfW9vhAGC4ELn3rk4Zuridv6QlgaQqikbTxfydroSwNn9GaB/jSwtTsL/OqtTC3w3c4sAMcsvhlqL/oDE/UZhucu1+D113PcOvb2SofXFRPDjfP9bO08d6qgN31g4pietlJ1zIvS2+Ogd9sCeLeVtvOtnrbiF6n8G8pbs6FK6Nw0uXnD1dM74yOdYXS0q1FN8/Q8P/P6lzYeSXrBvA5jB4aPy+vwlieW3t21/ILH71ux9OX9H9v7yrF280eFTVpMz7dKyF9zC+Z5jMZ9niyAt1/pW9KIL10hhM2f/73PNIuX5v/Dzef/8eUcbzvrcsda3xzK5ubxkcGYeG0om5sDAADAgrEQ9ppuHX3oE83qK83/R9o7/h8P+eeT+Wy0B0MYn0nsXRLCaTOPZ4G7YnOXLQnhgzOpifrA2iRwMIT3ziSW16pKSiyKJUaSwE+G8sB4EjgUAxNJ4FsxcGsSuCEGDiSBjTFwMAmcGwNhqn4cvz+Uj6PtQF8MrM824oF4FsIvhmJrybZ6rlYVAADAcZLPDnvq7xbOdTjWDHF6eaCvVYZ4BnbDDJWkhnQGW5tWNayhu1UNna1qqI17d/Phl2ruaFVz6TSMjvoMt//ybz4bmijN/8eaz/8rc3Sko3T8P4R1M39j7s48Ml2Lr5+oywAAAAAcg4H/ffGbzeKl+f94e+f/x30iXYXM4bG4G2LLkhDG6gNZtX9YDmRHvQfyAAAAACwEtePxtWPhU/ltdop2Op8u5584wvzxwP/4nPl7Dz64vll/S/P/ifbO/++vv806cSj24mtLQlhUCPwg9rIamDESAz/+ZH0gH/+huAFuilXlJybUqropllgfA2NJYF+jEj+slTitPpA/WbXG99bGMZWXKAQAAADghIu7A+Jx+Xj+/4d+s/qaZuVK8//1R3b+/8w8uHR6//RACCu7Q+hKfxjwWH+2MGAMDHbkiYf6s7q60qqu7w/hnOrA0qpezNf/707XGHyqL6sqBk770P7Xz6gmvtkXwspi4OnP3XlWNbEzCdQa/8u+ED5QHW3a+HcWZY33pI1/fVEI7y8EalVdtiiEamO9aVWPVPLrGKRV/XMlhHcVArWqzq6EsCsAsEDF/0o3FR/csevaLRumpye3z2Mi7sPvC5unpidHN26d3lRp0KdNSZ/rljG6vjymdq9881y+RNFF964bbCdd+53gWLGtfD9+6cTB/H78LtQzM87VPXV316RD/siHy02EwjepRkPunOch9xcrmX0SS/XH/L1hICy6esfk9tEvbti5c/uq7G+72Vdnf+NhpmxbrUq3Vf9cfWvj5dFwtazE0W6rZcVKVu68ctvKHbuuXTF15YbLJy+fvGrV2avHzhxbM/bxM1dWRzWW/W0x1GVzVZ0M9a072xzXcRzq6d2FSk7Ep4aEhMRCS2wdWNb0/+TS/H9b8/l//NSJn/z5+gyNjv8Px8P82eOzh/nXx8C+do//Dzc6ml87MWAkCeyOgd0O8wMAAPDOECf5cW9m3Cv90+XfeblZudL8f3d7v/8/Tuv/15auP7/RMv/LY4mxRuv/p8v819b/391o/f90mf/a+v/73ob1/6+uBZJN8gvr/wMAAO8EJ279/5bL+6cXCChlaLm8f3qBgFKGlsv4t3uBgCNe///5//yr/w5NlOb/t7Y3/7dwPwAAAJw8vvxn1/xOs3hp/r+vvfn/iV//LzQ6/3+kUWCi0cKA1v8DAABggWq0/t/wjf2XNitXmv8faG/+H0+76KzLHWt9cyhb0y6ka9q9NlT7yQAAAAAsDJ1hdLSnzbx1K6OuPfo2n8mXAm2WLnrxTw4f2fn/B9ub/9f9LuOWJ5be3bX8gsffvG/F0pf3f2zvK7PH/wEAAID50+5+CQAAAAAAAAAAAAAA4O334n/sWdMsXvr9f1g383ij3//H6/7F3xe8uy53rLX1+n/5/Qs/fc+umSULHxsK4cPFwJY9W04J+bX5lxUDD1+y/D3VxJ60xIMvnPtSNXFpGvjUilPfqCbOSQLr4yKJ700D8aqKbyxOAnF5xX9PA3F7HEgDvXngq4uzcXSk2+qng9m26ki31bODISwpBGrb6v7BrI2OdIC3JYHaAL+QBuIA/zwPdKa9umcg61UMDMaidwxkvQIA4KQVvwX2hM1T05Nj8St8vD29u/42qluy7PpytR1tNv9cvjTZRfeuG2wn3ZV+F5291nhPqFSHsKr0dbWYpWNmlMenlhab7t0NhtxqtbfOBuVSR7rpehuPqC8b0ejGrdObeloOfE3rLKu7W2ZZVZrsFLN0zmzSNmppoy9tjKjNbdNGl+P9zjA62pXk+oMYHA51Wr0i2v29fnGdv0avgmKeqw7v/VWz+krz/+H25v+V4rjeyC8GsDteWe/vlljmHwAAAObXV9f++hvx32dvfPTpZnlL8/+R9ub/cQ9Wfig429txMF7/f++SEGYurT+cBe6KzV22JIQPzqQmYonsgvrnxxJjWeCuuMNkeSyxfqK+qkUxcCAJ/GQoDxxMAodiIN9LsT/ku3L+fiiEs2ZS6+pLbIslhpPAZ2JgJAmMxsBYElgcA+NJ4NXFeWAiCfxbDISp+m117+J8WwEAAByJfJ7VU383pPO8A92tMnS0ytDfKkNnqwyVVhkajSLe/3bM0JOcvNJRyNST1tqX1FLKEC+Gf8T9KmUIP6zPmRYsNR3PP6idb9BRn+GBT3RXQhOl+f9Ye/P//vrbrPVDcf4/e/2/LPCD2L2vxVPHR2Lgx5+sD+Q7Bg7Fye5Ntaom8hL5pP2mWGI8BkaSwLYYGE8C69flgX3vqQ/kM+1a43trjU/lJQoBAAAAOOHiDoK4mybO/+/Y8ZWBZuVK8//x9ub/sb2BYmM3xFoPLw7h/o7Z3tQCKwazQNyPMRh/Hv++wRBOKezgqJWY7M9K9CYNh+/3Zb9Q702r+l5f9uODeP/Cpx55+OZq4ra+EJYW9r7U2ni+krXRlwbO6M0C/Wlga3cWiHt+aoHvdmYBOGa1vYLxBZWf6lIzPHe5Bq+/d8o1QdPhlfaBzpFvrt9czZfSDtd8n2rNkT1tTfffctyU3h4HvdsW4rtt2Lut+EUq/4by1myoEjo3TW7ecPX0zvhI8ZesJfP0PBd/pdpO+ji8DncffW9bq6QdGEs+PsbmLjf367AjVnfLE0vv7lp+weP3rVj68v6P7X2l7W40EH8o/Mh1/zr4o8LmnW+VkL/mFtznyYTPk4X438CIpy2EsO7Vr9/ULF6a/0+0N//vTm5n/DpuzB1LQvhIYeM+Fjf/Hy/JPgcLgexT8l3lQHbI/b+GGn5yAgAAwPFW291R218wld9mJ4Sn8+Ry/okjzB/3V4zPmb/dfvf/9SVLm8VL8//1zef/i5JuOv7v+D/zxPH/OZ3su6IXpQ/sPqZd0aXqmBeO/8/pZH+3Of4/J8f/Hf+fi+P/LTj+P6eT/WkrfUva5ktXCOHlP3ro2Wbx0vx/W3vzf+v/zb1oX239v/WN1v/b1mj9v93W/wMAAOZVg4Xm0nleafW+UoZ09b5ShpYLBLZcYtD6f0e8/t9Lpz//m9BEaf6/u735f3w5DBRbXyjr/42sa1DVrTGwzcKAAAAAnIwa7SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7fXAP/zPpmbxR3973rMvXDx+xZ61F7963XmnPhnC1MzjHVm4o//G28d/fve59+x5YPUd9x0+/6OVvFxPfvu7dbljrW8OhbCv8MhgTLw2VL0zG7jw0/fs6q4mHhsK4cPFwJY9W06pJr41FMKyYuDhS5a/p5rYk5Z48IVzX6omLk0Dn1px6hvVxDl5oCPt7j8uzrrbkXb35sUhLCkEat29YnF9VbU2/jQPdKZt/NNg1kYMDMai3xjM2oiB6VhialEIK7tD6EqrerSSVdWVVvUvlayqrrSqL1dCOCeE0J1W9UJvVlV3OvIne7OqYuC0D+1//YxqYl9vCCuLgac/d+dZ1cQXkkCt8b/oDeED1ZdM2vi3e7LGe9LGb+sJ4f0hhN60xC+7sxK9aYkXu0N4VyFQa/zz3SHsCrwjxA+fuk+0Hbuu3bJhenpy+zwmevO2+sLmqenJ0Y1bpzdVkj410lFIv3X90Y/9ude/tLF6e9G96wbbSXfn5Xpmury6p+7umpO997Ff/cVKZp+PUv0xf28YCIuu3jG5ffSLG3bu3L4q+9tu9tXZ3648mm2rVQtlWy0rVrJy55XbVu7Yde2KqSs3XD55+eRVq85ePXbm2Jqxj5+5sjqqsezv8RjqnSd+qKd3Fyo5ER8AEhISCy3RWffpNnayf5CXvujPdrQnVGY+oEvTimKWjplRHo9Brz3KER/N95SWI1pVmjiUsqyeI8v19VnWlCYTs7X0ZVlmvteVJofFxjpnNmm83xlGR7sabYfh+rvFzfuzY9i8z+Sbrt00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/HDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwA8cCAAAAAML8rcPo2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEsBAAD//+erI4o=") creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000340)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f00000005c0)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x4c02, &(0x7f0000000140)) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) chdir(&(0x7f0000000240)='./file0\x00') r1 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x80044940, &(0x7f0000001b00)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000100)='.\x00', 0x1a4243c, &(0x7f0000000680)=ANY=[@ANYRES16=r5, @ANYRES64=r4, @ANYBLOB="12a4095a2aac12f0bfcb206d982e44066381388d27f14002d8d7431d3947f6399c7ff9f5193fc0398653e5a67bbb319f02bf4ac6f6ccd5acbfe1350cc3a6d2d48cf6c089ddf67171ffb3b15988e7b394c5daf3e12ca05e4dbdad7edd45f10cbc296a53a530d4c2d203ee650d5fff3a9b5aae78794fe84327e508172cdd72eeff5af4d6db9379bef20dde8e64b91d31a84ce8a7598bb78cc85108874811fc650f0520a5", @ANYRESOCT=r4, @ANYRESDEC=r2, @ANYRES16=r3, @ANYRESDEC=0x0, @ANYBLOB="9a7f40ad4c7145903a868b9020e1e8899ed5747db23004fc9d248900abcaa6b065cf0800930a71dcd8b8955d93c78b9d4e5e06d8d5c9ac9b75d177754d6eba23e6d2be546c0dfecdf61baf732950a5729c01fbdc11e36cb411be200a9135657acd97d21ee46aac313ebdddd9265af16558dd3e5ba4836659a6abfe08aad84276acf949bdaa34bdf7f7b2dfb2fe8b9d6d225dcecebeb6e15f649994728842bd99fc94897d24315ac2d17bf6c2acfbfa8464d80f36304f88b906b78ab359be3479db5b0e7555f04416807c2202d6551f2425440be741dbe053e0bfeb845623e722a9293843f1cf0a71119dcadf7e353af4da52aed3086d6e5a095774248be9a1b1418dec1c03a2cb0ece0840ebeaaf7b67867da45943b700e2d6dad775ae6f33e55aa86ca84c336c91e3b7d7224f7a9a10d5b45a6ce0769d875415bea136b5508e5e0a88290792da3b11b2284a3d757c301cec78b55d3fcfa073615ccb089f66c5b9a5c84f6c1bb78c3370c4687eab260711fa05525687c7709e15cddea061f70798cbf940ad929eb80f33ad8bb4fcd322dd0558f111d7d01351147976b425a27e573402490055054cf3d80bebde6a89f3086170633740f08780aac3a73f17eaeda8deb642c2887962596b4d78c0ffffb28d0e64073b0641f89cf83a69afaaea03ba6070838fdbdaccb81630a6fdaa77fc10146013b9fd79e965a320daf81c1a51f032a3f462f2740e579eb116cad80b4e233326bf94fea52184517accf608b1fbfb395942869841b9ca0f314beff6b2dc0a74d7599012274b24775f0382e72907c1f0c571b994f048c0266feb775d893fec84e5733cd66a96cd45b60f63743b17b05d99c427a2d00a27fef17cadf128059a2e227b80701755b0bc706f32255c8cd619fa995cc7649f28337361a62cff46669fa4cf095a2d148987a9fafa6e1fb9f59b5ac5ff10a4c62e0187a3c75a983f7f5211142c6c09170a13e29c2044e5568bda8055cee4722e445e83ea01307c42cbe63a5bc529e1200e5874f7500275abacd6cc0e3bf8fd38ab7bab39f54d180d60892e2e3a713a3e654c89b8e9ba4474909991844514c04b655c66ccd6f2a17e29ff69d343ebac7ac5e1510ad4ff52e6a932a97bb0d814259da6545022152dd63f06219a1d66ec2278b694876ed6195b0543b8c9289b8438e8ee57dd38bcdb045a6fc4cede28effaa0354afbd4190fcbccd9a0e91508e4399e0e30a0bfdedcc19454b6dd7c2785a6e4fe74a0ece1d683ad07d76eafec02fb0d88debfeacd3531413185da0ffa4fb9b5e6d5a916f7bb5d51efc8ab61e4953fc6b2d1e670769f3ca56d51b804ceb118278acc90422e1f51e448a27d2fe4f93c88cf7c6148474bf650902dd6dd96541044113d244cf938150ec426e7ed63e1f153bbe328f4232552b104c8dee60b0c4e4c25f2605e97cc6f4263d32e8340be2d167137682373ae4cd501fdc9c5359b40f52803a5e4c0e04a5de0412c5cbd4d05e6135a1209d4b2dff50d39e481f1d1b01ed71004fb0c18e736af8ab176f833a439a85c9132e6d2296f665771c6a284eadc08c94ffa520dcc37fd6426c152364699514b15d4df6732fff39834e8ba29688b19db27a970d9d7fbee973c76bee04fb6164963969ebde0f785606781d63726736d8b60a713d5f72207a23f6f00420fdf24d14c069f36a7e236620481cc7a63857cc1355bac8d4f9a3f32785ad4d9d81719077a816b33b98006c322ee473aa9f8f83fae86a4d421104b298a9e42357c44b773e3504b3f9eb5b29330411b776b78fdb6dd9713dd1aee0cc9c7ee8bd23a50d4c8babaf6d74bc25377009a8c57c941f80e58ac08c93a275656cbad3864df9e791305d66103ab30983b07553ede5b5d5b0aab157f805eb6c11c75dd7f297c2cc9110551131a797164dec422b13799f1c261464c765a62c201eb9c8686eee94642d59f429cd137cba0d1a8126dcdfc28ea5c201526c61164a86f480dfde0c60fdf6afd3cd64719de1d89b5a362e058054a9db73aaffac324b04e8903060e1f14ca4ac31c82183066e6d581685efbe3452a20a665166b03808220770d66051971b61d8114376e22a4511cae9fdf7bbed68bb9f45b57eee1c15775730ef1434731d7b82a7cbcd6155396263984edfcea62196189da0ba9908d7d5ef514d75a3e1d4ae42654365083873fc4ce969fa4fac51d640be8d948bb9464d1a7e494c8df98bd5a569ff7fe1aca542c34610148a8f1dc9d60ff0f761270577f286a362f32164184ffce3ad132637e9f0381e9ce76a11f296f9d1e835cdc44926104e1df4d0a282a84b9fbc23064bfcab0d221c6e3124ae8ba6022e62f170dcc2d655f73b40f83fd65f5c705bc1f9e8df13adeadff9e1fe4660a55be7dc969cfffaed607190162dcd09d0cd86a297b22142b88f0eb28dd1a45152a4f4f2dca0d96d39fa594349040f486cd486af619b7083236cf90324cddc6f1ed0f6a103c8d936d7f2f31d420ef50931838e66721bff7494617b6b4bc385f3e51b3f81cf5d6953ac7fddc0f3466682911b38bc7f082e0c18e3ae0badf7f3fd3e186ebc2bab71fa26f77bb14cd97e6761c93c8c25887c0ef1f3dc1d8d86ce0fb73190f66f4deca77977e8d6064bfeeac3fad2bc50488c144e2a1a82fcc1e1c12ac54bf3e2d468e8f53241e4a6ad9e466746a45b053452ded5caa20461881d78d8235e986ba8b77e83601655d2650bf1b64ce17c75314216b43bbd1101a2e12e57525bb7d3b136a70635bdac8af24367a24ce2fe2a72ef2b0e56ff8dc62a82946f86f9b6b1418a89b1971372dfe7d5ce2e6611befff721f04a19bce7f90b1551a4cdead136662c50513fdde6f9d4a199c3907ed8799f231f54dd8347c71d829ff8ddc5d96b5aac2fe58652c81ff7f54e2568119dff2763ef435aa420630dacc7e9414340ee8688f46c7a8ab96d860937641042b3cdf6857ff1d2d4e47cec1f23e65fe541f38cb96b132666f999002e89cd1896ca58c2e63b87382e1a6c1ee9afa56cf3ba923fa9c989e20bff313f37252632fdcff03fbdd2d334ee93baf75c1bdae30feaa81fb2ac1b63c42dda06f20ce8c9d003eb3efed7931def342fb874fce92763f6f477c7f589b75d2129419fc4cb7a8893a1d3f94533ed9fdf9f21fc254fd80aa74750833d390327a2107e761240928d35a36c5eaca61fd848116b8dd7ec8157928bc2dd87f7756aa517cf6a61d2009fd4ba0579ca3b3129cfd5403546f5ab6d0575799a008fc67da9658427636d8f806d9b8cad64aee438d0a9b45957f31a5afe3ed894add9acadfd347246099c6ff0b4ec6f19ac61557daf8739e528185ab1468ca72d6d72e4f026e371e540b774b6576df3014dcc9e91b2cd1f0403a4fcaa6627b22682bb54f92150c2917acaee1972b2b03bc2bd37fdb9e7352c654d94ef196b7229e4da5ee62b7d395ecdd5177f2563242ea49ff78151a4a816a94e89b03f41c7e6684f8be3e5802e9338e7cbd3b43f708c062f944a59f31b02ca9a177e6b681accee8785d2467d2d78636be4330febaa3f6907db07992a2de74e459f3ae8ee6adae20cbc75aabd2d5d3424de0ddcc3ddd981c3a4966c57f8fdb1c42db87395f0bc800ff8ddb4c228a7d793d8a997885494a8578f5433d3f82886ea573641bf16065efbc25718c88f7277ce04c94af560d8deb7968496f849d3fad78741272b08bf7aec3f3c777428d3b8b897333ae5afb6823af63cb7347601ee2e8d4e21b21a12e6d42f66a1aac26d296bc68a998d8ba179ed5f756c2efd8a7acc0e3f08093bb4a83d37f15b4fe07c90858058ad1ff0e21bb7bf4363079c5d452dba5972b21c8f41daf6f11a51d321d3c1d544190238036d907d965ff469ce4895eb7675f3e94a15f83b837b892a40390d87d76e9b15eda02366299d3dd93943466bceeb2f9e465adccc08e1a02c3ac01815931627ed327e0ffbe09563221a365b88c4f2449bd3634920d5bfbde7cdc92c4cb16a579f35f07dafc87ce6ce4de7bf9e8ff0e80b81cdab8f2164a25a0a6929679ce9ae0dc2ac7ed41a787446676f091597551dc2e8c054224bac6652bba5fb675c0b2c94d2faac160f11b7b96fc96415aca8a47fa03658b8afa24b6bd97f7dbeead9ae5f7ec1cb0d000055f41a5043c6c4c97212398b168b5cb9ee650726eabcc31b6712e815fdaae77885350884fb36d6d5444d5e5500a7d636d4eced14b9d411c765b36a4be06ca9be2965d6d6c06c3b6bcb38babeb2999ee71295d48926bf6e39363fabf74de5e57aa0b59f9dddeca142d0c50ab7ff198196c69c971e6ab591220f4e42d6525e2dbd99b6c57949c854e4ee0e4581f9e3e160b3f66b01f23f4d0472c0a1f307837ac8dac0a257d09ab82975148dcd764fe6359a5f21b9cbe2ae7b9b277489a8b3285b8289a84ff854508b4488ffcf68f47ec7a5c18a8c3d06e26b32f754ac74ea8e93a554147fd3b3daf1fbe924e2e389cac13a5f80f3a21dbd250d3917f7b5acfc739a63f2b3d6b3f099efb4be7a842215c89fc87bd8550d11ba2a4af0f111ab124503b26feeae3be3ee24168dd4553a226b9168edb11c3e61bc850adf995b4d6f1aace6db0b91f805c3d1789a3e6b470e5470968f429d5b05c8f76ca2981e37f5bde4ad00a09755c76774ead7d93f3f41255b1d56152e3699b133b2e0b277427c992323d1b4d8c438434e9e901ddd43788f80cb9a975e9dd1671ce16be5ff8033d5da824f00fd78b540edbcd69a2e9aff03e31af9afefb809434f52b4a1239fdd241ed3a268258addde19d1724155a1a4c877bd59b0659b7a786886f6ffcb5999d1f9c007d615020926f7165a9ddd4aaa3c7b631d30cc951e328131d99282ac06a18f88373092320ea5308f06c376e711aecda4cd1c2b639d9ea7a2613d4e9eaa9a0ef72774fdec622f7d131b45135d577897bf686b460a371083070139ea544bda15012251d6c8e7163c25412841faefba76765648ca7cd1b423403a654b6b5754588ae6c309621477db20f7c9236af1e422ebd3fb6d6a712e7a6d00d58416b7d65a53a2514bf51bedfe9207f16a4d79418600389b98ea8b9e06b8da708a86f191e567925af39a09ac9fd7902e8f8e77567baf1b75c05ba1eb7089b424801405afc982a8d79c80fada184a1ab3bab526a3b0a5e20d2dc6bcdd2c5cb7c49f735f3e8f4d36a388ca805876ae08f0e3acca5dd864c1fa1552068bf799095221480374fd2dcaeddb74be93470eff4fe278e190f0a131f32340ada9cca518af769f42943875f4c5707beee2179771da21cd66405b9973648bd047a516d1cf902fa1f0fcdcbc3f4c1f20fc22f9a7e9f4c3a52576399604c46f83ede44f542d06d54e6e8a1e693a2cfcbb16c178d1bace976133e72cc4533bd02b1c4ec2cc22097435aff5a682ca7227414895450831560fa682493f4814ce8fbdb190f8ce2b533ed9582638511bda93aeae5d0690f745b788db622864ba3fb60952f119427fbe66754c5c038c5fb2cb87c326d65862e353c14950bd1fa7c70e36323e9cf90c81f6275e59c7926acac1560a0b6bbc7a850817f2effa19d485315a219d49e293f871278294d02765cf72caa2f438de3337ed205bf68ff6ddaaa5e4b80de5fba022dfcf9cf074a319678df11eb77b3ef66e512b67ba5182265a60eaf457691e973d23cbaf6000537f886695074ebb616f9cdad9de7c6fe9ecfbd13d537d64c34a7c90ca56b50e60d6a7067e391e63561793edf6ed3c2eeb8555909a59ce73da1f096d41fb42de44494128324a9", @ANYRES8, @ANYRES16], 0x0, 0x0, &(0x7f0000000000)) open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) 1m12.466898848s ago: executing program 4 (id=1834): r0 = fsopen(&(0x7f0000000280)='cifs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000040)='source', &(0x7f0000000f80)='//\xf2b\x06\b\xba\xdf/o\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b/\\\\\xf9/mD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r3}, 0x10) rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8) syz_pidfd_open(0x0, 0x0) socket$packet(0x11, 0x0, 0x300) ptrace$setsig(0x4203, 0xffffffffffffffff, 0x9, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) 45.395268288s ago: executing program 3 (id=1879): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000200)={0xa, @raw_data="0286887f299f398f48535633ee5155e1ae7bcc3fbdb064e2b5a54287fecaedfe068fc6d447603a5ea4406685adc9194f0c84cb29ff5413db17f7c7573b717360d80ebda85493109e2c14a3cef705a942c3c1112f2cb290d7936da4c3fae61aaf1bfb5881642a0617da780e10466f5c265049c4e4beeac3eb401e7fdf81d9adba4841418843c31c09b0ca28e0567c2e613357e6ba03216c6a429aa7250ba48db5decc98f004aaaca161dcd524f13b4c8ee6818ede5423dabaf409fb2b8269b349f66e49da47a8aac3"}) 45.206043091s ago: executing program 3 (id=1880): mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000300)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000480)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0) mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x297880, 0x0) mount$bind(&(0x7f0000000280)='./file0\x00', &(0x7f0000002100)='./file0/file0\x00', 0x0, 0x2187017, 0x0) mount$tmpfs(0x0, &(0x7f0000000140)='./file0/file0\x00', &(0x7f00000001c0), 0x0, 0x0) 44.914981749s ago: executing program 3 (id=1881): r0 = socket$kcm(0x29, 0x2, 0x0) close(r0) socket$igmp6(0xa, 0x3, 0x2) setsockopt$sock_attach_bpf(r0, 0x1, 0xd, &(0x7f0000000080), 0x2cb) close(r0) 43.859222607s ago: executing program 3 (id=1882): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x1d}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x7}]}, @NFT_MSG_NEWSETELEM={0x44, 0xc, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x4}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_SET_ELEM_EXPR={0x4}]}]}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10}}, 0xd0}}, 0x0) 42.745795007s ago: executing program 2 (id=1885): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000180)=@raw={'raw\x00', 0xc01, 0x3, 0x220, 0x2e8, 0x5002004a, 0x6, 0x2e8, 0x3, 0x3e8, 0x3c8, 0x3c8, 0x3e8, 0x3c8, 0x7fffffe, 0x0, {[{{@ip={@dev, @broadcast=0xfeffffff, 0x0, 0x0, 'hsr0\x00', 'bridge0\x00'}, 0x0, 0x70, 0xb8, 0x0, {0x0, 0x3fa}}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz1\x00'}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @link_local}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x280) 42.534303547s ago: executing program 2 (id=1886): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) capset(0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r5}, 0x10) unshare(0x0) r6 = inotify_init1(0x0) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000200)='.\x00', 0x400) r7 = dup(r6) inotify_rm_watch(r7, 0x0) renameat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000040)='./file0\x00') setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4) connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, &(0x7f0000000180)) msgsnd(0x0, 0x0, 0x0, 0x0) 41.333363819s ago: executing program 2 (id=1887): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4) r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000002000)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e", @ANYRES8], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000001a80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r1, 0xc0145b0e, &(0x7f0000000040)) 39.584579596s ago: executing program 1 (id=1814): syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$KDENABIO(0xffffffffffffffff, 0x4b36) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x40000000000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) sendfile(r4, r3, 0x0, 0x2) 38.257831208s ago: executing program 2 (id=1888): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x53, '\x00', 0x0, 0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x90) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000500)=[{0x0, 0x2}, {&(0x7f0000000580)=""/208, 0xd0}], 0x2, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0xb, 0x4, 0x400, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x200002, &(0x7f0000000000)={[{@noblock_validity}, {@dioread_nolock}, {@noinit_itable}, {@orlov}, {@jqfmt_vfsv0}, {@usrjquota, 0x2e}], [], 0x2c}, 0x84, 0x452, &(0x7f0000000480)="$eJzs20tvG1UUAOAz46bvklDKow/AUBARj6RJC3TBBgRSN0hIsCjLkKZVqdugJki0qmhAqCxRfwGwROIXsIINAlYgtrBHSBXqhsICDRp7nBrHDnbs1Gn9fdIk986Mfc/xzLXvzLUDGFrl/E8SsTMifomI0YgoNe9Qrv27cf3S7F/XL80mkWWv/5HkD4s/r1+are+aFP93FJXxNCL9KIn9LdpduHDxzEylMne+qE8unn1ncuHCxWdOn505NXdq7tz00aNHDk89/9z0s33Jc1ce67735w/sPfbm1Vdnj1996/sv83h3Ftsb86gZ67nNcpSXX5Nmj/f87BvLroZysmmAgdCVvK/nh2uk2v9HoxQ3D95ovPLhQIMD1lWWZdmWFWuXRwBLGXAHS2LQEQCDUf+gz69/68stHH4M3LUXaxdAed43iqW2ZVOkxT4jTde3/VSOiONLf3+aL9HyPgQAQH99nY9/nm41/kvjvob97irmhsYi4u6I2B0R90TEnoi4N6K67/0R8UCX7Zeb6ivHPz9tW1NiHcrHfy8Uc1v/Hf/VR38xVipqu6r5jyQnT1fmDhWvyXiMbMnrU6u08c3LP3/Sblvj+C9f8vbrY8Eijt83Nd2gOzGzONNLzo2ufVC9B3h5Zf7J8kxAEhF7I2LfGp5/a0ScfvKLA+22/3/+q+jDPFP2ecQTteO/FE351yWrz09Obo3K3KHJ+lmx0g8/XnmtXfs95d8H+fHf3vL8X85/LGmcr13ovo0rv37c9ppmref/5uSNanlzse69mcXF81MRm5Olleunbz62Xq/vn+c/frB1/98d8c9nxeP2R0R+Ej8YEQ9FxMNF7I9ExKMRcXCV/L976bG3157/+srzP9HV8e++UDrz7Vft2u/s+B+plsaLNZ28/3UaYC+vHQAAANwu0up34JN0YrmcphMTte/w74ntaWV+YfGpk/PvnjtR+678WIyk9Ttdow33Q6eKe8P1+nRT/XD1vnGWZdm2an1idr6yXnPqQGd2tOn/ud9Kg44OWHddzaO1+0UbcFvye00YXvo/DC/9H4aX/g/Dq1X/vxxxYwChALeYz38YXvo/DC/9H4aX/g9DqZff9a9W2H1svZ75TiuUNkYYXRci3RBhrK2QbowwaoUtEdHpzpfjVgU26HcmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/vg3AAD//zLQ7Dk=") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount(0x0, &(0x7f0000000040)='./file0/../file0\x00', 0x0, 0x20, &(0x7f0000000140)='usrjquota=') bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000000000dd0a00000000000073014300000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x19, &(0x7f0000000000), 0xb5, 0x10, &(0x7f0000000000), 0x7, 0x0, 0xffffffffffffffff, 0x68000000}, 0x48) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x2, 0xc}, 0x48) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x1f, 0xd, &(0x7f0000000040)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='scsi_dispatch_cmd_start\x00', r2}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) mount$bind(&(0x7f0000000180)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) r3 = epoll_create1(0x0) epoll_pwait(r3, &(0x7f0000000040)=[{}], 0x1, 0x80000000, 0x0, 0x0) r4 = socket(0x23, 0xa, 0x2) setsockopt$inet6_MCAST_JOIN_GROUP(r4, 0x29, 0x2a, &(0x7f0000000ac0)={0x401, {{0xa, 0x0, 0x401, @mcast2, 0x2}}}, 0x88) timer_create(0x0, &(0x7f0000000040)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) syz_open_procfs(0x0, &(0x7f00000004c0)='cmdline\x00') timer_create(0x0, &(0x7f0000000200)={0x0, 0x13, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000240)=0x0) timer_settime(r5, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) 37.959348554s ago: executing program 1 (id=1889): r0 = socket$kcm(0x29, 0x2, 0x0) close(r0) socket$igmp6(0xa, 0x3, 0x2) setsockopt$sock_attach_bpf(r0, 0x1, 0xd, &(0x7f0000000080), 0x2cb) close(r0) 37.371535494s ago: executing program 1 (id=1890): sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$hfsplus(&(0x7f0000000200), &(0x7f0000000240)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x80000c, &(0x7f0000000a40)=ANY=[@ANYRES8=0x0, @ANYRESDEC=0x0], 0x0, 0x6f7, &(0x7f00000002c0)="$eJzs3c1r5OYZAPBH47E9dmHjTfajLYEMCaSlprv2Gqd1L92WUnwIJU0PPZtdb9bsrDfYTnFCqb1N/4AecuopPfi29FBS6HGhPTcESq4+Bgq55OTbFGmk+fB82hmvneT3M5Je6f3Qq0cjaTTCKIBvrNX5KNfr9b3V+dd30/nDg6XaxMHSdJ5di4ipiChFlBuTSDYjy72dD/GddGFePum3ng82Vt789IvDzxpz5XzIypcG1ethqnvRfj5ENSIm8mm3yT4tfnR89R3t3elsr18jAyTNLUwD9koRuPjLyZuCcap32W/mPflvNh5U/STHLXBBJY3rZpe5iNmIqEQ0rvr52aH0bHs3fvvn3QEAAAA4qZlhBbpv1587iqPYjUtn1SUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4Osrf/5/kQ6lIVyMp3v8/lS+LPP2V9Ml0Y/r0vDsCAAAAAAAAAGPw0lEcxW5cKubrSfbM/+W2Z/zfindiO9ZjK27EbqzFTuzEVixGxFxbQ1O7azs7W4tZzYgrA2reio971LzVv4+3B2/CP399mg0HAAAAAAAAgIurMiT/wWT3sj/Gauv5PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXARJxERjkg1XivRclMoRUYmIqbTcfsTHRfrCeX+619Kk18KnZ94ZAAAAGK9K52xSGaHOc3txFLtxqZivJ9k9/7XsfrkS78Rm7MRG7EQt1uNufg+d3vWXDg+WaocHSw/Tobvdn31+oq5nLUbjt4fea/52VmIm7sVGtuRG3Ikk6plS0fm9xvTh4UHSo1+P0z4lP80N6M1EW/puOrr+UZb+c+evCOUTbeIplfrmzGW5k82ILDxu1bhc7Jnee2jo3ikPXNNilJq//FwZvKbeMX88eO2zx0r1/OXmXByPxK0oNffQtcGRiPjeP5789n5t88H9e9vzF2eTetobWuJ4JJbaInH9axSJ4RaySFxtzq/GL+M3MR+fT78RW7ERv4u12In1apG/ln+e0/Hc4Eh9Mts+98awnqTHZLV5/urVp2p09Cmq8YsstRYvRxJzcSk2IolHEZPr8Vr2dysWm2eD1h6+OsJRXxrhTNum8v1s0gxTzPQv+7fRmhyXNK6X2+Lads7NjoPLHUtaUXq+Z5SKa93o16M25e/mibSF9wdeH56145FYbIvEC/0+L42Q/rWejrdrmw+27q+9PeL6Xs2nxaezx4mk/mW25/TSPfx8VPKNu5yN096ln44074VmrzvjNZU/cWkodeVdbdZrHKm/ikdxN9qP1B/FcizHSlb6WlZ6suuKleZdb7bUeQ5P89JvWuXmg53271uPotb4PgTAxTb7g9mpmf/N/Gfmw5k/zdyfeb3y8+kfT784FZP/nvxJeWHi1dKLyd/jw/hD6/4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4ve1333uwVqutb/VOlHpnJYNrrdWKN/INKtORSPJX5YxQOBmpwcGJ6Xzzv2w7HYnqqRos3tY4vHB1fF3tSiT7+Q5rLqkM3xfZW572RtrLSVfA08qn7nPxfqkzisaYEtXxNVh8YAeVGXpUFm9W68iaiIhehYecOCbGdQYCzsvNnYdv39x+970fbjxce2v9rfXNyeXllYWV5deWbt7bqK0vNMZtFZ7Jy2+BZ6F10W9fWop4aXjdAS9qBQAAAAAAAAAAAM7Q8f/oOIv/hXhy3hsJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfKWtzkf5aSSxuHBjIZ0/PFiqpUORbpUsR0QpIpLfRyT/irgdjSHm2ppL+q3ng42VNz/94vCzVlvlonwpYr9vvdHs50NUI2Iin46rvTvD25tqJad7ZCfNyKQBe6UIHJy3/wcAAP//vGfxGQ==") syz_open_dev$dri(0x0, 0xea85, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$uinput_user_dev(r1, &(0x7f0000000100)={'syz0\x00', {}, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400], [0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44b3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x26, 0x0, 0x0, 0xffff6cf5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x200, 0x0, 0xfe04]}, 0x45c) ioctl$UI_DEV_SETUP(r1, 0x5501, 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000580)=""/104, 0x68}], 0x1) write$input_event(r1, &(0x7f0000000000)={{0x77359400}, 0x15}, 0xfe4f) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000cab000)) setresgid(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmmsg$unix(r3, 0x0, 0x0, 0x0) setsockopt$sock_int(r2, 0x1, 0x10, 0x0, 0x0) 36.348215651s ago: executing program 2 (id=1891): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='D'], 0x44}}, 0x0) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e00000008000000000018000380140003801000018004000300080001"], 0x44}}, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)={0x38, r1, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_OURS={0xc, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x4}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}]}, 0x38}}, 0x0) 34.41927841s ago: executing program 2 (id=1892): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000300)=0x1) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x7, 0x17, &(0x7f00000007c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x6}, {0x27}}, [@printk={@x, {}, {0x5}, {0x7, 0x0, 0x3}, {}, {}, {0x25}}], {{0x4, 0x1, 0x9, 0x3, 0x2}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 33.504601044s ago: executing program 1 (id=1894): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x40000000000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r3) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r4, 0x0) r5 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r6 = accept(r3, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r6, &(0x7f0000000080)={0x0, 0xe, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[], 0xfffffdef}}, 0x0) recvfrom(r5, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x500, 0x0, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x10012, 0xffffffffffffffff, 0x0) 32.046130227s ago: executing program 1 (id=1895): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x8, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000000000850000009e000000850000007d00000095"], &(0x7f0000001240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x81000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, 0x9, 0x6, 0x301, 0x0, 0x0, {0x7, 0x0, 0x7}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x24004801}, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000400)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)={0x40, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_TX_RATES={0x24, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x20, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14}, @NL80211_TXRATE_GI={0x5, 0x4, 0x3}]}]}]}, 0x40}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x1ffffffffffffe33, 0x0, &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r6 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb) r7 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r7, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) connect$inet(r7, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) sendto$inet(r7, &(0x7f0000000840)='<', 0x1, 0x805, 0x0, 0x0) ioctl$sock_inet_tcp_SIOCINQ(r7, 0x541b, &(0x7f00000012c0)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="540000004900010928bd700018dcdf250a000100", @ANYRES32, @ANYBLOB="0000000014000100fe80000000000000000000000000001f14000100fe8000000000000000000000000000bb080002"], 0x54}}, 0x0) add_key(&(0x7f0000000200)='dns_resolver\x00', 0x0, &(0x7f0000002900)="0062b6774afe", 0x6, r6) r9 = getpid() r10 = syz_pidfd_open(r9, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000003500)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb7020000080000000000000600000085000000a00000009500"/96], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$bt_l2cap_L2CAP_OPTIONS(r10, 0x6, 0x1, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) r11 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) ioctl$USBDEVFS_FREE_STREAMS(r11, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYBLOB="02002303100007006000000002000020d3"]) ioctl$USBDEVFS_RELEASE_PORT(r11, 0x5514, 0x0) capget(&(0x7f0000000240)={0x19980330}, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) 12.532799542s ago: executing program 4 (id=1853): r0 = fsopen(&(0x7f0000000280)='cifs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000040)='source', &(0x7f0000000f80)='//\xf2b\x06\b\xba\xdf/o\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b/\\\\\xf9/mD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x2, 0x4, 0x5}, 0x48) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r4, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f00000000c0)=0x1, 0x4) write$binfmt_script(r4, &(0x7f0000000100), 0x61) setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x2, &(0x7f0000000000)=@gcm_128={{0x304}, '\x00', "2a75544000000000000000000e001600", "af2ff1f7", "4a8d4609470a1403"}, 0x28) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000480), 0x4) setsockopt$sock_int(r4, 0x1, 0x12, &(0x7f0000000380), 0x4) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r3, 0xffffffffffffffff}, &(0x7f0000000b00), &(0x7f0000000300)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000807b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe50, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1f, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000000b70300001b0000008500000083000000bf0900000000000055090100000000009500000000000000b7080000000000007b9af8ff00000000b5090500000000007baaf0ff00000000bda804000000000007080000f8ffffffbfa000000000000007000000f0ffffffb70200000800000018220000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70500010000000004000000181700000000000000000000000000007076509143f72902a604b0e821081cca761c7627ba1999c390a4257b36fcb233aead5f50f5a26d8f37e1c1b670da9970831d6df337cfe22aea7d143765a1d6136b35927bd111f3c66dc6b77adb924425ff44b12b0b9a9a345b5220dc863bdecc3a8a27f0fa969f1fc29cd73fd44de758d720a90d8ecd0381", @ANYRES32=r7, @ANYBLOB="0000000000000000bf91000000000000b6080000000000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x8}, 0x48) 2.10064063s ago: executing program 4 (id=1908): r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x11, 0x25, &(0x7f0000000b40)=ANY=[@ANYBLOB="18000000010001000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf09000000000000550901000000000095000000000000008510000008000000e7f900084405000005050400fcffffff", @ANYRES32, @ANYBLOB="0000000000000000b702000000000000850000e146cc1f2dcd390bb2f1337adcb7368a163147d2c3aa6905d7bda82138086ab42e9a2d4d02b0eef363b76d7e7235365e4a79e0bab7993670b36e6ac5254bb4b4a2ed7f1cebc798211bba7708bc8adbcfceb89007c49ec623ebf7937d9284ba740064e884ce6ae1519f9e25c7de6c8c082fde1e74a740ffacaf027e35fa8a57b43365bc9963fbf4183b346e9f", @ANYRES32=r0, @ANYBLOB], &(0x7f0000000380)='syzkaller\x00', 0x8, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000400)={0x0, 0x7, 0x80000001, 0xaaf5}, 0x10, 0x0, 0x0, 0x5, &(0x7f00000005c0)=[0x1, r0, r0, r0, r0, r0, r0, r0, r0], &(0x7f0000000600)=[{0x3, 0x3, 0xf, 0x9}, {0x2, 0x5, 0xf, 0x6}, {0x5, 0x1, 0x5, 0xb}, {0x3, 0x5, 0xe, 0xb}, {0x1, 0x2, 0xc, 0x1}], 0x10, 0x2}, 0x90) fallocate(r1, 0x20, 0x2, 0x400) r2 = open(&(0x7f0000000040)='./bus\x00', 0x145142, 0x0) mount_setattr(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000300)={0x100023, 0x78}, 0x20) ftruncate(r2, 0x2007ffc) write$P9_RSTAT(0xffffffffffffffff, &(0x7f00000004c0)=ANY=[], 0x60000) bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000002f00)={0x0, 0x0}, 0x8) bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000000), 0x4) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000b00)={@ifindex, 0xffffffffffffffff, 0x2b, 0x1b, 0xffffffffffffffff, @link_id=r3}, 0x20) ioctl$BTRFS_IOC_INO_PATHS(0xffffffffffffffff, 0xc0389423, &(0x7f0000000040)={0x0, 0x18, [0x9, 0x2], &(0x7f0000000000)=[0x0, 0x0, 0x0]}) socket$nl_route(0x10, 0x3, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x6}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$sock_inet_tcp_SIOCINQ(r0, 0x541b, &(0x7f0000000300)) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000440)={{r4}, &(0x7f0000000340), &(0x7f0000000280)=r5}, 0x20) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r6 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r9 = syz_open_dev$video(&(0x7f0000000080), 0x0, 0x0) ioctl$VIDIOC_QUERYCTRL(r9, 0xc0445624, &(0x7f00000000c0)={0x8000001, 0x0, "679c51ecbc83d1e22e845e3ede57135adc714d432546da16827000"}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) 131.249669ms ago: executing program 0 (id=1909): io_uring_setup(0x497c, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000000feffff720a00fef8ffffff71a400fe0000000071101000000000001d300200000000004704000001ed030407030000020000001d440000000000006b0a20fe0000000072030000000a0000e500f9ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616276fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a26048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdec86f9b1eb93d491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f806694d461b76a58d88cf0f520310a1e80dc18cde9ad662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a090f3b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48) ioctl$KVM_SET_GUEST_DEBUG(0xffffffffffffffff, 0x4048ae9b, &(0x7f00000004c0)={0x20003}) r3 = syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) syz_usb_control_io(r3, &(0x7f0000000300)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB='\x00'], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_open_dev$hidraw(&(0x7f0000000080), 0xa0000004000, 0x2c0280) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) chown(0x0, 0x0, 0x0) syz_emit_ethernet(0x6e, &(0x7f0000000540)=ANY=[@ANYBLOB="ff"], 0x0) recvmmsg(r4, &(0x7f00000078c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) clock_gettime(0x0, 0x0) syz_mount_image$nilfs2(&(0x7f0000000040), &(0x7f0000000340)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[], 0x1, 0xaa6, &(0x7f0000001100)="$eJzs3U2MW0cBAOCxd73JJilxSkKXNLQJhbb8dNNslvATQVIlQiJqKsSlUsUlStMSEYJEkYCqEklO3GhVBYkTP+LUS1UQEr2gqCculWikCqmnwoEDURCVOEAgcRXvjNee2H22s+tnx98njcfz5j3PvOfn5/c7E4CpVW2+Li8vVEK4+PrLR//x4N/nbw451Bqj3nydbUvVQgiVmJ7NPu/dmZX4+nsvnOwWV8JS8zWlwxNXW9NuDiGcC7vDpVAPOy9efunNpcePnz92Yc9brxy8sj5zDwAA0+Xrlw4u7/jrn+/ddu3V+w6HDa3haf+8HtNb4n7/4bjjn/b/q6EzXWkL7eay8WZjqM53jjfTZbz2cmrZeLM9yp/Lyq/1GG9D+ODyZ9qGdZtvmGRpPa6HSnWxI12tLi6uHJOH5nH9XGXx7OkzzzxXUkWBNffv+0MIu9vCkQud6XELh8agDkOGxhjUYSLD4dGVda2xovR5HlFobC17CwSwIr9eeItz+ZmF29P6tNn+yr/6WLX79LAGRr3+D1T+XMnlB+X/5rwtDmvnTl2b0nyl39GWmM6vI+T3L/X+/eVXOjqH5tcjan3Ws9d1hEm5vtCrnjMjrsewetU/Xy/uVF+OcVoOX8ny238/+Xc6Kd8x0N1/8vP/giCMdwgd6drtfFaj5O0PML7y++Ya6fpolN/Xl+dvKMjfWJA/X5C/qSB/c0E+TLPfff+n4cXK6nF+fkw/6PnwdJ7trhh/aMD65OcjBy0/v+93ULdbfn4/MYyzP5x48tQXnn7q8sr9/5XW+n8jru/pcKMef1uX4gjpfGF+Xr1173+9s5xqj/HuzupzV5fxm++3d45X2b76OaFtO3NLPRY6p9vaa7xdnePVs/HmY9iY1TffP9mUTZf2P9J2NS2v2Wx+a9l8zGX1SNuVbTHO6wHDSOtjr/v/0/q5EGqVZ06fOfVoTKf19E8ztQ03h+8bcb2B29fv8z8LofP5ny2t4bVq+3Zh6+rwysp24bX4eZ3Dl1rldA7fH9Ppf+5bM/PN4Ysnv3vm6bWffZhqz/3o+W+fOHPm1Pe8GfrNV8ejGoO8SYct41Ifb8buTckbJmDd7f3xyk7AI6e/c+LZU8+eOrv/wIH9S0sHvrh/eW9zv35v+959u3Ml1BZYS6t/+mXXBAAAAAAAAAAAAOjXD44dvfz2G59/Z+X5/9Xn/9Lz/+nO3/T8/0+y5//z5+TTc/DpOcBtXfKb42QNrM5l49Vi+HBW3+1ZOTuy6T4S41Y/fvH5/1Rc3q5rqs892fBaj2TWnMAt7aXMZW2Q5P0FfjzGF2L86wAlqsx3Hxzjovat07qe2qdoa5eioX3gyZG+t7Q2pHZM0vPfXdt1avuyt42gjqy9UTxOWPY8At39c6ra//7X6oyXXhehd5gdbXk/n951otFzL73fHmwA1kbZ/X+m854pPvvHr228GdJoVx/r3F7m7ZfCIP7ydmd63PufXO/y8377Rl1+2fM/6v4/W/3f9b39y3rMqw9X7n9/ceWdtmLDzn7Lz+c/tQO9fbDyr8Xy09w8FPorv/GrrPz8glCf/peVv6nP8m+Z/13Dlf//WH5abA8/0G/5KzWuVDvrkZ83Ttf/8vPGyfVs/lPbnh9Q/jee7zb/Q3bUeCOWD9NsUvqZHVS2H9HaaR++/9/o3Nr2/9uqbLZZy+/D+FxMpw1xus8h7+9k0Pqn+yvS/8CO7PMrBf9v+v+dbF+KcdHvIfX/m9bHevzLb0s3l2VK17os2zt1WwOT6t2puv43EWHjGNRB6D80ZoaYrtVPXMn1bzQa63tCq0CphVP68i/7OKHs8ste/kXy/n/zffi8/988P+//N8/P+//N8+fjN9QrP+//N1+eef+/ef492efm/QMvFOR/tCB/Z/f81mH7vQXT7yrI/1hB/p5W/qGOMVL+fQXT31+Qf3dB/gMF+Z8oyP9kQf6DBfkPt+W39wGd8j9VMP2dLj2PMq3zD9Msfz7P7x+mR7r+0+v3v70gH5hcP3t135GnfvvN+srz/3Ot8yHpOt7hmK7F46cfxnR+3Tu0pW/mvRHTf8vyx/18B0yTvP2M/P/9oYJ8YHKl+7z8vmEKVTZ2Hxzjonareu3nM1k+HePPxPizMX4kxosx3hvjfTFeGlH9WB9HXvv9wRcrq8f7W7P8fu8nz58H6mgnKoSwv8/65OcHBr2fPW/Hb1C3W/6Qj4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACUptp8XV5eqIRw8fWXjz55/PTem0MOtcaoN19n21K11nQhPBrjmRj/Mr65/t4LJ9vjGzGuhKVQCZXW8PDE1VZJm0MI58LucCnUw86Ll196c+nx4+ePXdjz1isHr6zfEgAAAIA73/sBAAD//weuDxQ=") 0s ago: executing program 4 (id=1910): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@newqdisc={0x48, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x10, "0080b70700000000000402000a2e2eff"}}}]}, 0x48}}, 0x0) kernel console output (not intermixed with test programs): RFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 542.418939][T11819] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 542.448827][T11819] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 542.458479][T12228] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 542.468127][T12228] BTRFS info (device loop1): using free-space-tree [ 542.497849][T11819] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 542.538837][T11819] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 542.595188][T11819] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 542.606129][T11819] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 542.617326][T11819] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 542.689509][T11819] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 542.773387][T11819] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 542.808310][T11819] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 542.842709][T11819] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 542.892207][T11819] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 542.914491][T11819] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 542.956510][T11819] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 542.968042][T11819] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 542.980516][T11819] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 542.991531][T11819] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 543.006373][T11819] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 543.024218][T11819] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 543.040951][T11819] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 543.105313][T11819] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 543.171276][T11819] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 543.228583][T11819] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 543.281100][T12228] loop1: detected capacity change from 32768 to 0 [ 543.348934][T12284] loop2: detected capacity change from 0 to 8 [ 543.378638][ T6067] kworker/u8:16: attempt to access beyond end of device [ 543.378638][ T6067] loop1: rw=6145, sector=13440, nr_sectors = 8 limit=0 [ 543.462230][ T6067] kworker/u8:16: attempt to access beyond end of device [ 543.462230][ T6067] loop1: rw=6145, sector=13448, nr_sectors = 8 limit=0 [ 543.482565][T12284] SQUASHFS error: lzo decompression failed, data probably corrupt [ 543.550842][T12284] SQUASHFS error: Failed to read block 0x1dd: -5 [ 543.566011][T12288] loop3: detected capacity change from 0 to 8 [ 543.574346][ T6067] kworker/u8:16: attempt to access beyond end of device [ 543.574346][ T6067] loop1: rw=6145, sector=13456, nr_sectors = 8 limit=0 [ 543.618357][T12284] SQUASHFS error: Unable to read metadata cache entry [1db] [ 543.631597][T12281] BTRFS error (device loop1 state A): Transaction aborted (error -5) [ 543.640685][T12288] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 543.658440][T12284] SQUASHFS error: Unable to read inode 0xa7 [ 543.685656][T12281] BTRFS: error (device loop1 state A) in __btrfs_run_delayed_items:1174: errno=-5 IO failure [ 543.745121][T12281] BTRFS info (device loop1 state EA): forced readonly [ 543.752455][T12281] BTRFS warning (device loop1 state EA): Skipping commit of aborted transaction. [ 543.783760][T12281] BTRFS: error (device loop1 state EA) in cleanup_transaction:2018: errno=-5 IO failure [ 543.860755][T12281] BTRFS error (device loop1 state EMA): remounting read-write after error is not allowed [ 544.051034][T11799] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 544.097792][ T29] audit: type=1804 audit(1720443497.124:393): pid=12228 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1794" name="/newroot/29/file1/file0/bus" dev="loop1" ino=263 res=1 errno=0 [ 544.138398][T11799] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 544.476029][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 544.557960][T12297] cramfs: Error -5 while decompressing! [ 544.564361][T12297] cramfs: ffffffff94928228(26)->ffff88807bc25000(4096) [ 544.571696][T12297] cramfs: Error -3 while decompressing! [ 544.577330][T12297] cramfs: ffffffff94928242(26)->ffff888052074000(4096) [ 544.584661][T12297] cramfs: Error -3 while decompressing! [ 544.590417][T12297] cramfs: ffffffff9492825c(16)->ffff888058475000(4096) [ 544.597889][T12297] cramfs: Error -5 while decompressing! [ 544.610467][T12297] cramfs: ffffffff94928228(26)->ffff88807bc25000(4096) [ 544.644570][ T29] audit: type=1800 audit(1720443497.644:394): pid=12297 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1800" name="file2" dev="loop3" ino=348 res=0 errno=0 [ 544.773291][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 544.821262][T11420] BTRFS info (device loop1 state EA): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 545.261227][T12306] Bluetooth: MGMT ver 1.23 [ 545.844854][ C1] IPv4: Oversized IP packet from 172.20.20.10 [ 545.863655][ C1] IPv4: Oversized IP packet from 172.20.20.10 [ 545.875200][ C1] IPv4: Oversized IP packet from 172.20.20.10 [ 545.903373][ C1] IPv4: Oversized IP packet from 172.20.20.10 [ 545.922298][ C1] IPv4: Oversized IP packet from 172.20.20.10 [ 545.930114][ C1] IPv4: Oversized IP packet from 172.20.20.10 [ 545.939140][ C1] IPv4: Oversized IP packet from 172.20.20.10 [ 545.950660][ C1] IPv4: Oversized IP packet from 172.20.20.10 [ 545.990734][ C1] IPv4: Oversized IP packet from 172.20.20.10 [ 545.999916][ C1] IPv4: Oversized IP packet from 172.20.20.10 [ 546.053304][ T6087] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 546.280329][T12173] af_packet: tpacket_rcv: packet too big, clamped from 60 to 4294967272. macoff=96 [ 546.590056][ T6087] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 546.930635][ T6087] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 547.100318][T12336] can0: slcan on ptm0. [ 547.450730][ T6087] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 547.810360][ T5095] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 547.844973][ T5095] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 547.855596][ T5095] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 547.875144][ T5095] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 547.890796][ T5095] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 547.899578][ T5095] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 548.361030][T12333] can0 (unregistered): slcan off ptm0. [ 548.668666][ T6087] bridge_slave_1: left allmulticast mode [ 548.674401][ T6087] bridge_slave_1: left promiscuous mode [ 548.744975][ T6087] bridge0: port 2(bridge_slave_1) entered disabled state [ 548.806909][ T6087] bridge_slave_0: left allmulticast mode [ 548.851501][ T6087] bridge_slave_0: left promiscuous mode [ 548.857372][ T6087] bridge0: port 1(bridge_slave_0) entered disabled state [ 548.875256][T12348] kexec: Could not allocate control_code_buffer [ 549.516044][T12395] netlink: 512 bytes leftover after parsing attributes in process `syz.2.1826'. [ 549.593216][T12395] nbd: must specify a device to reconfigure [ 550.079051][ T5095] Bluetooth: hci1: command tx timeout [ 550.432963][T12420] loop2: detected capacity change from 0 to 1024 [ 550.453464][T12420] hfsplus: Filesystem is marked locked, mounting read-only. [ 550.617694][T12421] input: syz0 as /devices/virtual/input/input14 [ 550.717351][T11163] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 550.741567][T11163] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 550.778717][T11163] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 550.841180][T11163] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 550.872457][T11163] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 550.887475][T11163] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 551.105861][ T6087] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 551.147080][ T6087] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 551.182372][ T6087] bond0 (unregistering): Released all slaves [ 552.160516][T11163] Bluetooth: hci1: command tx timeout [ 552.959926][T11163] Bluetooth: hci6: command tx timeout [ 553.102466][T12366] chnl_net:caif_netlink_parms(): no params data found [ 554.054071][ T6087] hsr_slave_0: left promiscuous mode [ 554.080547][ T6087] hsr_slave_1: left promiscuous mode [ 554.136100][ T6087] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 554.163042][T12458] loop4: detected capacity change from 0 to 512 [ 554.174461][ T6087] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 554.243420][T11163] Bluetooth: hci1: command tx timeout [ 554.254599][ T6087] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 554.298741][T12458] EXT4-fs (loop4): filesystem is read-only [ 554.306255][T12458] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 554.323291][ T6087] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 554.416153][T12458] EXT4-fs (loop4): filesystem is read-only [ 554.452153][T12458] EXT4-fs (loop4): orphan cleanup on readonly fs [ 554.475571][ T6087] veth1_macvtap: left promiscuous mode [ 554.538480][ T6087] veth0_macvtap: left promiscuous mode [ 554.547164][ T6087] veth1_vlan: left promiscuous mode [ 554.566760][ T6087] veth0_vlan: left promiscuous mode [ 554.595213][T12458] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.1836: bg 0: block 64: padding at end of block bitmap is not set [ 554.655090][T12458] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 554.781502][T12458] EXT4-fs (loop4): 1 orphan inode deleted [ 554.853735][T12455] slcan: can't register candev [ 554.869716][T12455] Falling back ldisc for ptm0. [ 554.882119][T12458] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 555.038789][T11163] Bluetooth: hci6: command tx timeout [ 555.107760][T12463] kexec: Could not allocate control_code_buffer [ 556.319729][T11163] Bluetooth: hci1: command tx timeout [ 556.781672][ T6087] team0 (unregistering): Port device team_slave_1 removed [ 556.937935][ T6087] team0 (unregistering): Port device team_slave_0 removed [ 557.119685][T11163] Bluetooth: hci6: command tx timeout [ 559.219485][T11163] Bluetooth: hci6: command tx timeout [ 559.398644][T12487] loop3: detected capacity change from 0 to 16 [ 559.437998][T12366] bridge0: port 1(bridge_slave_0) entered blocking state [ 559.466227][T12487] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 559.491299][T12366] bridge0: port 1(bridge_slave_0) entered disabled state [ 559.521967][T12366] bridge_slave_0: entered allmulticast mode [ 559.551703][T12366] bridge_slave_0: entered promiscuous mode [ 559.619287][T12366] bridge0: port 2(bridge_slave_1) entered blocking state [ 559.626505][T12366] bridge0: port 2(bridge_slave_1) entered disabled state [ 559.645734][T12366] bridge_slave_1: entered allmulticast mode [ 559.712142][T12366] bridge_slave_1: entered promiscuous mode [ 559.740628][T12422] chnl_net:caif_netlink_parms(): no params data found [ 559.977213][T12366] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 560.057949][T12366] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 560.357188][T12366] team0: Port device team_slave_0 added [ 560.422260][T12366] team0: Port device team_slave_1 added [ 560.956026][T12366] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 560.998295][T12366] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 561.122905][T12366] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 561.230563][T12366] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 561.237577][T12366] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 561.335573][T12366] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 561.464378][T12422] bridge0: port 1(bridge_slave_0) entered blocking state [ 561.498500][T12422] bridge0: port 1(bridge_slave_0) entered disabled state [ 561.517806][T12422] bridge_slave_0: entered allmulticast mode [ 561.558920][T12422] bridge_slave_0: entered promiscuous mode [ 561.630956][T12422] bridge0: port 2(bridge_slave_1) entered blocking state [ 561.657429][T12422] bridge0: port 2(bridge_slave_1) entered disabled state [ 561.723691][T12422] bridge_slave_1: entered allmulticast mode [ 561.769133][T12422] bridge_slave_1: entered promiscuous mode [ 562.124801][T12366] hsr_slave_0: entered promiscuous mode [ 562.177486][T12366] hsr_slave_1: entered promiscuous mode [ 562.236047][T12366] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 562.274464][T12366] Cannot create hsr debugfs directory [ 562.288360][ T1792] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 562.301562][T12422] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 562.345059][T12422] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 562.494117][ T1792] usb 3-1: config 0 has no interfaces? [ 562.518371][ T1792] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 562.551193][ T1792] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 562.597400][ T1792] usb 3-1: config 0 descriptor?? [ 562.794032][T12422] team0: Port device team_slave_0 added [ 562.994605][T12422] team0: Port device team_slave_1 added [ 563.039052][ T9] usb 3-1: USB disconnect, device number 18 [ 563.240905][T12525] can0: slcan on ptm0. [ 563.439654][T12422] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 563.446676][T12422] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 563.584630][T12422] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 563.602337][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.609139][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.773773][T12422] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 563.828278][T12422] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 563.938618][T12422] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 564.479635][T12522] can0 (unregistered): slcan off ptm0. [ 564.831942][T12422] hsr_slave_0: entered promiscuous mode [ 564.897355][T12422] hsr_slave_1: entered promiscuous mode [ 564.938413][T12422] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 564.947530][T12528] kexec: Could not allocate control_code_buffer [ 564.968719][T12422] Cannot create hsr debugfs directory [ 565.280006][ T5095] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 565.304047][ T5095] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 565.314349][ T5095] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 565.338445][ T5095] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 565.346485][ T5095] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 565.354745][ T5095] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 565.433196][T12558] loop3: detected capacity change from 0 to 16 [ 565.456836][T12558] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 566.577054][ T1792] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 566.785851][ T1792] usb 4-1: config 0 has no interfaces? [ 566.792555][ T1792] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 566.837683][ T1792] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 566.917319][ T1792] usb 4-1: config 0 descriptor?? [ 567.374656][T12557] loop2: detected capacity change from 0 to 32768 [ 567.447395][T11163] Bluetooth: hci7: command tx timeout [ 567.481223][T12557] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 567.691899][ T7046] usb 4-1: USB disconnect, device number 13 [ 567.721860][T12366] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 567.884971][T12557] XFS (loop2): Ending clean mount [ 568.088769][T12557] XFS (loop2): Corruption warning: Metadata has LSN (1:1536) ahead of current LSN (1:640). Please unmount and run xfs_repair (>= v4.3) to resolve. [ 568.173838][T12422] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 568.228422][T12557] XFS (loop2): Metadata CRC error detected at xfs_inobt_read_verify+0x41/0xd0, xfs_finobt block 0x10 [ 568.315473][T12557] XFS (loop2): Unmount and run xfs_repair [ 568.325666][T12366] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 568.395973][T12553] chnl_net:caif_netlink_parms(): no params data found [ 568.405613][T12557] XFS (loop2): First 128 bytes of corrupted metadata buffer: [ 568.457648][T12557] 00000000: 46 49 42 33 00 00 00 01 ff ff ff ff ff ff ff ff FIB3............ [ 568.507234][T12557] 00000010: 00 00 00 00 00 00 00 10 00 00 00 01 00 00 06 00 ................ [ 568.580726][T12557] 00000020: 00 00 47 fc 10 d8 4e ed a5 62 11 a8 31 b3 f7 91 ..G...N..b..1... [ 568.649631][T12557] 00000030: 00 00 00 00 37 43 cf 4c 00 00 24 40 00 00 40 37 ....7C.L..$@..@7 [ 568.674378][T12557] 00000040: ff ff ff ff ff ff fe 00 00 00 00 00 00 00 00 00 ................ [ 568.743270][T12422] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 568.789156][T12557] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 568.848449][T12557] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 568.900175][T12557] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 569.036552][T12557] XFS (loop2): metadata I/O error in "xfs_btree_read_buf_block+0x36f/0x5b0" at daddr 0x10 len 4 error 74 [ 569.101226][T12366] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 569.204836][T12366] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 569.389257][T11357] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 569.469204][T11357] XFS (loop2): Uncorrected metadata errors detected; please run xfs_repair. [ 569.528473][T11163] Bluetooth: hci7: command tx timeout [ 569.822513][T12422] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 569.980442][T12596] loop3: detected capacity change from 0 to 128 [ 570.217045][T12596] VFS: could not find a valid V7 on loop3. [ 570.535197][T12422] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 570.733669][T12553] bridge0: port 1(bridge_slave_0) entered blocking state [ 570.778561][T12553] bridge0: port 1(bridge_slave_0) entered disabled state [ 570.823896][T12553] bridge_slave_0: entered allmulticast mode [ 570.860232][T12553] bridge_slave_0: entered promiscuous mode [ 570.934379][T12553] bridge0: port 2(bridge_slave_1) entered blocking state [ 570.944800][T12596] loop3: detected capacity change from 0 to 4096 [ 571.008767][T12553] bridge0: port 2(bridge_slave_1) entered disabled state [ 571.016169][T12553] bridge_slave_1: entered allmulticast mode [ 571.081134][T12553] bridge_slave_1: entered promiscuous mode [ 571.134971][T12614] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 571.365729][ T29] audit: type=1800 audit(1720444036.389:395): pid=12596 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1864" name="bus" dev="loop3" ino=18 res=0 errno=0 [ 571.480628][T12553] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 571.509043][T12611] can0: slcan on ptm0. [ 571.564566][T12553] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 571.609668][T11163] Bluetooth: hci7: command tx timeout [ 571.953323][T12553] team0: Port device team_slave_0 added [ 571.999899][T12553] team0: Port device team_slave_1 added [ 572.221868][T12609] can0 (unregistered): slcan off ptm0. [ 572.537732][T12616] kexec: Could not allocate control_code_buffer [ 572.547473][T12553] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 572.581856][T12553] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 572.607869][ C0] vkms_vblank_simulate: vblank timer overrun [ 572.735010][T12553] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 572.971036][T12553] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 573.004159][T12553] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 573.030106][ C0] vkms_vblank_simulate: vblank timer overrun [ 573.109032][T12553] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 573.213174][T12627] loop2: detected capacity change from 0 to 4096 [ 573.244578][T12627] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 573.335655][T12422] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 573.365134][T12627] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 573.431143][T12627] ntfs3: loop2: mft corrupted [ 573.436000][T12627] ntfs3: loop2: Failed to load $Extend (-22). [ 573.499886][T12627] ntfs3: loop2: Failed to initialize $Extend. [ 573.587421][T12553] hsr_slave_0: entered promiscuous mode [ 573.649728][T12553] hsr_slave_1: entered promiscuous mode [ 573.661337][T12553] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 573.678624][T11163] Bluetooth: hci7: command tx timeout [ 573.686609][T12553] Cannot create hsr debugfs directory [ 573.764661][T12422] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 573.814118][T12422] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 573.898648][T12422] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 574.040151][T12635] loop2: detected capacity change from 0 to 2048 [ 574.159881][T12635] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 574.186642][T12635] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4 [ 574.234681][T12635] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 574.503515][T12366] 8021q: adding VLAN 0 to HW filter on device bond0 [ 574.974435][T12366] 8021q: adding VLAN 0 to HW filter on device team0 [ 575.116165][T12651] dns_resolver: Unsupported content type (98) [ 575.226601][T12651] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 575.316433][T12553] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 575.711124][T12553] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 575.835713][ T5145] bridge0: port 1(bridge_slave_0) entered blocking state [ 575.843010][ T5145] bridge0: port 1(bridge_slave_0) entered forwarding state [ 576.119621][T12553] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 576.143883][T12639] loop3: detected capacity change from 0 to 32768 [ 576.199728][ T5230] bridge0: port 2(bridge_slave_1) entered blocking state [ 576.206927][ T5230] bridge0: port 2(bridge_slave_1) entered forwarding state [ 576.296010][T12661] loop2: detected capacity change from 0 to 128 [ 576.329344][T12661] VFS: could not find a valid V7 on loop2. [ 576.378952][T12639] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 576.529007][T12553] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 576.733806][T12422] 8021q: adding VLAN 0 to HW filter on device bond0 [ 576.831893][T12366] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 576.849030][T12639] XFS (loop3): Ending clean mount [ 576.957324][ T5145] XFS (loop3): Corruption warning: Metadata has LSN (1:1536) ahead of current LSN (1:640). Please unmount and run xfs_repair (>= v4.3) to resolve. [ 576.983122][T12661] loop2: detected capacity change from 0 to 4096 [ 576.992917][ T5145] XFS (loop3): Metadata CRC error detected at xfs_inobt_read_verify+0x41/0xd0, xfs_finobt block 0x10 [ 577.043423][T12422] 8021q: adding VLAN 0 to HW filter on device team0 [ 577.082342][ T5145] XFS (loop3): Unmount and run xfs_repair [ 577.088120][ T5145] XFS (loop3): First 128 bytes of corrupted metadata buffer: [ 577.167848][ T5145] 00000000: 46 49 42 33 00 00 00 01 ff ff ff ff ff ff ff ff FIB3............ [ 577.218650][T12672] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 577.242240][ T5145] 00000010: 00 00 00 00 00 00 00 10 00 00 00 01 00 00 06 00 ................ [ 577.300752][ T5145] 00000020: 00 00 47 fc 10 d8 4e ed a5 62 11 a8 31 b3 f7 91 ..G...N..b..1... [ 577.342832][ T5145] 00000030: 00 00 00 00 37 43 cf 4c 00 00 24 40 00 00 40 37 ....7C.L..$@..@7 [ 577.398959][ T5145] 00000040: ff ff ff ff ff ff fe 00 00 00 00 00 00 00 00 00 ................ [ 577.414907][ T7460] bridge0: port 1(bridge_slave_0) entered blocking state [ 577.422170][ T7460] bridge0: port 1(bridge_slave_0) entered forwarding state [ 577.455831][ T5145] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 577.480704][ T29] audit: type=1800 audit(1720444042.509:396): pid=12661 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1874" name="bus" dev="loop2" ino=18 res=0 errno=0 [ 577.532240][ T5145] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 577.575300][ T5145] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 577.587901][T12553] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 577.609076][T12639] XFS (loop3): metadata I/O error in "xfs_btree_read_buf_block+0x36f/0x5b0" at daddr 0x10 len 4 error 74 [ 577.639399][T12553] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 577.668040][ T7460] bridge0: port 2(bridge_slave_1) entered blocking state [ 577.675352][ T7460] bridge0: port 2(bridge_slave_1) entered forwarding state [ 577.731118][T12553] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 577.788971][T11336] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 577.801706][T12553] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 577.823788][T11336] XFS (loop3): Uncorrected metadata errors detected; please run xfs_repair. [ 578.070677][T12422] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 578.221124][T12366] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 578.779973][T12366] veth0_vlan: entered promiscuous mode [ 578.893188][T12553] 8021q: adding VLAN 0 to HW filter on device bond0 [ 578.946961][T12366] veth1_vlan: entered promiscuous mode [ 579.161875][T12553] 8021q: adding VLAN 0 to HW filter on device team0 [ 579.483661][ T7059] bridge0: port 1(bridge_slave_0) entered blocking state [ 579.490979][ T7059] bridge0: port 1(bridge_slave_0) entered forwarding state [ 579.841062][ T7059] bridge0: port 2(bridge_slave_1) entered blocking state [ 579.848376][ T7059] bridge0: port 2(bridge_slave_1) entered forwarding state [ 580.162000][T12366] veth0_macvtap: entered promiscuous mode [ 580.184635][T12422] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 580.256469][T12366] veth1_macvtap: entered promiscuous mode [ 580.398785][ T5230] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 580.533169][T12366] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 580.578993][T12366] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 580.639631][T12366] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 580.658382][ T5230] usb 3-1: config 0 has no interfaces? [ 580.663963][ T5230] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 580.685012][T12366] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 580.721560][ T5230] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 580.736337][T12366] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 580.767204][ T5230] usb 3-1: config 0 descriptor?? [ 580.798349][T12366] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 580.838294][T12366] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 580.886653][T12366] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 580.958280][T12366] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 580.998260][T12366] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 581.064582][T12366] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 581.210679][T12366] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 581.258419][T12366] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 581.302062][T12366] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 581.339740][T12366] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 581.378361][T12366] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 581.428492][T12366] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 581.458340][T12366] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 581.488364][T12366] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 581.519177][T12366] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 581.548422][T12366] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 581.582613][T12366] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 581.620577][ T7046] usb 3-1: USB disconnect, device number 19 [ 581.797313][T12422] veth0_vlan: entered promiscuous mode [ 581.886142][T12422] veth1_vlan: entered promiscuous mode [ 581.950079][T12366] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 581.978544][T12366] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 582.028505][T12366] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 582.058993][T12366] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 582.133636][T12553] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 582.383255][ T6064] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 582.784082][ T6064] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 583.073660][ T6064] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 583.504523][ T6064] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 583.659990][T12422] veth0_macvtap: entered promiscuous mode [ 584.156727][T12173] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 584.464281][T12173] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 584.664612][T12422] veth1_macvtap: entered promiscuous mode [ 584.726987][ T5095] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 584.744774][ T5095] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 584.760530][ T5095] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 584.793114][ T5095] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 584.811704][ T5095] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 584.830676][ T5095] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 584.924726][T11799] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 584.943383][T11799] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 584.955738][T12553] veth0_vlan: entered promiscuous mode [ 585.018548][ T9] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 585.059598][T12422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 585.097650][T12422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 585.118079][T12422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 585.138494][T12422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 585.158383][T12422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 585.178726][T12422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 585.201598][T12422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 585.224441][T12422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 585.244306][T12422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 585.258445][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 585.265417][T12422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 585.277237][ T9] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 585.308285][ T9] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 585.308452][T12422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 585.318068][ T9] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 255 [ 585.318102][ T9] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 585.378767][T12422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 585.423087][T12422] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 585.428328][ T9] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 585.439631][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 585.459178][T12422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 585.479491][T12422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 585.491356][T12422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 585.505475][T12422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 585.515618][T12422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 585.527837][T12422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 585.539127][T12422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 585.550347][T12422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 585.561015][T12422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 585.572280][T12422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 585.608306][T12422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 585.629324][T12422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 585.661796][T12422] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 585.854499][T12422] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 585.919144][T12422] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 585.928017][T12422] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 585.995808][T12422] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 586.051742][T12553] veth1_vlan: entered promiscuous mode [ 586.103794][ T9] usb 3-1: GET_CAPABILITIES returned 0 [ 586.138302][ T9] usbtmc 3-1:16.0: can't read capabilities [ 586.242665][ T6064] bridge_slave_1: left allmulticast mode [ 586.256177][ T6064] bridge_slave_1: left promiscuous mode [ 586.284077][ T6064] bridge0: port 2(bridge_slave_1) entered disabled state [ 586.341267][ T6064] bridge_slave_0: left allmulticast mode [ 586.347038][ T6064] bridge_slave_0: left promiscuous mode [ 586.418771][ T7046] usb 3-1: USB disconnect, device number 20 [ 586.444540][ T6064] bridge0: port 1(bridge_slave_0) entered disabled state [ 586.962343][ T5095] Bluetooth: hci3: command tx timeout [ 588.299078][T12730] loop2: detected capacity change from 0 to 512 [ 588.329074][T12730] EXT4-fs: Ignoring removed orlov option [ 588.401390][T12730] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -13 [ 588.433000][T12730] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.1888: invalid indirect mapped block 2683928664 (level 1) [ 588.496806][T12730] EXT4-fs (loop2): 1 truncate cleaned up [ 588.509804][T12730] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 588.789944][T12730] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 588.822711][T12736] loop1: detected capacity change from 0 to 1024 [ 588.951685][T12736] hfsplus: Filesystem is marked locked, mounting read-only. [ 589.005014][T12730] EXT4-fs error (device loop2): ext4_find_dest_de:2066: inode #2: block 13: comm syz.2.1888: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 589.039760][ T5095] Bluetooth: hci3: command tx timeout [ 589.499078][T11357] EXT4-fs error (device loop2): htree_dirblock_to_tree:1111: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 589.635996][T11357] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:483: comm syz-executor: Invalid block bitmap block 3 in block_group 0 [ 589.726126][T11357] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 589.779932][T11357] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2234: inode #15: comm syz-executor: corrupted in-inode xattr: e_value out of bounds [ 589.848630][T11357] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2234: inode #15: comm syz-executor: corrupted in-inode xattr: e_value out of bounds [ 590.328827][ T6064] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 590.429118][ T6064] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 590.462249][ T6064] bond0 (unregistering): Released all slaves [ 591.119253][ T5095] Bluetooth: hci3: command tx timeout [ 591.141402][T11357] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 592.666538][ T6064] hsr_slave_0: left promiscuous mode [ 592.688812][ T6064] hsr_slave_1: left promiscuous mode [ 592.808628][ T6064] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 592.856128][ T6064] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 592.938777][ T6064] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 592.946298][ T6064] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 593.067839][ C0] net_ratelimit: 22 callbacks suppressed [ 593.067866][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 593.672840][ T5095] Bluetooth: hci3: command tx timeout [ 593.896586][ T6064] veth1_macvtap: left promiscuous mode [ 593.926838][ T6064] veth0_macvtap: left promiscuous mode [ 593.958700][ T6064] veth1_vlan: left promiscuous mode [ 593.968455][ T6064] veth0_vlan: left promiscuous mode [ 594.249392][T11163] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 594.267787][T11163] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 594.273384][T12758] dns_resolver: Unsupported content type (98) [ 594.285068][T11163] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 594.293652][T11163] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 594.323495][T11163] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 594.343054][T11163] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 594.479025][T12758] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 596.399009][ T5095] Bluetooth: hci5: command tx timeout [ 596.887100][ T6064] team0 (unregistering): Port device team_slave_1 removed [ 597.223999][ T6064] team0 (unregistering): Port device team_slave_0 removed [ 598.238243][ C1] DEBUG: waiting rtnl_mutex for 585 jiffies. [ 598.245270][ C1] task:syz-executor state:D stack:18672 pid:12553 tgid:12553 ppid:12539 flags:0x00004000 [ 598.255619][ C1] Call Trace: [ 598.258985][ C1] [ 598.261962][ C1] __schedule+0x1800/0x4a60 [ 598.266562][ C1] ? __pfx___schedule+0x10/0x10 [ 598.271547][ C1] ? __pfx_lock_release+0x10/0x10 [ 598.276639][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 598.282230][ C1] ? schedule+0x90/0x320 [ 598.286515][ C1] schedule+0x14b/0x320 [ 598.290784][ C1] schedule_preempt_disabled+0x13/0x30 [ 598.296327][ C1] __mutex_lock+0x6a4/0xd70 [ 598.300943][ C1] ? __mutex_lock+0x527/0xd70 [ 598.305684][ C1] ? rtnetlink_rcv_msg+0x847/0x1180 [ 598.311000][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 598.316103][ C1] ? get_rtnl_holder+0x144/0x190 [ 598.321165][ C1] rtnetlink_rcv_msg+0x847/0x1180 [ 598.326255][ C1] ? rtnetlink_rcv_msg+0x208/0x1180 [ 598.331630][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 598.337165][ C1] ? __local_bh_enable_ip+0x168/0x200 [ 598.342657][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 598.347923][ C1] ? __local_bh_enable_ip+0x168/0x200 [ 598.353490][ C1] ? dev_hard_start_xmit+0x773/0x7e0 [ 598.358871][ C1] ? __dev_queue_xmit+0x2da/0x3e90 [ 598.364039][ C1] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 598.369877][ C1] ? __dev_queue_xmit+0x2da/0x3e90 [ 598.375045][ C1] ? __dev_queue_xmit+0x1763/0x3e90 [ 598.380364][ C1] ? kasan_save_track+0x51/0x80 [ 598.385280][ C1] ? do_syscall_64+0xf3/0x230 [ 598.390072][ C1] ? __dev_queue_xmit+0x2da/0x3e90 [ 598.395241][ C1] ? __pfx___dev_queue_xmit+0x10/0x10 [ 598.400764][ C1] ? ref_tracker_free+0x643/0x7e0 [ 598.405947][ C1] netlink_rcv_skb+0x1e3/0x430 [ 598.410833][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 598.416362][ C1] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 598.421796][ C1] ? netlink_deliver_tap+0x2e/0x1b0 [ 598.427037][ C1] netlink_unicast+0x7f0/0x990 [ 598.431987][ C1] ? __pfx_netlink_unicast+0x10/0x10 [ 598.437383][ C1] ? __virt_addr_valid+0x183/0x530 [ 598.442633][ C1] ? __check_object_size+0x49c/0x900 [ 598.447982][ C1] ? bpf_lsm_netlink_send+0x9/0x10 [ 598.453219][ C1] netlink_sendmsg+0x8e4/0xcb0 [ 598.458052][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 598.463432][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 598.469517][ C1] ? aa_sock_msg_perm+0x91/0x160 [ 598.474518][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 598.479951][ C1] ? security_socket_sendmsg+0x87/0xb0 [ 598.485480][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 598.490884][ C1] __sock_sendmsg+0x221/0x270 [ 598.495631][ C1] __sys_sendto+0x3a4/0x4f0 [ 598.500243][ C1] ? __pfx___sys_sendto+0x10/0x10 [ 598.505347][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 598.511441][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 598.517925][ C1] __x64_sys_sendto+0xde/0x100 [ 598.522817][ C1] do_syscall_64+0xf3/0x230 [ 598.527371][ C1] ? clear_bhb_loop+0x35/0x90 [ 598.532161][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 598.538113][ C1] RIP: 0033:0x7f403457796c [ 598.542630][ C1] RSP: 002b:00007ffc524cfbf0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 598.551186][ C1] RAX: ffffffffffffffda RBX: 00007f4035234620 RCX: 00007f403457796c [ 598.559258][ C1] RDX: 0000000000000028 RSI: 00007f4035234670 RDI: 0000000000000003 [ 598.567262][ C1] RBP: 0000000000000000 R08: 00007ffc524cfc44 R09: 000000000000000c [ 598.575349][ C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 598.583443][ C1] R13: 0000000000000000 R14: 00007f4035234670 R15: 0000000000000000 [ 598.591568][ C1] [ 598.594632][ C1] DEBUG: waiting rtnl_mutex for 615 jiffies. [ 598.600724][ C1] task:kworker/u8:24 state:D stack:20016 pid:6087 tgid:6087 ppid:2 flags:0x00004000 [ 598.611010][ C1] Workqueue: ipv6_addrconf addrconf_dad_work [ 598.617143][ C1] Call Trace: [ 598.620597][ C1] [ 598.623570][ C1] __schedule+0x1800/0x4a60 [ 598.628159][ C1] ? __pfx___schedule+0x10/0x10 [ 598.633114][ C1] ? __pfx_lock_release+0x10/0x10 [ 598.638264][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 598.643776][ C1] ? kthread_data+0x52/0xd0 [ 598.648375][ C1] ? schedule+0x90/0x320 [ 598.652669][ C1] ? wq_worker_sleeping+0x66/0x240 [ 598.658236][ C1] ? schedule+0x90/0x320 [ 598.662634][ C1] schedule+0x14b/0x320 [ 598.666848][ C1] schedule_preempt_disabled+0x13/0x30 [ 598.672426][ C1] __mutex_lock+0x6a4/0xd70 [ 598.676992][ C1] ? mark_lock+0x9a/0x360 [ 598.681431][ C1] ? __mutex_lock+0x527/0xd70 [ 598.686218][ C1] ? addrconf_dad_work+0xd0/0x16f0 [ 598.691462][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 598.696601][ C1] ? get_rtnl_holder+0x144/0x190 [ 598.701659][ C1] addrconf_dad_work+0xd0/0x16f0 [ 598.706686][ C1] ? __pfx_addrconf_dad_work+0x10/0x10 [ 598.712271][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 598.718716][ C1] ? process_scheduled_works+0x945/0x1830 [ 598.724507][ C1] process_scheduled_works+0xa2c/0x1830 [ 598.730218][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 598.736274][ C1] ? assign_work+0x364/0x3d0 [ 598.741005][ C1] worker_thread+0x86d/0xd40 [ 598.745692][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 598.751708][ C1] ? __kthread_parkme+0x169/0x1d0 [ 598.756836][ C1] ? __pfx_worker_thread+0x10/0x10 [ 598.762072][ C1] kthread+0x2f0/0x390 [ 598.766222][ C1] ? __pfx_worker_thread+0x10/0x10 [ 598.771472][ C1] ? __pfx_kthread+0x10/0x10 [ 598.776152][ C1] ret_from_fork+0x4b/0x80 [ 598.780677][ C1] ? __pfx_kthread+0x10/0x10 [ 598.785351][ C1] ret_from_fork_asm+0x1a/0x30 [ 598.790256][ C1] [ 598.793313][ C1] DEBUG: waiting rtnl_mutex for 634 jiffies. [ 598.799412][ C1] task:syz-executor state:D stack:21024 pid:12719 tgid:12719 ppid:12705 flags:0x00000000 [ 598.809716][ C1] Call Trace: [ 598.813039][ C1] [ 598.816454][ C1] __schedule+0x1800/0x4a60 [ 598.821100][ C1] ? __pfx___schedule+0x10/0x10 [ 598.826022][ C1] ? __pfx_lock_release+0x10/0x10 [ 598.831181][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 598.836716][ C1] ? schedule+0x90/0x320 [ 598.841072][ C1] schedule+0x14b/0x320 [ 598.845287][ C1] schedule_preempt_disabled+0x13/0x30 [ 598.850953][ C1] __mutex_lock+0x6a4/0xd70 [ 598.855533][ C1] ? __mutex_lock+0x527/0xd70 [ 598.860334][ C1] ? rtnetlink_rcv_msg+0x847/0x1180 [ 598.865586][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 598.870731][ C1] ? get_rtnl_holder+0x144/0x190 [ 598.875729][ C1] rtnetlink_rcv_msg+0x847/0x1180 [ 598.880880][ C1] ? rtnetlink_rcv_msg+0x208/0x1180 [ 598.886170][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 598.891767][ C1] ? is_bpf_text_address+0x285/0x2a0 [ 598.897127][ C1] ? __pfx_validate_chain+0x10/0x10 [ 598.902445][ C1] ? __pfx_validate_chain+0x10/0x10 [ 598.907701][ C1] ? arch_stack_walk+0x16d/0x1b0 [ 598.912759][ C1] ? mark_lock+0x9a/0x360 [ 598.917165][ C1] ? __pfx_validate_chain+0x10/0x10 [ 598.922490][ C1] ? __lock_acquire+0x1359/0x2000 [ 598.927593][ C1] ? mark_lock+0x9a/0x360 [ 598.932042][ C1] ? __lock_acquire+0x1359/0x2000 [ 598.937140][ C1] netlink_rcv_skb+0x1e3/0x430 [ 598.942066][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 598.947681][ C1] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 598.953118][ C1] ? netlink_deliver_tap+0x2e/0x1b0 [ 598.958409][ C1] netlink_unicast+0x7f0/0x990 [ 598.963243][ C1] ? __pfx_netlink_unicast+0x10/0x10 [ 598.968635][ C1] ? __virt_addr_valid+0x183/0x530 [ 598.973817][ C1] ? __check_object_size+0x49c/0x900 [ 598.979218][ C1] ? bpf_lsm_netlink_send+0x9/0x10 [ 598.984415][ C1] netlink_sendmsg+0x8e4/0xcb0 [ 598.989283][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 598.994614][ C1] ? aa_sock_msg_perm+0x91/0x160 [ 598.999645][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 599.004987][ C1] ? security_socket_sendmsg+0x87/0xb0 [ 599.010559][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 599.015900][ C1] __sock_sendmsg+0x221/0x270 [ 599.020810][ C1] __sys_sendto+0x3a4/0x4f0 [ 599.025368][ C1] ? __pfx___sys_sendto+0x10/0x10 [ 599.030528][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 599.036576][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 599.043037][ C1] __x64_sys_sendto+0xde/0x100 [ 599.047866][ C1] do_syscall_64+0xf3/0x230 [ 599.052497][ C1] ? clear_bhb_loop+0x35/0x90 [ 599.057254][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 599.063279][ C1] RIP: 0033:0x7fc79937796c [ 599.067747][ C1] RSP: 002b:00007ffd0b402980 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 599.076313][ C1] RAX: ffffffffffffffda RBX: 00007fc79a034620 RCX: 00007fc79937796c [ 599.084395][ C1] RDX: 0000000000000044 RSI: 00007fc79a034670 RDI: 0000000000000003 [ 599.092473][ C1] RBP: 0000000000000000 R08: 00007ffd0b4029d4 R09: 000000000000000c [ 599.100550][ C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 599.108604][ C1] R13: 0000000000000000 R14: 00007fc79a034670 R15: 0000000000000000 [ 599.116645][ C1] [ 599.119761][ C1] DEBUG: waiting rtnl_mutex for 667 jiffies. [ 599.125778][ C1] task:syz-executor state:D stack:19728 pid:12422 tgid:12422 ppid:12416 flags:0x00004002 [ 599.136070][ C1] Call Trace: [ 599.139432][ C1] [ 599.142413][ C1] __schedule+0x1800/0x4a60 [ 599.147004][ C1] ? __pfx___schedule+0x10/0x10 [ 599.151973][ C1] ? __pfx_lock_release+0x10/0x10 [ 599.157066][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 599.162668][ C1] ? schedule+0x90/0x320 [ 599.166957][ C1] schedule+0x14b/0x320 [ 599.171230][ C1] schedule_preempt_disabled+0x13/0x30 [ 599.176744][ C1] __mutex_lock+0x6a4/0xd70 [ 599.181408][ C1] ? __mutex_lock+0x527/0xd70 [ 599.186151][ C1] ? ieee80211_register_hw+0x307a/0x3d30 [ 599.191896][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 599.197062][ C1] ? get_rtnl_holder+0x144/0x190 [ 599.202108][ C1] ieee80211_register_hw+0x307a/0x3d30 [ 599.207737][ C1] ? ieee80211_register_hw+0x1081/0x3d30 [ 599.213494][ C1] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 599.219418][ C1] ? __asan_memset+0x23/0x50 [ 599.224063][ C1] ? __hrtimer_init+0x170/0x250 [ 599.229024][ C1] mac80211_hwsim_new_radio+0x2597/0x44d0 [ 599.234824][ C1] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 599.241018][ C1] hwsim_new_radio_nl+0xe4c/0x21d0 [ 599.246203][ C1] ? __pfx___nla_validate_parse+0x10/0x10 [ 599.252038][ C1] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 599.257669][ C1] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 599.264124][ C1] genl_rcv_msg+0xb14/0xec0 [ 599.268739][ C1] ? mark_lock+0x9a/0x360 [ 599.273400][ C1] ? __pfx_genl_rcv_msg+0x10/0x10 [ 599.278558][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 599.283628][ C1] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 599.289358][ C1] ? __pfx___might_resched+0x10/0x10 [ 599.294704][ C1] netlink_rcv_skb+0x1e3/0x430 [ 599.299580][ C1] ? __pfx_genl_rcv_msg+0x10/0x10 [ 599.304659][ C1] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 599.310071][ C1] ? __netlink_deliver_tap+0x77e/0x7c0 [ 599.315676][ C1] genl_rcv+0x28/0x40 [ 599.319742][ C1] netlink_unicast+0x7f0/0x990 [ 599.324577][ C1] ? __pfx_netlink_unicast+0x10/0x10 [ 599.329978][ C1] ? __virt_addr_valid+0x183/0x530 [ 599.335159][ C1] ? __check_object_size+0x49c/0x900 [ 599.340556][ C1] ? bpf_lsm_netlink_send+0x9/0x10 [ 599.345717][ C1] netlink_sendmsg+0x8e4/0xcb0 [ 599.350762][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 599.356107][ C1] ? aa_sock_msg_perm+0x91/0x160 [ 599.361205][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 599.366547][ C1] ? security_socket_sendmsg+0x87/0xb0 [ 599.372122][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 599.377466][ C1] __sock_sendmsg+0x221/0x270 [ 599.382259][ C1] __sys_sendto+0x3a4/0x4f0 [ 599.386809][ C1] ? __pfx___sys_sendto+0x10/0x10 [ 599.391962][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 599.398009][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 599.404460][ C1] __x64_sys_sendto+0xde/0x100 [ 599.409414][ C1] do_syscall_64+0xf3/0x230 [ 599.413967][ C1] ? clear_bhb_loop+0x35/0x90 [ 599.418737][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 599.424688][ C1] RIP: 0033:0x7fe03417796c [ 599.429299][ C1] RSP: 002b:00007ffd062ba560 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 599.437781][ C1] RAX: ffffffffffffffda RBX: 00007fe034e34620 RCX: 00007fe03417796c [ 599.446063][ C1] RDX: 0000000000000024 RSI: 00007fe034e34670 RDI: 0000000000000003 [ 599.454198][ C1] RBP: 0000000000000000 R08: 00007ffd062ba5b4 R09: 000000000000000c [ 599.462291][ C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 599.470366][ C1] R13: 0000000000000000 R14: 00007fe034e34670 R15: 0000000000000000 [ 599.478464][ C1] [ 599.481530][ C1] DEBUG: holding rtnl_mutex for 700 jiffies. [ 599.487543][ C1] task:kworker/u8:15 state:R running task stack:20240 pid:6064 tgid:6064 ppid:2 flags:0x00004000 [ 599.499480][ C1] Workqueue: netns cleanup_net [ 599.504306][ C1] Call Trace: [ 599.507624][ C1] [ 599.510682][ C1] __schedule+0x1800/0x4a60 [ 599.515252][ C1] ? __pfx_validate_chain+0x10/0x10 [ 599.520571][ C1] ? __pfx___schedule+0x10/0x10 [ 599.525472][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 599.531575][ C1] ? preempt_schedule_irq+0xf0/0x1c0 [ 599.536919][ C1] preempt_schedule_irq+0xfb/0x1c0 [ 599.542134][ C1] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 599.547927][ C1] irqentry_exit+0x5e/0x90 [ 599.552450][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 599.558537][ C1] RIP: 0010:lockdep_unregister_key+0x56d/0x610 [ 599.564841][ C1] Code: ff 92 48 c7 c6 10 bc 6f 81 e8 8f 04 0a 00 e8 fa 18 0a 00 e9 e5 fb ff ff e8 c0 62 21 0a 41 f7 c7 00 02 00 00 74 d0 fb 45 84 f6 <75> cf eb e0 90 0f 0b 90 45 31 f6 e9 62 ff ff ff 90 0f 0b 90 e9 a1 [ 599.584566][ C1] RSP: 0018:ffffc9001415f5c0 EFLAGS: 00000246 [ 599.590751][ C1] RAX: dffffc0000000000 RBX: 1ffff9200282bec0 RCX: ffffffff947f4803 [ 599.598827][ C1] RDX: 0000000000000001 RSI: ffffffff8bcad5e0 RDI: ffffffff8c207f20 [ 599.606860][ C1] RBP: ffffc9001415f698 R08: ffffffff93007527 R09: 1ffffffff2600ea4 [ 599.614938][ C1] R10: dffffc0000000000 R11: fffffbfff2600ea5 R12: ffffc9001415f600 [ 599.623034][ C1] R13: 1ffff9200282bebc R14: 0000000000000000 R15: 0000000000000206 [ 599.631317][ C1] ? __pfx_lockdep_unregister_key+0x10/0x10 [ 599.637280][ C1] ? rcu_is_watching+0x15/0xb0 [ 599.642173][ C1] ? qdisc_reset+0x3bf/0x5b0 [ 599.646824][ C1] __qdisc_destroy+0x165/0x410 [ 599.651694][ C1] dev_shutdown+0x9b/0x440 [ 599.656165][ C1] unregister_netdevice_many_notify+0x9c7/0x1d20 [ 599.662626][ C1] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 599.669592][ C1] ? unregister_netdevice_queue+0x26b/0x370 [ 599.675551][ C1] ? batadv_softif_destroy_netlink+0x1e0/0x270 [ 599.681813][ C1] default_device_exit_batch+0xa0f/0xa90 [ 599.687513][ C1] ? __pfx___might_resched+0x10/0x10 [ 599.692906][ C1] ? __pfx_default_device_exit_batch+0x10/0x10 [ 599.699188][ C1] ? cfg802154_pernet_exit+0xc3/0xe0 [ 599.704547][ C1] ? __pfx_default_device_exit_batch+0x10/0x10 [ 599.710843][ C1] cleanup_net+0x89d/0xcc0 [ 599.715326][ C1] ? __pfx_cleanup_net+0x10/0x10 [ 599.720382][ C1] ? process_scheduled_works+0x945/0x1830 [ 599.726147][ C1] process_scheduled_works+0xa2c/0x1830 [ 599.731830][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 599.737879][ C1] ? assign_work+0x364/0x3d0 [ 599.742591][ C1] worker_thread+0x86d/0xd40 [ 599.747266][ C1] ? __kthread_parkme+0x169/0x1d0 [ 599.752426][ C1] ? __pfx_worker_thread+0x10/0x10 [ 599.757590][ C1] kthread+0x2f0/0x390 [ 599.761867][ C1] ? __pfx_worker_thread+0x10/0x10 [ 599.767066][ C1] ? __pfx_kthread+0x10/0x10 [ 599.771791][ C1] ret_from_fork+0x4b/0x80 [ 599.776301][ C1] ? __pfx_kthread+0x10/0x10 [ 599.780999][ C1] ret_from_fork_asm+0x1a/0x30 [ 599.785834][ C1] [ 599.788931][ C1] [ 599.788931][ C1] Showing all locks held in the system: [ 599.796686][ C1] 1 lock held by kswapd0/89: [ 599.802274][ C1] 1 lock held by dhcpcd/4761: [ 599.807084][ C1] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: devinet_ioctl+0x2ce/0x1bc0 [ 599.816377][ C1] 2 locks held by getty/4853: [ 599.821144][ C1] #0: ffff88802aec90a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 599.831059][ C1] #1: ffffc900031232f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 599.841432][ C1] 4 locks held by kworker/u8:15/6064: [ 599.846855][ C1] 3 locks held by kworker/u8:24/6087: [ 599.852331][ C1] #0: ffff88802a34d948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 599.864067][ C1] #1: ffffc9001426fd00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 599.877021][ C1] #2: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xd0/0x16f0 [ 599.886604][ C1] 3 locks held by kworker/0:14/7066: [ 599.891984][ C1] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 599.903459][ C1] #1: ffffc90012227d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 599.914589][ C1] #2: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 599.923714][ C1] 1 lock held by syz.2.1597/11254: [ 599.928900][ C1] #0: ffff88801b2ec848 (&hugetlb_fault_mutex_table[i]){+.+.}-{3:3}, at: remove_inode_hugepages+0x38e/0x1520 [ 599.940645][ C1] 3 locks held by syz-executor/12422: [ 599.946154][ C1] #0: ffffffff8f668fb0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 599.954520][ C1] #1: ffffffff8f668e68 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x121/0xec0 [ 599.963653][ C1] #2: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: ieee80211_register_hw+0x307a/0x3d30 [ 599.973724][ C1] 2 locks held by syz.4.1836/12451: [ 599.979004][ C1] #0: ffffc90000a18c00 (net/core/rtnetlink.c:83){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 [ 599.989281][ C1] #1: ffffffff8e335860 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 599.999438][ C1] 1 lock held by syz-executor/12553: [ 600.004763][ C1] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 600.014428][ C1] 1 lock held by syz-executor/12719: [ 600.019887][ C1] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 600.029629][ C1] 2 locks held by syz.1.1895/12753: [ 600.034866][ C1] #0: ffffffff8f668fb0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 600.043229][ C1] #1: ffffffff8f668e68 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x121/0xec0 [ 600.052354][ C1] 1 lock held by syz-executor/12755: [ 600.057689][ C1] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 600.067374][ C1] [ 600.069780][ C1] ============================================= [ 600.069780][ C1] [ 600.100812][ T5095] Bluetooth: hci5: command tx timeout [ 601.118720][ C1] DEBUG: waiting rtnl_mutex for 741 jiffies. [ 601.124803][ C1] task:kworker/0:14 state:D stack:21776 pid:7066 tgid:7066 ppid:2 flags:0x00004000 [ 601.135175][ C1] Workqueue: events linkwatch_event [ 601.140505][ C1] Call Trace: [ 601.143826][ C1] [ 601.146802][ C1] __schedule+0x1800/0x4a60 [ 601.151457][ C1] ? __pfx___schedule+0x10/0x10 [ 601.156377][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 601.162496][ C1] ? __pfx_lock_release+0x10/0x10 [ 601.167676][ C1] ? kick_pool+0x45c/0x620 [ 601.172231][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 601.177489][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 601.182811][ C1] ? schedule+0x90/0x320 [ 601.187111][ C1] schedule+0x14b/0x320 [ 601.191394][ C1] schedule_preempt_disabled+0x13/0x30 [ 601.196987][ C1] __mutex_lock+0x6a4/0xd70 [ 601.201621][ C1] ? __mutex_lock+0x527/0xd70 [ 601.206369][ C1] ? linkwatch_event+0xe/0x60 [ 601.211160][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 601.216348][ C1] ? get_rtnl_holder+0x144/0x190 [ 601.221396][ C1] ? process_scheduled_works+0x945/0x1830 [ 601.227190][ C1] linkwatch_event+0xe/0x60 [ 601.231807][ C1] process_scheduled_works+0xa2c/0x1830 [ 601.237442][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 601.243560][ C1] ? assign_work+0x364/0x3d0 [ 601.248264][ C1] worker_thread+0x86d/0xd40 [ 601.252960][ C1] ? __kthread_parkme+0x169/0x1d0 [ 601.258060][ C1] ? __pfx_worker_thread+0x10/0x10 [ 601.263302][ C1] kthread+0x2f0/0x390 [ 601.267434][ C1] ? __pfx_worker_thread+0x10/0x10 [ 601.272755][ C1] ? __pfx_kthread+0x10/0x10 [ 601.277408][ C1] ret_from_fork+0x4b/0x80 [ 601.281946][ C1] ? __pfx_kthread+0x10/0x10 [ 601.286601][ C1] ret_from_fork_asm+0x1a/0x30 [ 601.291503][ C1] [ 601.294566][ C1] DEBUG: waiting rtnl_mutex for 690 jiffies. [ 601.300636][ C1] task:syz-executor state:D stack:24992 pid:12755 tgid:12755 ppid:12742 flags:0x00000000 [ 601.311012][ C1] Call Trace: [ 601.314333][ C1] [ 601.317304][ C1] __schedule+0x1800/0x4a60 [ 601.321948][ C1] ? __pfx___schedule+0x10/0x10 [ 601.326867][ C1] ? __pfx_lock_release+0x10/0x10 [ 601.332068][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 601.337604][ C1] ? schedule+0x90/0x320 [ 601.341959][ C1] schedule+0x14b/0x320 [ 601.346191][ C1] schedule_preempt_disabled+0x13/0x30 [ 601.351772][ C1] __mutex_lock+0x6a4/0xd70 [ 601.356339][ C1] ? __mutex_lock+0x527/0xd70 [ 601.361651][ C1] ? rtnetlink_rcv_msg+0x847/0x1180 [ 601.366908][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 601.372069][ C1] ? get_rtnl_holder+0x144/0x190 [ 601.377064][ C1] rtnetlink_rcv_msg+0x847/0x1180 [ 601.382216][ C1] ? rtnetlink_rcv_msg+0x208/0x1180 [ 601.387479][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 601.393064][ C1] ? is_bpf_text_address+0x285/0x2a0 [ 601.398467][ C1] ? __pfx_validate_chain+0x10/0x10 [ 601.403731][ C1] ? __pfx_validate_chain+0x10/0x10 [ 601.409049][ C1] ? arch_stack_walk+0x16d/0x1b0 [ 601.414049][ C1] ? mark_lock+0x9a/0x360 [ 601.418483][ C1] ? __pfx_validate_chain+0x10/0x10 [ 601.423745][ C1] ? __lock_acquire+0x1359/0x2000 [ 601.428889][ C1] ? mark_lock+0x9a/0x360 [ 601.433282][ C1] ? __lock_acquire+0x1359/0x2000 [ 601.438426][ C1] netlink_rcv_skb+0x1e3/0x430 [ 601.443253][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 601.448815][ C1] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 601.454193][ C1] ? netlink_deliver_tap+0x2e/0x1b0 [ 601.459500][ C1] netlink_unicast+0x7f0/0x990 [ 601.464337][ C1] ? __pfx_netlink_unicast+0x10/0x10 [ 601.469721][ C1] ? __virt_addr_valid+0x183/0x530 [ 601.474905][ C1] ? __check_object_size+0x49c/0x900 [ 601.480326][ C1] ? bpf_lsm_netlink_send+0x9/0x10 [ 601.485498][ C1] netlink_sendmsg+0x8e4/0xcb0 [ 601.490370][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 601.495712][ C1] ? aa_sock_msg_perm+0x91/0x160 [ 601.500767][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 601.506112][ C1] ? security_socket_sendmsg+0x87/0xb0 [ 601.511698][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 601.517031][ C1] __sock_sendmsg+0x221/0x270 [ 601.521857][ C1] __sys_sendto+0x3a4/0x4f0 [ 601.526434][ C1] ? __pfx___sys_sendto+0x10/0x10 [ 601.531784][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 601.537847][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 601.544337][ C1] ? exc_page_fault+0x590/0x8c0 [ 601.549303][ C1] __x64_sys_sendto+0xde/0x100 [ 601.554132][ C1] do_syscall_64+0xf3/0x230 [ 601.558751][ C1] ? clear_bhb_loop+0x35/0x90 [ 601.563496][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 601.569481][ C1] RIP: 0033:0x7f2f1db7796c [ 601.573950][ C1] RSP: 002b:00007fff69c7bcf0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 601.582486][ C1] RAX: ffffffffffffffda RBX: 00007f2f1e834620 RCX: 00007f2f1db7796c [ 601.590582][ C1] RDX: 0000000000000028 RSI: 00007f2f1e834670 RDI: 0000000000000003 [ 601.598654][ C1] RBP: 0000000000000000 R08: 00007fff69c7bd44 R09: 000000000000000c [ 601.606684][ C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 601.614778][ C1] R13: 0000000000000000 R14: 00007f2f1e834670 R15: 0000000000000000 [ 601.623033][ C1] [ 601.626090][ C1] DEBUG: waiting rtnl_mutex for 923 jiffies. [ 601.632170][ C1] task:syz-executor state:D stack:18672 pid:12553 tgid:12553 ppid:12539 flags:0x00004000 [ 601.642458][ C1] Call Trace: [ 601.645790][ C1] [ 601.648852][ C1] __schedule+0x1800/0x4a60 [ 601.653457][ C1] ? __pfx___schedule+0x10/0x10 [ 601.658418][ C1] ? __pfx_lock_release+0x10/0x10 [ 601.663502][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 601.669092][ C1] ? schedule+0x90/0x320 [ 601.673395][ C1] schedule+0x14b/0x320 [ 601.677616][ C1] schedule_preempt_disabled+0x13/0x30 [ 601.683211][ C1] __mutex_lock+0x6a4/0xd70 [ 601.687784][ C1] ? __mutex_lock+0x527/0xd70 [ 601.692607][ C1] ? rtnetlink_rcv_msg+0x847/0x1180 [ 601.697928][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 601.703097][ C1] ? get_rtnl_holder+0x144/0x190 [ 601.708090][ C1] rtnetlink_rcv_msg+0x847/0x1180 [ 601.713246][ C1] ? rtnetlink_rcv_msg+0x208/0x1180 [ 601.718545][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 601.724062][ C1] ? __local_bh_enable_ip+0x168/0x200 [ 601.729508][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 601.734760][ C1] ? __local_bh_enable_ip+0x168/0x200 [ 601.740355][ C1] ? dev_hard_start_xmit+0x773/0x7e0 [ 601.745696][ C1] ? __dev_queue_xmit+0x2da/0x3e90 [ 601.751067][ C1] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 601.756862][ C1] ? __dev_queue_xmit+0x2da/0x3e90 [ 601.762191][ C1] ? __dev_queue_xmit+0x1763/0x3e90 [ 601.767450][ C1] ? kasan_save_track+0x51/0x80 [ 601.772432][ C1] ? do_syscall_64+0xf3/0x230 [ 601.777169][ C1] ? __dev_queue_xmit+0x2da/0x3e90 [ 601.782411][ C1] ? __pfx___dev_queue_xmit+0x10/0x10 [ 601.787863][ C1] ? ref_tracker_free+0x643/0x7e0 [ 601.793015][ C1] netlink_rcv_skb+0x1e3/0x430 [ 601.797849][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 601.803438][ C1] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 601.808862][ C1] ? netlink_deliver_tap+0x2e/0x1b0 [ 601.814135][ C1] netlink_unicast+0x7f0/0x990 [ 601.819137][ C1] ? __pfx_netlink_unicast+0x10/0x10 [ 601.824496][ C1] ? __virt_addr_valid+0x183/0x530 [ 601.829736][ C1] ? __check_object_size+0x49c/0x900 [ 601.835089][ C1] ? bpf_lsm_netlink_send+0x9/0x10 [ 601.840324][ C1] netlink_sendmsg+0x8e4/0xcb0 [ 601.845151][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 601.850639][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 601.856689][ C1] ? aa_sock_msg_perm+0x91/0x160 [ 601.861743][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 601.867085][ C1] ? security_socket_sendmsg+0x87/0xb0 [ 601.872691][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 601.878521][ C1] __sock_sendmsg+0x221/0x270 [ 601.883281][ C1] __sys_sendto+0x3a4/0x4f0 [ 601.887873][ C1] ? __pfx___sys_sendto+0x10/0x10 [ 601.893096][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 601.899192][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 601.905596][ C1] __x64_sys_sendto+0xde/0x100 [ 601.910569][ C1] do_syscall_64+0xf3/0x230 [ 601.915140][ C1] ? clear_bhb_loop+0x35/0x90 [ 601.919947][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 601.925912][ C1] RIP: 0033:0x7f403457796c [ 601.930429][ C1] RSP: 002b:00007ffc524cfbf0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 601.939611][ C1] RAX: ffffffffffffffda RBX: 00007f4035234620 RCX: 00007f403457796c [ 601.947632][ C1] RDX: 0000000000000028 RSI: 00007f4035234670 RDI: 0000000000000003 [ 601.955726][ C1] RBP: 0000000000000000 R08: 00007ffc524cfc44 R09: 000000000000000c [ 601.963867][ C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 601.971997][ C1] R13: 0000000000000000 R14: 00007f4035234670 R15: 0000000000000000 [ 601.980113][ C1] [ 601.983173][ C1] DEBUG: waiting rtnl_mutex for 954 jiffies. [ 601.989238][ C1] task:kworker/u8:24 state:D stack:20016 pid:6087 tgid:6087 ppid:2 flags:0x00004000 [ 601.999522][ C1] Workqueue: ipv6_addrconf addrconf_dad_work [ 602.005568][ C1] Call Trace: [ 602.008947][ C1] [ 602.011940][ C1] __schedule+0x1800/0x4a60 [ 602.016522][ C1] ? __pfx___schedule+0x10/0x10 [ 602.021489][ C1] ? __pfx_lock_release+0x10/0x10 [ 602.026573][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 602.032160][ C1] ? kthread_data+0x52/0xd0 [ 602.036721][ C1] ? schedule+0x90/0x320 [ 602.041079][ C1] ? wq_worker_sleeping+0x66/0x240 [ 602.046298][ C1] ? schedule+0x90/0x320 [ 602.050756][ C1] schedule+0x14b/0x320 [ 602.054976][ C1] schedule_preempt_disabled+0x13/0x30 [ 602.060548][ C1] __mutex_lock+0x6a4/0xd70 [ 602.065216][ C1] ? mark_lock+0x9a/0x360 [ 602.069656][ C1] ? __mutex_lock+0x527/0xd70 [ 602.074395][ C1] ? addrconf_dad_work+0xd0/0x16f0 [ 602.079597][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 602.084691][ C1] ? get_rtnl_holder+0x144/0x190 [ 602.089741][ C1] addrconf_dad_work+0xd0/0x16f0 [ 602.094755][ C1] ? __pfx_addrconf_dad_work+0x10/0x10 [ 602.100348][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 602.106750][ C1] ? process_scheduled_works+0x945/0x1830 [ 602.112584][ C1] process_scheduled_works+0xa2c/0x1830 [ 602.118274][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 602.124319][ C1] ? assign_work+0x364/0x3d0 [ 602.129032][ C1] worker_thread+0x86d/0xd40 [ 602.133688][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 602.139692][ C1] ? __kthread_parkme+0x169/0x1d0 [ 602.144779][ C1] ? __pfx_worker_thread+0x10/0x10 [ 602.150023][ C1] kthread+0x2f0/0x390 [ 602.154149][ C1] ? __pfx_worker_thread+0x10/0x10 [ 602.159352][ C1] ? __pfx_kthread+0x10/0x10 [ 602.164041][ C1] ret_from_fork+0x4b/0x80 [ 602.168496][ T5095] Bluetooth: hci5: command tx timeout [ 602.173918][ C1] ? __pfx_kthread+0x10/0x10 [ 602.178627][ C1] ret_from_fork_asm+0x1a/0x30 [ 602.183476][ C1] [ 602.186538][ C1] DEBUG: waiting rtnl_mutex for 973 jiffies. [ 602.192784][ C1] task:syz-executor state:D stack:21024 pid:12719 tgid:12719 ppid:12705 flags:0x00000000 [ 602.203072][ C1] Call Trace: [ 602.206395][ C1] [ 602.209412][ C1] __schedule+0x1800/0x4a60 [ 602.214002][ C1] ? __pfx___schedule+0x10/0x10 [ 602.218972][ C1] ? __pfx_lock_release+0x10/0x10 [ 602.224050][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 602.229672][ C1] ? schedule+0x90/0x320 [ 602.233987][ C1] schedule+0x14b/0x320 [ 602.238348][ C1] schedule_preempt_disabled+0x13/0x30 [ 602.243860][ C1] __mutex_lock+0x6a4/0xd70 [ 602.248745][ C1] ? __mutex_lock+0x527/0xd70 [ 602.253480][ C1] ? rtnetlink_rcv_msg+0x847/0x1180 [ 602.258819][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 602.263922][ C1] ? get_rtnl_holder+0x144/0x190 [ 602.268965][ C1] rtnetlink_rcv_msg+0x847/0x1180 [ 602.274053][ C1] ? rtnetlink_rcv_msg+0x208/0x1180 [ 602.279364][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 602.284880][ C1] ? is_bpf_text_address+0x285/0x2a0 [ 602.290285][ C1] ? __pfx_validate_chain+0x10/0x10 [ 602.295545][ C1] ? __pfx_validate_chain+0x10/0x10 [ 602.300839][ C1] ? arch_stack_walk+0x16d/0x1b0 [ 602.305835][ C1] ? mark_lock+0x9a/0x360 [ 602.310288][ C1] ? __pfx_validate_chain+0x10/0x10 [ 602.315635][ C1] ? __lock_acquire+0x1359/0x2000 [ 602.320792][ C1] ? mark_lock+0x9a/0x360 [ 602.325182][ C1] ? __lock_acquire+0x1359/0x2000 [ 602.330336][ C1] netlink_rcv_skb+0x1e3/0x430 [ 602.335340][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 602.340929][ C1] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 602.346310][ C1] ? netlink_deliver_tap+0x2e/0x1b0 [ 602.351632][ C1] netlink_unicast+0x7f0/0x990 [ 602.356477][ C1] ? __pfx_netlink_unicast+0x10/0x10 [ 602.361873][ C1] ? __virt_addr_valid+0x183/0x530 [ 602.367053][ C1] ? __check_object_size+0x49c/0x900 [ 602.372454][ C1] ? bpf_lsm_netlink_send+0x9/0x10 [ 602.377625][ C1] netlink_sendmsg+0x8e4/0xcb0 [ 602.382509][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 602.387849][ C1] ? aa_sock_msg_perm+0x91/0x160 [ 602.392984][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 602.398460][ C1] ? security_socket_sendmsg+0x87/0xb0 [ 602.403989][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 602.409386][ C1] __sock_sendmsg+0x221/0x270 [ 602.414134][ C1] __sys_sendto+0x3a4/0x4f0 [ 602.418748][ C1] ? __pfx___sys_sendto+0x10/0x10 [ 602.423852][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 602.429960][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 602.436439][ C1] __x64_sys_sendto+0xde/0x100 [ 602.441470][ C1] do_syscall_64+0xf3/0x230 [ 602.446020][ C1] ? clear_bhb_loop+0x35/0x90 [ 602.450805][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 602.456764][ C1] RIP: 0033:0x7fc79937796c [ 602.461287][ C1] RSP: 002b:00007ffd0b402980 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 602.469805][ C1] RAX: ffffffffffffffda RBX: 00007fc79a034620 RCX: 00007fc79937796c [ 602.477827][ C1] RDX: 0000000000000044 RSI: 00007fc79a034670 RDI: 0000000000000003 [ 602.485924][ C1] RBP: 0000000000000000 R08: 00007ffd0b4029d4 R09: 000000000000000c [ 602.493999][ C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 602.502081][ C1] R13: 0000000000000000 R14: 00007fc79a034670 R15: 0000000000000000 [ 602.510262][ C1] [ 602.513320][ C1] DEBUG: waiting rtnl_mutex for 1006 jiffies. [ 602.519468][ C1] task:syz-executor state:D stack:19728 pid:12422 tgid:12422 ppid:12416 flags:0x00004002 [ 602.529901][ C1] Call Trace: [ 602.533311][ C1] [ 602.536292][ C1] __schedule+0x1800/0x4a60 [ 602.540938][ C1] ? __pfx___schedule+0x10/0x10 [ 602.545939][ C1] ? __pfx_lock_release+0x10/0x10 [ 602.551076][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 602.556606][ C1] ? schedule+0x90/0x320 [ 602.560953][ C1] schedule+0x14b/0x320 [ 602.565164][ C1] schedule_preempt_disabled+0x13/0x30 [ 602.570730][ C1] __mutex_lock+0x6a4/0xd70 [ 602.575386][ C1] ? __mutex_lock+0x527/0xd70 [ 602.580208][ C1] ? ieee80211_register_hw+0x307a/0x3d30 [ 602.585919][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 602.591080][ C1] ? get_rtnl_holder+0x144/0x190 [ 602.596078][ C1] ieee80211_register_hw+0x307a/0x3d30 [ 602.601671][ C1] ? ieee80211_register_hw+0x1081/0x3d30 [ 602.607369][ C1] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 602.613343][ C1] ? __asan_memset+0x23/0x50 [ 602.617986][ C1] ? __hrtimer_init+0x170/0x250 [ 602.622961][ C1] mac80211_hwsim_new_radio+0x2597/0x44d0 [ 602.628803][ C1] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 602.634943][ C1] hwsim_new_radio_nl+0xe4c/0x21d0 [ 602.640183][ C1] ? __pfx___nla_validate_parse+0x10/0x10 [ 602.645964][ C1] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 602.651653][ C1] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 602.658054][ C1] genl_rcv_msg+0xb14/0xec0 [ 602.662680][ C1] ? mark_lock+0x9a/0x360 [ 602.667082][ C1] ? __pfx_genl_rcv_msg+0x10/0x10 [ 602.672253][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 602.677335][ C1] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 602.683007][ C1] ? __pfx___might_resched+0x10/0x10 [ 602.688411][ C1] netlink_rcv_skb+0x1e3/0x430 [ 602.693236][ C1] ? __pfx_genl_rcv_msg+0x10/0x10 [ 602.698384][ C1] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 602.703760][ C1] ? __netlink_deliver_tap+0x77e/0x7c0 [ 602.709361][ C1] genl_rcv+0x28/0x40 [ 602.713422][ C1] netlink_unicast+0x7f0/0x990 [ 602.718345][ C1] ? __pfx_netlink_unicast+0x10/0x10 [ 602.723700][ C1] ? __virt_addr_valid+0x183/0x530 [ 602.729011][ C1] ? __check_object_size+0x49c/0x900 [ 602.734370][ C1] ? bpf_lsm_netlink_send+0x9/0x10 [ 602.739621][ C1] netlink_sendmsg+0x8e4/0xcb0 [ 602.744455][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 602.749869][ C1] ? aa_sock_msg_perm+0x91/0x160 [ 602.754881][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 602.760287][ C1] ? security_socket_sendmsg+0x87/0xb0 [ 602.765848][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 602.771298][ C1] __sock_sendmsg+0x221/0x270 [ 602.776074][ C1] __sys_sendto+0x3a4/0x4f0 [ 602.780712][ C1] ? __pfx___sys_sendto+0x10/0x10 [ 602.785840][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 602.791974][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 602.798418][ C1] __x64_sys_sendto+0xde/0x100 [ 602.803350][ C1] do_syscall_64+0xf3/0x230 [ 602.807914][ C1] ? clear_bhb_loop+0x35/0x90 [ 602.812714][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 602.818702][ C1] RIP: 0033:0x7fe03417796c [ 602.823174][ C1] RSP: 002b:00007ffd062ba560 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 602.831795][ C1] RAX: ffffffffffffffda RBX: 00007fe034e34620 RCX: 00007fe03417796c [ 602.839882][ C1] RDX: 0000000000000024 RSI: 00007fe034e34670 RDI: 0000000000000003 [ 602.847913][ C1] RBP: 0000000000000000 R08: 00007ffd062ba5b4 R09: 000000000000000c [ 602.856059][ C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 602.864262][ C1] R13: 0000000000000000 R14: 00007fe034e34670 R15: 0000000000000000 [ 602.872388][ C1] [ 602.875449][ C1] DEBUG: holding rtnl_mutex for 1039 jiffies. [ 602.881632][ C1] task:kworker/u8:15 state:D stack:20240 pid:6064 tgid:6064 ppid:2 flags:0x00004000 [ 602.891948][ C1] Workqueue: netns cleanup_net [ 602.896780][ C1] Call Trace: [ 602.900161][ C1] [ 602.903138][ C1] __schedule+0x1800/0x4a60 [ 602.907712][ C1] ? __pfx___schedule+0x10/0x10 [ 602.912685][ C1] ? __pfx_lock_release+0x10/0x10 [ 602.917768][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 602.923808][ C1] ? kthread_data+0x52/0xd0 [ 602.928431][ C1] ? wq_worker_sleeping+0x66/0x240 [ 602.933608][ C1] ? schedule+0x90/0x320 [ 602.937909][ C1] schedule+0x14b/0x320 [ 602.942185][ C1] synchronize_rcu_expedited+0x684/0x830 [ 602.947912][ C1] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 602.954218][ C1] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 602.959637][ C1] ? __pfx___might_resched+0x10/0x10 [ 602.964987][ C1] ? __pfx_autoremove_wake_function+0x10/0x10 [ 602.971355][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 602.976637][ C1] synchronize_rcu+0x11b/0x360 [ 602.981536][ C1] ? __pfx_synchronize_rcu+0x10/0x10 [ 602.986910][ C1] lockdep_unregister_key+0x556/0x610 [ 602.992421][ C1] ? __pfx_lockdep_unregister_key+0x10/0x10 [ 602.998425][ C1] ? rcu_is_watching+0x15/0xb0 [ 603.003248][ C1] ? qdisc_reset+0x3bf/0x5b0 [ 603.007908][ C1] __qdisc_destroy+0x165/0x410 [ 603.012801][ C1] dev_shutdown+0x9b/0x440 [ 603.017314][ C1] unregister_netdevice_many_notify+0x9c7/0x1d20 [ 603.023799][ C1] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 603.030729][ C1] ? unregister_netdevice_queue+0x26b/0x370 [ 603.036790][ C1] ? batadv_softif_destroy_netlink+0x1e0/0x270 [ 603.043077][ C1] default_device_exit_batch+0xa0f/0xa90 [ 603.048836][ C1] ? __pfx___might_resched+0x10/0x10 [ 603.054194][ C1] ? __pfx_default_device_exit_batch+0x10/0x10 [ 603.060492][ C1] ? cfg802154_pernet_exit+0xc3/0xe0 [ 603.065858][ C1] ? __pfx_default_device_exit_batch+0x10/0x10 [ 603.072154][ C1] cleanup_net+0x89d/0xcc0 [ 603.076639][ C1] ? __pfx_cleanup_net+0x10/0x10 [ 603.081705][ C1] ? process_scheduled_works+0x945/0x1830 [ 603.088010][ C1] process_scheduled_works+0xa2c/0x1830 [ 603.093714][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 603.099820][ C1] ? assign_work+0x364/0x3d0 [ 603.104485][ C1] worker_thread+0x86d/0xd40 [ 603.109204][ C1] ? __kthread_parkme+0x169/0x1d0 [ 603.114393][ C1] ? __pfx_worker_thread+0x10/0x10 [ 603.119628][ C1] kthread+0x2f0/0x390 [ 603.123766][ C1] ? __pfx_worker_thread+0x10/0x10 [ 603.129001][ C1] ? __pfx_kthread+0x10/0x10 [ 603.133657][ C1] ret_from_fork+0x4b/0x80 [ 603.138134][ C1] ? __pfx_kthread+0x10/0x10 [ 603.142857][ C1] ret_from_fork_asm+0x1a/0x30 [ 603.147718][ C1] [ 603.150853][ C1] [ 603.150853][ C1] Showing all locks held in the system: [ 603.158657][ C1] 1 lock held by kswapd0/89: [ 603.163302][ C1] 2 locks held by kworker/u8:6/1096: [ 603.168675][ C1] #0: ffff888015089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 603.180590][ C1] #1: ffffc90004147d00 ((work_completion)(&(&kfence_timer)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 603.193519][ C1] 1 lock held by klogd/4536: [ 603.198159][ C1] #0: ffff888024f5f340 (mapping.invalidate_lock){++++}-{3:3}, at: filemap_fault+0xb5b/0x1760 [ 603.208725][ C1] 1 lock held by dhcpcd/4761: [ 603.213451][ C1] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: devinet_ioctl+0x2ce/0x1bc0 [ 603.222774][ C1] 2 locks held by getty/4853: [ 603.227504][ C1] #0: ffff88802aec90a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 603.237431][ C1] #1: ffffc900031232f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 603.247801][ C1] 1 lock held by syz-executor/5084: [ 603.253109][ C1] #0: ffff888011ee6948 (mapping.invalidate_lock){++++}-{3:3}, at: filemap_fault+0xb5b/0x1760 [ 603.263546][ C1] 5 locks held by kworker/u8:15/6064: [ 603.269053][ C1] #0: ffff888015edd948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 603.280118][ C1] #1: ffffc9001415fd00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 603.290838][ C1] #2: ffffffff8f5f2c10 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 [ 603.300405][ C1] #3: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0xe9/0xa90 [ 603.310604][ C1] #4: ffffffff8e33ac38 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830 [ 603.321651][ C1] 3 locks held by kworker/u8:24/6087: [ 603.327063][ C1] #0: ffff88802a34d948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 603.338779][ C1] #1: ffffc9001426fd00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 603.351747][ C1] #2: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xd0/0x16f0 [ 603.361293][ C1] 3 locks held by kworker/0:14/7066: [ 603.366613][ C1] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 603.377757][ C1] #1: ffffc90012227d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 603.388886][ C1] #2: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 603.397957][ C1] 1 lock held by syz.2.1597/11254: [ 603.403178][ C1] #0: ffff88801b2ec848 (&hugetlb_fault_mutex_table[i]){+.+.}-{3:3}, at: remove_inode_hugepages+0x38e/0x1520 [ 603.414946][ C1] 2 locks held by syz.0.1785/12198: [ 603.420263][ C1] 3 locks held by syz-executor/12422: [ 603.425681][ C1] #0: ffffffff8f668fb0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 603.434044][ C1] #1: ffffffff8f668e68 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x121/0xec0 [ 603.443195][ C1] #2: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: ieee80211_register_hw+0x307a/0x3d30 [ 603.453314][ C1] 2 locks held by syz.4.1836/12451: [ 603.458599][ C1] #0: ffffc90000a18c00 (net/core/rtnetlink.c:83){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 [ 603.468849][ C1] #1: ffffffff8e335860 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 603.478890][ C1] 1 lock held by syz-executor/12553: [ 603.484236][ C1] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 603.493914][ C1] 1 lock held by syz-executor/12719: [ 603.499299][ C1] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 603.508954][ C1] 2 locks held by syz.1.1895/12753: [ 603.514201][ C1] #0: ffffffff8f668fb0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 603.522552][ C1] #1: ffffffff8f668e68 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x121/0xec0 [ 603.531742][ C1] 1 lock held by syz-executor/12755: [ 603.537121][ C1] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 603.546795][ C1] [ 603.549209][ C1] ============================================= [ 603.549209][ C1] [ 604.247460][ T5095] Bluetooth: hci5: command tx timeout [ 604.559371][ C1] DEBUG: waiting rtnl_mutex for 1085 jiffies. [ 604.565539][ C1] task:kworker/0:14 state:D stack:21776 pid:7066 tgid:7066 ppid:2 flags:0x00004000 [ 604.575939][ C1] Workqueue: events linkwatch_event [ 604.581253][ C1] Call Trace: [ 604.584582][ C1] [ 604.587549][ C1] __schedule+0x1800/0x4a60 [ 604.592358][ C1] ? __pfx___schedule+0x10/0x10 [ 604.597260][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 604.603466][ C1] ? __pfx_lock_release+0x10/0x10 [ 604.608572][ C1] ? kick_pool+0x45c/0x620 [ 604.613054][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 604.618342][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 604.623591][ C1] ? schedule+0x90/0x320 [ 604.627965][ C1] schedule+0x14b/0x320 [ 604.632226][ C1] schedule_preempt_disabled+0x13/0x30 [ 604.637735][ C1] __mutex_lock+0x6a4/0xd70 [ 604.642354][ C1] ? __mutex_lock+0x527/0xd70 [ 604.647098][ C1] ? linkwatch_event+0xe/0x60 [ 604.651877][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 604.657054][ C1] ? get_rtnl_holder+0x144/0x190 [ 604.662092][ C1] ? process_scheduled_works+0x945/0x1830 [ 604.667856][ C1] linkwatch_event+0xe/0x60 [ 604.672463][ C1] process_scheduled_works+0xa2c/0x1830 [ 604.678095][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 604.684185][ C1] ? assign_work+0x364/0x3d0 [ 604.688870][ C1] worker_thread+0x86d/0xd40 [ 604.693545][ C1] ? __kthread_parkme+0x169/0x1d0 [ 604.698681][ C1] ? __pfx_worker_thread+0x10/0x10 [ 604.703835][ C1] kthread+0x2f0/0x390 [ 604.707952][ C1] ? __pfx_worker_thread+0x10/0x10 [ 604.713164][ C1] ? __pfx_kthread+0x10/0x10 [ 604.717805][ C1] ret_from_fork+0x4b/0x80 [ 604.722412][ C1] ? __pfx_kthread+0x10/0x10 [ 604.727141][ C1] ret_from_fork_asm+0x1a/0x30 [ 604.732040][ C1] [ 604.735102][ C1] DEBUG: waiting rtnl_mutex for 1034 jiffies. [ 604.741340][ C1] task:syz-executor state:D stack:24992 pid:12755 tgid:12755 ppid:12742 flags:0x00000000 [ 604.751612][ C1] Call Trace: [ 604.754925][ C1] [ 604.757894][ C1] __schedule+0x1800/0x4a60 [ 604.762536][ C1] ? __pfx___schedule+0x10/0x10 [ 604.767443][ C1] ? __pfx_lock_release+0x10/0x10 [ 604.772613][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 604.778283][ C1] ? schedule+0x90/0x320 [ 604.782578][ C1] schedule+0x14b/0x320 [ 604.786886][ C1] schedule_preempt_disabled+0x13/0x30 [ 604.792532][ C1] __mutex_lock+0x6a4/0xd70 [ 604.797113][ C1] ? __mutex_lock+0x527/0xd70 [ 604.801895][ C1] ? rtnetlink_rcv_msg+0x847/0x1180 [ 604.807159][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 604.812348][ C1] ? get_rtnl_holder+0x144/0x190 [ 604.817348][ C1] rtnetlink_rcv_msg+0x847/0x1180 [ 604.822521][ C1] ? rtnetlink_rcv_msg+0x208/0x1180 [ 604.827879][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 604.833474][ C1] ? is_bpf_text_address+0x285/0x2a0 [ 604.838880][ C1] ? __pfx_validate_chain+0x10/0x10 [ 604.844141][ C1] ? __pfx_validate_chain+0x10/0x10 [ 604.849462][ C1] ? arch_stack_walk+0x16d/0x1b0 [ 604.854462][ C1] ? mark_lock+0x9a/0x360 [ 604.858927][ C1] ? __pfx_validate_chain+0x10/0x10 [ 604.864187][ C1] ? __lock_acquire+0x1359/0x2000 [ 604.869326][ C1] ? mark_lock+0x9a/0x360 [ 604.873711][ C1] ? __lock_acquire+0x1359/0x2000 [ 604.878862][ C1] netlink_rcv_skb+0x1e3/0x430 [ 604.883698][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 604.889262][ C1] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 604.894672][ C1] ? netlink_deliver_tap+0x2e/0x1b0 [ 604.899961][ C1] netlink_unicast+0x7f0/0x990 [ 604.904978][ C1] ? __pfx_netlink_unicast+0x10/0x10 [ 604.910372][ C1] ? __virt_addr_valid+0x183/0x530 [ 604.915581][ C1] ? __check_object_size+0x49c/0x900 [ 604.920979][ C1] ? bpf_lsm_netlink_send+0x9/0x10 [ 604.926225][ C1] netlink_sendmsg+0x8e4/0xcb0 [ 604.931095][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 604.936434][ C1] ? aa_sock_msg_perm+0x91/0x160 [ 604.941495][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 604.946852][ C1] ? security_socket_sendmsg+0x87/0xb0 [ 604.952425][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 604.957756][ C1] __sock_sendmsg+0x221/0x270 [ 604.962557][ C1] __sys_sendto+0x3a4/0x4f0 [ 604.967123][ C1] ? __pfx___sys_sendto+0x10/0x10 [ 604.972293][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 604.978389][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 604.984764][ C1] ? exc_page_fault+0x590/0x8c0 [ 604.989714][ C1] __x64_sys_sendto+0xde/0x100 [ 604.994544][ C1] do_syscall_64+0xf3/0x230 [ 604.999147][ C1] ? clear_bhb_loop+0x35/0x90 [ 605.003893][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 605.009899][ C1] RIP: 0033:0x7f2f1db7796c [ 605.014411][ C1] RSP: 002b:00007fff69c7bcf0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 605.022956][ C1] RAX: ffffffffffffffda RBX: 00007f2f1e834620 RCX: 00007f2f1db7796c [ 605.031036][ C1] RDX: 0000000000000028 RSI: 00007f2f1e834670 RDI: 0000000000000003 [ 605.039100][ C1] RBP: 0000000000000000 R08: 00007fff69c7bd44 R09: 000000000000000c [ 605.047115][ C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 605.055209][ C1] R13: 0000000000000000 R14: 00007f2f1e834670 R15: 0000000000000000 [ 605.063315][ C1] [ 605.066375][ C1] DEBUG: waiting rtnl_mutex for 800 jiffies. [ 605.072459][ C1] task:dhcpcd state:D stack:20176 pid:4761 tgid:4761 ppid:4760 flags:0x00000002 [ 605.082756][ C1] Call Trace: [ 605.086107][ C1] [ 605.089148][ C1] __schedule+0x1800/0x4a60 [ 605.093730][ C1] ? __pfx___schedule+0x10/0x10 [ 605.098717][ C1] ? __pfx_lock_release+0x10/0x10 [ 605.103839][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 605.109455][ C1] ? schedule+0x90/0x320 [ 605.113747][ C1] schedule+0x14b/0x320 [ 605.117944][ C1] schedule_preempt_disabled+0x13/0x30 [ 605.123485][ C1] __mutex_lock+0x6a4/0xd70 [ 605.128070][ C1] ? __mutex_lock+0x527/0xd70 [ 605.132921][ C1] ? devinet_ioctl+0x2ce/0x1bc0 [ 605.137912][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 605.143123][ C1] ? bpf_lsm_capable+0x9/0x10 [ 605.147888][ C1] ? security_capable+0x90/0xb0 [ 605.152857][ C1] ? get_rtnl_holder+0x144/0x190 [ 605.157851][ C1] devinet_ioctl+0x2ce/0x1bc0 [ 605.162694][ C1] ? get_user_ifreq+0x1bb/0x200 [ 605.167648][ C1] inet_ioctl+0x3d7/0x4f0 [ 605.172112][ C1] ? __pfx_inet_ioctl+0x10/0x10 [ 605.177056][ C1] sock_do_ioctl+0x158/0x460 [ 605.181772][ C1] ? __pfx_sock_do_ioctl+0x10/0x10 [ 605.186967][ C1] ? __pfx_lock_release+0x10/0x10 [ 605.192138][ C1] sock_ioctl+0x629/0x8e0 [ 605.196562][ C1] ? __pfx_sock_ioctl+0x10/0x10 [ 605.201588][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 605.207698][ C1] ? bpf_lsm_file_ioctl+0x9/0x10 [ 605.212853][ C1] ? security_file_ioctl+0x87/0xb0 [ 605.218005][ C1] ? __pfx_sock_ioctl+0x10/0x10 [ 605.222959][ C1] __se_sys_ioctl+0xfc/0x170 [ 605.227632][ C1] do_syscall_64+0xf3/0x230 [ 605.232234][ C1] ? clear_bhb_loop+0x35/0x90 [ 605.236957][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 605.242945][ C1] RIP: 0033:0x7f8ddd876d49 [ 605.247395][ C1] RSP: 002b:00007ffe85064d18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 605.255903][ C1] RAX: ffffffffffffffda RBX: 00007f8ddd7a86c0 RCX: 00007f8ddd876d49 [ 605.263980][ C1] RDX: 00007ffe85074f08 RSI: 0000000000008914 RDI: 0000000000000012 [ 605.272042][ C1] RBP: 00007ffe850850c8 R08: 00007ffe85074ec8 R09: 00007ffe85074e78 [ 605.280101][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 605.288103][ C1] R13: 00007ffe85074f08 R14: 0000000000000028 R15: 0000000000008914 [ 605.296186][ C1] [ 605.299277][ C1] DEBUG: waiting rtnl_mutex for 1291 jiffies. [ 605.305376][ C1] task:syz-executor state:D stack:18672 pid:12553 tgid:12553 ppid:12539 flags:0x00004000 [ 605.315647][ C1] Call Trace: [ 605.318998][ C1] [ 605.321960][ C1] __schedule+0x1800/0x4a60 [ 605.326562][ C1] ? __pfx___schedule+0x10/0x10 [ 605.331514][ C1] ? __pfx_lock_release+0x10/0x10 [ 605.336671][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 605.342274][ C1] ? schedule+0x90/0x320 [ 605.346558][ C1] schedule+0x14b/0x320 [ 605.350803][ C1] schedule_preempt_disabled+0x13/0x30 [ 605.356307][ C1] __mutex_lock+0x6a4/0xd70 [ 605.360906][ C1] ? __mutex_lock+0x527/0xd70 [ 605.365641][ C1] ? rtnetlink_rcv_msg+0x847/0x1180 [ 605.370941][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 605.376038][ C1] ? get_rtnl_holder+0x144/0x190 [ 605.381099][ C1] rtnetlink_rcv_msg+0x847/0x1180 [ 605.386181][ C1] ? rtnetlink_rcv_msg+0x208/0x1180 [ 605.391476][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 605.397073][ C1] ? __local_bh_enable_ip+0x168/0x200 [ 605.402535][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 605.407795][ C1] ? __local_bh_enable_ip+0x168/0x200 [ 605.413266][ C1] ? dev_hard_start_xmit+0x773/0x7e0 [ 605.418653][ C1] ? __dev_queue_xmit+0x2da/0x3e90 [ 605.423823][ C1] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 605.429740][ C1] ? __dev_queue_xmit+0x2da/0x3e90 [ 605.434897][ C1] ? __dev_queue_xmit+0x1763/0x3e90 [ 605.440187][ C1] ? kasan_save_track+0x51/0x80 [ 605.445108][ C1] ? do_syscall_64+0xf3/0x230 [ 605.449892][ C1] ? __dev_queue_xmit+0x2da/0x3e90 [ 605.455071][ C1] ? __pfx___dev_queue_xmit+0x10/0x10 [ 605.460609][ C1] ? ref_tracker_free+0x643/0x7e0 [ 605.465699][ C1] netlink_rcv_skb+0x1e3/0x430 [ 605.470569][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 605.476089][ C1] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 605.481519][ C1] ? netlink_deliver_tap+0x2e/0x1b0 [ 605.486828][ C1] netlink_unicast+0x7f0/0x990 [ 605.491736][ C1] ? __pfx_netlink_unicast+0x10/0x10 [ 605.497081][ C1] ? __virt_addr_valid+0x183/0x530 [ 605.502408][ C1] ? __check_object_size+0x49c/0x900 [ 605.507766][ C1] ? bpf_lsm_netlink_send+0x9/0x10 [ 605.513001][ C1] netlink_sendmsg+0x8e4/0xcb0 [ 605.517825][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 605.523213][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 605.529301][ C1] ? aa_sock_msg_perm+0x91/0x160 [ 605.534290][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 605.539706][ C1] ? security_socket_sendmsg+0x87/0xb0 [ 605.545237][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 605.550641][ C1] __sock_sendmsg+0x221/0x270 [ 605.555377][ C1] __sys_sendto+0x3a4/0x4f0 [ 605.559999][ C1] ? __pfx___sys_sendto+0x10/0x10 [ 605.565110][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 605.571208][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 605.577604][ C1] __x64_sys_sendto+0xde/0x100 [ 605.582472][ C1] do_syscall_64+0xf3/0x230 [ 605.587014][ C1] ? clear_bhb_loop+0x35/0x90 [ 605.591784][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 605.597738][ C1] RIP: 0033:0x7f403457796c [ 605.602262][ C1] RSP: 002b:00007ffc524cfbf0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 605.610823][ C1] RAX: ffffffffffffffda RBX: 00007f4035234620 RCX: 00007f403457796c [ 605.618880][ C1] RDX: 0000000000000028 RSI: 00007f4035234670 RDI: 0000000000000003 [ 605.626898][ C1] RBP: 0000000000000000 R08: 00007ffc524cfc44 R09: 000000000000000c [ 605.634977][ C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 605.643055][ C1] R13: 0000000000000000 R14: 00007f4035234670 R15: 0000000000000000 [ 605.651160][ C1] [ 605.654210][ C1] DEBUG: waiting rtnl_mutex for 1321 jiffies. [ 605.660355][ C1] task:kworker/u8:24 state:D stack:20016 pid:6087 tgid:6087 ppid:2 flags:0x00004000 [ 605.670632][ C1] Workqueue: ipv6_addrconf addrconf_dad_work [ 605.676685][ C1] Call Trace: [ 605.680057][ C1] [ 605.683049][ C1] __schedule+0x1800/0x4a60 [ 605.687687][ C1] ? __pfx___schedule+0x10/0x10 [ 605.692692][ C1] ? __pfx_lock_release+0x10/0x10 [ 605.697786][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 605.703520][ C1] ? kthread_data+0x52/0xd0 [ 605.708082][ C1] ? schedule+0x90/0x320 [ 605.712421][ C1] ? wq_worker_sleeping+0x66/0x240 [ 605.717584][ C1] ? schedule+0x90/0x320 [ 605.721946][ C1] schedule+0x14b/0x320 [ 605.726169][ C1] schedule_preempt_disabled+0x13/0x30 [ 605.731746][ C1] __mutex_lock+0x6a4/0xd70 [ 605.736297][ C1] ? mark_lock+0x9a/0x360 [ 605.740748][ C1] ? __mutex_lock+0x527/0xd70 [ 605.745480][ C1] ? addrconf_dad_work+0xd0/0x16f0 [ 605.750718][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 605.755806][ C1] ? get_rtnl_holder+0x144/0x190 [ 605.760852][ C1] addrconf_dad_work+0xd0/0x16f0 [ 605.765868][ C1] ? __pfx_addrconf_dad_work+0x10/0x10 [ 605.771443][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 605.777859][ C1] ? process_scheduled_works+0x945/0x1830 [ 605.783702][ C1] process_scheduled_works+0xa2c/0x1830 [ 605.789367][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 605.795415][ C1] ? assign_work+0x364/0x3d0 [ 605.800122][ C1] worker_thread+0x86d/0xd40 [ 605.804781][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 605.810787][ C1] ? __kthread_parkme+0x169/0x1d0 [ 605.815865][ C1] ? __pfx_worker_thread+0x10/0x10 [ 605.821093][ C1] kthread+0x2f0/0x390 [ 605.825208][ C1] ? __pfx_worker_thread+0x10/0x10 [ 605.830427][ C1] ? __pfx_kthread+0x10/0x10 [ 605.835092][ C1] ret_from_fork+0x4b/0x80 [ 605.839635][ C1] ? __pfx_kthread+0x10/0x10 [ 605.844276][ C1] ret_from_fork_asm+0x1a/0x30 [ 605.849240][ C1] [ 605.852294][ C1] DEBUG: waiting rtnl_mutex for 1340 jiffies. [ 605.858463][ C1] task:syz-executor state:D stack:21024 pid:12719 tgid:12719 ppid:12705 flags:0x00000000 [ 605.868724][ C1] Call Trace: [ 605.872125][ C1] [ 605.875280][ C1] __schedule+0x1800/0x4a60 [ 605.879934][ C1] ? __pfx___schedule+0x10/0x10 [ 605.884845][ C1] ? __pfx_lock_release+0x10/0x10 [ 605.890075][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 605.895607][ C1] ? schedule+0x90/0x320 [ 605.899969][ C1] schedule+0x14b/0x320 [ 605.904187][ C1] schedule_preempt_disabled+0x13/0x30 [ 605.909755][ C1] __mutex_lock+0x6a4/0xd70 [ 605.914310][ C1] ? __mutex_lock+0x527/0xd70 [ 605.919135][ C1] ? rtnetlink_rcv_msg+0x847/0x1180 [ 605.924414][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 605.929576][ C1] ? get_rtnl_holder+0x144/0x190 [ 605.934609][ C1] rtnetlink_rcv_msg+0x847/0x1180 [ 605.939782][ C1] ? rtnetlink_rcv_msg+0x208/0x1180 [ 605.945139][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 605.950705][ C1] ? is_bpf_text_address+0x285/0x2a0 [ 605.956058][ C1] ? __pfx_validate_chain+0x10/0x10 [ 605.961370][ C1] ? __pfx_validate_chain+0x10/0x10 [ 605.966635][ C1] ? arch_stack_walk+0x16d/0x1b0 [ 605.971687][ C1] ? mark_lock+0x9a/0x360 [ 605.976067][ C1] ? __pfx_validate_chain+0x10/0x10 [ 605.981392][ C1] ? __lock_acquire+0x1359/0x2000 [ 605.986503][ C1] ? mark_lock+0x9a/0x360 [ 605.991040][ C1] ? __lock_acquire+0x1359/0x2000 [ 605.996240][ C1] netlink_rcv_skb+0x1e3/0x430 [ 606.001128][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 606.006635][ C1] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 606.012089][ C1] ? netlink_deliver_tap+0x2e/0x1b0 [ 606.017333][ C1] netlink_unicast+0x7f0/0x990 [ 606.022217][ C1] ? __pfx_netlink_unicast+0x10/0x10 [ 606.027646][ C1] ? __virt_addr_valid+0x183/0x530 [ 606.032876][ C1] ? __check_object_size+0x49c/0x900 [ 606.038243][ C1] ? bpf_lsm_netlink_send+0x9/0x10 [ 606.043403][ C1] netlink_sendmsg+0x8e4/0xcb0 [ 606.048262][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 606.053602][ C1] ? aa_sock_msg_perm+0x91/0x160 [ 606.058645][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 606.064069][ C1] ? security_socket_sendmsg+0x87/0xb0 [ 606.069633][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 606.074953][ C1] __sock_sendmsg+0x221/0x270 [ 606.079743][ C1] __sys_sendto+0x3a4/0x4f0 [ 606.084587][ C1] ? __pfx___sys_sendto+0x10/0x10 [ 606.089750][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 606.095797][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 606.102257][ C1] __x64_sys_sendto+0xde/0x100 [ 606.107072][ C1] do_syscall_64+0xf3/0x230 [ 606.111695][ C1] ? clear_bhb_loop+0x35/0x90 [ 606.116438][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 606.122442][ C1] RIP: 0033:0x7fc79937796c [ 606.126893][ C1] RSP: 002b:00007ffd0b402980 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 606.135531][ C1] RAX: ffffffffffffffda RBX: 00007fc79a034620 RCX: 00007fc79937796c [ 606.143802][ C1] RDX: 0000000000000044 RSI: 00007fc79a034670 RDI: 0000000000000003 [ 606.151883][ C1] RBP: 0000000000000000 R08: 00007ffd0b4029d4 R09: 000000000000000c [ 606.159937][ C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 606.168501][ C1] R13: 0000000000000000 R14: 00007fc79a034670 R15: 0000000000000000 [ 606.176615][ C1] [ 606.179709][ C1] DEBUG: waiting rtnl_mutex for 1373 jiffies. [ 606.185882][ C1] task:syz-executor state:D stack:19728 pid:12422 tgid:12422 ppid:12416 flags:0x00004002 [ 606.196163][ C1] Call Trace: [ 606.199526][ C1] [ 606.202494][ C1] __schedule+0x1800/0x4a60 [ 606.207067][ C1] ? __pfx___schedule+0x10/0x10 [ 606.212064][ C1] ? __pfx_lock_release+0x10/0x10 [ 606.217160][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 606.222748][ C1] ? schedule+0x90/0x320 [ 606.227041][ C1] schedule+0x14b/0x320 [ 606.231404][ C1] schedule_preempt_disabled+0x13/0x30 [ 606.236925][ C1] __mutex_lock+0x6a4/0xd70 [ 606.241547][ C1] ? __mutex_lock+0x527/0xd70 [ 606.246278][ C1] ? ieee80211_register_hw+0x307a/0x3d30 [ 606.252015][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 606.257103][ C1] ? get_rtnl_holder+0x144/0x190 [ 606.262149][ C1] ieee80211_register_hw+0x307a/0x3d30 [ 606.267687][ C1] ? ieee80211_register_hw+0x1081/0x3d30 [ 606.273540][ C1] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 606.279452][ C1] ? __asan_memset+0x23/0x50 [ 606.284087][ C1] ? __hrtimer_init+0x170/0x250 [ 606.289042][ C1] mac80211_hwsim_new_radio+0x2597/0x44d0 [ 606.294840][ C1] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 606.301039][ C1] hwsim_new_radio_nl+0xe4c/0x21d0 [ 606.306226][ C1] ? __pfx___nla_validate_parse+0x10/0x10 [ 606.312075][ C1] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 606.317702][ C1] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 606.324159][ C1] genl_rcv_msg+0xb14/0xec0 [ 606.328773][ C1] ? mark_lock+0x9a/0x360 [ 606.333166][ C1] ? __pfx_genl_rcv_msg+0x10/0x10 [ 606.338303][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 606.343383][ C1] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 606.349035][ C1] ? __pfx___might_resched+0x10/0x10 [ 606.354414][ C1] netlink_rcv_skb+0x1e3/0x430 [ 606.359293][ C1] ? __pfx_genl_rcv_msg+0x10/0x10 [ 606.364367][ C1] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 606.369760][ C1] ? __netlink_deliver_tap+0x77e/0x7c0 [ 606.375275][ C1] genl_rcv+0x28/0x40 [ 606.379359][ C1] netlink_unicast+0x7f0/0x990 [ 606.384195][ C1] ? __pfx_netlink_unicast+0x10/0x10 [ 606.389589][ C1] ? __virt_addr_valid+0x183/0x530 [ 606.394760][ C1] ? __check_object_size+0x49c/0x900 [ 606.400228][ C1] ? bpf_lsm_netlink_send+0x9/0x10 [ 606.405393][ C1] netlink_sendmsg+0x8e4/0xcb0 [ 606.410275][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 606.415616][ C1] ? aa_sock_msg_perm+0x91/0x160 [ 606.420662][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 606.426004][ C1] ? security_socket_sendmsg+0x87/0xb0 [ 606.431597][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 606.436933][ C1] __sock_sendmsg+0x221/0x270 [ 606.441752][ C1] __sys_sendto+0x3a4/0x4f0 [ 606.446325][ C1] ? __pfx___sys_sendto+0x10/0x10 [ 606.451487][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 606.457522][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 606.463959][ C1] __x64_sys_sendto+0xde/0x100 [ 606.468835][ C1] do_syscall_64+0xf3/0x230 [ 606.473394][ C1] ? clear_bhb_loop+0x35/0x90 [ 606.478129][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 606.484134][ C1] RIP: 0033:0x7fe03417796c [ 606.488643][ C1] RSP: 002b:00007ffd062ba560 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 606.497111][ C1] RAX: ffffffffffffffda RBX: 00007fe034e34620 RCX: 00007fe03417796c [ 606.505158][ C1] RDX: 0000000000000024 RSI: 00007fe034e34670 RDI: 0000000000000003 [ 606.513213][ C1] RBP: 0000000000000000 R08: 00007ffd062ba5b4 R09: 000000000000000c [ 606.521268][ C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 606.529315][ C1] R13: 0000000000000000 R14: 00007fe034e34670 R15: 0000000000000000 [ 606.537352][ C1] [ 606.540465][ C1] DEBUG: holding rtnl_mutex for 1406 jiffies. [ 606.546576][ C1] task:kworker/u8:15 state:R running task stack:20240 pid:6064 tgid:6064 ppid:2 flags:0x00004000 [ 606.558447][ C1] Workqueue: netns cleanup_net [ 606.563353][ C1] Call Trace: [ 606.566672][ C1] [ 606.569713][ C1] __schedule+0x1800/0x4a60 [ 606.574307][ C1] ? __pfx___schedule+0x10/0x10 [ 606.579282][ C1] ? __pfx_lock_release+0x10/0x10 [ 606.584362][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 606.590361][ C1] ? kthread_data+0x52/0xd0 [ 606.594932][ C1] ? wq_worker_sleeping+0x66/0x240 [ 606.600166][ C1] ? schedule+0x90/0x320 [ 606.604523][ C1] schedule+0x14b/0x320 [ 606.608767][ C1] synchronize_rcu_expedited+0x684/0x830 [ 606.614493][ C1] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 606.620783][ C1] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 606.626141][ C1] ? __pfx___might_resched+0x10/0x10 [ 606.631534][ C1] ? __pfx_autoremove_wake_function+0x10/0x10 [ 606.637645][ C1] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 606.643654][ C1] unregister_netdevice_many_notify+0x1944/0x1d20 [ 606.650375][ C1] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 606.657214][ C1] ? unregister_netdevice_queue+0x26b/0x370 [ 606.663241][ C1] ? batadv_softif_destroy_netlink+0x1e0/0x270 [ 606.669521][ C1] default_device_exit_batch+0xa0f/0xa90 [ 606.675243][ C1] ? __pfx___might_resched+0x10/0x10 [ 606.680686][ C1] ? __pfx_default_device_exit_batch+0x10/0x10 [ 606.686921][ C1] ? cfg802154_pernet_exit+0xc3/0xe0 [ 606.692413][ C1] ? __pfx_default_device_exit_batch+0x10/0x10 [ 606.698687][ C1] cleanup_net+0x89d/0xcc0 [ 606.703170][ C1] ? __pfx_cleanup_net+0x10/0x10 [ 606.708161][ C1] ? process_scheduled_works+0x945/0x1830 [ 606.713986][ C1] process_scheduled_works+0xa2c/0x1830 [ 606.719741][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 606.725781][ C1] ? assign_work+0x364/0x3d0 [ 606.730473][ C1] worker_thread+0x86d/0xd40 [ 606.735126][ C1] ? __kthread_parkme+0x169/0x1d0 [ 606.740296][ C1] ? __pfx_worker_thread+0x10/0x10 [ 606.745489][ C1] kthread+0x2f0/0x390 [ 606.749674][ C1] ? __pfx_worker_thread+0x10/0x10 [ 606.754923][ C1] ? __pfx_kthread+0x10/0x10 [ 606.759621][ C1] ret_from_fork+0x4b/0x80 [ 606.764096][ C1] ? __pfx_kthread+0x10/0x10 [ 606.768797][ C1] ret_from_fork_asm+0x1a/0x30 [ 606.773629][ C1] [ 606.776682][ C1] [ 606.776682][ C1] Showing all locks held in the system: [ 606.784572][ C1] 1 lock held by kswapd0/89: [ 606.789265][ C1] 1 lock held by klogd/4536: [ 606.793900][ C1] #0: ffff888024f5f340 (mapping.invalidate_lock){++++}-{3:3}, at: filemap_fault+0xb5b/0x1760 [ 606.804330][ C1] 1 lock held by dhcpcd/4761: [ 606.809079][ C1] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: devinet_ioctl+0x2ce/0x1bc0 [ 606.818455][ C1] 2 locks held by getty/4853: [ 606.823167][ C1] #0: ffff88802aec90a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 606.833167][ C1] #1: ffffc900031232f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 606.843404][ C1] 1 lock held by syz-executor/5084: [ 606.848677][ C1] #0: ffff888011ee6948 (mapping.invalidate_lock){++++}-{3:3}, at: filemap_fault+0xb5b/0x1760 [ 606.859085][ C1] 6 locks held by kworker/u9:2/5095: [ 606.864396][ C1] #0: ffff888020d3d948 ((wq_completion)hci0){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 606.875335][ C1] #1: ffffc900036dfd00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 606.888230][ C1] #2: ffff88806ee5cd80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x1ec/0x400 [ 606.898242][ C1] #3: ffff88806ee5c078 (&hdev->lock){+.+.}-{3:3}, at: hci_abort_conn_sync+0x1ea/0xde0 [ 606.908033][ C1] #4: ffffffff8f76ede8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_failed+0x185/0x340 [ 606.917985][ C1] #5: ffffffff8e33ac38 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830 [ 606.929026][ C1] 5 locks held by kworker/u8:15/6064: [ 606.934447][ C1] 3 locks held by kworker/u8:24/6087: [ 606.939963][ C1] #0: ffff88802a34d948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 606.951787][ C1] #1: ffffc9001426fd00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 606.964748][ C1] #2: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xd0/0x16f0 [ 606.974461][ C1] 3 locks held by kworker/0:14/7066: [ 606.979846][ C1] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 606.990978][ C1] #1: ffffc90012227d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 607.002131][ C1] #2: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 607.011272][ C1] 1 lock held by syz.2.1597/11254: [ 607.016445][ C1] #0: ffff88801b2ec848 (&hugetlb_fault_mutex_table[i]){+.+.}-{3:3}, at: remove_inode_hugepages+0x38e/0x1520 [ 607.028250][ C1] 3 locks held by syz-executor/12422: [ 607.033690][ C1] #0: ffffffff8f668fb0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 607.042158][ C1] #1: ffffffff8f668e68 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x121/0xec0 [ 607.051266][ C1] #2: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: ieee80211_register_hw+0x307a/0x3d30 [ 607.061436][ C1] 2 locks held by syz.4.1836/12451: [ 607.066758][ C1] #0: ffffc90000a18c00 (net/core/rtnetlink.c:83){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 [ 607.077126][ C1] #1: ffffffff8e335860 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 607.087149][ C1] 1 lock held by syz-executor/12553: [ 607.092536][ C1] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 607.102218][ C1] 1 lock held by syz-executor/12719: [ 607.107642][ C1] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 607.117566][ C1] 2 locks held by syz.1.1895/12753: [ 607.122871][ C1] #0: ffffffff8f668fb0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 607.131225][ C1] #1: ffffffff8f668e68 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x121/0xec0 [ 607.138364][T11400] Bluetooth: hci0: command 0x0406 tx timeout [ 607.140318][ C1] 1 lock held by syz-executor/12755: [ 607.151724][ C1] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 607.161380][ C1] 1 lock held by syz-executor/12767: [ 607.166707][ C1] #0: ffff888011ee6948 (mapping.invalidate_lock){++++}-{3:3}, at: filemap_fault+0xb5b/0x1760 [ 607.177254][ C1] [ 607.179736][ C1] ============================================= [ 607.179736][ C1] [ 607.415000][T12553] veth0_macvtap: entered promiscuous mode [ 607.490224][T11400] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 607.508584][T11400] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 607.521566][T11400] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 607.531592][T11400] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 607.539609][T11400] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3 [ 607.547229][T11400] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 607.651806][T12553] veth1_macvtap: entered promiscuous mode [ 607.890473][T12173] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 607.948319][T12173] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 608.048378][ T6087] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 608.056290][ T6087] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 608.607513][T12553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 608.648250][T12553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 608.658151][T12553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 608.708263][T12553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 608.718167][T12553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 608.748252][T12553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 608.768645][T12553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 608.798732][T12553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 608.818303][T12553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 608.838600][T12553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 608.858621][T12553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 608.888246][T12553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 608.910590][T12553] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 608.927282][T12719] chnl_net:caif_netlink_parms(): no params data found [ 609.080661][T12553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 609.119016][T12553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 609.180578][T12553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 609.228279][T12553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 609.238172][T12553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 609.281245][T12553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 609.315142][T12553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 609.330871][T12553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 609.351449][T12553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 609.384813][T12553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 609.418267][T12553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 609.458525][T12553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 609.490847][T12553] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 609.537742][T12553] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 609.588391][T12553] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 609.597202][T12553] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 609.638335][T12553] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 609.690679][T11400] Bluetooth: hci8: command tx timeout [ 610.484420][T12719] bridge0: port 1(bridge_slave_0) entered blocking state [ 610.508754][T12719] bridge0: port 1(bridge_slave_0) entered disabled state [ 610.516294][T12719] bridge_slave_0: entered allmulticast mode [ 610.550378][T12719] bridge_slave_0: entered promiscuous mode [ 610.937248][ T6064] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 611.018544][T12719] bridge0: port 2(bridge_slave_1) entered blocking state [ 611.048512][T12719] bridge0: port 2(bridge_slave_1) entered disabled state [ 611.055909][T12719] bridge_slave_1: entered allmulticast mode [ 611.101688][T12719] bridge_slave_1: entered promiscuous mode [ 611.496149][ T6064] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 611.621477][ T2816] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 611.673618][T12755] chnl_net:caif_netlink_parms(): no params data found [ 611.686240][ T2816] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 611.768368][T11400] Bluetooth: hci8: command tx timeout [ 611.904491][ T6064] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 612.002212][T12719] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 612.106105][T12769] chnl_net:caif_netlink_parms(): no params data found [ 612.223710][ T6064] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 612.375269][T12719] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 612.751878][T12173] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 612.789744][T12173] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 612.949275][T12719] team0: Port device team_slave_0 added [ 613.189099][T12719] team0: Port device team_slave_1 added [ 613.838354][T11400] Bluetooth: hci8: command tx timeout [ 614.033012][T12755] bridge0: port 1(bridge_slave_0) entered blocking state [ 614.049035][T12755] bridge0: port 1(bridge_slave_0) entered disabled state [ 614.056799][T12755] bridge_slave_0: entered allmulticast mode [ 614.110079][T12755] bridge_slave_0: entered promiscuous mode [ 614.131502][T12755] bridge0: port 2(bridge_slave_1) entered blocking state [ 614.159192][T12755] bridge0: port 2(bridge_slave_1) entered disabled state [ 614.166534][T12755] bridge_slave_1: entered allmulticast mode [ 614.201180][T12755] bridge_slave_1: entered promiscuous mode [ 615.553914][ T6064] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 615.694838][T12719] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 615.718389][T12719] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 615.798726][T12719] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 615.815732][T12769] bridge0: port 1(bridge_slave_0) entered blocking state [ 615.835763][T12769] bridge0: port 1(bridge_slave_0) entered disabled state [ 615.844899][T12769] bridge_slave_0: entered allmulticast mode [ 615.876801][T12769] bridge_slave_0: entered promiscuous mode [ 615.928927][T11400] Bluetooth: hci8: command tx timeout [ 616.166899][ T6064] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 616.246967][T12719] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 616.286106][T12719] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 616.449278][T12719] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 616.503880][T12769] bridge0: port 2(bridge_slave_1) entered blocking state [ 616.531107][T12769] bridge0: port 2(bridge_slave_1) entered disabled state [ 616.549258][T12769] bridge_slave_1: entered allmulticast mode [ 616.571957][T12769] bridge_slave_1: entered promiscuous mode [ 616.721194][ T6064] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 616.881859][T12755] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 617.409081][T12826] binder: 12823:12826 ioctl 4018620d 0 returned -22 [ 617.989412][ T6064] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 618.225195][T12755] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 618.431135][T12769] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 618.601902][T12719] hsr_slave_0: entered promiscuous mode [ 618.616525][T12719] hsr_slave_1: entered promiscuous mode [ 618.923651][T12769] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 619.546796][T12755] team0: Port device team_slave_0 added [ 619.582174][T12755] team0: Port device team_slave_1 added [ 619.720925][T12769] team0: Port device team_slave_0 added [ 620.037570][T12769] team0: Port device team_slave_1 added [ 620.199018][T12755] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 620.206017][T12755] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 620.278467][T12755] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 620.748795][T12769] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 620.755927][T12769] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 620.871009][T12769] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 621.020988][T12755] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 621.265336][T12755] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 621.451931][T12755] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 621.750041][T12769] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 621.757085][T12769] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 621.875705][T12769] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 622.191771][ T6064] bridge_slave_1: left allmulticast mode [ 622.208329][ T6064] bridge_slave_1: left promiscuous mode [ 622.214278][ T6064] bridge0: port 2(bridge_slave_1) entered disabled state [ 622.721253][ T6064] bridge_slave_0: left allmulticast mode [ 622.726984][ T6064] bridge_slave_0: left promiscuous mode [ 623.008622][ T6064] bridge0: port 1(bridge_slave_0) entered disabled state [ 623.244453][ T6064] bridge_slave_1: left allmulticast mode [ 623.258464][ T6064] bridge_slave_1: left promiscuous mode [ 623.264318][ T6064] bridge0: port 2(bridge_slave_1) entered disabled state [ 623.391947][ T6064] bridge0: port 1(bridge_slave_0) entered disabled state [ 625.225196][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 625.265079][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 626.320518][ T30] INFO: task syz.2.1597:11254 blocked for more than 143 seconds. [ 626.329365][ T30] Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 626.346754][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 626.368523][ T30] task:syz.2.1597 state:D stack:24672 pid:11254 tgid:11254 ppid:10001 flags:0x00000004 [ 626.428605][ T30] Call Trace: [ 626.431981][ T30] [ 626.435131][ T30] __schedule+0x1800/0x4a60 [ 626.468541][ T30] ? __pfx___schedule+0x10/0x10 [ 626.473536][ T30] ? __pfx_lock_release+0x10/0x10 [ 626.508421][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 626.515138][ T30] ? schedule+0x90/0x320 [ 626.538294][ T30] schedule+0x14b/0x320 [ 626.559495][ T30] io_schedule+0x8d/0x110 [ 626.564040][ T30] folio_wait_bit_common+0x882/0x12b0 SYZFAIL: failed to recv rpc fd=3 want=4 sent=0 n=0 (errno 9: Bad file descriptor) [ 626.628419][ T30] ? __pfx_folio_wait_bit_common+0x10/0x10 [ 626.634362][ T30] ? __pfx_wake_page_function+0x10/0x10 [ 626.658321][ T30] remove_inode_hugepages+0x508/0x1520 [ 626.673308][ T30] ? __pfx_remove_inode_hugepages+0x10/0x10 [ 626.688463][ T30] ? do_raw_spin_lock+0x14f/0x370 [ 626.717119][ T30] ? __pfx_inode_wait_for_writeback+0x10/0x10 [ 626.738708][ T30] ? __pfx_wake_bit_function+0x10/0x10 [ 626.745873][ T30] ? do_raw_spin_unlock+0x13c/0x8b0 [ 626.758281][ T30] ? __pfx_hugetlbfs_evict_inode+0x10/0x10 [ 626.798600][ T30] hugetlbfs_evict_inode+0x23/0x70 [ 626.803830][ T30] ? __pfx_hugetlbfs_evict_inode+0x10/0x10 [ 626.818649][ T30] evict+0x2a8/0x630 [ 626.822650][ T30] __dentry_kill+0x20d/0x630 [ 626.827302][ T30] ? dput+0x37/0x2b0 [ 626.848298][ T30] dput+0x19f/0x2b0 [ 626.852218][ T30] __fput+0x5f8/0x8a0 [ 626.856269][ T30] task_work_run+0x24f/0x310 [ 626.878597][ T30] ? __pfx_task_work_run+0x10/0x10 [ 626.883833][ T30] ? syscall_exit_to_user_mode+0xa3/0x370 [ 626.918425][ T30] syscall_exit_to_user_mode+0x168/0x370 [ 626.924180][ T30] do_syscall_64+0x100/0x230 [ 626.941010][ T30] ? clear_bhb_loop+0x35/0x90 [ 626.945845][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 626.978533][ T30] RIP: 0033:0x7f076df75bd9 [ 626.983043][ T30] RSP: 002b:00007ffd5bb403e8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 626.998302][ T30] RAX: 0000000000000000 RBX: 000000000007246f RCX: 00007f076df75bd9 [ 627.006461][ T30] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 627.038279][ T30] RBP: ffffffffffffffff R08: 0000000000000001 R09: 000000045bb4070f [ 627.046347][ T30] R10: 00007f076de00000 R11: 0000000000000246 R12: 00007f076e103f6c [ 627.068318][ T30] R13: 0000000000000032 R14: 00007f076e105a60 R15: 00007f076e103f60 [ 627.088300][ T30] [ 627.118400][ T30] [ 627.118400][ T30] Showing all locks held in the system: [ 627.126212][ T30] 1 lock held by khungtaskd/30: [ 627.138295][ T30] #0: ffffffff8e335860 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 627.169694][ T30] 2 locks held by kworker/u8:6/1096: [ 627.177254][ T30] 1 lock held by dhcpcd/4761: [ 627.198254][ T30] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: devinet_ioctl+0x2ce/0x1bc0 [ 627.217740][ T30] 2 locks held by getty/4853: [ 627.238331][ T30] #0: ffff88802aec90a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 627.269882][ T30] #1: ffffc900031232f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 627.298285][ T30] 3 locks held by kworker/u8:14/6061: [ 627.303772][ T30] 5 locks held by kworker/u8:15/6064: [ 627.318525][ T30] #0: ffff888015edd948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 627.359112][ T30] #1: ffffc9001415fd00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 627.389689][ T30] #2: ffffffff8f5f2c10 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 [ 627.428347][ T30] #3: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: cleanup_net+0x6af/0xcc0 [ 627.437333][ T30] #4: ffffffff8e33ac38 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830 [ 627.489977][ T30] 2 locks held by kworker/u8:16/6067: [ 627.495442][ T30] 3 locks held by kworker/1:8/7046: [ 627.528340][ T30] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 627.548351][ T30] #1: ffffc90012ca7d00 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 627.569146][ T30] #2: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xe/0x20 [ 627.600330][ T30] 3 locks held by kworker/0:16/7460: [ 627.605701][ T30] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 627.638299][ T30] #1: ffffc90008c57d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 627.658534][ T30] #2: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 627.667747][ T30] 1 lock held by syz.2.1597/11254: [ 627.688348][ T30] #0: ffff88801b2ec848 (&hugetlb_fault_mutex_table[i]){+.+.}-{3:3}, at: remove_inode_hugepages+0x38e/0x1520 [ 627.710022][ T30] 1 lock held by syz.0.1785/12198: [ 627.715246][ T30] 1 lock held by syz-executor/12719: [ 627.738289][ T30] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 627.747941][ T30] 1 lock held by syz-executor/12755: [ 627.768361][ T30] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 627.788795][ T30] 1 lock held by syz-executor/12769: [ 627.794174][ T30] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 627.819888][ T30] 3 locks held by syz.0.1909/12872: [ 627.825176][ T30] #0: ffff888067774d80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_unregister_dev+0x203/0x510 [ 627.858291][ T30] #1: ffff888067774078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x494/0xf70 [ 627.868039][ T30] #2: ffffffff8f76ede8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xa6/0x240 [ 627.898344][ T30] 1 lock held by syz.4.1910/12871: [ 627.903543][ T30] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 627.930190][ T30] [ 627.949523][ T30] ============================================= [ 627.949523][ T30] [ 627.958099][ T30] NMI backtrace for cpu 0 [ 627.962445][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 627.972436][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 627.982581][ T30] Call Trace: [ 627.985861][ T30] [ 627.988795][ T30] dump_stack_lvl+0x241/0x360 [ 627.993516][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 627.998780][ T30] ? __pfx__printk+0x10/0x10 [ 628.003426][ T30] ? __pfx_vprintk_emit+0x10/0x10 [ 628.008584][ T30] nmi_cpu_backtrace+0x49c/0x4d0 [ 628.008612][ C1] DEBUG: holding rtnl_mutex for 603 jiffies. [ 628.013558][ T30] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 628.019578][ C1] task:kworker/u8:15 state:R [ 628.024978][ T30] ? _printk+0xd5/0x120 [ 628.029804][ C1] running task [ 628.033893][ T30] ? __pfx__printk+0x10/0x10 [ 628.033932][ T30] ? __wake_up_klogd+0x109/0x140 [ 628.037813][ C1] stack:20240 pid:6064 tgid:6064 ppid:2 flags:0x00004000 [ 628.042386][ T30] ? __pfx__printk+0x10/0x10 [ 628.042423][ T30] ? __rcu_read_unlock+0xa1/0x110 [ 628.047351][ C1] Workqueue: netns cleanup_net [ 628.055085][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 628.055121][ T30] nmi_trigger_cpumask_backtrace+0x198/0x320 [ 628.059743][ C1] [ 628.064733][ T30] watchdog+0xfee/0x1030 [ 628.069516][ C1] Call Trace: [ 628.075458][ T30] ? watchdog+0x1ea/0x1030 [ 628.081464][ C1] [ 628.083761][ T30] ? __pfx_watchdog+0x10/0x10 [ 628.087993][ C1] __schedule+0x1800/0x4a60 [ 628.091265][ T30] kthread+0x2f0/0x390 [ 628.091303][ T30] ? __pfx_watchdog+0x10/0x10 [ 628.095717][ C1] ? kasan_save_stack+0x3f/0x60 [ 628.098677][ T30] ? __pfx_kthread+0x10/0x10 [ 628.098715][ T30] ret_from_fork+0x4b/0x80 [ 628.103382][ C1] ? unregister_netdevice_many_notify+0x17d3/0x1d20 [ 628.107870][ T30] ? __pfx_kthread+0x10/0x10 [ 628.111974][ C1] ? worker_thread+0x861/0xd40 [ 628.116615][ T30] ret_from_fork_asm+0x1a/0x30 [ 628.121501][ C1] ? __pfx___schedule+0x10/0x10 [ 628.126046][ T30] [ 628.130469][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 628.138568][ T30] Sending NMI from CPU 0 to CPUs 1: [ 628.141676][ C1] ? preempt_schedule_irq+0xf0/0x1c0 [ 628.146402][ C1] NMI backtrace for cpu 1 [ 628.146421][ C1] CPU: 1 UID: 0 PID: 12198 Comm: syz.0.1785 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 628.146444][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 628.146456][ C1] RIP: 0010:lock_acquire+0x1a4/0x550 [ 628.146486][ C1] Code: 00 00 00 00 00 9c 8f 84 24 80 00 00 00 42 80 3c 2b 00 74 08 4c 89 ff e8 5a e7 8a 00 48 8d 5c 24 60 4c 8b bc 24 80 00 00 00 fa <48> c7 c7 e0 d5 ca 8b e8 10 d5 21 0a 65 ff 05 c9 22 93 7e 45 31 c9 [ 628.146503][ C1] RSP: 0018:ffffc90000a18320 EFLAGS: 00000046 [ 628.146520][ C1] RAX: 0000000000000000 RBX: ffffc90000a18380 RCX: ffffffff816f66d4 [ 628.146534][ C1] RDX: 0000000000000000 RSI: ffffffff8c207f00 RDI: ffffffff8c207ec0 [ 628.146547][ C1] RBP: ffffc90000a18468 R08: ffffffff8faf7a6f R09: 1ffffffff1f5ef4d [ 628.146562][ C1] R10: dffffc0000000000 R11: fffffbfff1f5ef4e R12: 1ffff9200014306c [ 628.146577][ C1] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000046 [ 628.146591][ C1] FS: 00007ff66a6896c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 628.146608][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 628.146622][ C1] CR2: 000055810487d043 CR3: 000000005fdd4000 CR4: 00000000003506f0 [ 628.146639][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 628.146650][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 628.146668][ C1] Call Trace: [ 628.146678][ C1] [ 628.146687][ C1] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 628.146711][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 628.146737][ C1] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 628.146760][ C1] ? nmi_handle+0x2a/0x5a0 [ 628.146787][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 628.146811][ C1] ? nmi_handle+0x14f/0x5a0 [ 628.146829][ C1] ? nmi_handle+0x2a/0x5a0 [ 628.146848][ C1] ? lock_acquire+0x1a4/0x550 [ 628.146889][ C1] ? default_do_nmi+0x63/0x160 [ 628.146913][ C1] ? exc_nmi+0x123/0x1f0 [ 628.146934][ C1] ? end_repeat_nmi+0xf/0x53 [ 628.146961][ C1] ? lock_acquire+0xd4/0x550 [ 628.146986][ C1] ? lock_acquire+0x1a4/0x550 [ 628.147010][ C1] ? lock_acquire+0x1a4/0x550 [ 628.147034][ C1] ? lock_acquire+0x1a4/0x550 [ 628.147058][ C1] [ 628.147064][ C1] [ 628.147076][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 628.147100][ C1] ? __pfx_lock_release+0x10/0x10 [ 628.147122][ C1] ? do_raw_spin_lock+0x14f/0x370 [ 628.147148][ C1] ? do_raw_spin_unlock+0x13c/0x8b0 [ 628.147173][ C1] console_flush_all+0x822/0xf50 [ 628.147191][ C1] ? console_flush_all+0x147/0xf50 [ 628.147213][ C1] ? mark_lock+0x9a/0x360 [ 628.147238][ C1] ? console_flush_all+0x147/0xf50 [ 628.147261][ C1] ? __pfx_console_flush_all+0x10/0x10 [ 628.147293][ C1] console_unlock+0x13b/0x4d0 [ 628.147314][ C1] ? __pfx_console_unlock+0x10/0x10 [ 628.147333][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 628.147361][ C1] ? do_raw_spin_unlock+0x13c/0x8b0 [ 628.147386][ C1] vprintk_emit+0x7a1/0x900 [ 628.147408][ C1] ? __pfx_vprintk_emit+0x10/0x10 [ 628.147438][ C1] _printk+0xd5/0x120 [ 628.147466][ C1] ? preempt_schedule_irq+0xf0/0x1c0 [ 628.147489][ C1] ? wq_watchdog_touch+0xe5/0x180 [ 628.147510][ C1] ? __pfx__printk+0x10/0x10 [ 628.147535][ C1] ? 0xffffffffa0003b40 [ 628.147551][ C1] ? is_bpf_text_address+0x285/0x2a0 [ 628.147578][ C1] ? is_bpf_text_address+0x26/0x2a0 [ 628.147607][ C1] ? wq_watchdog_touch+0xef/0x180 [ 628.147627][ C1] ? preempt_schedule_irq+0xf0/0x1c0 [ 628.147650][ C1] show_trace_log_lvl+0x43a/0x520 [ 628.147691][ C1] ? preempt_schedule_irq+0xfb/0x1c0 [ 628.147717][ C1] sched_show_task+0x506/0x6d0 [ 628.147738][ C1] ? report_rtnl_holders+0x29e/0x3f0 [ 628.147765][ C1] ? __pfx__printk+0x10/0x10 [ 628.147791][ C1] ? __pfx_sched_show_task+0x10/0x10 [ 628.147811][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 628.147833][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 628.147860][ C1] report_rtnl_holders+0x320/0x3f0 [ 628.147891][ C1] call_timer_fn+0x18e/0x650 [ 628.147909][ C1] ? call_timer_fn+0xc0/0x650 [ 628.147925][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 628.147950][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 628.147969][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 628.147996][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 628.148021][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 628.148046][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 628.148067][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 628.148093][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 628.148119][ C1] __run_timer_base+0x66a/0x8e0 [ 628.148153][ C1] ? __pfx___run_timer_base+0x10/0x10 [ 628.148190][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 628.148220][ C1] run_timer_softirq+0xb7/0x170 [ 628.148250][ C1] handle_softirqs+0x2c4/0x970 [ 628.148278][ C1] ? __irq_exit_rcu+0xf4/0x1c0 [ 628.148305][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 628.148331][ C1] ? irqtime_account_irq+0xd4/0x1e0 [ 628.148361][ C1] __irq_exit_rcu+0xf4/0x1c0 [ 628.148386][ C1] ? __pfx___irq_exit_rcu+0x10/0x10 [ 628.148418][ C1] irq_exit_rcu+0x9/0x30 [ 628.148440][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 628.148468][ C1] [ 628.148475][ C1] [ 628.148484][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 628.148512][ C1] RIP: 0010:lock_release+0x24/0x9f0 [ 628.148540][ C1] Code: 90 90 90 90 90 90 f3 0f 1e fa 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 e4 e0 48 81 ec 00 01 00 00 49 89 f5 48 89 7c 24 20 <65> 48 8b 04 25 28 00 00 00 48 89 84 24 e0 00 00 00 49 bf 00 00 00 [ 628.148558][ C1] RSP: 0018:ffffc9000478fa60 EFLAGS: 00000286 [ 628.148577][ C1] RAX: ffffffff82056e88 RBX: 0000000000000001 RCX: 0000000000040000 [ 628.148593][ C1] RDX: ffffc9001841a000 RSI: ffffffff82056ee7 RDI: ffffffff8e335860 [ 628.148610][ C1] RBP: ffffc9000478fb90 R08: ffffffff82056e76 R09: 1ffff11002daaa08 [ 628.148627][ C1] R10: dffffc0000000000 R11: ffffed1002daaa09 R12: ffff888016355fcc [ 628.148644][ C1] R13: ffffffff82056ee7 R14: ffff888016d55084 R15: ffff888016d55090 [ 628.148669][ C1] ? page_ext_put+0x97/0xc0 [ 628.148699][ C1] ? page_ext_put+0x26/0xc0 [ 628.148723][ C1] ? page_ext_put+0x38/0xc0 [ 628.148749][ C1] ? page_ext_put+0x97/0xc0 [ 628.148780][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 628.148808][ C1] ? __pfx_save_stack+0x10/0x10 [ 628.148833][ C1] ? free_unref_page+0xd22/0xea0 [ 628.148862][ C1] ? ringbuf_map_free+0xc2/0x120 [ 628.148886][ C1] ? map_create+0xe2d/0x1200 [ 628.148913][ C1] ? __sys_bpf+0x6d1/0x810 [ 628.148939][ C1] ? __x64_sys_bpf+0x7c/0x90 [ 628.148962][ C1] ? do_syscall_64+0xf3/0x230 [ 628.148981][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 628.149019][ C1] page_ext_put+0xa3/0xc0 [ 628.149045][ C1] __reset_page_owner+0x2bd/0x3f0 [ 628.149078][ C1] free_unref_page+0xd22/0xea0 [ 628.149115][ C1] ringbuf_map_free+0xc2/0x120 [ 628.149143][ C1] map_create+0xe2d/0x1200 [ 628.149175][ C1] ? security_bpf+0x87/0xb0 [ 628.149198][ C1] __sys_bpf+0x6d1/0x810 [ 628.149224][ C1] ? __pfx___sys_bpf+0x10/0x10 [ 628.149256][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 628.149282][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 628.149308][ C1] ? do_syscall_64+0x100/0x230 [ 628.149328][ C1] __x64_sys_bpf+0x7c/0x90 [ 628.149351][ C1] do_syscall_64+0xf3/0x230 [ 628.149368][ C1] ? clear_bhb_loop+0x35/0x90 [ 628.149393][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 628.149416][ C1] RIP: 0033:0x7ff669975bd9 [ 628.149437][ C1] Code: Unable to access opcode bytes at 0x7ff669975baf. [ 628.149446][ C1] RSP: 002b:00007ff66a689048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 628.149466][ C1] RAX: ffffffffffffffda RBX: 00007ff669b03f60 RCX: 00007ff669975bd9 [ 628.149480][ C1] RDX: 0000000000000048 RSI: 0000000020000180 RDI: 0000000000000000 [ 628.149492][ C1] RBP: 00007ff6699e4e60 R08: 0000000000000000 R09: 0000000000000000 [ 628.149505][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 628.149517][ C1] R13: 000000000000000b R14: 00007ff669b03f60 R15: 00007ffda5541658 [ 628.149540][ C1] [ 628.388402][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 628.388427][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 628.388458][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 628.388475][ T30] Call Trace: [ 628.388487][ T30] [ 628.388500][ T30] dump_stack_lvl+0x241/0x360 [ 628.388549][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 628.388587][ T30] ? __pfx__printk+0x10/0x10 [ 628.388620][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 628.388661][ T30] ? vscnprintf+0x5d/0x90 [ 628.388691][ T30] panic+0x349/0x870 [ 628.388728][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 628.388759][ T30] ? __pfx_panic+0x10/0x10 [ 628.388792][ T30] ? tick_nohz_tick_stopped+0x82/0xb0 [ 628.388822][ T30] ? __irq_work_queue_local+0x137/0x410 [ 628.388859][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 628.388887][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 628.388915][ T30] ? nmi_trigger_cpumask_backtrace+0x2d4/0x320 [ 628.388947][ T30] ? nmi_trigger_cpumask_backtrace+0x2d9/0x320 [ 628.388980][ T30] watchdog+0x102d/0x1030 [ 628.389018][ T30] ? watchdog+0x1ea/0x1030 [ 628.389057][ T30] ? __pfx_watchdog+0x10/0x10 [ 628.389088][ T30] kthread+0x2f0/0x390 [ 629.087793][ T30] ? __pfx_watchdog+0x10/0x10 [ 629.092506][ T30] ? __pfx_kthread+0x10/0x10 [ 629.097120][ T30] ret_from_fork+0x4b/0x80 [ 629.101644][ T30] ? __pfx_kthread+0x10/0x10 [ 629.106257][ T30] ret_from_fork_asm+0x1a/0x30 [ 629.111053][ T30] [ 629.114438][ T30] Kernel Offset: disabled [ 629.118779][ T30] Rebooting in 86400 seconds..