last executing test programs: 26.154853888s ago: executing program 3: syz_init_net_socket$ax25(0x3, 0x5, 0x0) getsockopt$ax25_int(0xffffffffffffffff, 0x101, 0x0, 0x0, 0xffffffffffffffff) 25.695588592s ago: executing program 3: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x18, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000440)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r0}, 0x10) r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x90) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x0, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r2}, 0x10) r4 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r3}, 0x8) close(r4) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r1, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) bpf$LINK_DETACH(0x22, 0x0, 0x0) 25.467888023s ago: executing program 3: r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x77359400}, {0x0, 0x989680}}, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0x541b, &(0x7f0000000000)) r2 = openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder-control\x00', 0x0, 0x0) ioctl$sock_inet_SIOCDELRT(r2, 0x5450, 0x0) 25.283343528s ago: executing program 3: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1, 0x0, 0x0, 0x4000}, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="180000000114"], 0x18}}, 0x0) 25.179164475s ago: executing program 3: r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x77359400}, {0x0, 0x989680}}, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) write$binfmt_script(r2, &(0x7f0000000340), 0xffffff46) dup3(r2, r1, 0x0) sendmsg$netlink(r1, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000380)=ANY=[], 0x10}], 0x1}, 0x0) close(r1) socket$inet_udp(0x2, 0x2, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000001300)={&(0x7f0000000100)=@in6={0xa, 0x0, 0x0, @local}, 0x80, 0x0}, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x2, 0x4e24, @multicast2}, 0x10) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) rt_sigreturn() mknod(&(0x7f0000000040)='./file0\x00', 0x1000, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) timer_create(0x0, &(0x7f0000000000), 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) 24.974770638s ago: executing program 3: mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB]) chdir(&(0x7f0000000140)='./file0\x00') r0 = open(&(0x7f00000004c0)='./bus\x00', 0x143042, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000500), 0x0) r2 = dup(r1) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000240)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) ftruncate(r0, 0x4) 11.719844843s ago: executing program 0: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)}], 0x1, 0x0, 0x0, 0x4000}, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="180000000114"], 0x18}}, 0x0) 11.500417049s ago: executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000000)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000002c0)=0x3) syz_open_dev$radio(0x0, 0xffffffffffffffff, 0x2) io_uring_setup(0x669, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r3) bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r3, 0x0) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) sendto$inet(r4, &(0x7f0000000200)="cb", 0xb600, 0x0, 0x0, 0x0) 10.730789688s ago: executing program 0: socket$inet6(0xa, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SG_BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000400)={'\x00', 0x0, 0x3, 0x0, 0x0, 0x0, r0}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x8, &(0x7f00000026c0)=ANY=[], &(0x7f0000000100)='GPL\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) landlock_create_ruleset(&(0x7f00000000c0), 0x10, 0x0) fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) syz_emit_vhci(&(0x7f00000004c0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x0, 0x41}, @l2cap_cid_signaling={{0x3d}, [@l2cap_move_chan_req={{0xe, 0x1, 0x3}, {0x6, 0x1f}}, @l2cap_conn_req={{0x2, 0x9, 0x4}, {0x9, 0x9}}, @l2cap_move_chan_cfm={{0x10, 0x1, 0x4}, {0x0, 0xc}}, @l2cap_disconn_req={{0x6, 0x2, 0x4}, {0x1, 0xff8e}}, @l2cap_disconn_rsp={{0x7, 0x11, 0x4}, {0x75, 0xb0ff}}, @l2cap_move_chan_req={{0xe, 0x3f, 0x3}}, @l2cap_move_chan_req={{0xe, 0x9, 0x3}, {0x7, 0xa3}}, @l2cap_move_chan_rsp={{0xf, 0x8, 0x4}, {0x200, 0x1f}}]}}, 0x46) ioctl$sock_SIOCSIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8983, 0x0) read(0xffffffffffffffff, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x28402, 0x0) write$binfmt_script(r4, &(0x7f00000000c0)={'#! ', './file0', [{0x20, '/dev/cachefiles\x00'}]}, 0x1c) r5 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_GET(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="20000000041401000000000000000000080001"], 0x20}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002b00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a94240000060a090400000000000000000200000068240480d41101800e000100696d6d656469617465000000c0110280bc1102807a000100ba0a73248f398d30de8f8dd4edad53776f1851a7951df649cb043b10ec78de839731b0f3db77a8c699076c9d277fba4a01b0ec195d0c00164244fd08d8bbf375030e53131bb8716dd4438df262eff60b323e1e6dca364435556c6a0f6f59c18cfcd9011d75dfa12b71fd87a2e76053d72cf0e88d261c00004500010078e4904e01a8147ff9eeac09fdd60ee0b0b91687e8e4192b531908ebf700d7386bc9ec90e1ad1a762345a816a619f629b254fc6c8d9215ee674c671259569d85e200000028000280080003400000b3de0900020073797a320000000008000340000000040800034000000002ea000100b17ee7a0cbc4c9011ae09afc568fc57e2fe3240a33ddeaf7053015ae6128deb5c3095845d3c265311b39de4d0235cb6f75661bc9dbd21b6e924f1862cbf5ed18df51f2726aac79201d8fd5d46b43b57866bebf574ce990a21e6410ff042dee6e691eca6c0cb7efed30a0fb5d5efda0baf787ad32c608afd45501bd71607f63c3b2ef1c1cdff4abe8ba03ef0e5733725e3f2b44372c3fcfd99c58cff053929f9b13c8a83932d643e9c559136ab809343420d51ecf356fbf163b14c3146620d28acc36d78691036928d2909045438b850f2bc71ccced673dbe15f75cedf27180100594f73e576700001000010006f66da7836b401be975d6ef4c00028008000180fffffffd08000180ffffffff0900020073797a310000000008000180ffffffff0900020073797a3100000000080001800000000008000180fffffffc0800018000000000830f01000aac25f79d756bec0245a86fd66e5c4f8dda73e3e6fd83c8625335b8feee21c9337bdc231dd2fdf39ed4f1da42e5d9361b13a1d4e636fca5366d4a767e3e8fb95d25a180579bef082a0e88ff1d0eb3a008353c00acfffc47ed1630ef66d3433a974a47f74047719b5de3b58195a64506c6a7fd0c881e1ac57d792762f6c11cae1fedaa4f6141ad114bb64d812661f827bf13b720d270b4b8639cbb70155e2c70304be756eac812cd6acea32a9697ed791169ab8137863ca9624972c05a3764195a910cbb7e062e91594ce167d34eecc9323a926299d3dbc4bfe8072cf5e2685962cac7998edb8f8e92c6036350a71c209f539348727af385c333d079aa1ae46df63b01e3c8133e0939d8cdf37ed15e54d193c8b1daead7dee12ba18e215456fd1b51a374fdc6987f1ff119b4e7e2132bfd1065d3294de8ab55c6b2a79e4c3e1f09de7902f01f1449a86b39b9ece55a589430411012a7b351d420fca0df6f00260ab5af5d1d3cd5d0b330cca85624939a8681daea15a457709f8ad224ebb471b1127d96ea3d281977237b19e25a7e6f4e74279c7ea462ff1e72cb191133157d14c310970e1ab040a3639d6f1bc0f343980321fc6d3e3d5e3f27abe7ad9446909aa6616b7da7e02f55344eca5122f693c943f7791f6b330925725a36a3ba342a6421074b6d1757bdfe3447ca0886ae85387d8003471368e49f5a7807822e8e1b05048cbaa177fc165a00566c11f06c3f7662384cafaf52b5eeaa7fe7c68933490c3a03f167cb3b7058c128472161b6e93b50f9433ff18c9d6b73ee628d51beee882a4e249190e34b0d8a3d0e26fec27e25a6dde6443790af4a6505b928de867e94b5977c8fd30f3cbf8d007e98955ba0043724e9e8cb9777edc71563a5f8bd1298f64591651509c4ea8cc5b4527c2139cd4fe56df29821e937cc7416a7f41a936b292dfbca3720e7b6864a43b36b9fd71d4dd9408674eef37a3baee5675c0764def5e7d67e02e5836505cea9f436b26056172089ce7368fcde7421f919b264a3a514f945fb45cc2c30e4861256752ae9e3c7bdc3bb8276842e2e802e3de7126453a24b242eddab565db0c42488bab4cac5674dfe7afbae6130b592622790f79bd0cfaf1ab382fd3f7e20e41149605d0e0dcc220b1e5cada4c9bb8befe1b03d4677cd17fda68f98a9be0bc782ab00ccb2744b5d1e9e3caac7b803c53ff2ef1100885e7fabd9c309ee031cf9ce6b02c95d5c75e1390bb0286539dadfa4f3955cf42023283d9ed0adaba3ead87a37cf45a5beeebdf738036147e4f46b3f87439c368276bb1e27df7d7c42ccfdb527ba9bcde440492a9baaa6200dc03bf9a0d1a774a8d17ea6e9dc99818d01bc89cf7c005fd57e80bafa6ab7563578836494315fccd77993396c28f1d74a529cbe78bd1564c217df13562e5b4a40379845b2314b8bacf35eccde6bc319e8cb9e9cef1335e7c5749fb8626c3cea7d099772b8ce4b4e7126d3caa55a2b04957f7fe3851e23c0dec748ce85e78b22b2d95787cc7e8bc12f15179023761aacd911859376903575c4f8d15e100f733703361249b0391cd1b60006ff969a5305c70f70d7305e2e8762c1aa2e5a2c78f7988203c0589e4bd697606648044721802761220005aa7e98441a66682f2a6d181e914d66ccf5bdcecf0c124e881c4e6ed22102923d49c1c1dc605c0056b78ec8e148862594ad3930837bbdd9fdaae665ae0e3fd48ffc71abacccba667180548749a26462818c8f99561a0fe5cf042ea1e3fa2cd6e1b56b2c1cbde786d18e1228a4bf6944b39251818def12aa4a761612d18b7a4bb0520869d88634e540cc5f3e5497b005f8f67714dcac4b1dbb48f0a1f04bb28ba86b2fa16691b0a13e0e570979b7789996eac1c8d5d70c44145213bb0638ebaefdf7676e89edd9d31299fa48da593fa586c55289170f1cff3cbb65d0e8c85b9a046404e13904ff80fa45fb83bb5972976727f9ff5711db5eb0576cf7187c944d20b5ac59a2ba6c85a5b1ebeb3cb25104b043f0f6655b170cf7c7d32b23e514f86798a731192c2bb08a33e307729760f5814f4a4a1f5b0b36c35fa591e5da16f1285d0a96a564b4c88a25101f408db23269ecf092ced40a59371e2bf772211d9b31c7314e87131248e9304c13964e39b4197eebeda2d7db0e654f0a54f5a27490ff4f5f36c1d719ae55f19723d20d851b1d58c7b13a562c1dc2da4eec4011207f82f9564d925c664687729e251a74b046bd0737071afacb1cca2fe6a25c1676f056ab4e83e0b5ea6372709d54f29f7d9ddf48821462e8b9b73fd6b3e31479f62eb9bbac17fdb7c87f6c79a6e3da7f3b13694fb376080dcfa4db264991023a3df8b68ae7d7c79fe061453b791ed0700460cbac77feaf81dc6fba4a8ffbc05dc4fcc146c794e6b8b4ee36b9281c6affd762352fc432836a5e321f2cc24bdd38ab17e26f9053b0d7ad0cca8a65623c573d14e99a6e8f7433a2f60cadb90faba63781638db8dce88434ac353c3983a5374a89bf88e991ef95015b9a629a64389f1e3499e077fedb40c84effd731c5f318ec9c7bc8083d387fe2b17eb117593b57453212e114188f04737df5bd9e9e1661978fa573a10c1292ac67a242354bb6148220464b92fc283454c402809daadc588a61c65a2982a82ddc73f36035da88826fdf6dea2ef0e8b15b9a96cdfa839e15077ac47eee2531cf88c449d483c75c1b962f8c0be37f98f01a07b8af0db33330c3497ad3d3e27853bdafd3e3f4b358f78056bb1e0158331a00ca498d5c29f608381e3b66cc8ce670d0c40b36f6e3823be7a0bdd034293665a46231a027074661f305897ad6b74daf2ebfe7283abdce336fbaa936bb243cced65c6391536afb96e2ead3673efbcddeea90c342340157d15b309db8ef823821af2d864aedce483f11b6958e61c74826602459359b916b85fdc7b36cf06648ce244766473b3c695b98d2e4444b010821d247884ef5bcc90dd4b9ad41a5693e6019c079eb2b6697caaad05afa6411e816d72b9f10e5edb5314d2dd6565a78e2deeeb38ca1b52771ac557c64890887b799ecb2c7b48fd4d18b55189b4401e77c7e62e52a8f5cf66682350be0d3c8ebb79f0b14d3d5793d99d58dd9bf6b2a7f31fc33739a37566551acea1fd459fe4ada477de98300cc33dcd91db2146a208838fe6d878c8aa36f8a651567dbd13983dcad6db132d67c4d51d8632e428130619f2476ce9f496d7536ec04dfbf0902689b193d90a6f38c13c8bf92a3309afc25b382cd204aeb5e9f012f34916061eb73ed9753cf5a4996cb06f357f42526e1119ff6322aaebf98d7e8a899e76121fc659aebc530f41f56e7e3a1dcfb609c2134863ccd0884c1d29af41397934297d294ff3fbbb422144f6305b5fe43b0d1f84051b064d603d1d6d805a1e4a309e29492f7c5906d64a4faf07eb6de675e79a1978b2a17e16f6652a536691bfb8c3d51137929e5042760da130be8a27b5673cff0200b640d94707f569624375333e8eed2ac0d6f26d3cf11dfe7c08c580a0349e7fc35e214b67e846a48e354e23102905158c1c2b75c1052008a2195a273bf51d273f7b426613f89af7e1421de021664a8b45cd44ab294fcc66db743c0fec16135829ce3861d031c821c01dece0afd27e2958346d85740cfe0dae9cff161948b22d891f985708150dc2cfaf9e06efcdd2fc1cdb51a53e87c660b5863431d1d463833704829c2478a517ec58baf629f97ef1370cd914ab8c22a6c4f44354c31190bb5ae6d42fe10e298a3176b94d212994166b1d5be0c9e63415d036c8135e645dd611c0cf7b4a0e0644b1689c3acaa7aa9b85e729f3065231cb30a23c83c31a68f7493e95fef52c772ddb5b9fd76bb84b806f737041d7a5d3588e3510ea98e61d0b09ac1fcc889f6828b3c3cf0e1128a0180e9e7aac8465256f69efcf02632ea0cd0baa6ed47b806b882bf2c75753baa08727e0c88fbdb7d22850beee04a2c9596a4e7cf6e8109f94e7357d71819fc0c3c7c00856787ea37f95c39b3f3392a865fe1030bd363fab05946f050abc39b1768cf46432c5beccea2b590293b629f5d7d53379c5563c15eb3531038224c1f85e1527100ee1c4f5b53111169bc4a5ec44b71e090177ca857c459a0e0a49738a407a2097ec78b95dbe98cfa0b91bab424383798dc837ea4764beaf7eacaa3314bdfc8274d01170a88c4052811ea5fcede00e68566f661020017304b9e655f0ec5a6ce2f470c743fb6cd27dcf96acf6ffbd5686bce3ad6f35362d756ac46ec3e215996400726a0c37975396aa49b6983a9152b98cb57101bec88bf1199882d78456436b6bfce4e22cc11a1253b83e8452ccb13d68ba1f87b311346bc5e22c938ff41a4140ea33d93e8e10effafe21c63e308725f143ce50c5480ddb11be4f6ca7cde21a3ba67e3b5fb3a7bdb93c36a146d8a5f846ca46ce49b4cb7d66e2b51c74711d928814fea6087cc6b97d036e4ae55087e36f81ef239d17754f0e074ba71415acfb8b9e8574c8932ad28914238225a7d989c8eee48dc7107e485db7a8d98e3e506edb32f6cfa0b82a44d3a07e8e96a7f4f10500f49a15c068a91d87489f7bdf1700100b0af242d6c667481ea96791a7b553c72461c56d859e49370cc7c68b162873e29dad93934b06640d8e12c321b8276a337bbc78127c58bc32d5145e42d62739d38fbbc3338a092e3dad6bad408b9f71f15af201594a9c75a22b23e6cfd32c24bdaa91b56b0baf797ca08b02b09afdc6610d62c3416741e4bf091f4a66464f25909dd8238624b1edaa14216e0d64c99c7900120ea6e7dfaa85109ff151cdf096b0c677fe9072058a5b7b958e65eecf9a9960358e3aefb2343b0e933f0ebd208039e800829332eb007e3199e40d1225dda8c1ce307a6cf23fdd355dd508a29c3dcc8e9da177f27970dc13e19eb15371da34216f0cbae5f92dc7087276ecbbcf150ff6d5ea4f46e17f34d23d34e422fd201cb935907e8860c471918223b80bd84d303fedbf7406453f0252b80a1a1e8fb63c2a77f50841ea8500a7c137811e3aac3a44ec64f452dee9dad8d1f23e414e8da9499febc4a68ec304839e57f7ad7e93f2c89efd6e2bc86c1c4f1213a42669e9185b19c6eb88711a3deb746d1849ff0e38db09aa6a950dfc2e65a149ebc90fdbdb11af86fc1225cb863ceba5c440c025996df23ecfc10a3352b3a4f2be030b6950c04e2b1fd4dddb6c780f157280200084dd49641c4bcfbd325cc4d17f95d311d40838c5da910e0ccebd9e31b1ef2c6184170d2de4221abb7c13e694bdaeaad2f8134ce756436fd0639130661fdef5f9ef22c7678971af7621254367d774af3e96ef2a6301c495ef767089515a911e88cea23e0e23a95af9e89513a7db9195912c24bda4dff24ea2f6ab2c36386a7d6ae932ea28ad2286ce358f3667df860f4fbd3eef02356cfbec7123784dd1555c7ff8a44be2b28b1dd6d1bdfb3fffbcf135c8649e0c730c74ff78d415ad29dc9a4c76c5fead11f1ec7e9840bea6254fa42289f5432c16b35130d142b3e4201302d35b96e4d300f5405368e1da3c2163c2c1808b6f4b896c46bc6e76900100001800b0001007470726f78790000fc0001800b0001007461726765740000ec0002803e000300e9b0f3683193e5916dc30ceae586c70ce8579392e34ca6b135f9f6853e1a34bc7fa2165a6141202c84b774220ee2fbbb982d676febaf6ff0c76f00000800024000000e309e000300334f2356e90ac2cfb72a9899fc854d70739d1d99007c59a1f88dd6741c862fb809a4e9b3fc340142db96131b7d97c46006493099f7e8f6c2791fb2fd95a6ee467ab92f4279a86855f2327d1005814d50c85efec7691150363e4e5751ff72f4370fec34b6e17962be79b31b237373a434b1e822674effe6ca398cd5e16f8e8273995d3e7f809d8e15f6d4c5ea3f993c1bf4216759fe1f2de47bab0000100001800a0001006c696d6974000000280001800a00010071756f74610000001800028008000240000000020c0001400000000010000180090001007866726d000000f96c7845463d409e053b8f2c94001c0001800b000100736f636b657400000c0002800800014000000000140001800e000100627974656f726465720000000c0001800700010063740000001101800a00010072616e6765000000f0100280c0100380041001009ec413147112dc41b258c4a0612cacb532e3671ccf4a689d2bdc20884af43b8be811a2ba1984bcba6070af62d6a32342d1163c0f6af38b753af3811a072af6e41bbcc65a5ede5c4bd83272b78a190d1f10091c321ce0abf026d05fdf5fd3e642b8e85bf49ce74cd92a36bc9751d1e47d8dd5c0a73ed4af891f1455398f3fbc08aa725bd61615e2dd61050e447976a1a9836d265dfcb9d8329260f0e588565f704dc889145e77c24c58cabe3c9601e9c17c7e3276315de53237c4691d0ee1f979e5cfe3c6eae985635044398e01c58f24d777c321a6c6be0d0dedab0c44906360e79d39154727ff4f650c2e62c3694c1b6809ba0bca80e61d4cd0b17b7953349588446ceedf475730178fc3b664e3a3ec4255393622540e98dae0bf338c109b9c7da1b5cdb45345ae9ce9c397eeee6b2ae6bbd23ced69a712a36b327e19013bbd3e5664ad8308112475b64c231295016a01a2ec7e6302c70f480c34b493202d289ca7cd7c38651145e80fc622587f85e3d85ed7a16e56178e52d39e118a844ef5820e2211709cd376f231658c77de970d071c6792e6034a99beda67cdbe2c91c41df7115b0ee5db3f819246ba1e142b40e0dc4bfdaebcb541cdf559d3326bc6d30116ba4d6b53c43f3056f24e98ba4ea1d7fb24a5229c6635b8fdbb9159148d1f9675e382958b6185084f2af0474022ce42aeb56bb644007b7d382c147226187a0ccd34cf8bc5b0bf12c11167ee3fda6ff65cc7b4af9b1ba547aaf426eb1423e803f578611c94bdb12a21a05545029333f927697b9ac9cfa1e8967b98fe78e9b1d807a0cc5cfecd20308c00390cfd558633a7f791d1f7a0fed1d1b9efa5d253a02e15b65d9140447a680cad95e13fd65f0b03c39cc6a0033c2108971016940b6df47a18f1262a1077fe013575b4aec71f0bbf1e8d05fb120d6a744b6cb66ec2b3c9ce76c570434e22cc3092f2e7cb4ba1ce39292d3cb9d60210e171a68d0457e4293cd0e8e4fa95df78898daba517e854a8c2bdf8211bdce453868f828e54c2f91433d23bba0579c73ac6413407fabd118cbcd2e03b6ebef4e6f834b247a7b17097cbc314e3789158463b75c315010000800000000071f7e7847bde2049e7b8c03fda22b19e35ff6ce98039f6ec7a38fb60c7171e27daa2cb9fd52de4e6a8637ad1323db0a2991935ae17f93e014b9451bb93136b4c421b1af0e207798d4092decaa096d6d82927b88e95881dd248be95f5674cd8b29fd81e5a27403aa67ddc5301c0d178f00c4f9f26e49f85ff81bef129c7b7065ace3cb4e231804e77f06b0576706ca295162087c4b7975e02b8d8c455b54cdac83853962f00e5251314f3e8499bb662934dfebe12d603ca2513e82f4300dd3e3efb88e8b2179b172ff30d6b63cbd32e95f491cf15b81207602562ca157bc5b83e059f38a2a294ff6199bfda089e18e0c517ae3f862cb353c772e7914ce2c871d098ba5e4e9f0fa82edc2fe9acb48bb0b9f0b0283d77ca76da988990bc647f454e046ab769a511930b799acf704349ada98860aa1bcac674250877a529869ef3f5a215966eda2b6b641ac6a01eef629e30fd022ddb0249f5b967b0883a91544572f4ce6f6283bb7431f631c28b6ec8686d7050023ffb7d863d39b0d57b6a3c6b41c0ae3736a17d9efee83397f9c993140428ee6d40e36a8c4ccc779ead6d013d993614f2587ea63d30555807da0b13dd1a0cb2bba3dd96c665e973feec0d387d03968a20c7a9e7195e3181ddaa5bf104694e7287eae78c50c5f613192a8159d82aa702fc436125c97523d92b988b4036fb8c276b6834947bcaac3b8e1431cb549a9c1abe21f8d341571e5711cd1dcbac6b657832e8db4bb4c01631d8ab69adadcb95d504afcdf959cb9d919ec38e9f3a4ac8cca57dabda198dc88a278b4223851b677d46a3507d0d1bd6790e70ec9a816c86fb5bd2e49e40c74cb0bfde63558e0f28e486a9ba2292dd7228ef635c43f37a7161b8f09b79a8ee6af19189a28cf0420f3bf0d86ddf632fa0b38108b81adf055bf55c4e2fe07fe99239ee2a0c34e0562042df4f475cf7cddeaa413f4344da66c1eea288e19b7986efea4e6f26e4c57df22b0ce2e4173c43413d75bfbd8528895236b104662fe69b1d23aaa562624cd2a60255b86a36034130fc89899724efee4a2fc7b3dbbf27824ee72ee1e565096e4f23576c4e59a78fbe958429ca945ea2995a2c9524c2f555404e9a12ab5c09a7f34d2b4984f37aa8cd8294a47e9743a25d65eabdc1d5597f2d67a6198947dd3fea006e4712aa3bb24da392c5a423e99dcaa7037356a344800368c6f1395d6a1a26e54afbe18ccc1df6355c7469130f7fc05122fd7431fd2a6702e453e2a292f7e528cb5e022e8521893961d5d34f3679a3b956ba9ee1056ca646dd08a7ab0f821af164377a9b4599b03258de8cab65dd584d1ee2993d165f7d67e5d39389b6ce353051254355cd6fb8b275bc388e5135cdf56a075f6b5576f417b9dffc29c7e8378a6c5281052dcfceb41c7438766774c113423922f783d0b8cfa9f78ad5bd25033d88455a19ef7dda56c239f4c28016200ac7340215bf9103bc8192624797f52cb921d67c3e212ad61ef9f503afc5581a7b3713d6d4b871bce6ad16fd57c1eba559a94ce28b4b7c5859003259c0436a675569a3dc8e75e8eddbb8c491f8be85b788c8fb4698fb63d71436e3bde5c9d09359cd2546964ce34ecfe1c62117dfa554c400f0f6cdfc9bbb05c673f31cec5ac48aa676381bbc4eacb0c5a4f8586b9ef6e95ca637abfddce5b5b7c9a32918967d76c348d5bb62914a6f11bb341aba8ec1dff7d9052c1a88886dca421686032830ee21ec9feb4438604a3b184928d16070becdd7e7c39af62a762071fadb2e22de94d99c3300efbf09bdde29a918cd87b7a0638a961ac5627bfa0eed3b643b7f13a6c569e1d3a0de6729c6e81dba4072412dedac4c3f5900ce787c3e188ad1ea2bddbe880563d93e4e81c35b584f826b5b7033a24ada15e96d4670443aec460c1a6c0d840b0a0d9964863ae598632e928dbec1b8fd841d337d72058259f09b57e0e41dedbe3fed3bb27127e23fc68dbd1dbfa35219c13f1a65e373605e64b93c0a3e81c1c5504d2a03621e4fbad05cd65b33d2b92174cd0af23f7669c7e1f53545f95cb3497b2b0145aba6f0270d443e7bc872a5d4a2d859c7a6e47bcf43997bdfe4dd6b0a0256828a6dc1ade4a97ee850fb4c231b250dcd71c11f0f687fa1741ac7786cb9ed2f403c077ec71d0a5d491442cc5337789a9ff2619b6ad50ef625d5d683fcc7ac7a42ca60cda276f13371b064cc09beaf425890dde6ff776ef00e68ac354d17a1b54d1887587868df73087597303f8e3232a8f26bf5fbd2bfc4437f9ea9559acdaaceb9173dfa19f811494aa2b2679efb87e8f027c02fa818794f9c55f3c4cdbc1521f0ff0467c9f1e5c81101ba9a2bdf69c35aab672b92051fa73855d37a26d233fb0113f970b7204f5e96b38b644d10cda58403947810fd3ac32cc5d6ae47975dbbe6aa0407628567adbe0ef5a24b45df02167b8e63d6f0ddd79849edb93c21852729a96d0592aee8ee3fdfd4d439079e128751e0b4cad1034373f771853ed773b97e36661768d31e985e776daf17b7c915f6f4d121f035a0dbbfd88ba10e9a0ae50f031dcf85909cb805ccaf8828e23402b094a2e4297a1a645fd1516bf502e7a3a2ccf52f2749cf60cc36841c10b198e0c438f952549602529d4e3363407df23c65d0949e149f467be4e2293f705f3026c8c804785f557725ef0f0b943b3edaef11b610dde9e88bbb7d89013f0426bce49a6c3e1cf29adb10a6cf8abffd041db8451d07bf7b14707b186bf81d543cbba0417157335dfd2d69caa338966e5aaa322bbee92ddb3f90c882ee7dd33365cadb2deb2c5df8fddd4792dcfbb4e2388191743d5dce2a63adfb973c9b077b7b3ceb0a9c09cb694bebf22cc0a19a248672a175a6a19a8526a85f7645b093fa0ce265f9f4a02df95e096392ba2ab72b43b80ec09de4f92f35741ba3327d6043e7f3d18cf37fed131f0b7c9ce238ba8b7f64bf6f7142868da8636b5facf46c9103d05965c2dc5eafc9bee92844a23e0a40f2d4e743ff175cb1e0179569a26bdcdb1ce49e013b6aad0bc51c5167def0ebeaa1fa86956a7a6a93c7288abb19ca437e976bccf8b5874cdaf6f367b2d618e1ba74d56cf2e5a6fc66a350a8d60f18f230ad10233b19d97e3f57ef1ac1c092ebff0a75b77e6c712c6e46770c7d0bd692f6429a59ebee9145558e2c1d75b34a8f4886bbda3253f64eddc5ee494c7727944cfcdb3ddb68f0d34a0be5516ab6c2d9ae763dfe030dc0ebb9a981a6b824eeabf12cb6a50a1fb198bfead4244cf3f82a57c7c80ffdfc0eb3610bc8ef72885d75fd0b46cf8a4f00bae90d0d0d6591ebb981c90e1d7bf9f8119bfb0d4a5b71b672c12992ec1050260c5791ebd662d132334404bc4e8fcbda4431cd621c6196f4b9f6d355e8c8b965f04dfc8d9fef200ab105e6c02ce8bbd1c0fa4ac3cae801ef07d220ed528e297a94f584f727f9db270ecd2b213a38c227ddd11c3bc229eccfe7c9799a380d6644393cffb8419fdc3a5096e46d12e0b7d92d78c5ba3cd2430031f11b25d23dbcf7ccc7a4933687181146156ce5545069c9d87ad0100cb61eb5b7714c2d2027184f45912aee6bbed40c752cb10441f8449ae30444c6235049870bfe944eb8af56376abe19237424de4e9348552357758e37faf028876cc3a11f265df532f5b43c5af40090a99ea56e3c40ae7e9dba0ce81e2b1e9709a44900986735beb418b984c5625c86ee3a0bfd0bdaf9f4ca0793b1eaab32fff0621b13642c3f2769b64330f9d4a23b31f4d78b4e20fdaee21585adb29425c21831d26d804e98f9b84d1f67a8e4df05c65fac21bb7a8637df5dc4d1af073c58ef56d4ee48b8119d8486fd1420d7a78f066307cb2ad927bc4e827b0d7ea0eb1c164daa4147162bb3c80b141b2287393de10ca3b033ec1c9215ac68a837615f8fcc1ef1a0e255c4add7b24c05f016b271c478bf8d369772e5219a130cbe4cab357a9642cdedfea5d9c2277c111d19225c33e0e411db730a090a06361bc863d805902ff12fb5e0898bf07c4363207d507f55a5e276ecae6fe4b00d280732a9d2c57ff3eb1c95d08caa59da9575d8f176297c5a0effc37115abfbb31cc645b11b060794f22febb7cc25aa7011b262836b1dd414ae0e0b8f8307ef79b34032ac35ae04a47c35014b2b437e6c6586689ba133cf7ec3be260217a7163346187844e0ec4f22d063947ca41824efadeadd0799282e522806218dbcceec1452d75952a509ac67f9fb8520ad7ca4173be0fdcb9d79bc056eb5f34dfcecdfb1c6e5db1cd2fc08ca0d93b8060c09e5a4d5e23d2ce656b6c6fa19afb080e5e80f7573e3c232ed34ee658e7500110c1d2e015746fb4b64761a727d1d83e213eba2df563f96dedd980523e542cc8e30dc48c22de790076c3b17470375cb4d6edf40e60d3b9b4e608b0cc3982e5dfb9d05d725774dc4d3c0313ec7f891c18290ec511e2f58dc363c4ccda3960bc2066463ab0a533103ca3f7a2c7340c2340cf07d1ffe49ad53acf38997b6ce356984b6fda3b50d34333dde4da912b875afc9c8fd8b5483b28633abd7187e5c255bc0ccbfd0b70b7bd5cbce265a1fdc3d8d706f20b7a198961007898a49668c3261b426842f444babfb8ed6fd84f2471c83cf8f922ac5ed75238db6aa8f72ee038b2627613547b539ff196fca5400028008000180fffffffb080003400000000208000180ffffffff08000180ffffffff0900020073797a300000000008000180fffffffc0900020073797a320000f5ff0700034000000005080001801e18eec1640002800900020073797a300000000008000180fffffffc0900020073797a32000000000900020073797a320000000008000180ffffffff0900020073797a300000000008000180000000000800034000000005080003400000000008000180fffffffc2c0004800400028023000100c6fdd202986c0ea27ca54d34c325abe8b707f9bdd138c5a889015a23a29200000900010073797a30000000000900020073797a3200000000140000001100010000000000000000000000000a003a10da3f7609ba9b6f9809b8ad5eb22084de9a5a9a2a50e94a79d3c71a8d33aabd869487d9542d1c6ad54bb4d390a309a44f7f0854e746bef7ad14a69d58bc487a41dadeb0352177015d71bac6b2731303380cbef9f1f75eb61e681700000000"], 0x24bc}}, 0x0) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}, 0x58) fsopen(&(0x7f0000000040)='afs\x00', 0x0) 9.167486735s ago: executing program 0: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000001080)) ioctl$HCIINQUIRY(r0, 0x400448dd, 0x0) 8.852000545s ago: executing program 0: bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa20000000000000702"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0xc, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1808000000004000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7030000700000008500000087000000b7000000000000009500000000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xa0) r0 = syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(r0, 0x80104592, &(0x7f0000000040)={0x0, 0x0, 0x0, 0xfffffffe, "00207d2000000000201b14700c1e0ac74f000000001280000000000900"}) ioctl$EVIOCGBITSND(r0, 0x80004509, 0x0) 8.584306678s ago: executing program 5: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="14000000", 0x4}], 0x1, 0x0, 0x0, 0x4000}, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="180000000114"], 0x18}}, 0x0) 8.275613321s ago: executing program 5: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000180)=0x6f) write$dsp(r0, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000) syz_usb_connect(0x0, 0x24, 0x0, 0x0) 7.066311331s ago: executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000380)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r2, &(0x7f0000000380)={0x2, 0x200000000004e23, @local}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x4, 0x8, 0x8}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000b40)={{r3}, &(0x7f0000000940), &(0x7f0000000980)}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) recvmsg(r2, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0xf012, &(0x7f0000000180)=[{&(0x7f0000003ac0)=""/4096, 0x200116c0}], 0x1, &(0x7f0000000200)=""/20, 0x14}, 0x100) write$binfmt_elf64(r2, &(0x7f0000000580)=ANY=[@ANYRES32], 0x100000530) 6.588398285s ago: executing program 1: r0 = bpf$ITER_CREATE(0x21, 0x0, 0x0) sendto$inet(r0, &(0x7f00000018c0)="e48537d31c360202fe91f108e7b41a18886b7962f1b60c3bcd71156b15d4c0f53e64f53ba0dc168fbe8578ff7ed12f65fa9d5551a54cdd5977f0d605cd3cc2f767785255964b9d63c2cc55e56311a127089cd245a4cc31e9e61c53a2ba9b1ebe4b39c615548948", 0x67, 0x404c840, &(0x7f0000000340)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1a}}, 0x10) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000001680)={'syztnl1\x00', &(0x7f0000001600)={'syztnl0\x00', 0x0, 0x0, 0x9e, 0x0, 0xfffffffa, 0x0, @remote, @private2, 0x40, 0x20, 0xffff, 0xfca4}}) sendto$packet(r0, &(0x7f0000001540)="04afd9afa4dd927ff4c5b83e5a86d9d5c205c7045e3386f3f918e54182423d01a6584b09c3f6e9d27b16bbccc289ff48fd947f96fb6e9c14d9283f557b8d8ffa65327f44c2cf71b78847743cfc0341f1353312cc08da28b56fba9f09537894a11ced28dc786fcf4b6c7fb3c321a2d35126ddfa1670d9ee3e6ff470617e2563d300db8abadfc9d11535d3b5657af41ee08c63ac05511d39af9b", 0x99, 0x10, &(0x7f00000016c0)={0x11, 0x1e, r1, 0x1, 0x6c, 0x6, @local}, 0x14) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = socket$inet(0x2, 0x3, 0x6) setsockopt$sock_int(r3, 0x1, 0x2e, &(0x7f0000000180)=0x207f, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, 0x0, &(0x7f0000000440)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0}, 0x10) bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x1e) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000001700)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', r1, 0xffffffffffffffff, 0x5, 0x1, 0x5}, 0x48) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x4) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) write(r2, &(0x7f0000000080)="09000300010000", 0x7) 6.445473559s ago: executing program 5: socket$inet6(0xa, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SG_BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000400)={'\x00', 0x0, 0x3, 0x0, 0x0, 0x0, r0}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x8, &(0x7f00000026c0)=ANY=[], &(0x7f0000000100)='GPL\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) landlock_create_ruleset(&(0x7f00000000c0), 0x10, 0x0) fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) syz_emit_vhci(&(0x7f00000004c0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x0, 0x41}, @l2cap_cid_signaling={{0x3d}, [@l2cap_move_chan_req={{0xe, 0x1, 0x3}, {0x6, 0x1f}}, @l2cap_conn_req={{0x2, 0x9, 0x4}, {0x9, 0x9}}, @l2cap_move_chan_cfm={{0x10, 0x1, 0x4}, {0x0, 0xc}}, @l2cap_disconn_req={{0x6, 0x2, 0x4}, {0x1, 0xff8e}}, @l2cap_disconn_rsp={{0x7, 0x11, 0x4}, {0x75, 0xb0ff}}, @l2cap_move_chan_req={{0xe, 0x3f, 0x3}}, @l2cap_move_chan_req={{0xe, 0x9, 0x3}, {0x7, 0xa3}}, @l2cap_move_chan_rsp={{0xf, 0x8, 0x4}, {0x200, 0x1f}}]}}, 0x46) ioctl$sock_SIOCSIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8983, 0x0) read(0xffffffffffffffff, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x28402, 0x0) write$binfmt_script(r4, &(0x7f00000000c0)={'#! ', './file0', [{0x20, '/dev/cachefiles\x00'}]}, 0x1c) r5 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_GET(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="20000000041401000000000000000000080001"], 0x20}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002b00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a94240000060a090400000000000000000200000068240480d41101800e000100696d6d656469617465000000c0110280bc1102807a000100ba0a73248f398d30de8f8dd4edad53776f1851a7951df649cb043b10ec78de839731b0f3db77a8c699076c9d277fba4a01b0ec195d0c00164244fd08d8bbf375030e53131bb8716dd4438df262eff60b323e1e6dca364435556c6a0f6f59c18cfcd9011d75dfa12b71fd87a2e76053d72cf0e88d261c00004500010078e4904e01a8147ff9eeac09fdd60ee0b0b91687e8e4192b531908ebf700d7386bc9ec90e1ad1a762345a816a619f629b254fc6c8d9215ee674c671259569d85e200000028000280080003400000b3de0900020073797a320000000008000340000000040800034000000002ea000100b17ee7a0cbc4c9011ae09afc568fc57e2fe3240a33ddeaf7053015ae6128deb5c3095845d3c265311b39de4d0235cb6f75661bc9dbd21b6e924f1862cbf5ed18df51f2726aac79201d8fd5d46b43b57866bebf574ce990a21e6410ff042dee6e691eca6c0cb7efed30a0fb5d5efda0baf787ad32c608afd45501bd71607f63c3b2ef1c1cdff4abe8ba03ef0e5733725e3f2b44372c3fcfd99c58cff053929f9b13c8a83932d643e9c559136ab809343420d51ecf356fbf163b14c3146620d28acc36d78691036928d2909045438b850f2bc71ccced673dbe15f75cedf27180100594f73e576700001000010006f66da7836b401be975d6ef4c00028008000180fffffffd08000180ffffffff0900020073797a310000000008000180ffffffff0900020073797a3100000000080001800000000008000180fffffffc0800018000000000830f01000aac25f79d756bec0245a86fd66e5c4f8dda73e3e6fd83c8625335b8feee21c9337bdc231dd2fdf39ed4f1da42e5d9361b13a1d4e636fca5366d4a767e3e8fb95d25a180579bef082a0e88ff1d0eb3a008353c00acfffc47ed1630ef66d3433a974a47f74047719b5de3b58195a64506c6a7fd0c881e1ac57d792762f6c11cae1fedaa4f6141ad114bb64d812661f827bf13b720d270b4b8639cbb70155e2c70304be756eac812cd6acea32a9697ed791169ab8137863ca9624972c05a3764195a910cbb7e062e91594ce167d34eecc9323a926299d3dbc4bfe8072cf5e2685962cac7998edb8f8e92c6036350a71c209f539348727af385c333d079aa1ae46df63b01e3c8133e0939d8cdf37ed15e54d193c8b1daead7dee12ba18e215456fd1b51a374fdc6987f1ff119b4e7e2132bfd1065d3294de8ab55c6b2a79e4c3e1f09de7902f01f1449a86b39b9ece55a589430411012a7b351d420fca0df6f00260ab5af5d1d3cd5d0b330cca85624939a8681daea15a457709f8ad224ebb471b1127d96ea3d281977237b19e25a7e6f4e74279c7ea462ff1e72cb191133157d14c310970e1ab040a3639d6f1bc0f343980321fc6d3e3d5e3f27abe7ad9446909aa6616b7da7e02f55344eca5122f693c943f7791f6b330925725a36a3ba342a6421074b6d1757bdfe3447ca0886ae85387d8003471368e49f5a7807822e8e1b05048cbaa177fc165a00566c11f06c3f7662384cafaf52b5eeaa7fe7c68933490c3a03f167cb3b7058c128472161b6e93b50f9433ff18c9d6b73ee628d51beee882a4e249190e34b0d8a3d0e26fec27e25a6dde6443790af4a6505b928de867e94b5977c8fd30f3cbf8d007e98955ba0043724e9e8cb9777edc71563a5f8bd1298f64591651509c4ea8cc5b4527c2139cd4fe56df29821e937cc7416a7f41a936b292dfbca3720e7b6864a43b36b9fd71d4dd9408674eef37a3baee5675c0764def5e7d67e02e5836505cea9f436b26056172089ce7368fcde7421f919b264a3a514f945fb45cc2c30e4861256752ae9e3c7bdc3bb8276842e2e802e3de7126453a24b242eddab565db0c42488bab4cac5674dfe7afbae6130b592622790f79bd0cfaf1ab382fd3f7e20e41149605d0e0dcc220b1e5cada4c9bb8befe1b03d4677cd17fda68f98a9be0bc782ab00ccb2744b5d1e9e3caac7b803c53ff2ef1100885e7fabd9c309ee031cf9ce6b02c95d5c75e1390bb0286539dadfa4f3955cf42023283d9ed0adaba3ead87a37cf45a5beeebdf738036147e4f46b3f87439c368276bb1e27df7d7c42ccfdb527ba9bcde440492a9baaa6200dc03bf9a0d1a774a8d17ea6e9dc99818d01bc89cf7c005fd57e80bafa6ab7563578836494315fccd77993396c28f1d74a529cbe78bd1564c217df13562e5b4a40379845b2314b8bacf35eccde6bc319e8cb9e9cef1335e7c5749fb8626c3cea7d099772b8ce4b4e7126d3caa55a2b04957f7fe3851e23c0dec748ce85e78b22b2d95787cc7e8bc12f15179023761aacd911859376903575c4f8d15e100f733703361249b0391cd1b60006ff969a5305c70f70d7305e2e8762c1aa2e5a2c78f7988203c0589e4bd697606648044721802761220005aa7e98441a66682f2a6d181e914d66ccf5bdcecf0c124e881c4e6ed22102923d49c1c1dc605c0056b78ec8e148862594ad3930837bbdd9fdaae665ae0e3fd48ffc71abacccba667180548749a26462818c8f99561a0fe5cf042ea1e3fa2cd6e1b56b2c1cbde786d18e1228a4bf6944b39251818def12aa4a761612d18b7a4bb0520869d88634e540cc5f3e5497b005f8f67714dcac4b1dbb48f0a1f04bb28ba86b2fa16691b0a13e0e570979b7789996eac1c8d5d70c44145213bb0638ebaefdf7676e89edd9d31299fa48da593fa586c55289170f1cff3cbb65d0e8c85b9a046404e13904ff80fa45fb83bb5972976727f9ff5711db5eb0576cf7187c944d20b5ac59a2ba6c85a5b1ebeb3cb25104b043f0f6655b170cf7c7d32b23e514f86798a731192c2bb08a33e307729760f5814f4a4a1f5b0b36c35fa591e5da16f1285d0a96a564b4c88a25101f408db23269ecf092ced40a59371e2bf772211d9b31c7314e87131248e9304c13964e39b4197eebeda2d7db0e654f0a54f5a27490ff4f5f36c1d719ae55f19723d20d851b1d58c7b13a562c1dc2da4eec4011207f82f9564d925c664687729e251a74b046bd0737071afacb1cca2fe6a25c1676f056ab4e83e0b5ea6372709d54f29f7d9ddf48821462e8b9b73fd6b3e31479f62eb9bbac17fdb7c87f6c79a6e3da7f3b13694fb376080dcfa4db264991023a3df8b68ae7d7c79fe061453b791ed0700460cbac77feaf81dc6fba4a8ffbc05dc4fcc146c794e6b8b4ee36b9281c6affd762352fc432836a5e321f2cc24bdd38ab17e26f9053b0d7ad0cca8a65623c573d14e99a6e8f7433a2f60cadb90faba63781638db8dce88434ac353c3983a5374a89bf88e991ef95015b9a629a64389f1e3499e077fedb40c84effd731c5f318ec9c7bc8083d387fe2b17eb117593b57453212e114188f04737df5bd9e9e1661978fa573a10c1292ac67a242354bb6148220464b92fc283454c402809daadc588a61c65a2982a82ddc73f36035da88826fdf6dea2ef0e8b15b9a96cdfa839e15077ac47eee2531cf88c449d483c75c1b962f8c0be37f98f01a07b8af0db33330c3497ad3d3e27853bdafd3e3f4b358f78056bb1e0158331a00ca498d5c29f608381e3b66cc8ce670d0c40b36f6e3823be7a0bdd034293665a46231a027074661f305897ad6b74daf2ebfe7283abdce336fbaa936bb243cced65c6391536afb96e2ead3673efbcddeea90c342340157d15b309db8ef823821af2d864aedce483f11b6958e61c74826602459359b916b85fdc7b36cf06648ce244766473b3c695b98d2e4444b010821d247884ef5bcc90dd4b9ad41a5693e6019c079eb2b6697caaad05afa6411e816d72b9f10e5edb5314d2dd6565a78e2deeeb38ca1b52771ac557c64890887b799ecb2c7b48fd4d18b55189b4401e77c7e62e52a8f5cf66682350be0d3c8ebb79f0b14d3d5793d99d58dd9bf6b2a7f31fc33739a37566551acea1fd459fe4ada477de98300cc33dcd91db2146a208838fe6d878c8aa36f8a651567dbd13983dcad6db132d67c4d51d8632e428130619f2476ce9f496d7536ec04dfbf0902689b193d90a6f38c13c8bf92a3309afc25b382cd204aeb5e9f012f34916061eb73ed9753cf5a4996cb06f357f42526e1119ff6322aaebf98d7e8a899e76121fc659aebc530f41f56e7e3a1dcfb609c2134863ccd0884c1d29af41397934297d294ff3fbbb422144f6305b5fe43b0d1f84051b064d603d1d6d805a1e4a309e29492f7c5906d64a4faf07eb6de675e79a1978b2a17e16f6652a536691bfb8c3d51137929e5042760da130be8a27b5673cff0200b640d94707f569624375333e8eed2ac0d6f26d3cf11dfe7c08c580a0349e7fc35e214b67e846a48e354e23102905158c1c2b75c1052008a2195a273bf51d273f7b426613f89af7e1421de021664a8b45cd44ab294fcc66db743c0fec16135829ce3861d031c821c01dece0afd27e2958346d85740cfe0dae9cff161948b22d891f985708150dc2cfaf9e06efcdd2fc1cdb51a53e87c660b5863431d1d463833704829c2478a517ec58baf629f97ef1370cd914ab8c22a6c4f44354c31190bb5ae6d42fe10e298a3176b94d212994166b1d5be0c9e63415d036c8135e645dd611c0cf7b4a0e0644b1689c3acaa7aa9b85e729f3065231cb30a23c83c31a68f7493e95fef52c772ddb5b9fd76bb84b806f737041d7a5d3588e3510ea98e61d0b09ac1fcc889f6828b3c3cf0e1128a0180e9e7aac8465256f69efcf02632ea0cd0baa6ed47b806b882bf2c75753baa08727e0c88fbdb7d22850beee04a2c9596a4e7cf6e8109f94e7357d71819fc0c3c7c00856787ea37f95c39b3f3392a865fe1030bd363fab05946f050abc39b1768cf46432c5beccea2b590293b629f5d7d53379c5563c15eb3531038224c1f85e1527100ee1c4f5b53111169bc4a5ec44b71e090177ca857c459a0e0a49738a407a2097ec78b95dbe98cfa0b91bab424383798dc837ea4764beaf7eacaa3314bdfc8274d01170a88c4052811ea5fcede00e68566f661020017304b9e655f0ec5a6ce2f470c743fb6cd27dcf96acf6ffbd5686bce3ad6f35362d756ac46ec3e215996400726a0c37975396aa49b6983a9152b98cb57101bec88bf1199882d78456436b6bfce4e22cc11a1253b83e8452ccb13d68ba1f87b311346bc5e22c938ff41a4140ea33d93e8e10effafe21c63e308725f143ce50c5480ddb11be4f6ca7cde21a3ba67e3b5fb3a7bdb93c36a146d8a5f846ca46ce49b4cb7d66e2b51c74711d928814fea6087cc6b97d036e4ae55087e36f81ef239d17754f0e074ba71415acfb8b9e8574c8932ad28914238225a7d989c8eee48dc7107e485db7a8d98e3e506edb32f6cfa0b82a44d3a07e8e96a7f4f10500f49a15c068a91d87489f7bdf1700100b0af242d6c667481ea96791a7b553c72461c56d859e49370cc7c68b162873e29dad93934b06640d8e12c321b8276a337bbc78127c58bc32d5145e42d62739d38fbbc3338a092e3dad6bad408b9f71f15af201594a9c75a22b23e6cfd32c24bdaa91b56b0baf797ca08b02b09afdc6610d62c3416741e4bf091f4a66464f25909dd8238624b1edaa14216e0d64c99c7900120ea6e7dfaa85109ff151cdf096b0c677fe9072058a5b7b958e65eecf9a9960358e3aefb2343b0e933f0ebd208039e800829332eb007e3199e40d1225dda8c1ce307a6cf23fdd355dd508a29c3dcc8e9da177f27970dc13e19eb15371da34216f0cbae5f92dc7087276ecbbcf150ff6d5ea4f46e17f34d23d34e422fd201cb935907e8860c471918223b80bd84d303fedbf7406453f0252b80a1a1e8fb63c2a77f50841ea8500a7c137811e3aac3a44ec64f452dee9dad8d1f23e414e8da9499febc4a68ec304839e57f7ad7e93f2c89efd6e2bc86c1c4f1213a42669e9185b19c6eb88711a3deb746d1849ff0e38db09aa6a950dfc2e65a149ebc90fdbdb11af86fc1225cb863ceba5c440c025996df23ecfc10a3352b3a4f2be030b6950c04e2b1fd4dddb6c780f157280200084dd49641c4bcfbd325cc4d17f95d311d40838c5da910e0ccebd9e31b1ef2c6184170d2de4221abb7c13e694bdaeaad2f8134ce756436fd0639130661fdef5f9ef22c7678971af7621254367d774af3e96ef2a6301c495ef767089515a911e88cea23e0e23a95af9e89513a7db9195912c24bda4dff24ea2f6ab2c36386a7d6ae932ea28ad2286ce358f3667df860f4fbd3eef02356cfbec7123784dd1555c7ff8a44be2b28b1dd6d1bdfb3fffbcf135c8649e0c730c74ff78d415ad29dc9a4c76c5fead11f1ec7e9840bea6254fa42289f5432c16b35130d142b3e4201302d35b96e4d300f5405368e1da3c2163c2c1808b6f4b896c46bc6e76900100001800b0001007470726f78790000fc0001800b0001007461726765740000ec0002803e000300e9b0f3683193e5916dc30ceae586c70ce8579392e34ca6b135f9f6853e1a34bc7fa2165a6141202c84b774220ee2fbbb982d676febaf6ff0c76f00000800024000000e309e000300334f2356e90ac2cfb72a9899fc854d70739d1d99007c59a1f88dd6741c862fb809a4e9b3fc340142db96131b7d97c46006493099f7e8f6c2791fb2fd95a6ee467ab92f4279a86855f2327d1005814d50c85efec7691150363e4e5751ff72f4370fec34b6e17962be79b31b237373a434b1e822674effe6ca398cd5e16f8e8273995d3e7f809d8e15f6d4c5ea3f993c1bf4216759fe1f2de47bab0000100001800a0001006c696d6974000000280001800a00010071756f74610000001800028008000240000000020c0001400000000010000180090001007866726d000000f96c7845463d409e053b8f2c94001c0001800b000100736f636b657400000c0002800800014000000000140001800e000100627974656f726465720000000c0001800700010063740000001101800a00010072616e6765000000f0100280c0100380041001009ec413147112dc41b258c4a0612cacb532e3671ccf4a689d2bdc20884af43b8be811a2ba1984bcba6070af62d6a32342d1163c0f6af38b753af3811a072af6e41bbcc65a5ede5c4bd83272b78a190d1f10091c321ce0abf026d05fdf5fd3e642b8e85bf49ce74cd92a36bc9751d1e47d8dd5c0a73ed4af891f1455398f3fbc08aa725bd61615e2dd61050e447976a1a9836d265dfcb9d8329260f0e588565f704dc889145e77c24c58cabe3c9601e9c17c7e3276315de53237c4691d0ee1f979e5cfe3c6eae985635044398e01c58f24d777c321a6c6be0d0dedab0c44906360e79d39154727ff4f650c2e62c3694c1b6809ba0bca80e61d4cd0b17b7953349588446ceedf475730178fc3b664e3a3ec4255393622540e98dae0bf338c109b9c7da1b5cdb45345ae9ce9c397eeee6b2ae6bbd23ced69a712a36b327e19013bbd3e5664ad8308112475b64c231295016a01a2ec7e6302c70f480c34b493202d289ca7cd7c38651145e80fc622587f85e3d85ed7a16e56178e52d39e118a844ef5820e2211709cd376f231658c77de970d071c6792e6034a99beda67cdbe2c91c41df7115b0ee5db3f819246ba1e142b40e0dc4bfdaebcb541cdf559d3326bc6d30116ba4d6b53c43f3056f24e98ba4ea1d7fb24a5229c6635b8fdbb9159148d1f9675e382958b6185084f2af0474022ce42aeb56bb644007b7d382c147226187a0ccd34cf8bc5b0bf12c11167ee3fda6ff65cc7b4af9b1ba547aaf426eb1423e803f578611c94bdb12a21a05545029333f927697b9ac9cfa1e8967b98fe78e9b1d807a0cc5cfecd20308c00390cfd558633a7f791d1f7a0fed1d1b9efa5d253a02e15b65d9140447a680cad95e13fd65f0b03c39cc6a0033c2108971016940b6df47a18f1262a1077fe013575b4aec71f0bbf1e8d05fb120d6a744b6cb66ec2b3c9ce76c570434e22cc3092f2e7cb4ba1ce39292d3cb9d60210e171a68d0457e4293cd0e8e4fa95df78898daba517e854a8c2bdf8211bdce453868f828e54c2f91433d23bba0579c73ac6413407fabd118cbcd2e03b6ebef4e6f834b247a7b17097cbc314e3789158463b75c315010000800000000071f7e7847bde2049e7b8c03fda22b19e35ff6ce98039f6ec7a38fb60c7171e27daa2cb9fd52de4e6a8637ad1323db0a2991935ae17f93e014b9451bb93136b4c421b1af0e207798d4092decaa096d6d82927b88e95881dd248be95f5674cd8b29fd81e5a27403aa67ddc5301c0d178f00c4f9f26e49f85ff81bef129c7b7065ace3cb4e231804e77f06b0576706ca295162087c4b7975e02b8d8c455b54cdac83853962f00e5251314f3e8499bb662934dfebe12d603ca2513e82f4300dd3e3efb88e8b2179b172ff30d6b63cbd32e95f491cf15b81207602562ca157bc5b83e059f38a2a294ff6199bfda089e18e0c517ae3f862cb353c772e7914ce2c871d098ba5e4e9f0fa82edc2fe9acb48bb0b9f0b0283d77ca76da988990bc647f454e046ab769a511930b799acf704349ada98860aa1bcac674250877a529869ef3f5a215966eda2b6b641ac6a01eef629e30fd022ddb0249f5b967b0883a91544572f4ce6f6283bb7431f631c28b6ec8686d7050023ffb7d863d39b0d57b6a3c6b41c0ae3736a17d9efee83397f9c993140428ee6d40e36a8c4ccc779ead6d013d993614f2587ea63d30555807da0b13dd1a0cb2bba3dd96c665e973feec0d387d03968a20c7a9e7195e3181ddaa5bf104694e7287eae78c50c5f613192a8159d82aa702fc436125c97523d92b988b4036fb8c276b6834947bcaac3b8e1431cb549a9c1abe21f8d341571e5711cd1dcbac6b657832e8db4bb4c01631d8ab69adadcb95d504afcdf959cb9d919ec38e9f3a4ac8cca57dabda198dc88a278b4223851b677d46a3507d0d1bd6790e70ec9a816c86fb5bd2e49e40c74cb0bfde63558e0f28e486a9ba2292dd7228ef635c43f37a7161b8f09b79a8ee6af19189a28cf0420f3bf0d86ddf632fa0b38108b81adf055bf55c4e2fe07fe99239ee2a0c34e0562042df4f475cf7cddeaa413f4344da66c1eea288e19b7986efea4e6f26e4c57df22b0ce2e4173c43413d75bfbd8528895236b104662fe69b1d23aaa562624cd2a60255b86a36034130fc89899724efee4a2fc7b3dbbf27824ee72ee1e565096e4f23576c4e59a78fbe958429ca945ea2995a2c9524c2f555404e9a12ab5c09a7f34d2b4984f37aa8cd8294a47e9743a25d65eabdc1d5597f2d67a6198947dd3fea006e4712aa3bb24da392c5a423e99dcaa7037356a344800368c6f1395d6a1a26e54afbe18ccc1df6355c7469130f7fc05122fd7431fd2a6702e453e2a292f7e528cb5e022e8521893961d5d34f3679a3b956ba9ee1056ca646dd08a7ab0f821af164377a9b4599b03258de8cab65dd584d1ee2993d165f7d67e5d39389b6ce353051254355cd6fb8b275bc388e5135cdf56a075f6b5576f417b9dffc29c7e8378a6c5281052dcfceb41c7438766774c113423922f783d0b8cfa9f78ad5bd25033d88455a19ef7dda56c239f4c28016200ac7340215bf9103bc8192624797f52cb921d67c3e212ad61ef9f503afc5581a7b3713d6d4b871bce6ad16fd57c1eba559a94ce28b4b7c5859003259c0436a675569a3dc8e75e8eddbb8c491f8be85b788c8fb4698fb63d71436e3bde5c9d09359cd2546964ce34ecfe1c62117dfa554c400f0f6cdfc9bbb05c673f31cec5ac48aa676381bbc4eacb0c5a4f8586b9ef6e95ca637abfddce5b5b7c9a32918967d76c348d5bb62914a6f11bb341aba8ec1dff7d9052c1a88886dca421686032830ee21ec9feb4438604a3b184928d16070becdd7e7c39af62a762071fadb2e22de94d99c3300efbf09bdde29a918cd87b7a0638a961ac5627bfa0eed3b643b7f13a6c569e1d3a0de6729c6e81dba4072412dedac4c3f5900ce787c3e188ad1ea2bddbe880563d93e4e81c35b584f826b5b7033a24ada15e96d4670443aec460c1a6c0d840b0a0d9964863ae598632e928dbec1b8fd841d337d72058259f09b57e0e41dedbe3fed3bb27127e23fc68dbd1dbfa35219c13f1a65e373605e64b93c0a3e81c1c5504d2a03621e4fbad05cd65b33d2b92174cd0af23f7669c7e1f53545f95cb3497b2b0145aba6f0270d443e7bc872a5d4a2d859c7a6e47bcf43997bdfe4dd6b0a0256828a6dc1ade4a97ee850fb4c231b250dcd71c11f0f687fa1741ac7786cb9ed2f403c077ec71d0a5d491442cc5337789a9ff2619b6ad50ef625d5d683fcc7ac7a42ca60cda276f13371b064cc09beaf425890dde6ff776ef00e68ac354d17a1b54d1887587868df73087597303f8e3232a8f26bf5fbd2bfc4437f9ea9559acdaaceb9173dfa19f811494aa2b2679efb87e8f027c02fa818794f9c55f3c4cdbc1521f0ff0467c9f1e5c81101ba9a2bdf69c35aab672b92051fa73855d37a26d233fb0113f970b7204f5e96b38b644d10cda58403947810fd3ac32cc5d6ae47975dbbe6aa0407628567adbe0ef5a24b45df02167b8e63d6f0ddd79849edb93c21852729a96d0592aee8ee3fdfd4d439079e128751e0b4cad1034373f771853ed773b97e36661768d31e985e776daf17b7c915f6f4d121f035a0dbbfd88ba10e9a0ae50f031dcf85909cb805ccaf8828e23402b094a2e4297a1a645fd1516bf502e7a3a2ccf52f2749cf60cc36841c10b198e0c438f952549602529d4e3363407df23c65d0949e149f467be4e2293f705f3026c8c804785f557725ef0f0b943b3edaef11b610dde9e88bbb7d89013f0426bce49a6c3e1cf29adb10a6cf8abffd041db8451d07bf7b14707b186bf81d543cbba0417157335dfd2d69caa338966e5aaa322bbee92ddb3f90c882ee7dd33365cadb2deb2c5df8fddd4792dcfbb4e2388191743d5dce2a63adfb973c9b077b7b3ceb0a9c09cb694bebf22cc0a19a248672a175a6a19a8526a85f7645b093fa0ce265f9f4a02df95e096392ba2ab72b43b80ec09de4f92f35741ba3327d6043e7f3d18cf37fed131f0b7c9ce238ba8b7f64bf6f7142868da8636b5facf46c9103d05965c2dc5eafc9bee92844a23e0a40f2d4e743ff175cb1e0179569a26bdcdb1ce49e013b6aad0bc51c5167def0ebeaa1fa86956a7a6a93c7288abb19ca437e976bccf8b5874cdaf6f367b2d618e1ba74d56cf2e5a6fc66a350a8d60f18f230ad10233b19d97e3f57ef1ac1c092ebff0a75b77e6c712c6e46770c7d0bd692f6429a59ebee9145558e2c1d75b34a8f4886bbda3253f64eddc5ee494c7727944cfcdb3ddb68f0d34a0be5516ab6c2d9ae763dfe030dc0ebb9a981a6b824eeabf12cb6a50a1fb198bfead4244cf3f82a57c7c80ffdfc0eb3610bc8ef72885d75fd0b46cf8a4f00bae90d0d0d6591ebb981c90e1d7bf9f8119bfb0d4a5b71b672c12992ec1050260c5791ebd662d132334404bc4e8fcbda4431cd621c6196f4b9f6d355e8c8b965f04dfc8d9fef200ab105e6c02ce8bbd1c0fa4ac3cae801ef07d220ed528e297a94f584f727f9db270ecd2b213a38c227ddd11c3bc229eccfe7c9799a380d6644393cffb8419fdc3a5096e46d12e0b7d92d78c5ba3cd2430031f11b25d23dbcf7ccc7a4933687181146156ce5545069c9d87ad0100cb61eb5b7714c2d2027184f45912aee6bbed40c752cb10441f8449ae30444c6235049870bfe944eb8af56376abe19237424de4e9348552357758e37faf028876cc3a11f265df532f5b43c5af40090a99ea56e3c40ae7e9dba0ce81e2b1e9709a44900986735beb418b984c5625c86ee3a0bfd0bdaf9f4ca0793b1eaab32fff0621b13642c3f2769b64330f9d4a23b31f4d78b4e20fdaee21585adb29425c21831d26d804e98f9b84d1f67a8e4df05c65fac21bb7a8637df5dc4d1af073c58ef56d4ee48b8119d8486fd1420d7a78f066307cb2ad927bc4e827b0d7ea0eb1c164daa4147162bb3c80b141b2287393de10ca3b033ec1c9215ac68a837615f8fcc1ef1a0e255c4add7b24c05f016b271c478bf8d369772e5219a130cbe4cab357a9642cdedfea5d9c2277c111d19225c33e0e411db730a090a06361bc863d805902ff12fb5e0898bf07c4363207d507f55a5e276ecae6fe4b00d280732a9d2c57ff3eb1c95d08caa59da9575d8f176297c5a0effc37115abfbb31cc645b11b060794f22febb7cc25aa7011b262836b1dd414ae0e0b8f8307ef79b34032ac35ae04a47c35014b2b437e6c6586689ba133cf7ec3be260217a7163346187844e0ec4f22d063947ca41824efadeadd0799282e522806218dbcceec1452d75952a509ac67f9fb8520ad7ca4173be0fdcb9d79bc056eb5f34dfcecdfb1c6e5db1cd2fc08ca0d93b8060c09e5a4d5e23d2ce656b6c6fa19afb080e5e80f7573e3c232ed34ee658e7500110c1d2e015746fb4b64761a727d1d83e213eba2df563f96dedd980523e542cc8e30dc48c22de790076c3b17470375cb4d6edf40e60d3b9b4e608b0cc3982e5dfb9d05d725774dc4d3c0313ec7f891c18290ec511e2f58dc363c4ccda3960bc2066463ab0a533103ca3f7a2c7340c2340cf07d1ffe49ad53acf38997b6ce356984b6fda3b50d34333dde4da912b875afc9c8fd8b5483b28633abd7187e5c255bc0ccbfd0b70b7bd5cbce265a1fdc3d8d706f20b7a198961007898a49668c3261b426842f444babfb8ed6fd84f2471c83cf8f922ac5ed75238db6aa8f72ee038b2627613547b539ff196fca5400028008000180fffffffb080003400000000208000180ffffffff08000180ffffffff0900020073797a300000000008000180fffffffc0900020073797a320000f5ff0700034000000005080001801e18eec1640002800900020073797a300000000008000180fffffffc0900020073797a32000000000900020073797a320000000008000180ffffffff0900020073797a300000000008000180000000000800034000000005080003400000000008000180fffffffc2c0004800400028023000100c6fdd202986c0ea27ca54d34c325abe8b707f9bdd138c5a889015a23a29200000900010073797a30000000000900020073797a3200000000140000001100010000000000000000000000000a003a10da3f7609ba9b6f9809b8ad5eb22084de9a5a9a2a50e94a79d3c71a8d33aabd869487d9542d1c6ad54bb4d390a309a44f7f0854e746bef7ad14a69d58bc487a41dadeb0352177015d71bac6b2731303380cbef9f1f75eb61e681700000000"], 0x24bc}}, 0x0) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}, 0x58) fsopen(&(0x7f0000000040)='afs\x00', 0x0) 6.213650383s ago: executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000000000008e704090000000000000109022400010000000009040000010300000009210000000122070009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000300)={0x2c, &(0x7f0000000080)={0x0, 0x0, 0x7, {0x7, 0x0, "8e00100000"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 5.819014354s ago: executing program 2: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f00000000c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0xbc0}, {&(0x7f00000007c0)=""/154, 0x8}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) 5.017120549s ago: executing program 0: r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000d5e9bd40eb030200c0ba050000010902115c01000000000904000001b504b100090581"], 0x0) syz_usb_connect(0x0, 0x1b, 0x0, 0x0) r1 = syz_usb_connect$cdc_ecm(0x0, 0x56, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0) syz_open_dev$hidraw(&(0x7f0000000b00), 0x1000, 0x40001) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f0000000340)={0x20, 0x10, 0x12, "00d635586b88cb0c3b73943391d92de8af2e"}, &(0x7f0000000380)={0x0, 0xa, 0x1}, &(0x7f00000003c0)={0x0, 0x8, 0x1, 0x4}, 0x0, 0x0}) r2 = syz_open_dev$evdev(0x0, 0x0, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f00000001c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0xb05, 0x1807, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, {0x9}, {{{0x9, 0x5, 0x81, 0x3, 0x40}}}}}]}}]}}, 0x0) ioctl$EVIOCRMFF(r2, 0x4004550e, 0x0) ioctl$EVIOCGABS3F(0xffffffffffffffff, 0x8018457f, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[], 0x0) syz_usb_connect(0x4, 0x5, 0x0, 0x0) r3 = syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0) ioctl$EVIOCSKEYCODE(r3, 0x40084504, &(0x7f0000000040)) 4.832252152s ago: executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000100), 0x0, 0x0) read$FUSE(r0, &(0x7f00000007c0)={0x2020}, 0x2020) 4.711048369s ago: executing program 5: syz_open_dev$evdev(&(0x7f0000000000), 0xc0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='io.stat\x00', 0x275a, 0x0) ioctl$EXT4_IOC_CHECKPOINT(r0, 0x4004662b, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000040)={'syztnl1\x00', 0x0}) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bd2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) getpid() bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x0, 0x0, 0x7fffffff}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x10) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000100)={0x0, 0x0, 0x1000, 0x1, 0x20, "a099c0f50ac457a0b8ae219ee49ead58e9df11", 0x0, 0xfffffffb}) syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, 0xffffffffffffffff, 0xfffffffe) openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) umount2(&(0x7f0000000180)='./file0/file0/file0/file0/file0\x00', 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_group_source_req(r2, 0x0, 0x2e, &(0x7f0000000080)={0x9, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @loopback}}}, 0x108) setsockopt$inet_MCAST_MSFILTER(r2, 0x0, 0x30, &(0x7f0000000240)=ANY=[@ANYBLOB="090000000000000002000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000aa3d54cf6d3eba3a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000fbd7c33e9fecce92214147bf85309029b49f2fdbf7fba993920a9744f3adff6b2c0a99d1f62f83b0db2db945fb5c74d6f06b79157a325502834ab2c134cbb8dde347377832aeeaae0616ff5e75e0bfb708fa4f06773d22ce45bce2eb182c96c5293a4be8f22cfa0cf869fb5c79a2a6da04358093cd69c473dd34af50584a6bca443e7a75d2df09636a3c23301aaa7754aff3e56f"], 0x90) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)={0x1b, 0x0, 0x0, 0x7c, 0x0, 0xffffffffffffffff, 0x8000, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x5, 0x1}, 0x48) openat$binder_debug(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) 4.634916702s ago: executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="14000000", 0x4}], 0x1, 0x0, 0x0, 0x4000}, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="180000000114"], 0x18}}, 0x0) 4.49787658s ago: executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x18, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000440)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r0}, 0x10) r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x90) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[], &(0x7f0000000000)='syzkaller\x00'}, 0x90) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r2}, 0x10) r4 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r3}, 0x8) close(r4) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r1, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) bpf$LINK_DETACH(0x22, 0x0, 0x0) 4.493987132s ago: executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000000)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000002c0)=0x3) syz_open_dev$radio(0x0, 0xffffffffffffffff, 0x2) io_uring_setup(0x669, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r3, 0x0) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) sendto$inet(r4, &(0x7f0000000200)="cb", 0xb600, 0x0, 0x0, 0x0) 4.481302206s ago: executing program 5: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000080), 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @loopback}]}, &(0x7f0000000100)=0x10) setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f0000000040)=0xcb, 0x4) 4.46156918s ago: executing program 1: bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r4 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x141341) setsockopt$packet_fanout_data(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000240)={0x1fffffffffffffc9, &(0x7f0000000280)=[{0x6, 0x1, 0x1f, 0x11}]}, 0x10) ioctl$USBDEVFS_DISCONNECT_CLAIM(r4, 0x8108551b, &(0x7f0000000080)={0x0, 0x0, "b2d8f8e77ab2332d21644baf6c907902f9f25f7213c53e80ab517c412c400ec87403532622fe60e1c4d2be1b49d489a406c27759826b565edfddf3ba0231556e5f2a88065c0a960381094ba68dd5dcea98550919fecdafef292fd10b2985aca4426670e0ec35a8c9cb9aad285b776a4541e51908b33655fbb0c03dd0784308c26fed170bc32bfc57409a166228c30fecd7d40d26bbf2b764d350b150b22492789aad27573f2c37e0f5e36cee1027916b381ae45f64805d537d181a56388fba6be8c58aff329074f9ed83d1e6ea2a9e4ee26a66b620166cbb26853926a8be715dc8bd1ec8b6b75144fc6a4fd0b6663cb7006798412710e5deb41e1d03955498e0"}) ioctl$USBDEVFS_CONTROL(r4, 0xc0185500, &(0x7f00000004c0)={0x2, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0}) 3.23047084s ago: executing program 2: syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d1d7a440041601801f44010203010902120001000000000904"], 0x0) 3.219800563s ago: executing program 5: r0 = socket(0x2, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000080), 0x0, 0x0) ioctl$NBD_SET_SOCK(r1, 0xab00, r0) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000d40), 0x0, 0x0) ioctl$SNDCTL_SEQ_OUTOFBAND(r2, 0x40085112, &(0x7f0000000d80)=@e={0xff, 0xa, 0x0, 0x0, @SEQ_NOTEON=@special}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r4}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = getpid() process_vm_readv(r5, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x4, 0xfff, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$SNDCTL_DSP_GETISPACE(r3, 0x8010500d, 0x0) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000080)=0xd) 3.17904958s ago: executing program 4: close(0xffffffffffffffff) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(0xffffffffffffffff, 0xc0145401, &(0x7f0000000080)={0x0, 0x1}) r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r0, 0x8983, &(0x7f0000000040)={0x0, 'veth0_vlan\x00', {0x2}}) 2.746485695s ago: executing program 1: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000006c0)={0x10, 0x0, &(0x7f00000001c0)=[@request_death={0x400c630e, 0x1003}], 0x0, 0x0, 0x0}) 2.714186012s ago: executing program 4: r0 = io_uring_setup(0x1e94, &(0x7f0000000080)) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)=[{0x0}], 0x0, 0x1}, 0x20) 2.608434307s ago: executing program 1: syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000000000)='./file0\x00', 0x8c4c01, &(0x7f0000000a40)=ANY=[@ANYBLOB="dd6b"], 0x1, 0x70b, &(0x7f0000000140)="$eJzs3U9sW3cdAPDvsx0n7lDmbe02EFKjVVSwQpvEjBYJiYIQymFClbjsGtp0jepkVZKhtELUZQyOcEI97DCEwmEntAPSEAfEOCMhcUW5V9qNQ8UBo/f8nNhO7Nj525bPR3p5v/fe78/3ffN7L/ZzKwfwf2vurRhrRBJzF95cT7c3N2r1zY3aUrscEeMRUYgotVaRLEckn0ZcjdYSn0935t0l/cZ549EnH5x/+FGttVXKl6x+YVC7bc0BIzTyJaYiopivR1Tq19/1Xfq7P1LXyVbcacLOtRMHJ625Q2OU5kNct8CT7n5EcWyX/dWIUxExkb8OiPzuUDjm8A7dSHc5AAAAeDIV96rw/ON4HOsxeTzhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwLMhaX1nYJIvhXZ5KpL29/+X832pcvmE4x3sq3scf//mMQUCAAAAAAAAAAfT5wP6j/P9Zx/H41iPyXx30kiyz/xfy7ZOZz+fi3djNRZiJS7GeszHWqzFSsxEjE12jrM+v7a2MrOz5W8ibdlsNu/nLWcjorqj5eyhnzkAAAAAAAAAPDuKe9b4WczF5LHEAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ0oiiq1Vtpxul6tRKEXERESU03qNiD+3y0+zv5x0AAAAAHD0Kvl6Mvlvq9BMsvf8L2fv+yfi3ViOtViMtajHQtzIngW03vUX/tGo1Tc3akvpsrPj73w2UhxZjxFRjAd9Rp7OapzZajEX348fxoWYimuxEovx45iPtViIqaikJxHzkUS10np6UW3HuXu8V7u2rvXGdrZn+9UskkrcjMUstotxvRytxybZOaRjvtox2h/LET0jPkizk3w7N2SObnT8vn6dP5fJNZ8fso+jUc3OfGwrI9Np7vNsvDA49yPOk96RZqLQLObHTm+Pkm72jtTO+Y9GyfmpfJ3m+hfdOT9sIz5K683EbBTy2RfxcnfO73zp4Yvdjb/yz79eu1VYvn3r5uqFIzylIzXWLvRmotaRiVcGz748E/U0E43hMzHWu2PiAOdxiMp5NlpXxHB3y+9lpfl4rWMKvhM3YiEux3TMxJWYjm/GbNS6ZtiZzY1aRDuvpdpSd04efLZ1p+q61ioDgj/35Y5Kv+xTuXl/H2k5sDQvL3TktfNOV82O5Xuu/iqmO7L04uDZN/JfgXT8L+TldIz3tv7iPAm6MpHdm9/7XPvYS4Mz8dtm+nO1vnx75db8nSHHO5+v08v2/e578+8O4XQOIJ0v6R23lG1lOam050t67KWtaLvzVc4/cWm1K+w4dmbrWDUmYzF+0PdKLeev4Xb21Dr2Suexf23fOcv565v2sa5XOfFO1LNXIT2mjierAAzt1OunypVHlb9XPqz8vHKr8ubEd8evjH+xHGN/K/2p+IfC7wvfSl6PD+OnMXnSkQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwLNg9e692/P1+sLKViEmevcctFDuO9bgQhQ695R3q7Px3HAdRjVi8FhJXigf7rk/TYV/R6tQif00L+1d5+OIGFCnvJ/guzpMOufYwLH2XUgn8qF02P7itGxPszhC81K71e51SrE60e83OL59FUT19nz9P82uOpXouGR2MeJ3FQJPtEtrS3curd6997XFpfm3F95eWJ69cvnK5do3Zr5+6eZifWG69fOkowSOwurde8WTjgEAAAAAAAAAAAAYTf6v/9f2/Z8ZSnvUKa+s7j7y2eM+VQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOApNfdWjDUiiZnpi9Pp9uZGrZ4u7fJ2zVJEFCIi+UlE8mnE1WgtUe3oLuk3zhuPPvng/MOPatt9ldr1C4PaDaeRLzEVEcV8vbfxXbrZ2d/1jv4a+wov2TrDNGHn2omDk/a/AAAA///Q/PeD") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x20) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./bus\x00', 0x100c009, &(0x7f0000000880)=ANY=[@ANYBLOB='iocharset=iso8859-14,iocharset=cp936,rodir,uni_xlate=1,rodir,rodir,utf8=0,nfs,uni_xlate=1,iocharset=iso8859-9,uni_xlate=0,shortname=lower,shortname=mixed,shortname=lower,shortname=mixed,shortname=lower,fmask=00000000000000020000005,uid=', @ANYRESDEC=0x0, @ANYBLOB="428fb61a87902da848"], 0x1, 0x36b, &(0x7f0000002e00)="$eJzs3U9oY0UYAPAvTZq0C9reREGI3gQt273pxRbpgtiLSvDPQQxuVyWpQovF9rBtPSgeBY968qagBw/iUQRFvHnwuivIqnjQvS24OJK895LXpO22K1XK/n7QZDoz33zz/pC8PpLpiwvRuTAZF69duxpTU5WoLTy2ENcrMRvVKOzEuPo+dQDA6XA9pfgzZY4YUjnhKQEAJ6z//v9yRDRjNqt565vD+ifv/gBw6uV//08f1mfqoIbXT2RKAMAJG7v/f/+e5nr/p1b8Wit9KgAAOK2efu75JxaXI55qNqciVt/ZaG204pFh++LFeDW6sRJnYyZuRGQXCr2HSv/x/OPLS2ebzeZ2/DIbrYiYyANb2ZXCYrUf34j5mInZPD6/2kgpVc9/vrw03+yLiJ3tfv5YrWy0JuNMnv/ymVgZXngUg/SfohHLS+ea+QCt1SJ+O2J3eN+iN/+5mIkfXhoMk1L/E4yXI5aXLs0Xkx7Gb7QacWGwFw68AwIAAAAAAAAAAAAAAAAAAAAAALdkrjkwO1g/J/Wes5Vy5ub2ae+vj5PF5+sD7WbrA6VGipT+ePOh1rvV2LM+0Oj6PBsWEgQAAAAAAAAAAAAAAAAAAICB9c16tLvdlbX1za1OubC9tr45ERG9mte++/Tr6Rjvc5NCLUvRqMQgRTNPu9Vpp2rROVUjxsOrveRFzcdfDGZc7tMYbMW+02gc3NTt3nHfzx8Ma+6tFiP/PexTjbGofrpmaRqPjoy8emc2pePsqEHhXLmmMZ79SkqpVPN2OfzSC+MDRiWidvwDt9WZiIP7pF7h26uv3F3s/fZXKfPAgzPPXHn/o9867W4vc/SPYH1t/UbqtCtF5+Ptlt5ZUNRUIitUymdC7bDw3b017eqPvz97z3vfj3aOqfFTa3Mrlfu80TufR1JUs835bDR7PSv0pjnSND0Mn8w3orsyuc/Jf7PCLRzTuz788pOUfvr1yCmGJsZeNir/+oUHAAAAAAAAAAAAAAAAAAAYU/queC7/su/kYVEPP3nyMwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/87w//+XCrs7MVJzlMJf2/tENVbW1iPq//dmAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwm/snAAD//2+ZVZo=") bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) syz_open_procfs$pagemap(0x0, 0x0) socket(0x10, 0x3, 0x0) syz_open_procfs$namespace(r1, &(0x7f00000000c0)='ns/time\x00') bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x1, 0x6, 0xc}, 0x48) write$nbd(r0, &(0x7f0000000a80)={0x67446698, 0x0, 0x0, 0x4, 0x4, "52cc14d739cc3ac688cc6eb2848bf4d2f7bc03f20ababa9e8f010c42dab36c86e61feb9a3c40a46cc954598197d3f76afc2a14e4b44eb230e1768b3685327884f1c470b0e2663459fc4fa1ab130c9a4fa9d280679b6c35aef55811e3e5e1e90859ddb19d3e81c752983c5fef430f2696d63bc22c9fa103dc93d7f0f6670a38f2a97c3b7fecbdbe43f8d06209ffb8f1e6f2ce"}, 0xa2) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000007940)={0x0, 0x0, &(0x7f0000007900)={&(0x7f0000000000)=@newtaction={0x6c, 0x30, 0x216822a75a8bdd29, 0x0, 0x0, {}, [{0x58, 0x1, [@m_simple={0x54, 0x1, 0x0, 0x0, {{0xb}, {0x28, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0xb, 0x3, 'simple\x00'}, @TCA_DEF_PARMS={0x18}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0) 2.458400917s ago: executing program 4: socket$inet6(0xa, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SG_BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000400)={'\x00', 0x0, 0x3, 0x0, 0x0, 0x0, r0}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x8, &(0x7f00000026c0)=ANY=[], &(0x7f0000000100)='GPL\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) landlock_create_ruleset(&(0x7f00000000c0), 0x10, 0x0) fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) syz_emit_vhci(&(0x7f00000004c0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x0, 0x41}, @l2cap_cid_signaling={{0x3d}, [@l2cap_move_chan_req={{0xe, 0x1, 0x3}, {0x6, 0x1f}}, @l2cap_conn_req={{0x2, 0x9, 0x4}, {0x9, 0x9}}, @l2cap_move_chan_cfm={{0x10, 0x1, 0x4}, {0x0, 0xc}}, @l2cap_disconn_req={{0x6, 0x2, 0x4}, {0x1, 0xff8e}}, @l2cap_disconn_rsp={{0x7, 0x11, 0x4}, {0x75, 0xb0ff}}, @l2cap_move_chan_req={{0xe, 0x3f, 0x3}}, @l2cap_move_chan_req={{0xe, 0x9, 0x3}, {0x7, 0xa3}}, @l2cap_move_chan_rsp={{0xf, 0x8, 0x4}, {0x200, 0x1f}}]}}, 0x46) ioctl$sock_SIOCSIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8983, 0x0) read(0xffffffffffffffff, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x28402, 0x0) write$binfmt_script(r4, &(0x7f00000000c0)={'#! ', './file0', [{0x20, '/dev/cachefiles\x00'}]}, 0x1c) r5 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_GET(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="20000000041401000000000000000000080001"], 0x20}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002b00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a94240000060a090400000000000000000200000068240480d41101800e000100696d6d656469617465000000c0110280bc1102807a000100ba0a73248f398d30de8f8dd4edad53776f1851a7951df649cb043b10ec78de839731b0f3db77a8c699076c9d277fba4a01b0ec195d0c00164244fd08d8bbf375030e53131bb8716dd4438df262eff60b323e1e6dca364435556c6a0f6f59c18cfcd9011d75dfa12b71fd87a2e76053d72cf0e88d261c00004500010078e4904e01a8147ff9eeac09fdd60ee0b0b91687e8e4192b531908ebf700d7386bc9ec90e1ad1a762345a816a619f629b254fc6c8d9215ee674c671259569d85e200000028000280080003400000b3de0900020073797a320000000008000340000000040800034000000002ea000100b17ee7a0cbc4c9011ae09afc568fc57e2fe3240a33ddeaf7053015ae6128deb5c3095845d3c265311b39de4d0235cb6f75661bc9dbd21b6e924f1862cbf5ed18df51f2726aac79201d8fd5d46b43b57866bebf574ce990a21e6410ff042dee6e691eca6c0cb7efed30a0fb5d5efda0baf787ad32c608afd45501bd71607f63c3b2ef1c1cdff4abe8ba03ef0e5733725e3f2b44372c3fcfd99c58cff053929f9b13c8a83932d643e9c559136ab809343420d51ecf356fbf163b14c3146620d28acc36d78691036928d2909045438b850f2bc71ccced673dbe15f75cedf27180100594f73e576700001000010006f66da7836b401be975d6ef4c00028008000180fffffffd08000180ffffffff0900020073797a310000000008000180ffffffff0900020073797a3100000000080001800000000008000180fffffffc0800018000000000830f01000aac25f79d756bec0245a86fd66e5c4f8dda73e3e6fd83c8625335b8feee21c9337bdc231dd2fdf39ed4f1da42e5d9361b13a1d4e636fca5366d4a767e3e8fb95d25a180579bef082a0e88ff1d0eb3a008353c00acfffc47ed1630ef66d3433a974a47f74047719b5de3b58195a64506c6a7fd0c881e1ac57d792762f6c11cae1fedaa4f6141ad114bb64d812661f827bf13b720d270b4b8639cbb70155e2c70304be756eac812cd6acea32a9697ed791169ab8137863ca9624972c05a3764195a910cbb7e062e91594ce167d34eecc9323a926299d3dbc4bfe8072cf5e2685962cac7998edb8f8e92c6036350a71c209f539348727af385c333d079aa1ae46df63b01e3c8133e0939d8cdf37ed15e54d193c8b1daead7dee12ba18e215456fd1b51a374fdc6987f1ff119b4e7e2132bfd1065d3294de8ab55c6b2a79e4c3e1f09de7902f01f1449a86b39b9ece55a589430411012a7b351d420fca0df6f00260ab5af5d1d3cd5d0b330cca85624939a8681daea15a457709f8ad224ebb471b1127d96ea3d281977237b19e25a7e6f4e74279c7ea462ff1e72cb191133157d14c310970e1ab040a3639d6f1bc0f343980321fc6d3e3d5e3f27abe7ad9446909aa6616b7da7e02f55344eca5122f693c943f7791f6b330925725a36a3ba342a6421074b6d1757bdfe3447ca0886ae85387d8003471368e49f5a7807822e8e1b05048cbaa177fc165a00566c11f06c3f7662384cafaf52b5eeaa7fe7c68933490c3a03f167cb3b7058c128472161b6e93b50f9433ff18c9d6b73ee628d51beee882a4e249190e34b0d8a3d0e26fec27e25a6dde6443790af4a6505b928de867e94b5977c8fd30f3cbf8d007e98955ba0043724e9e8cb9777edc71563a5f8bd1298f64591651509c4ea8cc5b4527c2139cd4fe56df29821e937cc7416a7f41a936b292dfbca3720e7b6864a43b36b9fd71d4dd9408674eef37a3baee5675c0764def5e7d67e02e5836505cea9f436b26056172089ce7368fcde7421f919b264a3a514f945fb45cc2c30e4861256752ae9e3c7bdc3bb8276842e2e802e3de7126453a24b242eddab565db0c42488bab4cac5674dfe7afbae6130b592622790f79bd0cfaf1ab382fd3f7e20e41149605d0e0dcc220b1e5cada4c9bb8befe1b03d4677cd17fda68f98a9be0bc782ab00ccb2744b5d1e9e3caac7b803c53ff2ef1100885e7fabd9c309ee031cf9ce6b02c95d5c75e1390bb0286539dadfa4f3955cf42023283d9ed0adaba3ead87a37cf45a5beeebdf738036147e4f46b3f87439c368276bb1e27df7d7c42ccfdb527ba9bcde440492a9baaa6200dc03bf9a0d1a774a8d17ea6e9dc99818d01bc89cf7c005fd57e80bafa6ab7563578836494315fccd77993396c28f1d74a529cbe78bd1564c217df13562e5b4a40379845b2314b8bacf35eccde6bc319e8cb9e9cef1335e7c5749fb8626c3cea7d099772b8ce4b4e7126d3caa55a2b04957f7fe3851e23c0dec748ce85e78b22b2d95787cc7e8bc12f15179023761aacd911859376903575c4f8d15e100f733703361249b0391cd1b60006ff969a5305c70f70d7305e2e8762c1aa2e5a2c78f7988203c0589e4bd697606648044721802761220005aa7e98441a66682f2a6d181e914d66ccf5bdcecf0c124e881c4e6ed22102923d49c1c1dc605c0056b78ec8e148862594ad3930837bbdd9fdaae665ae0e3fd48ffc71abacccba667180548749a26462818c8f99561a0fe5cf042ea1e3fa2cd6e1b56b2c1cbde786d18e1228a4bf6944b39251818def12aa4a761612d18b7a4bb0520869d88634e540cc5f3e5497b005f8f67714dcac4b1dbb48f0a1f04bb28ba86b2fa16691b0a13e0e570979b7789996eac1c8d5d70c44145213bb0638ebaefdf7676e89edd9d31299fa48da593fa586c55289170f1cff3cbb65d0e8c85b9a046404e13904ff80fa45fb83bb5972976727f9ff5711db5eb0576cf7187c944d20b5ac59a2ba6c85a5b1ebeb3cb25104b043f0f6655b170cf7c7d32b23e514f86798a731192c2bb08a33e307729760f5814f4a4a1f5b0b36c35fa591e5da16f1285d0a96a564b4c88a25101f408db23269ecf092ced40a59371e2bf772211d9b31c7314e87131248e9304c13964e39b4197eebeda2d7db0e654f0a54f5a27490ff4f5f36c1d719ae55f19723d20d851b1d58c7b13a562c1dc2da4eec4011207f82f9564d925c664687729e251a74b046bd0737071afacb1cca2fe6a25c1676f056ab4e83e0b5ea6372709d54f29f7d9ddf48821462e8b9b73fd6b3e31479f62eb9bbac17fdb7c87f6c79a6e3da7f3b13694fb376080dcfa4db264991023a3df8b68ae7d7c79fe061453b791ed0700460cbac77feaf81dc6fba4a8ffbc05dc4fcc146c794e6b8b4ee36b9281c6affd762352fc432836a5e321f2cc24bdd38ab17e26f9053b0d7ad0cca8a65623c573d14e99a6e8f7433a2f60cadb90faba63781638db8dce88434ac353c3983a5374a89bf88e991ef95015b9a629a64389f1e3499e077fedb40c84effd731c5f318ec9c7bc8083d387fe2b17eb117593b57453212e114188f04737df5bd9e9e1661978fa573a10c1292ac67a242354bb6148220464b92fc283454c402809daadc588a61c65a2982a82ddc73f36035da88826fdf6dea2ef0e8b15b9a96cdfa839e15077ac47eee2531cf88c449d483c75c1b962f8c0be37f98f01a07b8af0db33330c3497ad3d3e27853bdafd3e3f4b358f78056bb1e0158331a00ca498d5c29f608381e3b66cc8ce670d0c40b36f6e3823be7a0bdd034293665a46231a027074661f305897ad6b74daf2ebfe7283abdce336fbaa936bb243cced65c6391536afb96e2ead3673efbcddeea90c342340157d15b309db8ef823821af2d864aedce483f11b6958e61c74826602459359b916b85fdc7b36cf06648ce244766473b3c695b98d2e4444b010821d247884ef5bcc90dd4b9ad41a5693e6019c079eb2b6697caaad05afa6411e816d72b9f10e5edb5314d2dd6565a78e2deeeb38ca1b52771ac557c64890887b799ecb2c7b48fd4d18b55189b4401e77c7e62e52a8f5cf66682350be0d3c8ebb79f0b14d3d5793d99d58dd9bf6b2a7f31fc33739a37566551acea1fd459fe4ada477de98300cc33dcd91db2146a208838fe6d878c8aa36f8a651567dbd13983dcad6db132d67c4d51d8632e428130619f2476ce9f496d7536ec04dfbf0902689b193d90a6f38c13c8bf92a3309afc25b382cd204aeb5e9f012f34916061eb73ed9753cf5a4996cb06f357f42526e1119ff6322aaebf98d7e8a899e76121fc659aebc530f41f56e7e3a1dcfb609c2134863ccd0884c1d29af41397934297d294ff3fbbb422144f6305b5fe43b0d1f84051b064d603d1d6d805a1e4a309e29492f7c5906d64a4faf07eb6de675e79a1978b2a17e16f6652a536691bfb8c3d51137929e5042760da130be8a27b5673cff0200b640d94707f569624375333e8eed2ac0d6f26d3cf11dfe7c08c580a0349e7fc35e214b67e846a48e354e23102905158c1c2b75c1052008a2195a273bf51d273f7b426613f89af7e1421de021664a8b45cd44ab294fcc66db743c0fec16135829ce3861d031c821c01dece0afd27e2958346d85740cfe0dae9cff161948b22d891f985708150dc2cfaf9e06efcdd2fc1cdb51a53e87c660b5863431d1d463833704829c2478a517ec58baf629f97ef1370cd914ab8c22a6c4f44354c31190bb5ae6d42fe10e298a3176b94d212994166b1d5be0c9e63415d036c8135e645dd611c0cf7b4a0e0644b1689c3acaa7aa9b85e729f3065231cb30a23c83c31a68f7493e95fef52c772ddb5b9fd76bb84b806f737041d7a5d3588e3510ea98e61d0b09ac1fcc889f6828b3c3cf0e1128a0180e9e7aac8465256f69efcf02632ea0cd0baa6ed47b806b882bf2c75753baa08727e0c88fbdb7d22850beee04a2c9596a4e7cf6e8109f94e7357d71819fc0c3c7c00856787ea37f95c39b3f3392a865fe1030bd363fab05946f050abc39b1768cf46432c5beccea2b590293b629f5d7d53379c5563c15eb3531038224c1f85e1527100ee1c4f5b53111169bc4a5ec44b71e090177ca857c459a0e0a49738a407a2097ec78b95dbe98cfa0b91bab424383798dc837ea4764beaf7eacaa3314bdfc8274d01170a88c4052811ea5fcede00e68566f661020017304b9e655f0ec5a6ce2f470c743fb6cd27dcf96acf6ffbd5686bce3ad6f35362d756ac46ec3e215996400726a0c37975396aa49b6983a9152b98cb57101bec88bf1199882d78456436b6bfce4e22cc11a1253b83e8452ccb13d68ba1f87b311346bc5e22c938ff41a4140ea33d93e8e10effafe21c63e308725f143ce50c5480ddb11be4f6ca7cde21a3ba67e3b5fb3a7bdb93c36a146d8a5f846ca46ce49b4cb7d66e2b51c74711d928814fea6087cc6b97d036e4ae55087e36f81ef239d17754f0e074ba71415acfb8b9e8574c8932ad28914238225a7d989c8eee48dc7107e485db7a8d98e3e506edb32f6cfa0b82a44d3a07e8e96a7f4f10500f49a15c068a91d87489f7bdf1700100b0af242d6c667481ea96791a7b553c72461c56d859e49370cc7c68b162873e29dad93934b06640d8e12c321b8276a337bbc78127c58bc32d5145e42d62739d38fbbc3338a092e3dad6bad408b9f71f15af201594a9c75a22b23e6cfd32c24bdaa91b56b0baf797ca08b02b09afdc6610d62c3416741e4bf091f4a66464f25909dd8238624b1edaa14216e0d64c99c7900120ea6e7dfaa85109ff151cdf096b0c677fe9072058a5b7b958e65eecf9a9960358e3aefb2343b0e933f0ebd208039e800829332eb007e3199e40d1225dda8c1ce307a6cf23fdd355dd508a29c3dcc8e9da177f27970dc13e19eb15371da34216f0cbae5f92dc7087276ecbbcf150ff6d5ea4f46e17f34d23d34e422fd201cb935907e8860c471918223b80bd84d303fedbf7406453f0252b80a1a1e8fb63c2a77f50841ea8500a7c137811e3aac3a44ec64f452dee9dad8d1f23e414e8da9499febc4a68ec304839e57f7ad7e93f2c89efd6e2bc86c1c4f1213a42669e9185b19c6eb88711a3deb746d1849ff0e38db09aa6a950dfc2e65a149ebc90fdbdb11af86fc1225cb863ceba5c440c025996df23ecfc10a3352b3a4f2be030b6950c04e2b1fd4dddb6c780f157280200084dd49641c4bcfbd325cc4d17f95d311d40838c5da910e0ccebd9e31b1ef2c6184170d2de4221abb7c13e694bdaeaad2f8134ce756436fd0639130661fdef5f9ef22c7678971af7621254367d774af3e96ef2a6301c495ef767089515a911e88cea23e0e23a95af9e89513a7db9195912c24bda4dff24ea2f6ab2c36386a7d6ae932ea28ad2286ce358f3667df860f4fbd3eef02356cfbec7123784dd1555c7ff8a44be2b28b1dd6d1bdfb3fffbcf135c8649e0c730c74ff78d415ad29dc9a4c76c5fead11f1ec7e9840bea6254fa42289f5432c16b35130d142b3e4201302d35b96e4d300f5405368e1da3c2163c2c1808b6f4b896c46bc6e76900100001800b0001007470726f78790000fc0001800b0001007461726765740000ec0002803e000300e9b0f3683193e5916dc30ceae586c70ce8579392e34ca6b135f9f6853e1a34bc7fa2165a6141202c84b774220ee2fbbb982d676febaf6ff0c76f00000800024000000e309e000300334f2356e90ac2cfb72a9899fc854d70739d1d99007c59a1f88dd6741c862fb809a4e9b3fc340142db96131b7d97c46006493099f7e8f6c2791fb2fd95a6ee467ab92f4279a86855f2327d1005814d50c85efec7691150363e4e5751ff72f4370fec34b6e17962be79b31b237373a434b1e822674effe6ca398cd5e16f8e8273995d3e7f809d8e15f6d4c5ea3f993c1bf4216759fe1f2de47bab0000100001800a0001006c696d6974000000280001800a00010071756f74610000001800028008000240000000020c0001400000000010000180090001007866726d000000f96c7845463d409e053b8f2c94001c0001800b000100736f636b657400000c0002800800014000000000140001800e000100627974656f726465720000000c0001800700010063740000001101800a00010072616e6765000000f0100280c0100380041001009ec413147112dc41b258c4a0612cacb532e3671ccf4a689d2bdc20884af43b8be811a2ba1984bcba6070af62d6a32342d1163c0f6af38b753af3811a072af6e41bbcc65a5ede5c4bd83272b78a190d1f10091c321ce0abf026d05fdf5fd3e642b8e85bf49ce74cd92a36bc9751d1e47d8dd5c0a73ed4af891f1455398f3fbc08aa725bd61615e2dd61050e447976a1a9836d265dfcb9d8329260f0e588565f704dc889145e77c24c58cabe3c9601e9c17c7e3276315de53237c4691d0ee1f979e5cfe3c6eae985635044398e01c58f24d777c321a6c6be0d0dedab0c44906360e79d39154727ff4f650c2e62c3694c1b6809ba0bca80e61d4cd0b17b7953349588446ceedf475730178fc3b664e3a3ec4255393622540e98dae0bf338c109b9c7da1b5cdb45345ae9ce9c397eeee6b2ae6bbd23ced69a712a36b327e19013bbd3e5664ad8308112475b64c231295016a01a2ec7e6302c70f480c34b493202d289ca7cd7c38651145e80fc622587f85e3d85ed7a16e56178e52d39e118a844ef5820e2211709cd376f231658c77de970d071c6792e6034a99beda67cdbe2c91c41df7115b0ee5db3f819246ba1e142b40e0dc4bfdaebcb541cdf559d3326bc6d30116ba4d6b53c43f3056f24e98ba4ea1d7fb24a5229c6635b8fdbb9159148d1f9675e382958b6185084f2af0474022ce42aeb56bb644007b7d382c147226187a0ccd34cf8bc5b0bf12c11167ee3fda6ff65cc7b4af9b1ba547aaf426eb1423e803f578611c94bdb12a21a05545029333f927697b9ac9cfa1e8967b98fe78e9b1d807a0cc5cfecd20308c00390cfd558633a7f791d1f7a0fed1d1b9efa5d253a02e15b65d9140447a680cad95e13fd65f0b03c39cc6a0033c2108971016940b6df47a18f1262a1077fe013575b4aec71f0bbf1e8d05fb120d6a744b6cb66ec2b3c9ce76c570434e22cc3092f2e7cb4ba1ce39292d3cb9d60210e171a68d0457e4293cd0e8e4fa95df78898daba517e854a8c2bdf8211bdce453868f828e54c2f91433d23bba0579c73ac6413407fabd118cbcd2e03b6ebef4e6f834b247a7b17097cbc314e3789158463b75c315010000800000000071f7e7847bde2049e7b8c03fda22b19e35ff6ce98039f6ec7a38fb60c7171e27daa2cb9fd52de4e6a8637ad1323db0a2991935ae17f93e014b9451bb93136b4c421b1af0e207798d4092decaa096d6d82927b88e95881dd248be95f5674cd8b29fd81e5a27403aa67ddc5301c0d178f00c4f9f26e49f85ff81bef129c7b7065ace3cb4e231804e77f06b0576706ca295162087c4b7975e02b8d8c455b54cdac83853962f00e5251314f3e8499bb662934dfebe12d603ca2513e82f4300dd3e3efb88e8b2179b172ff30d6b63cbd32e95f491cf15b81207602562ca157bc5b83e059f38a2a294ff6199bfda089e18e0c517ae3f862cb353c772e7914ce2c871d098ba5e4e9f0fa82edc2fe9acb48bb0b9f0b0283d77ca76da988990bc647f454e046ab769a511930b799acf704349ada98860aa1bcac674250877a529869ef3f5a215966eda2b6b641ac6a01eef629e30fd022ddb0249f5b967b0883a91544572f4ce6f6283bb7431f631c28b6ec8686d7050023ffb7d863d39b0d57b6a3c6b41c0ae3736a17d9efee83397f9c993140428ee6d40e36a8c4ccc779ead6d013d993614f2587ea63d30555807da0b13dd1a0cb2bba3dd96c665e973feec0d387d03968a20c7a9e7195e3181ddaa5bf104694e7287eae78c50c5f613192a8159d82aa702fc436125c97523d92b988b4036fb8c276b6834947bcaac3b8e1431cb549a9c1abe21f8d341571e5711cd1dcbac6b657832e8db4bb4c01631d8ab69adadcb95d504afcdf959cb9d919ec38e9f3a4ac8cca57dabda198dc88a278b4223851b677d46a3507d0d1bd6790e70ec9a816c86fb5bd2e49e40c74cb0bfde63558e0f28e486a9ba2292dd7228ef635c43f37a7161b8f09b79a8ee6af19189a28cf0420f3bf0d86ddf632fa0b38108b81adf055bf55c4e2fe07fe99239ee2a0c34e0562042df4f475cf7cddeaa413f4344da66c1eea288e19b7986efea4e6f26e4c57df22b0ce2e4173c43413d75bfbd8528895236b104662fe69b1d23aaa562624cd2a60255b86a36034130fc89899724efee4a2fc7b3dbbf27824ee72ee1e565096e4f23576c4e59a78fbe958429ca945ea2995a2c9524c2f555404e9a12ab5c09a7f34d2b4984f37aa8cd8294a47e9743a25d65eabdc1d5597f2d67a6198947dd3fea006e4712aa3bb24da392c5a423e99dcaa7037356a344800368c6f1395d6a1a26e54afbe18ccc1df6355c7469130f7fc05122fd7431fd2a6702e453e2a292f7e528cb5e022e8521893961d5d34f3679a3b956ba9ee1056ca646dd08a7ab0f821af164377a9b4599b03258de8cab65dd584d1ee2993d165f7d67e5d39389b6ce353051254355cd6fb8b275bc388e5135cdf56a075f6b5576f417b9dffc29c7e8378a6c5281052dcfceb41c7438766774c113423922f783d0b8cfa9f78ad5bd25033d88455a19ef7dda56c239f4c28016200ac7340215bf9103bc8192624797f52cb921d67c3e212ad61ef9f503afc5581a7b3713d6d4b871bce6ad16fd57c1eba559a94ce28b4b7c5859003259c0436a675569a3dc8e75e8eddbb8c491f8be85b788c8fb4698fb63d71436e3bde5c9d09359cd2546964ce34ecfe1c62117dfa554c400f0f6cdfc9bbb05c673f31cec5ac48aa676381bbc4eacb0c5a4f8586b9ef6e95ca637abfddce5b5b7c9a32918967d76c348d5bb62914a6f11bb341aba8ec1dff7d9052c1a88886dca421686032830ee21ec9feb4438604a3b184928d16070becdd7e7c39af62a762071fadb2e22de94d99c3300efbf09bdde29a918cd87b7a0638a961ac5627bfa0eed3b643b7f13a6c569e1d3a0de6729c6e81dba4072412dedac4c3f5900ce787c3e188ad1ea2bddbe880563d93e4e81c35b584f826b5b7033a24ada15e96d4670443aec460c1a6c0d840b0a0d9964863ae598632e928dbec1b8fd841d337d72058259f09b57e0e41dedbe3fed3bb27127e23fc68dbd1dbfa35219c13f1a65e373605e64b93c0a3e81c1c5504d2a03621e4fbad05cd65b33d2b92174cd0af23f7669c7e1f53545f95cb3497b2b0145aba6f0270d443e7bc872a5d4a2d859c7a6e47bcf43997bdfe4dd6b0a0256828a6dc1ade4a97ee850fb4c231b250dcd71c11f0f687fa1741ac7786cb9ed2f403c077ec71d0a5d491442cc5337789a9ff2619b6ad50ef625d5d683fcc7ac7a42ca60cda276f13371b064cc09beaf425890dde6ff776ef00e68ac354d17a1b54d1887587868df73087597303f8e3232a8f26bf5fbd2bfc4437f9ea9559acdaaceb9173dfa19f811494aa2b2679efb87e8f027c02fa818794f9c55f3c4cdbc1521f0ff0467c9f1e5c81101ba9a2bdf69c35aab672b92051fa73855d37a26d233fb0113f970b7204f5e96b38b644d10cda58403947810fd3ac32cc5d6ae47975dbbe6aa0407628567adbe0ef5a24b45df02167b8e63d6f0ddd79849edb93c21852729a96d0592aee8ee3fdfd4d439079e128751e0b4cad1034373f771853ed773b97e36661768d31e985e776daf17b7c915f6f4d121f035a0dbbfd88ba10e9a0ae50f031dcf85909cb805ccaf8828e23402b094a2e4297a1a645fd1516bf502e7a3a2ccf52f2749cf60cc36841c10b198e0c438f952549602529d4e3363407df23c65d0949e149f467be4e2293f705f3026c8c804785f557725ef0f0b943b3edaef11b610dde9e88bbb7d89013f0426bce49a6c3e1cf29adb10a6cf8abffd041db8451d07bf7b14707b186bf81d543cbba0417157335dfd2d69caa338966e5aaa322bbee92ddb3f90c882ee7dd33365cadb2deb2c5df8fddd4792dcfbb4e2388191743d5dce2a63adfb973c9b077b7b3ceb0a9c09cb694bebf22cc0a19a248672a175a6a19a8526a85f7645b093fa0ce265f9f4a02df95e096392ba2ab72b43b80ec09de4f92f35741ba3327d6043e7f3d18cf37fed131f0b7c9ce238ba8b7f64bf6f7142868da8636b5facf46c9103d05965c2dc5eafc9bee92844a23e0a40f2d4e743ff175cb1e0179569a26bdcdb1ce49e013b6aad0bc51c5167def0ebeaa1fa86956a7a6a93c7288abb19ca437e976bccf8b5874cdaf6f367b2d618e1ba74d56cf2e5a6fc66a350a8d60f18f230ad10233b19d97e3f57ef1ac1c092ebff0a75b77e6c712c6e46770c7d0bd692f6429a59ebee9145558e2c1d75b34a8f4886bbda3253f64eddc5ee494c7727944cfcdb3ddb68f0d34a0be5516ab6c2d9ae763dfe030dc0ebb9a981a6b824eeabf12cb6a50a1fb198bfead4244cf3f82a57c7c80ffdfc0eb3610bc8ef72885d75fd0b46cf8a4f00bae90d0d0d6591ebb981c90e1d7bf9f8119bfb0d4a5b71b672c12992ec1050260c5791ebd662d132334404bc4e8fcbda4431cd621c6196f4b9f6d355e8c8b965f04dfc8d9fef200ab105e6c02ce8bbd1c0fa4ac3cae801ef07d220ed528e297a94f584f727f9db270ecd2b213a38c227ddd11c3bc229eccfe7c9799a380d6644393cffb8419fdc3a5096e46d12e0b7d92d78c5ba3cd2430031f11b25d23dbcf7ccc7a4933687181146156ce5545069c9d87ad0100cb61eb5b7714c2d2027184f45912aee6bbed40c752cb10441f8449ae30444c6235049870bfe944eb8af56376abe19237424de4e9348552357758e37faf028876cc3a11f265df532f5b43c5af40090a99ea56e3c40ae7e9dba0ce81e2b1e9709a44900986735beb418b984c5625c86ee3a0bfd0bdaf9f4ca0793b1eaab32fff0621b13642c3f2769b64330f9d4a23b31f4d78b4e20fdaee21585adb29425c21831d26d804e98f9b84d1f67a8e4df05c65fac21bb7a8637df5dc4d1af073c58ef56d4ee48b8119d8486fd1420d7a78f066307cb2ad927bc4e827b0d7ea0eb1c164daa4147162bb3c80b141b2287393de10ca3b033ec1c9215ac68a837615f8fcc1ef1a0e255c4add7b24c05f016b271c478bf8d369772e5219a130cbe4cab357a9642cdedfea5d9c2277c111d19225c33e0e411db730a090a06361bc863d805902ff12fb5e0898bf07c4363207d507f55a5e276ecae6fe4b00d280732a9d2c57ff3eb1c95d08caa59da9575d8f176297c5a0effc37115abfbb31cc645b11b060794f22febb7cc25aa7011b262836b1dd414ae0e0b8f8307ef79b34032ac35ae04a47c35014b2b437e6c6586689ba133cf7ec3be260217a7163346187844e0ec4f22d063947ca41824efadeadd0799282e522806218dbcceec1452d75952a509ac67f9fb8520ad7ca4173be0fdcb9d79bc056eb5f34dfcecdfb1c6e5db1cd2fc08ca0d93b8060c09e5a4d5e23d2ce656b6c6fa19afb080e5e80f7573e3c232ed34ee658e7500110c1d2e015746fb4b64761a727d1d83e213eba2df563f96dedd980523e542cc8e30dc48c22de790076c3b17470375cb4d6edf40e60d3b9b4e608b0cc3982e5dfb9d05d725774dc4d3c0313ec7f891c18290ec511e2f58dc363c4ccda3960bc2066463ab0a533103ca3f7a2c7340c2340cf07d1ffe49ad53acf38997b6ce356984b6fda3b50d34333dde4da912b875afc9c8fd8b5483b28633abd7187e5c255bc0ccbfd0b70b7bd5cbce265a1fdc3d8d706f20b7a198961007898a49668c3261b426842f444babfb8ed6fd84f2471c83cf8f922ac5ed75238db6aa8f72ee038b2627613547b539ff196fca5400028008000180fffffffb080003400000000208000180ffffffff08000180ffffffff0900020073797a300000000008000180fffffffc0900020073797a320000f5ff0700034000000005080001801e18eec1640002800900020073797a300000000008000180fffffffc0900020073797a32000000000900020073797a320000000008000180ffffffff0900020073797a300000000008000180000000000800034000000005080003400000000008000180fffffffc2c0004800400028023000100c6fdd202986c0ea27ca54d34c325abe8b707f9bdd138c5a889015a23a29200000900010073797a30000000000900020073797a3200000000140000001100010000000000000000000000000a003a10da3f7609ba9b6f9809b8ad5eb22084de9a5a9a2a50e94a79d3c71a8d33aabd869487d9542d1c6ad54bb4d390a309a44f7f0854e746bef7ad14a69d58bc487a41dadeb0352177015d71bac6b2731303380cbef9f1f75eb61e681700000000"], 0x24bc}}, 0x0) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}, 0x58) fsopen(&(0x7f0000000040)='afs\x00', 0x0) 2.299003254s ago: executing program 2: syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x400, &(0x7f0000000780)=ANY=[@ANYBLOB="6572726f72733d72656d6f756e742d726f2c757466383d302c757365667265652c646973636172642c757466383d312c756e695f786c6174653d302c73686f72746e616d653d77696e39352c756e695f786c6174653d302c756e695f786c6174653d302c0008442895b66131b4e4d54b2ba6ae54da0e13047e9f62fbb85ccc774b3ec4c81a1a985232d16d0d934460e920a59172e764c68194b9d9d0be76c595bac1fc5a0a8256a7b77e071e9bdd6100f9ae", @ANYRESDEC, @ANYBLOB="e40816517204da38c3023f9f39251d31d4455b2e84a8e844f6ce376c5e1d47c8ec40f5271bfa4a641bf33a10d101dac5f024a5a04698ff6887c95e286554652fb64f41e793ff09064745e8fefc63d96109c8c1808b81d054d2d4f3564e884e0315047a12920cab156ecc1ddef7c72da0fb7778aa14460b9ea95584e0a207e49de9c44149105ba8c1ae4ccdcff6f3277626c15f2982f8fa024936daa80c1f3a7c378afdd1d72919132e46eb4e36ef0db65552220543b229879ab92689bb6e1546c6fea0b2b4c97cd6aa5a0c4f62ad5629738a1d455b3180245db0941926f8634c8f83c976cc2aeae379ec96ed3f0aed604394c6d617ddad5bc6962916644a55ccc6d2170861455cd687c24f0db425b220abfbbfdb0c1dd51e553cc2abb7f2877062d2057d148a65ca5e2c96d3f054381536b1c01ef8eab2317e35a8e216a0ed3365503cd394bf4da5faa21d3e1b96baf06860f62537445721849598df260b08ec0c3ca3cebbd990163281e153e64059aae094e3c31d814f52b54f00423e0235c7e97b636b0b7f3c0e4e92b184b2a12a5d738368000987fa13d8458f8012924f743b0b409d20ad5999a61a6b21fabeb94ceb5e7ba7fad5f9f53fb2060ba4de32ba7ab6a3b62f90aa6fbf4d4977229b624aa3a7a84ca2f7d10ec77acc8934cf7cb22837252a7a1dc678bab6c66a514bed149be752ba8331a1cad0f34b75c128ebe1439ccaa8e531763a4ba6cc5c77617e80767b04ba08ad9500add8f2854b6d7fb1e666d48f2c39f7753dad725569f30e21ef55ecd4aca1cc8e697cfd36fc95b20164723470d250c921267e3073f9b29664f86712fa078f3e7053187cf70f090a9ef97fb2682a127c1b23c434d104433ddd32676b2777a41d87e56aee3f712e0846ebd6bcffbe67e56b45f060d24318c826ec8f1ba9040ae7c3d8adbb16d818d1e0adb46afbff138d4159c1448ce4ebf4593cfd8ccb1ef1022c6e9971b9a948c1cf5166700eb4a6eb68c25c90fdd2d27f2d31f360b8fc3a2f53c5432eec7f07394c0ee4f1b8a74bb9805b944ac27c5b46a2748860a822741f10af945ed2898bc8259f99b92ae39d45d011bb418265cfdf403465a10d5a0fb911f3722f88ca8ca8457e172eb9848484405aba285532a296f23b03ab30c0ad5e5526d2c6994ecd3f9da5b8ccb8fe9785457a00693c40e9f6f5962a484b4e80ac8fb8509494be4f7e5c37107074406466c632a325311cc12ab59ab95abe85ff31d257e56fecc38bb39faf38e47fb1dd6e7cb47c3dde93a9443ef7acf4b5e9719864a0eed37672304b2d762862b06952afe266f5ebd7ac93093a41a3d9a23f573412d6f1a06a97ecd80096dfcc47a4af0834ae4fed58fa02f3a264352a8d8f03f8a0b7c39fcf00089a68a8945f6c3839497ee676c8e18eaa64accf76e5fb40a25f91c6ea155c55ccd082aeb42581567c0dc62b1ab5599143d8b4831b41b4ffdc93848217c7e66198895af7d71bd19e057f785f3dea52242dd64bec2664d1b156924bba27435d25ae54bf2a612d254e8626180ced3c18e43ce2da85f87350eaa0615539c6762a652bcb399261d32e7dc5baf73685ac0cf53ccff5d83bcb7822d664139e2528719e9c72101c6f4887f87d756f7fca3bd9dfd1ada3f59c0c90217d6cd8f8b1b2397345aaa9b12c1dc706b392bfe3d062cd28089544958923693fa7c202fae3ecfbe1b73202b9f30c04b5bc7257d60bc2a4aed4ca0a68010743ecc236ed9e9c8e5e860248df782034e8f4756e3e911795e2e7c82e86f7c43e63761ffd212ba18da1f9608a12603a72e50ecee3b8520a76f9474a260d7f3a7f447258a97c609cd35fa15312291af429f55aea4455e113159ab9e0c5bb4d5890180bcd5844bc8d2a69595d79e430dedf0c1d6ad6eee004e9c0b86c51c9478b09509a6d97d5ad6bc0c6a4ad6181733f2256ed2f7072117a48dcfa446cff9e336f2e3e36d6ae6a660e77989d824e0c06f54ffca616becdc77b5b14358fae14c8a0083556d39b41466389a61e6f535cc1550b27a6c3e6d861edf3236a3a41d3fa776c47b2424a107765201ca665cc5405fe63cda66df5a5201409bd0b6dcdbc14b29204e68ec93d45f88530617479424c80b8215b3eea69db7a2107ca41408c6dd61e598dd90e2d648e071333f6a5af5975a7b52602631717783a34039acbb63addb23c42e0baaaf2740ee61f4abcec4b8224f37b8c57cb4df4cd6195f5775e4581b8f8538bfc1880e215a253496e50acc4c851554c3fba846fb814be09485b15d91fae7cfb9cd9f5613f8c89eeff7d6d0c60cda734c2ef62c4510a7c61e59cb4f3213380b3f38ad861a974849e63d7b9040d33bdae35ec54b832a46fe96e7471d8a6a58ff2d1e51124a00968f5b90f42eeee8f5b6edf887e5f48c688f9f54bcf113fac89fcfcac4e8c521eeea3cca3a729f43102aa79d0bd845a5dec9c3d081f7e203a31b90b1bce92b3a52f1c893c049baa0f79550e94781fd757de0569164fdda2358d33369b1c15ee67b274f36ca935dcd1ec4dbcdf9031b60fa8778b2fd2c3b54e7829fd4703125af1660553bfc23e926fae9ab7c66c9722e3b02ab2bdf48f6fe629682bf35aac7bd0aa746e97922d762e67921c14ad62c9ded1da41328e103ae84e7777e0482568189ed16a82cefbe7ed92354da74feea889b2966e3afdb17fb87624945ec2c266a41da57cd9c6aa4e0c78d59406a0721b8a393febbc67d210db8c016ac316be128f1d54194d537df5107b7dd3d6cfd1dd0d5b323d441993885b26301c4a484503f528096c346d26ff6e1dfc0d77f52a87978bed420012d5672b07b114dfde341cf8df3aa943fd6f7bc750f087d29629a6e934de3052dc0cd100e2149754f702c5f6c631622b6b5b0548f9740b98890f3859a1f447ede4157c8f14375e3444b04d5d7574cc912d36915bbb6ecf1d5c0ccf655e33c26871544278fd78d7fdbff2c884582a6dff3eacb1ca2514d2066e7cb34612ea00dc6eb087040776c080a2b576fdd4778a9aa735c661eab28e8e59825a6bb36a87a45f81372ace4ddf401c5ed4c8d36e83babd21a4fa45cdf0e2539023fb9a9403c15b7fa3a29875ee14e9b5156fd4a78f98802f236628cbbcef32ced2d19965af2f26732b720c1856c8370e5d66fb5bafaa517960308fe81f7f0e9a507f560da621288f5a80221086e6d89f9e0b35efc4fc05200825d93d9d689710d98be14eaf1a1ba4140aba22d698f737330fdeeeed7340ca9b2c6fc29d16b33fc84defbc7c313daa088e45f5215a24dc2e26fc6e97ef17d9477f398d071bb89f0e39f9b27cec0f4d71c314c7899daf0fb2ff82e870c6041c64bbce0b0c501c9749a689c240bddde0e23efd5cafef1c5de366ba0557a9114b817352c35550b259c51f755fa65d5e5c843f8ae7f991a1b373c071072a49e3f1f0e6c485134cd83e4285f2862c774a2c08ce6370c04a8ece61cd6f092c96eed2ad0a34b5899b77b393e74a15da1ea9bb1772dd9fac04159be770a203e87e2b0e60bea75ac0a6b7e09710fd6a95ad5cd132d6542447e241743f6d24d2e76dcb779cd356b7172759f429d84b21ab2cce16fc95264400b326aaa0f7dffb9b039811b590888df8a569d4448e411c330706c826c15c8b0ce65bb734f0575cf0e9583c19258a526d1685ab73ba143e6faac47f044f304e6ce550d597ee74a3f67a5b8b15c2b39b9a1fc756f9e7ddb33a4dd3d51d47d065600452e18d10d7ebedab19e229dbb209f439ff54b6855a02f33cbf8eda95aab0f89a00ffb63a9342f1d494f0b740ad5904559e7119d2f4336f9c9e256aee5e9c82d23ea0c39aaf60866b24fbf62de236772ec7411474b86fe59b4776d6b581f4362c50eeb0685ed4b082546f1c01246b2e05866f069bdb2aa8470062392e0b879adc058ca86b7f812452ce00cc77a344069a736470d902289343ec6f19344844cc00dc6e63fe80daba2b5bf17c2460e3343282f97b395d8f2bc276c483c1a9de552fb4c73a40e9f1c6858166f9b6aa7b0b1b80ab368bfefe7e1979b3bd3b36113945b524b7a9a9d93b74cacda4de8ccdb704f52a60793c23bd121e7095cfe48a349156fa65d8d5cb267b176e018d096e7c14431b2e7dcc541d2b5621706fd1d46419152d7bb2f4f2f10a15070d1423b2cbb0390f39b0ec102e012105b3cc0736f7b46550719bba65fa73b803e138fa6bec9e6987464d5cef1d634b0639f38a9225938baaa8cf790f19f7e6c9e92879d744e886160d25c705310eded8afa6e91dfdcfb9fa2f78a205748b39f149feb31ed3721b47119bf2abf86e7ed6cf30e8648f9469d532dfe22ebe82159a794de9d2e043b37056ad135af863e772635ac30ce749cd69691e3d450e56d1d7822b1b69850c0f4bd738aa7f9e2256b33d4ddaf15e4c90bf195b5ee66b4a90158613f24d38923adffd02cb5405098ac762cb238c80ddae96214075d8275523d3001d5cdc2f9e659b88a7f409d32c443e305d191554d7cb780c86dabd3e76686f47fbc13eeae9c589e790f1639cb6891a563d628f971c85d1fdae53e28b8a8c36c76768a156be0b5e384f4ff5b2cd48d54ab29e5a6f3f7ff7981e394a9b374675e2ecfd7fcb25e7413002d16d4bd985c15f94d9717145e83d50a167b8d9c5fe96185c00ee729b41d3cd24ac11a112b1a3dfa89a36f11213dee1c0fb79161d697404b1665f9356d67e49ea4fc8c906f8ec4ffa4220ff313263d9b581c3dc4cd3037487c5f2126eb8d4044548e68c0fb90a058db2b6458a99b8b757b9cfd16d23232ae192e08cd1b100991b84f22a58b9a94acf58be4e15009dde7ddc858060fa07ebc3ae57bf03d72acf7ed0a09a9d1aa695aafcb10ce365a0db7298bb8e54933df4dbd92431d58302040a8458d6b72a25ab7d0dfb84a00e7d3391692cd867842ef9e20b19938d46e64b39d211f4aafb2106acf19c33acb871370e1b7570ca3c4a6353211a6fb35bae7564725775f258b7e4b3c06199e15263f424f4c37861e092d58247a422ab5522ed3cb296b9fbcab2632092f7a3d7ecb26f8889a685591593dcda1387d45b9a592b3db019dd6223a3688f448cf21f007e4dc3fa68bfafcfe215c8d1860885473f89a0bab3d2bb2582aa5da5c2c2cc69e84da74abc71c6000208b9ac862860d1aa53aa02b23d5044f35312452174f5a6e3df7b49437540f233f734a238020286574af1d7d5e868d35e61afd095a18c6c41490dc3def76b749cd1b01381be1c2f3dd985f137dde507d08acecd3770c1949d5d62f1f0a367cdb0399dcb468dbe800b7ffee66e35622ee7f91c6f8bf741236726c012f967177efb3f6289203b994741182b17eea2b5086da77c6975f23a2c67344f21b0cddd619fb2a6f2ab4b5f6b3af3e6889179017b37d03811dec1a87d52d0411e3d2146329219cbc2e8b5ae362402be7d3c74ce2f60467b3483c75453327865884c5123d8068f650e0fb1da6131811f30464244712e77ee3943ccf1c297e1f1599478d1523edeab4b185d039f360df9b8ebcf2369e0aaa2f09e983b3fb36b4f2319cfa7c448a5ba72d9774b73efce2e4413496e2c412e3954a16a34665f0cccb5b422bc6b48e627a1e2045961718692f350edb0767a2a8466590c58d4e7949254c3a4010832b11daf590921c12db8e1541b485d101780915c195c8e5b5e885c8367cf306a1aaaa7742f8fcf6cf3e6f761ac9781be13a63b149504a03923b4b1e6a64235f2fd4881a09b4b763c3072b9a8f868f7020c1dc0a1764c59dc9ecb5c1360f8", @ANYRESDEC, @ANYRES8], 0xfd, 0x274, &(0x7f0000000500)="$eJzs3MGLG1UYAPDPbNvdbmmzBxEUxIde9BLa9S8I0oK4oKyNqAdh6mY17JgsmbgSEdubV/+O4tGboP4De/HmXbwsguClBzHSJONm10BbaZzV/H4Q5su8+fLeTGbCNwN5R29/+dHebtHYzQZRW0tRi7gT9yI27kdTT0yXtXF8IWbdiZcu/fbjs2++8+5rza2t69sp3WjefHkzpXTluW8/+eyr578fXHrr6yvfrMbhxntHv27+dPjU4dNHf9wsP703SFm61esNslt5O+10ir1GSm/k7axop063aPdPtO/mvf39Ycq6O5fX9/vtokhZd5j22sM06KVBf5iyD7JONzUajXR5PZbNyiNntO5ub2fNhQyGKlyct7Lfb2Yrcxtbd/+NQQEAZ0tV9f+HnSJ1itR9UP1fC/X/4qj/l8H9+n99ev2epP4HAAAAAAAAAAAAAID/gnujUX00GtXLZflajYi1iCjfVz1OFsP3v9xm/ri3FpF/cdA6aE2Wk/bmbnQij3ZcPR/x+/h8mJrEN17dun41jW3Ed/ntaf7tg9ZKrJb5pY35+dcm+elk/vlYn+1/M+rx5Pz8zbn5F+LFF2byG1GPH96PXuSxMz6vj/M/v5bSK69vncq/ON4OAAAA/g8a6S9/u38ftzdSOW3IqfbJyuPnA1F/wPOBU/fX5+KZc9XtNwAAACyTYvjpXpbn7b7g0QKHbuFBLSIq6v2XiDgbB+GxBj9/PLnqH2bjqn+ZAACAx+246K96JAAAAAAAAAAAAAAAAAAAALC8HnbysHL7fzL32Ex3K9XsJQAAAAAAAAAAAAAAAAAAAAAAAJwNfwYAAP//xsMhSw==") mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) ioctl$VFAT_IOCTL_READDIR_BOTH(r0, 0x82307202, &(0x7f0000000f00)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) 237.726954ms ago: executing program 1: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="14000000", 0x4}], 0x1, 0x0, 0x0, 0x4000}, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="180000000114"], 0x18}}, 0x0) 0s ago: executing program 4: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x804810, &(0x7f0000000a40), 0x26, 0x756, &(0x7f00000002c0)="$eJzs3M1rXOUaAPDnnGaafuTeyYUL9+pChBZaKD1Jmk27aty4KxQKbmtITkLISSZkJrUTC7auhdpsFARR1y7dCqX+Ae6koOBeEK1xIW5GzuSjNGam0ybpSPr7wcl53vP1vE/m8GYO5D0BvLReL38kEUMRcTUiqpvb04g42o6ORdzeOG790a2pckmi1br2S1KeFuut6va1ks31yWifEv+PiAeViHPv/z1vvbk6P1kU+fJme6SxsDRSb66en1uYnM1n88Wx8UujF8fHL46OP7WG//VY6+m3Lh2/9+2ba2vffdW4+9rA+SQm2nXHZm09XuaZbPxOKjGxY/viQSTro6TfHQAAoCfl9/wjETHQ/pZajSPtCAAAADhMWoMtAAAA4NBLot89AAAAAA7W1v8BbM3tPah5sJ38/EZEDO+Wf6A9hzjiWFQi4sR68sTMhGTjNNiT23ci4v7Ezvvvi/IOu73Ha4/uaD85R/roHq/Ofrhfjj8Tu40/6fb4E7uMPwNb707Yo87j3+P8RzqMf1d7zPH1p69UOua/E/HqwG75k+38SYf8b/eY/+7aB/c67Wt9HnFm178/yRO5urwfYmJmruj6+oEHf5592K3+E53yJ93rX+qx/nfXf5vvNJaU+c+e6v7575a/vCc+3OxHGhH3Ntdle21HjlML33/Trf7piNbzfP6f9Vj/j18O3uzxUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGhLI2IokjTbjtM0yyJORsR/40Ra1OqNczO1lcXpcl/EcFTSmbkiH42I6kY7Kdtj7fhx+8KO9nhE/OeH4xtJ54o8m6oV0/0uHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgG0nI2IokjSLiDQifq+maZZFDPRw7uAL6B8AAACwT4b73QEAAADgwHn+BwAAgMPveZ//k33uBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCoXb1ypVxa649uTZXt6RvNlfnajfPTeX0+W1iZyqZqy0vZbK02W+TZVG3hadcrarWlsUuxcnOkkdcbI/Xm6vWF2spi4/rcwuRsfj2vvJCqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFZD7SVJs4hI23GaZlnEvyJiOCrJzFyRj0bEvyPiYbUyWLbH+t1pAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9l29uTo/WRT5skAgeGHBexHxD+hGl6DfIxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP1Qb67OTxZFvlzvd08AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADor/SnJCLK5Uz19NDOvUeTP6rtdUS888m1j25ONhrLY+X2X7e3Nz7e3H6hH/0HAACAl8LlZzl46zl96zkeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgV/Xm6vxkUeTLewsuR3O1lXQ4pt81AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAz+evAAAA//8KQsc4") chdir(&(0x7f0000000240)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) r1 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) fallocate(r1, 0x0, 0x0, 0x1001f0) fcntl$setsig(0xffffffffffffffff, 0xa, 0x0) ioctl$FS_IOC_ENABLE_VERITY(r0, 0x40806685, &(0x7f0000000a80)={0x1, 0x2, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0}) kernel console output (not intermixed with test programs): ngly recommended to keep mac addresses unique to avoid problems! [ 1077.078104][T16190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1077.123950][T16190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1077.170734][T16190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1077.228344][T16190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1077.277860][T16190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1077.566552][T16190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1077.770020][T16190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1077.824148][T16190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1077.923179][T16190] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1078.017596][T16190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1078.091392][T16190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1078.154180][T16190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1078.198091][T16190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1078.249132][T16190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1078.265472][T16190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1078.284380][T16190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1078.301245][T16190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1078.337246][T16190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1078.350887][T16190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1078.376942][T16190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1078.399348][T16190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1078.423697][T16190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1078.449273][T16190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1078.484692][T16190] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1078.536328][T16504] tipc: Failed to obtain node identity [ 1078.550378][T16504] tipc: Enabling of bearer rejected, failed to enable media [ 1078.602143][T16190] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1078.651245][T16190] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1078.660041][T16190] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1078.684347][T16190] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1078.955660][T16515] fuse: Bad value for 'fd' [ 1079.047279][ T7761] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1079.076892][ T7761] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1079.228446][ T7739] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1079.242917][ T7739] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1081.706804][T16567] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1081.722616][T16569] fuse: Bad value for 'fd' [ 1083.894620][T16615] tipc: Failed to obtain node identity [ 1083.900314][T16615] tipc: Enabling of bearer rejected, failed to enable media [ 1083.952913][T16615] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1084.621807][T12563] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1084.774317][T13370] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1084.786090][T13370] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1084.795060][T13370] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1084.807422][T13370] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1084.817303][T13370] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1084.825159][T13370] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1084.948862][T12563] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1085.161712][T12563] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1085.427259][T12563] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1085.722904][T16647] fuse: Bad value for 'fd' [ 1085.936126][T16652] tipc: Failed to obtain node identity [ 1085.959041][T16652] tipc: Enabling of bearer rejected, failed to enable media [ 1086.019734][T16659] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1086.039212][T12563] bridge_slave_1: left allmulticast mode [ 1086.045727][T12563] bridge_slave_1: left promiscuous mode [ 1086.066389][T12563] bridge0: port 2(bridge_slave_1) entered disabled state [ 1086.105588][T12563] bridge_slave_0: left allmulticast mode [ 1086.132724][T12563] bridge_slave_0: left promiscuous mode [ 1086.138649][T12563] bridge0: port 1(bridge_slave_0) entered disabled state [ 1086.431749][T11809] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 1086.690540][T11809] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1086.729977][T11809] usb 5-1: config 0 has no interfaces? [ 1086.756938][T11809] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1086.790599][T11809] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1086.844108][T11809] usb 5-1: config 0 descriptor?? [ 1086.873754][ T5124] Bluetooth: hci1: command tx timeout [ 1088.021366][T12563] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1088.096202][T12563] bond0 (unregistering): Released all slaves [ 1088.191965][T12563] bond1 (unregistering): Released all slaves [ 1088.290057][T12563] bond2 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1088.312767][T12563] bond_slave_0: left promiscuous mode [ 1088.390510][T12563] bond2 (unregistering): Released all slaves [ 1088.529589][T16624] lo speed is unknown, defaulting to 1000 [ 1088.969936][ T5124] Bluetooth: hci1: command tx timeout [ 1089.298746][ T6713] usb 5-1: USB disconnect, device number 15 [ 1091.041657][ T5124] Bluetooth: hci1: command tx timeout [ 1091.306871][T16695] tipc: Failed to obtain node identity [ 1091.348289][T16695] tipc: Enabling of bearer rejected, failed to enable media [ 1091.685994][T16698] fuse: Bad value for 'fd' [ 1091.732257][T12563] hsr_slave_0: left promiscuous mode [ 1091.777650][T12563] hsr_slave_1: left promiscuous mode [ 1091.871506][T12563] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1091.890961][T12563] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1091.910010][T12563] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1091.927007][T12563] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1092.015778][T12563] veth1_macvtap: left promiscuous mode [ 1092.031939][T12563] veth0_macvtap: left promiscuous mode [ 1092.047036][T12563] veth1_vlan: left promiscuous mode [ 1092.058868][T12563] veth0_vlan: left promiscuous mode [ 1092.424469][T16719] fuse: Bad value for 'fd' [ 1093.111332][ T5124] Bluetooth: hci1: command tx timeout [ 1094.437287][T12563] team0 (unregistering): Port device team_slave_1 removed [ 1094.653506][T12563] team0 (unregistering): Port device team_slave_0 removed [ 1096.182122][T16728] tipc: Failed to obtain node identity [ 1096.187731][T16728] tipc: Enabling of bearer rejected, failed to enable media [ 1096.322481][T16624] chnl_net:caif_netlink_parms(): no params data found [ 1097.023678][T16624] bridge0: port 1(bridge_slave_0) entered blocking state [ 1097.091295][T16624] bridge0: port 1(bridge_slave_0) entered disabled state [ 1097.121663][T16624] bridge_slave_0: entered allmulticast mode [ 1097.211405][T16624] bridge_slave_0: entered promiscuous mode [ 1097.340322][T16624] bridge0: port 2(bridge_slave_1) entered blocking state [ 1097.354178][T13370] Bluetooth: hci2: command 0x0406 tx timeout [ 1097.411738][T16624] bridge0: port 2(bridge_slave_1) entered disabled state [ 1097.419242][T16624] bridge_slave_1: entered allmulticast mode [ 1097.497815][T16624] bridge_slave_1: entered promiscuous mode [ 1097.810230][T16624] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1097.875375][T16624] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1098.123336][T16624] team0: Port device team_slave_0 added [ 1098.177695][T16624] team0: Port device team_slave_1 added [ 1098.328811][T16624] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1098.347253][T16624] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1098.399377][T16624] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1098.414818][T16624] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1098.422678][T16624] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1098.448612][ C1] vkms_vblank_simulate: vblank timer overrun [ 1098.459830][T16624] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1098.671930][T16624] hsr_slave_0: entered promiscuous mode [ 1098.697086][T16624] hsr_slave_1: entered promiscuous mode [ 1098.717079][T16624] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1098.761719][T16624] Cannot create hsr debugfs directory [ 1100.987166][T16836] tipc: Failed to obtain node identity [ 1101.012384][T16836] tipc: Enabling of bearer rejected, failed to enable media [ 1101.208158][T16624] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1101.264024][T16624] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1101.282959][T16847] 9pnet_fd: Insufficient options for proto=fd [ 1101.310245][T16624] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1101.380761][T16624] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1101.767512][T13370] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 1101.779865][T13370] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 1101.801411][T13370] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 1101.810413][T13370] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 1101.824768][T13370] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3 [ 1101.834008][T13370] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 1102.025398][T16624] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1102.153046][T16624] 8021q: adding VLAN 0 to HW filter on device team0 [ 1102.274581][ T5175] bridge0: port 1(bridge_slave_0) entered blocking state [ 1102.281996][ T5175] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1102.320109][ T5175] bridge0: port 2(bridge_slave_1) entered blocking state [ 1102.327468][ T5175] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1103.367395][T16860] lo speed is unknown, defaulting to 1000 [ 1103.655298][T16624] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1103.912013][T13370] Bluetooth: hci9: command tx timeout [ 1104.088157][T16624] veth0_vlan: entered promiscuous mode [ 1104.180141][T16624] veth1_vlan: entered promiscuous mode [ 1104.398925][T16624] veth0_macvtap: entered promiscuous mode [ 1104.474578][T16624] veth1_macvtap: entered promiscuous mode [ 1104.586622][T16624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1104.613265][T16624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1104.639921][T16624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1104.652120][T16624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1104.671061][T16624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1104.701191][T16624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1104.721389][T16624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1104.751077][T16624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1104.760952][T16624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1104.786880][T16624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1104.811131][T16624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1104.841095][T16624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1104.850970][T16624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1104.881072][T16624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1104.904959][T16624] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1104.975743][T16891] tipc: Failed to obtain node identity [ 1104.991400][T16891] tipc: Enabling of bearer rejected, failed to enable media [ 1105.069326][T16624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1105.090088][T16624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1105.112542][T16624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1105.141090][T16624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1105.161209][T16624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1105.186310][T16624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1105.201111][T16624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1105.225923][T16624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1105.251050][T16624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1105.271169][T16624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1105.301040][T16624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1105.341851][T16624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1105.373377][T16624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1105.401060][T16624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1105.436449][T16624] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1105.506816][T16624] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1105.561135][T16624] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1105.569888][T16624] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1105.611114][T16624] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1105.992512][T13370] Bluetooth: hci9: command tx timeout [ 1106.253011][ T7745] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1106.293795][ T7745] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1106.459403][T16860] chnl_net:caif_netlink_parms(): no params data found [ 1106.515442][T12563] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1106.546813][T12563] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1106.572438][T16912] fuse: Bad value for 'fd' [ 1107.333787][T16860] bridge0: port 1(bridge_slave_0) entered blocking state [ 1107.341745][T16860] bridge0: port 1(bridge_slave_0) entered disabled state [ 1107.367897][T16860] bridge_slave_0: entered allmulticast mode [ 1107.389971][T16860] bridge_slave_0: entered promiscuous mode [ 1107.429678][T16932] tipc: Failed to obtain node identity [ 1107.446897][T16932] tipc: Enabling of bearer rejected, failed to enable media [ 1107.473222][T16860] bridge0: port 2(bridge_slave_1) entered blocking state [ 1107.548243][T16860] bridge0: port 2(bridge_slave_1) entered disabled state [ 1107.615175][T16860] bridge_slave_1: entered allmulticast mode [ 1107.683631][T16860] bridge_slave_1: entered promiscuous mode [ 1108.037126][T16860] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1108.058190][T16860] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1108.073693][T13370] Bluetooth: hci9: command tx timeout [ 1108.525809][T16860] team0: Port device team_slave_0 added [ 1108.577745][T16860] team0: Port device team_slave_1 added [ 1109.750195][T16860] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1109.778963][T16860] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1109.833925][T16860] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1109.890515][T16860] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1109.921304][T16860] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1109.990023][T16860] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1110.151895][T13370] Bluetooth: hci9: command tx timeout [ 1110.416974][T16860] hsr_slave_0: entered promiscuous mode [ 1110.479098][T16860] hsr_slave_1: entered promiscuous mode [ 1110.515456][T16860] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1110.531240][T16860] Cannot create hsr debugfs directory [ 1110.697836][T16977] tipc: Failed to obtain node identity [ 1110.712991][T16977] tipc: Enabling of bearer rejected, failed to enable media [ 1110.727069][T16981] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1112.069531][T16975] block nbd4: shutting down sockets [ 1112.558553][T16992] fuse: Bad value for 'fd' [ 1112.765615][T16860] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1112.856304][T17002] fuse: Bad value for 'fd' [ 1112.970051][T16860] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1113.157526][T16860] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1113.484442][T16860] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1114.160494][T17020] tipc: Failed to obtain node identity [ 1114.198739][T17020] tipc: Enabling of bearer rejected, failed to enable media [ 1114.292094][T17020] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1114.736064][T16860] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1114.832567][T16860] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1114.887462][T16860] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1114.921162][T16860] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1115.616217][T16860] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1115.760718][T16860] 8021q: adding VLAN 0 to HW filter on device team0 [ 1115.856001][ T6713] bridge0: port 1(bridge_slave_0) entered blocking state [ 1115.863375][ T6713] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1115.944625][ T5179] bridge0: port 2(bridge_slave_1) entered blocking state [ 1115.951970][ T5179] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1117.305040][T16860] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1118.060120][T16860] veth0_vlan: entered promiscuous mode [ 1118.131352][T17061] tipc: Failed to obtain node identity [ 1118.171364][T17061] tipc: Enabling of bearer rejected, failed to enable media [ 1118.244780][T16860] veth1_vlan: entered promiscuous mode [ 1118.296291][T17061] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1118.484229][T16860] veth0_macvtap: entered promiscuous mode [ 1118.519640][T16860] veth1_macvtap: entered promiscuous mode [ 1118.592656][T16860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1118.625257][T16860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1118.663272][T16860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1118.691260][T16860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1118.731174][T16860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1118.776071][T16860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1118.811221][T16860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1118.841927][T16860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1118.882407][T16860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1118.918454][T16860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1118.941418][T16860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1118.981161][T16860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1118.992319][ C1] TCP: request_sock_TCP: Possible SYN flooding on port [::]:2. Sending cookies. [ 1119.001671][T16860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1119.048494][T16860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1119.081085][T16860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1119.101017][T16860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1119.166553][T16860] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1119.238426][T16860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1119.261555][T16860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1119.298511][T16860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1119.322715][T16860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1119.342622][T16860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1119.370412][T16860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1119.393503][T16860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1119.420776][T16860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1119.445491][T16860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1119.473047][T16860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1119.495495][T16860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1119.521187][T16860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1119.541054][T16860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1119.564395][T16860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1119.609348][T16860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1119.629539][T16860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1119.685263][T16860] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1119.771781][T16860] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1119.807833][T16860] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1119.827188][T16860] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1119.849965][T16860] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1120.299810][T15003] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1120.330044][T15003] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1120.501014][T12563] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1120.510771][T12563] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1121.478551][T17106] tipc: Failed to obtain node identity [ 1121.518781][T17106] tipc: Enabling of bearer rejected, failed to enable media [ 1121.582070][T17106] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1123.041360][ T9] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 1123.252122][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 1123.286606][ T9] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 1123.305279][ T9] usb 5-1: config 179 has no interface number 0 [ 1123.333122][ T9] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 1123.381136][ T9] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 1123.411170][ T9] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 1123.446375][ T9] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 1123.498884][ T9] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 1123.541223][ T9] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 1123.575118][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1123.623761][T17122] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1124.014379][ T6724] input: Generic X-Box pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:179.65/input/input15 [ 1124.147212][T17122] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1124.221550][T17122] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1124.503894][T14667] usb 5-1: USB disconnect, device number 16 [ 1124.503893][ C0] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 1124.518773][T14667] xpad 5-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 1124.676084][T17148] tipc: Failed to obtain node identity [ 1124.694823][T17148] tipc: Enabling of bearer rejected, failed to enable media [ 1124.745479][T17148] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1126.020230][ T1244] ieee802154 phy0 wpan0: encryption failed: -22 [ 1126.028796][ T1244] ieee802154 phy1 wpan1: encryption failed: -22 [ 1126.834006][T17200] tipc: Failed to obtain node identity [ 1126.839566][T17200] tipc: Enabling of bearer rejected, failed to enable media [ 1126.901656][T17200] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1128.220772][T17230] fuse: Bad value for 'fd' [ 1129.820843][T17261] tipc: Failed to obtain node identity [ 1129.861313][T17261] tipc: Enabling of bearer rejected, failed to enable media [ 1129.899786][T17261] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1131.186879][T17279] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 1131.206482][T17279] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 1131.222388][T17279] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 1131.250068][T17279] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 1131.281893][T17279] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 1131.308452][T17279] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 1131.354194][T17279] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 1133.287398][T17305] tipc: Failed to obtain node identity [ 1133.323191][T17305] tipc: Enabling of bearer rejected, failed to enable media [ 1133.366924][T17305] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1136.733349][ T5124] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 1136.754284][ T5124] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 1136.783565][ T5124] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 1136.826860][ T5124] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 1136.851767][ T5124] Bluetooth: hci10: unexpected cc 0x0c25 length: 249 > 3 [ 1136.871720][ T5124] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 1137.484436][T17332] fuse: Bad value for 'fd' [ 1138.781118][ T5174] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 1138.991253][ T5174] usb 4-1: device descriptor read/64, error -71 [ 1139.032704][ T5124] Bluetooth: hci10: command tx timeout [ 1139.281509][ T5174] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 1139.471164][ T5174] usb 4-1: device descriptor read/64, error -71 [ 1139.479716][T17330] lo speed is unknown, defaulting to 1000 [ 1139.595440][ T5174] usb usb4-port1: attempt power cycle [ 1140.039562][T17349] tipc: Failed to obtain node identity [ 1140.041157][ T5174] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 1140.067263][T17349] tipc: Enabling of bearer rejected, failed to enable media [ 1140.122285][ T5174] usb 4-1: device descriptor read/8, error -71 [ 1140.130328][T17349] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1140.391212][ T5174] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 1140.442131][ T5174] usb 4-1: device descriptor read/8, error -71 [ 1140.571978][ T5174] usb usb4-port1: unable to enumerate USB device [ 1141.112280][ T5124] Bluetooth: hci10: command tx timeout [ 1141.337238][T17330] chnl_net:caif_netlink_parms(): no params data found [ 1141.405153][T17357] syz-executor.1[17357] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1141.405437][T17357] syz-executor.1[17357] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1142.320819][T17330] bridge0: port 1(bridge_slave_0) entered blocking state [ 1142.371551][T17330] bridge0: port 1(bridge_slave_0) entered disabled state [ 1142.383074][T17330] bridge_slave_0: entered allmulticast mode [ 1142.397968][T17330] bridge_slave_0: entered promiscuous mode [ 1142.423370][T17330] bridge0: port 2(bridge_slave_1) entered blocking state [ 1142.430935][T17330] bridge0: port 2(bridge_slave_1) entered disabled state [ 1142.438543][T17330] bridge_slave_1: entered allmulticast mode [ 1142.448388][T17330] bridge_slave_1: entered promiscuous mode [ 1142.639907][T17330] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1142.696266][T17330] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1142.943574][T17330] team0: Port device team_slave_0 added [ 1142.976626][T17330] team0: Port device team_slave_1 added [ 1143.169965][T17330] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1143.190642][T17330] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1143.201158][ T5124] Bluetooth: hci10: command tx timeout [ 1143.246346][T17330] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1143.263421][T17330] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1143.270419][T17330] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1143.299942][T17330] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1143.454659][T17330] hsr_slave_0: entered promiscuous mode [ 1143.470097][T17330] hsr_slave_1: entered promiscuous mode [ 1143.521139][T17330] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1143.528778][T17330] Cannot create hsr debugfs directory [ 1144.376596][T17330] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1144.834462][T17330] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1145.270529][T17330] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1145.271160][ T5124] Bluetooth: hci10: command tx timeout [ 1145.576427][T17330] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1145.631561][T17392] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1146.046448][T17330] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1146.079694][T17330] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1146.182224][T17330] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1146.245823][T17330] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1146.254238][T17405] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1146.906892][T17330] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1147.027066][T17330] 8021q: adding VLAN 0 to HW filter on device team0 [ 1147.054643][T17422] veth1_macvtap: entered allmulticast mode [ 1147.177585][ T5197] bridge0: port 1(bridge_slave_0) entered blocking state [ 1147.184956][ T5197] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1147.254616][ T5197] bridge0: port 2(bridge_slave_1) entered blocking state [ 1147.261951][ T5197] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1148.186697][T17441] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1148.300831][T17330] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1148.543902][T17330] veth0_vlan: entered promiscuous mode [ 1148.588268][T17330] veth1_vlan: entered promiscuous mode [ 1148.765037][T17330] veth0_macvtap: entered promiscuous mode [ 1148.817070][T17330] veth1_macvtap: entered promiscuous mode [ 1148.909621][T17330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1148.941062][T17330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1148.971251][T17330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1148.993556][T17330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1149.021064][T17330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1149.051285][T17330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1149.107054][T17330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1149.131299][T17330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1149.154863][T17330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1149.192176][T17330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1149.211712][T17330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1149.237496][T17330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1149.278648][T17330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1149.320627][T17330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1149.341385][T17330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1149.363359][T17330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1149.400882][T17330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1149.421383][T17330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1149.452295][T17330] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1149.528505][T17330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1149.570283][T17330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1149.607610][T17330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1149.639027][T17330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1149.661164][T17330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1149.692493][T17330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1149.714646][T17330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1149.739920][T17330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1149.773693][T17330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1149.816746][T17330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1149.846568][T17330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1149.886176][T17330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1149.904994][T17330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1149.933459][T17330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1149.981943][T17330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1150.030851][T17330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1150.063570][T17330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1150.101709][T17330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1150.124004][T17330] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1150.233947][T17330] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1150.262860][T17330] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1150.276783][T17330] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1150.338759][T17330] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1150.815548][ T5349] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1150.843288][ T5349] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1151.040289][ T7745] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1151.067545][ T6724] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 1151.076385][ T7745] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1151.283760][ T6724] usb 5-1: Using ep0 maxpacket: 16 [ 1151.312447][ T6724] usb 5-1: config 1 interface 0 altsetting 250 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1151.351279][ T6724] usb 5-1: config 1 interface 0 altsetting 250 bulk endpoint 0x1 has invalid maxpacket 0 [ 1151.381323][ T6724] usb 5-1: config 1 interface 0 altsetting 250 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1151.425155][ T6724] usb 5-1: config 1 interface 0 has no altsetting 0 [ 1151.451290][ T6724] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 1151.472273][ T6724] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1151.480431][ T6724] usb 5-1: Product: syz [ 1151.508059][ T6724] usb 5-1: Manufacturer: syz [ 1151.524631][ T6724] usb 5-1: SerialNumber: syz [ 1151.720039][T17486] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1156.454830][ T6724] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 17 if 0 alt 250 proto 1 vid 0x0525 pid 0xA4A8 [ 1156.479867][ T6724] usb 5-1: USB disconnect, device number 17 [ 1156.494480][ T6724] usblp0: removed [ 1163.336502][T17565] pim6reg1: entered promiscuous mode [ 1163.351579][T17565] pim6reg1: entered allmulticast mode [ 1167.182736][T17604] macvlan2: entered allmulticast mode [ 1167.970431][T17607] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 1168.212913][T17607] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 1170.893147][ T29] audit: type=1326 audit(1719051167.549:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17638 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6afd47d0a9 code=0x7ffc0000 [ 1171.616639][ T29] audit: type=1326 audit(1719051167.549:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17638 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6afd47d0a9 code=0x7ffc0000 [ 1171.850214][ T29] audit: type=1326 audit(1719051167.549:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17638 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f6afd47d0a9 code=0x7ffc0000 [ 1171.980668][ T29] audit: type=1326 audit(1719051167.549:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17638 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6afd47d0a9 code=0x7ffc0000 [ 1172.031172][ T29] audit: type=1326 audit(1719051167.549:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17638 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6afd47d0a9 code=0x7ffc0000 [ 1172.091180][ T6724] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 1172.161145][ T29] audit: type=1326 audit(1719051167.549:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17638 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f6afd47d0a9 code=0x7ffc0000 [ 1172.225597][ T29] audit: type=1326 audit(1719051167.549:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17638 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6afd47d0a9 code=0x7ffc0000 [ 1172.286617][ T29] audit: type=1326 audit(1719051167.549:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17638 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=285 compat=0 ip=0x7f6afd47d0a9 code=0x7ffc0000 [ 1172.353921][ T6724] usb 4-1: too many configurations: 9, using maximum allowed: 8 [ 1172.366708][ T6724] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1172.381493][ T29] audit: type=1326 audit(1719051167.549:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17638 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=96 compat=0 ip=0xffffffffff600000 code=0x7ffc0000 [ 1172.429180][ T6724] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1172.454149][ T6724] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1172.471359][ T29] audit: type=1326 audit(1719051167.549:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17638 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6afd47d0a9 code=0x7ffc0000 [ 1172.505325][ T6724] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1172.531142][ T6724] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1172.571093][ T6724] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1172.593055][ T6724] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1172.611154][ T6724] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1172.671021][ T6724] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1172.690005][ T6724] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1172.720593][ T6724] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1172.769226][ T6724] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1172.788430][ T6724] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1172.832702][ T6724] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1172.871061][ T6724] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1172.892862][ T6724] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1172.914242][T13370] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 1172.934956][T13370] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 1172.956596][T13370] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 1173.030173][T13370] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 1173.044500][T13370] Bluetooth: hci11: unexpected cc 0x0c25 length: 249 > 3 [ 1173.052789][T13370] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 1173.601157][ T6724] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1173.612299][ T6724] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1173.622336][ T6724] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1173.655763][ T6724] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1173.745480][ T6724] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1173.761261][ T6724] usb 4-1: unable to read config index 7 descriptor/start: -71 [ 1173.789257][ T6724] usb 4-1: can't read configurations, error -71 [ 1174.374116][T17666] netlink: 67 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1174.389867][T17666] IPv6: NLM_F_CREATE should be specified when creating new route [ 1174.407249][T17666] IPv6: Can't replace route, no match found [ 1175.194219][T13370] Bluetooth: hci11: command tx timeout [ 1176.024838][T17655] lo speed is unknown, defaulting to 1000 [ 1177.291128][T13370] Bluetooth: hci11: command tx timeout [ 1179.361362][T13370] Bluetooth: hci11: command tx timeout [ 1179.612986][T17714] macvlan2: entered allmulticast mode [ 1179.953117][T17706] block nbd2: shutting down sockets [ 1181.437571][T13370] Bluetooth: hci11: command tx timeout [ 1182.104561][ T29] kauditd_printk_skb: 8 callbacks suppressed [ 1182.104588][ T29] audit: type=1326 audit(1719051178.759:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17733 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f195b87d0a9 code=0x0 [ 1182.173057][T17655] chnl_net:caif_netlink_parms(): no params data found [ 1184.337893][T17655] bridge0: port 1(bridge_slave_0) entered blocking state [ 1184.382430][T17655] bridge0: port 1(bridge_slave_0) entered disabled state [ 1184.434486][T17655] bridge_slave_0: entered allmulticast mode [ 1184.473469][T17655] bridge_slave_0: entered promiscuous mode [ 1184.544744][T17655] bridge0: port 2(bridge_slave_1) entered blocking state [ 1184.578628][T17655] bridge0: port 2(bridge_slave_1) entered disabled state [ 1184.629102][T17655] bridge_slave_1: entered allmulticast mode [ 1184.650789][T17655] bridge_slave_1: entered promiscuous mode [ 1184.841607][T17769] EXT4-fs (sda1): re-mounted 5941fea2-f5fa-4b4e-b5ef-9af118b27b95 r/w. Quota mode: none. [ 1184.878767][T17655] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1184.936130][T17655] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1185.215384][T17655] team0: Port device team_slave_0 added [ 1185.267509][T17655] team0: Port device team_slave_1 added [ 1185.595463][T17655] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1185.740815][T17655] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1185.882552][T17655] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1185.929353][T17655] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1185.943301][T17655] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1186.002512][T17655] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1186.290056][T17655] hsr_slave_0: entered promiscuous mode [ 1186.342924][T17655] hsr_slave_1: entered promiscuous mode [ 1186.373494][T17655] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1186.411562][T17655] Cannot create hsr debugfs directory [ 1187.452054][ T1244] ieee802154 phy0 wpan0: encryption failed: -22 [ 1187.458468][ T1244] ieee802154 phy1 wpan1: encryption failed: -22 [ 1187.551049][ T29] audit: type=1800 audit(1719051184.189:226): pid=17797 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=1987 res=0 errno=0 [ 1187.623474][T17655] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1188.047063][T17655] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1188.890783][T17655] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1189.334399][T17655] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1189.521132][ T5124] Bluetooth: hci8: command 0x0406 tx timeout [ 1190.808647][T17655] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1190.872910][T17655] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1190.919633][T17655] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1190.990359][T17655] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1191.368955][T17826] smb3: Unknown parameter 'source00000000000000000016404' [ 1191.695709][T17655] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1191.830713][T17655] 8021q: adding VLAN 0 to HW filter on device team0 [ 1191.888584][ T6724] bridge0: port 1(bridge_slave_0) entered blocking state [ 1191.896033][ T6724] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1191.974330][ T6724] bridge0: port 2(bridge_slave_1) entered blocking state [ 1191.981766][ T6724] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1194.537705][T17655] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1195.025494][T17655] veth0_vlan: entered promiscuous mode [ 1195.107984][T17655] veth1_vlan: entered promiscuous mode [ 1195.415809][T17655] veth0_macvtap: entered promiscuous mode [ 1195.532651][T17655] veth1_macvtap: entered promiscuous mode [ 1195.635399][T17655] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1195.646513][T17655] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1195.664758][T17655] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1195.676269][T17655] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1195.701026][T17655] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1195.726181][T17655] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1195.747762][T17655] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1195.777381][T17655] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1195.807791][T17655] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1195.830317][T17655] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1195.853408][T17655] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1195.907886][T17655] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1195.921138][ T5179] usb 4-1: new full-speed USB device number 26 using dummy_hcd [ 1195.949057][T17655] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1195.991118][T17655] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1196.011544][T17655] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1196.038233][T17655] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1196.071701][T17655] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1196.085002][T17655] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1196.101230][T17655] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1196.112588][T17655] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1196.125868][ T5179] usb 4-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 1196.140854][ T5179] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1196.174588][T17655] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1196.200495][ T5179] usb 4-1: config 0 descriptor?? [ 1196.222485][T17893] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1196.245212][T17655] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1196.285676][T17655] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1196.301540][T17655] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1196.323897][T17655] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1196.334102][T17655] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1196.356936][T17655] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1196.388803][T17655] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1196.447881][T17655] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1196.467972][T17655] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1196.491086][T17655] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1196.520255][T17655] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1196.546859][T17655] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1196.571116][T17655] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1196.601075][T17655] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1196.610938][T17655] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1196.655723][T17655] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1196.671091][T17655] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1196.695989][T17655] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1196.716266][T17655] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1196.741544][T17655] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1196.774179][T17655] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1196.901379][T17655] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1196.910591][T17655] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1196.942850][T17655] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1196.961189][T17655] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1198.427993][ T5179] pegasus 4-1:0.0: can't reset MAC [ 1198.434804][ T29] audit: type=1800 audit(1719051194.329:227): pid=17909 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=1986 res=0 errno=0 [ 1198.487146][ T5179] pegasus 4-1:0.0: probe with driver pegasus failed with error -5 [ 1198.616277][ T5179] usb 4-1: USB disconnect, device number 26 [ 1198.733766][T17541] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1198.761356][T17541] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1198.874153][T17541] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1198.893071][T17541] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1199.467746][T17916] vhci_hcd: invalid port number 129 [ 1199.473175][T17916] vhci_hcd: default hub control req: 0200 v0000 i0081 l0 [ 1204.185708][ T5124] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 1204.199972][ T5124] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 1204.209244][ T5124] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 1204.219934][ T5124] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 1204.230932][ T29] audit: type=1800 audit(1719051200.889:228): pid=17955 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1985 res=0 errno=0 [ 1204.252253][ T5175] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 1204.268624][ T5124] Bluetooth: hci12: unexpected cc 0x0c25 length: 249 > 3 [ 1204.282120][ T5124] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 1204.431434][T17958] vhci_hcd: invalid port number 129 [ 1204.436782][T17958] vhci_hcd: default hub control req: 0200 v0000 i0081 l0 [ 1205.311063][ T5175] usb 4-1: Using ep0 maxpacket: 8 [ 1205.332808][ T5175] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1205.361456][ T5175] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1205.401202][ T5175] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 50041, setting to 1024 [ 1205.422939][ T5175] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 1205.463468][ T5175] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1205.491296][ T5175] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1205.500376][ T5175] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1206.392681][ T5124] Bluetooth: hci12: command tx timeout [ 1206.423775][ T5175] usb 4-1: GET_CAPABILITIES returned 0 [ 1206.429369][ T5175] usbtmc 4-1:16.0: can't read capabilities [ 1206.578698][T17952] lo speed is unknown, defaulting to 1000 [ 1206.902658][T17911] warn_alloc: 1 callbacks suppressed [ 1206.902686][T17911] syz-executor.5: vmalloc error: size 2101248, failed to allocated page array size 4104, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz5,mems_allowed=0-1 [ 1206.987139][T17911] CPU: 1 PID: 17911 Comm: syz-executor.5 Not tainted 6.10.0-rc4-syzkaller-00179-g4545981f33be #0 [ 1206.997721][T17911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1207.007784][T17911] Call Trace: [ 1207.011068][T17911] [ 1207.014004][T17911] dump_stack_lvl+0x16c/0x1f0 [ 1207.018707][T17911] warn_alloc+0x24d/0x3a0 [ 1207.023082][T17911] ? __pfx_warn_alloc+0x10/0x10 [ 1207.027990][T17911] ? hash_netiface_create+0x3ea/0x1250 [ 1207.033506][T17911] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1207.039166][T17911] ? __get_vm_area_node+0x190/0x2d0 [ 1207.044392][T17911] ? __get_vm_area_node+0x1bc/0x2d0 [ 1207.049626][T17911] __vmalloc_node_range_noprof+0xff7/0x1520 [ 1207.055572][T17911] ? hash_netiface_create+0x3ea/0x1250 [ 1207.061077][T17911] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1207.067445][T17911] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1207.073093][T17911] ? __get_vm_area_node+0x190/0x2d0 [ 1207.078348][T17911] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1207.083999][T17911] ? __get_vm_area_node+0x1bc/0x2d0 [ 1207.089232][T17911] __vmalloc_node_range_noprof+0xc8d/0x1520 [ 1207.095168][T17911] ? hash_netiface_create+0x3ea/0x1250 [ 1207.100702][T17911] ? hash_netiface_create+0x3ea/0x1250 [ 1207.106206][T17911] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1207.112574][T17911] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1207.118224][T17911] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1207.123885][T17911] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1207.129561][T17911] ? trace_kmalloc+0x2d/0xe0 [ 1207.134183][T17911] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1207.139829][T17911] ? __kmalloc_node_noprof.cold+0x5a/0x5f [ 1207.145597][T17911] ? hash_netiface_create+0x3ea/0x1250 [ 1207.151098][T17911] kvmalloc_node_noprof+0x14f/0x1a0 [ 1207.156333][T17911] ? hash_netiface_create+0x3ea/0x1250 [ 1207.161828][T17911] hash_netiface_create+0x3ea/0x1250 [ 1207.167153][T17911] ? __nla_validate_parse+0x285b/0x2880 [ 1207.172721][T17911] ? __pfx_hash_netiface_create+0x10/0x10 [ 1207.178476][T17911] ip_set_create+0x7ce/0x14d0 [ 1207.183287][T17911] ? __pfx_ip_set_create+0x10/0x10 [ 1207.188467][T17911] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1207.194123][T17911] nfnetlink_rcv_msg+0x9c6/0x11e0 [ 1207.199194][T17911] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 1207.204694][T17911] ? kasan_quarantine_put+0x10a/0x240 [ 1207.210218][T17911] ? __dev_queue_xmit+0x85d/0x4130 [ 1207.215368][T17911] ? __local_bh_enable_ip+0xa4/0x120 [ 1207.220682][T17911] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1207.226342][T17911] ? lockdep_hardirqs_on+0x7c/0x110 [ 1207.231598][T17911] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1207.237270][T17911] ? __local_bh_enable_ip+0xa4/0x120 [ 1207.242595][T17911] netlink_rcv_skb+0x16e/0x440 [ 1207.247382][T17911] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 1207.252881][T17911] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1207.258205][T17911] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1207.263863][T17911] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1207.269514][T17911] ? security_capable+0x98/0xd0 [ 1207.274406][T17911] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1207.280082][T17911] ? ns_capable+0xd7/0x110 [ 1207.284536][T17911] nfnetlink_rcv+0x1b4/0x430 [ 1207.289168][T17911] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 1207.294311][T17911] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1207.299961][T17911] ? netlink_deliver_tap+0x1ae/0xd90 [ 1207.305276][T17911] netlink_unicast+0x545/0x820 [ 1207.310088][T17911] ? __pfx_netlink_unicast+0x10/0x10 [ 1207.315393][T17911] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1207.321047][T17911] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1207.326704][T17911] ? __phys_addr_symbol+0x30/0x80 [ 1207.331770][T17911] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1207.337442][T17911] ? __check_object_size+0x48e/0x720 [ 1207.342752][T17911] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1207.348407][T17911] netlink_sendmsg+0x8b8/0xd70 [ 1207.353202][T17911] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1207.358503][T17911] ? __import_iovec+0x1fd/0x6e0 [ 1207.363395][T17911] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1207.369050][T17911] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1207.374703][T17911] ____sys_sendmsg+0xab8/0xc90 [ 1207.379528][T17911] ? copy_msghdr_from_user+0x10b/0x160 [ 1207.385007][T17911] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1207.390329][T17911] ? __pfx___lock_acquire+0x10/0x10 [ 1207.395544][T17911] ? __lock_acquire+0x14f4/0x3b30 [ 1207.400594][T17911] ___sys_sendmsg+0x135/0x1e0 [ 1207.405321][T17911] ? __pfx____sys_sendmsg+0x10/0x10 [ 1207.410588][T17911] ? find_held_lock+0x2d/0x110 [ 1207.415402][T17911] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1207.421073][T17911] ? __fget_light+0x173/0x210 [ 1207.425786][T17911] __sys_sendmsg+0x117/0x1f0 [ 1207.430408][T17911] ? __pfx___sys_sendmsg+0x10/0x10 [ 1207.435585][T17911] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1207.441264][T17911] do_syscall_64+0xcd/0x250 [ 1207.445855][T17911] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1207.451785][T17911] RIP: 0033:0x7f993067d0a9 [ 1207.456241][T17911] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1207.475871][T17911] RSP: 002b:00007f99314960c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1207.484306][T17911] RAX: ffffffffffffffda RBX: 00007f99307b3f80 RCX: 00007f993067d0a9 [ 1207.492294][T17911] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1207.500277][T17911] RBP: 00007f99306ec074 R08: 0000000000000000 R09: 0000000000000000 [ 1207.508259][T17911] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1207.516243][T17911] R13: 000000000000000b R14: 00007f99307b3f80 R15: 00007ffeadd745b8 [ 1207.524248][T17911] [ 1207.765505][T17911] Mem-Info: [ 1207.783558][T17911] active_anon:39601 inactive_anon:0 isolated_anon:0 [ 1207.783558][T17911] active_file:0 inactive_file:47171 isolated_file:0 [ 1207.783558][T17911] unevictable:768 dirty:28 writeback:0 [ 1207.783558][T17911] slab_reclaimable:11711 slab_unreclaimable:127572 [ 1207.783558][T17911] mapped:35419 shmem:14079 pagetables:989 [ 1207.783558][T17911] sec_pagetables:0 bounce:0 [ 1207.783558][T17911] kernel_misc_reclaimable:0 [ 1207.783558][T17911] free:1231864 free_pcp:1320 free_cma:0 [ 1207.891319][T17911] Node 0 active_anon:158516kB inactive_anon:0kB active_file:0kB inactive_file:188612kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:141676kB dirty:108kB writeback:0kB shmem:54780kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:2048kB writeback_tmp:0kB kernel_stack:12344kB pagetables:3960kB sec_pagetables:0kB all_unreclaimable? no [ 1208.260766][T17911] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 1208.364204][T17911] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1208.468018][T17911] lowmem_reserve[]: 0 2565 2567 0 0 [ 1208.474763][T13370] Bluetooth: hci12: command tx timeout [ 1208.508708][T17911] Node 0 DMA32 free:963928kB boost:0kB min:35052kB low:43812kB high:52572kB reserved_highatomic:0KB active_anon:157168kB inactive_anon:0kB active_file:0kB inactive_file:186796kB unevictable:1536kB writepending:104kB present:3129332kB managed:2654756kB mlocked:0kB bounce:0kB free_pcp:5236kB local_pcp:1732kB free_cma:0kB [ 1208.541852][T17911] lowmem_reserve[]: 0 0 1 0 0 [ 1208.599572][T17911] Node 0 Normal free:24kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1816kB unevictable:0kB writepending:4kB present:1048576kB managed:1896kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 1208.631958][T17911] lowmem_reserve[]: 0 0 0 0 0 [ 1208.685277][T17911] Node 1 Normal free:3948348kB boost:0kB min:54828kB low:68532kB high:82236kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB writepending:4kB present:4194304kB managed:4109120kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1208.738174][ T5178] usb 4-1: USB disconnect, device number 27 [ 1208.795405][T17911] lowmem_reserve[]: 0 0 0 0 0 [ 1208.800256][T17911] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1208.851083][T17911] Node 0 DMA32: 71*4kB (E) 696*8kB (UME) 99*16kB (M) 139*32kB (UME) 160*64kB (ME) 58*128kB (ME) 29*256kB (ME) 9*512kB (UME) 7*1024kB (UME) 7*2048kB (UME) 220*4096kB (M) = 964204kB [ 1208.887858][T17911] Node 0 Normal: 0*4kB 1*8kB (M) 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 24kB [ 1208.922909][T17911] Node 1 Normal: 1*4kB (U) 11*8kB (UM) 14*16kB (UM) 10*32kB (UM) 7*64kB (U) 6*128kB (U) 6*256kB (UM) 7*512kB (UM) 1*1024kB (U) 2*2048kB (U) 961*4096kB (M) = 3948348kB [ 1209.010248][T17911] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1209.029855][T17911] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1209.039315][T17911] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1209.053872][T17911] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1209.063486][T17911] 61239 total pagecache pages [ 1209.076261][T17911] 0 pages in swap cache [ 1209.083427][T17911] Free swap = 124472kB [ 1209.087620][T17911] Total swap = 124996kB [ 1209.101080][T17911] 2097051 pages RAM [ 1209.104926][T17911] 0 pages HighMem/MovableOnly [ 1209.109614][T17911] 401768 pages reserved [ 1209.121116][T17911] 0 pages cma reserved [ 1209.385860][T17952] chnl_net:caif_netlink_parms(): no params data found [ 1209.641098][ T6724] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 1209.892433][ T6724] usb 4-1: Using ep0 maxpacket: 32 [ 1209.913985][ T6724] usb 4-1: config index 0 descriptor too short (expected 156, got 27) [ 1209.961908][ T6724] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 1210.003487][T17976] Bluetooth: hci1: command 0x0406 tx timeout [ 1210.036604][ T6724] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 1210.045837][ T6724] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 1210.057516][ T6724] usb 4-1: Product: syz [ 1210.061815][ T6724] usb 4-1: Manufacturer: syz [ 1210.066441][ T6724] usb 4-1: SerialNumber: syz [ 1210.075194][ T6724] usb 4-1: config 0 descriptor?? [ 1210.086338][ T6724] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 1210.107567][T17952] bridge0: port 1(bridge_slave_0) entered blocking state [ 1210.117413][ T6724] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 1210.155645][T17952] bridge0: port 1(bridge_slave_0) entered disabled state [ 1210.204759][T17952] bridge_slave_0: entered allmulticast mode [ 1210.244168][T17952] bridge_slave_0: entered promiscuous mode [ 1210.321435][T17952] bridge0: port 2(bridge_slave_1) entered blocking state [ 1210.328802][T17952] bridge0: port 2(bridge_slave_1) entered disabled state [ 1210.373393][T17952] bridge_slave_1: entered allmulticast mode [ 1210.408125][T17952] bridge_slave_1: entered promiscuous mode [ 1210.413405][ T6713] usb 4-1: USB disconnect, device number 28 [ 1210.439218][ T6713] ldusb 4-1:0.0: LD USB Device #0 now disconnected [ 1210.551403][ T5124] Bluetooth: hci12: command tx timeout [ 1210.726688][T17952] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1210.793284][T17952] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1211.241283][T17952] team0: Port device team_slave_0 added [ 1211.476798][T17952] team0: Port device team_slave_1 added [ 1212.341348][T17952] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1212.361236][T17952] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1212.711822][ T5124] Bluetooth: hci12: command tx timeout [ 1212.815414][T18012] vhci_hcd: invalid port number 129 [ 1212.820659][T18012] vhci_hcd: default hub control req: 0200 v0000 i0081 l0 [ 1214.211211][T17952] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1214.442640][T17952] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1214.449640][T17952] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1214.631143][T17952] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1215.159930][T17952] hsr_slave_0: entered promiscuous mode [ 1215.204548][T17952] hsr_slave_1: entered promiscuous mode [ 1215.493075][T17952] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1215.656103][T17952] Cannot create hsr debugfs directory [ 1216.321182][ T6724] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 1216.521128][ T6724] usb 4-1: Using ep0 maxpacket: 8 [ 1216.561332][ T6724] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 1216.569678][ T6724] usb 4-1: config 179 has no interface number 0 [ 1216.621289][ T6724] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 1216.681063][ T6724] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 1216.714863][ T6724] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 1216.754598][ T6724] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 1216.801114][ T6724] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 1216.810238][ T6724] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1216.881934][T18024] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1217.154917][ T6724] input: Generic X-Box pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input16 [ 1217.350856][ T6713] usb 4-1: USB disconnect, device number 29 [ 1217.350859][ C0] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 1217.366065][ C0] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 1217.424587][ T6713] xpad 4-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 1217.706261][T17952] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1218.117227][T17952] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1218.329355][T17911] warn_alloc: 1 callbacks suppressed [ 1218.329384][T17911] syz-executor.5: vmalloc error: size 2101248, failed to allocated page array size 4104, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz5,mems_allowed=0-1 [ 1218.465161][T17952] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1218.475963][T17911] CPU: 0 PID: 17911 Comm: syz-executor.5 Not tainted 6.10.0-rc4-syzkaller-00179-g4545981f33be #0 [ 1218.486708][T17911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1218.496812][T17911] Call Trace: [ 1218.500115][T17911] [ 1218.503078][T17911] dump_stack_lvl+0x16c/0x1f0 [ 1218.507804][T17911] warn_alloc+0x24d/0x3a0 [ 1218.512204][T17911] ? __pfx_warn_alloc+0x10/0x10 [ 1218.517114][T17911] ? hash_netiface_create+0x3ea/0x1250 [ 1218.522665][T17911] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1218.528510][T17911] ? __get_vm_area_node+0x190/0x2d0 [ 1218.533763][T17911] ? __get_vm_area_node+0x1bc/0x2d0 [ 1218.539032][T17911] __vmalloc_node_range_noprof+0xff7/0x1520 [ 1218.545016][T17911] ? hash_netiface_create+0x3ea/0x1250 [ 1218.550557][T17911] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1218.556969][T17911] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1218.562699][T17911] ? __get_vm_area_node+0x190/0x2d0 [ 1218.567955][T17911] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1218.573633][T17911] ? __get_vm_area_node+0x1bc/0x2d0 [ 1218.578895][T17911] __vmalloc_node_range_noprof+0xc8d/0x1520 [ 1218.584858][T17911] ? hash_netiface_create+0x3ea/0x1250 [ 1218.590438][T17911] ? hash_netiface_create+0x3ea/0x1250 [ 1218.595995][T17911] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1218.602399][T17911] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1218.608102][T17911] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1218.613782][T17911] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1218.619453][T17911] ? trace_kmalloc+0x2d/0xe0 [ 1218.624096][T17911] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1218.629765][T17911] ? __kmalloc_node_noprof.cold+0x5a/0x5f [ 1218.635537][T17911] ? hash_netiface_create+0x3ea/0x1250 [ 1218.641066][T17911] kvmalloc_node_noprof+0x14f/0x1a0 [ 1218.646334][T17911] ? hash_netiface_create+0x3ea/0x1250 [ 1218.651891][T17911] hash_netiface_create+0x3ea/0x1250 [ 1218.657247][T17911] ? __nla_validate_parse+0x285b/0x2880 [ 1218.662846][T17911] ? __pfx_hash_netiface_create+0x10/0x10 [ 1218.668670][T17911] ip_set_create+0x7ce/0x14d0 [ 1218.673425][T17911] ? __pfx_ip_set_create+0x10/0x10 [ 1218.678677][T17911] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1218.684363][T17911] nfnetlink_rcv_msg+0x9c6/0x11e0 [ 1218.689469][T17911] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 1218.695001][T17911] ? kasan_quarantine_put+0x10a/0x240 [ 1218.700473][T17911] ? __dev_queue_xmit+0x85d/0x4130 [ 1218.705652][T17911] ? __local_bh_enable_ip+0xa4/0x120 [ 1218.710994][T17911] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1218.716667][T17911] ? lockdep_hardirqs_on+0x7c/0x110 [ 1218.721910][T17911] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1218.727575][T17911] ? __local_bh_enable_ip+0xa4/0x120 [ 1218.732928][T17911] netlink_rcv_skb+0x16e/0x440 [ 1218.737741][T17911] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 1218.743268][T17911] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1218.748623][T17911] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1218.754299][T17911] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1218.759982][T17911] ? security_capable+0x98/0xd0 [ 1218.764910][T17911] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1218.770584][T17911] ? ns_capable+0xd7/0x110 [ 1218.775069][T17911] nfnetlink_rcv+0x1b4/0x430 [ 1218.779810][T17911] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 1218.784983][T17911] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1218.790745][T17911] ? netlink_deliver_tap+0x1ae/0xd90 [ 1218.796105][T17911] netlink_unicast+0x545/0x820 [ 1218.800943][T17911] ? __pfx_netlink_unicast+0x10/0x10 [ 1218.806290][T17911] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1218.811973][T17911] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1218.817645][T17911] ? __phys_addr_symbol+0x30/0x80 [ 1218.822701][T17911] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1218.828369][T17911] ? __check_object_size+0x48e/0x720 [ 1218.833698][T17911] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1218.839375][T17911] netlink_sendmsg+0x8b8/0xd70 [ 1218.844206][T17911] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1218.849539][T17911] ? __import_iovec+0x1fd/0x6e0 [ 1218.854464][T17911] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1218.860135][T17911] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1218.865815][T17911] ____sys_sendmsg+0xab8/0xc90 [ 1218.870642][T17911] ? copy_msghdr_from_user+0x10b/0x160 [ 1218.876146][T17911] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1218.881502][T17911] ? __pfx___lock_acquire+0x10/0x10 [ 1218.886743][T17911] ? __lock_acquire+0x14f4/0x3b30 [ 1218.891816][T17911] ___sys_sendmsg+0x135/0x1e0 [ 1218.896540][T17911] ? __pfx____sys_sendmsg+0x10/0x10 [ 1218.901809][T17911] ? find_held_lock+0x2d/0x110 [ 1218.906673][T17911] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1218.912350][T17911] ? __fget_light+0x173/0x210 [ 1218.917097][T17911] __sys_sendmsg+0x117/0x1f0 [ 1218.921737][T17911] ? __pfx___sys_sendmsg+0x10/0x10 [ 1218.926917][T17911] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1218.932608][T17911] do_syscall_64+0xcd/0x250 [ 1218.937170][T17911] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1218.943127][T17911] RIP: 0033:0x7f993067d0a9 [ 1218.947574][T17911] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1218.967235][T17911] RSP: 002b:00007f99314960c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1218.975876][T17911] RAX: ffffffffffffffda RBX: 00007f99307b3f80 RCX: 00007f993067d0a9 [ 1218.983926][T17911] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1218.991930][T17911] RBP: 00007f99306ec074 R08: 0000000000000000 R09: 0000000000000000 [ 1218.999930][T17911] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1219.007941][T17911] R13: 000000000000000b R14: 00007f99307b3f80 R15: 00007ffeadd745b8 [ 1219.015982][T17911] [ 1219.060155][T17911] Mem-Info: [ 1219.064415][T17911] active_anon:39221 inactive_anon:0 isolated_anon:0 [ 1219.064415][T17911] active_file:0 inactive_file:47177 isolated_file:0 [ 1219.064415][T17911] unevictable:768 dirty:7 writeback:0 [ 1219.064415][T17911] slab_reclaimable:11711 slab_unreclaimable:129810 [ 1219.064415][T17911] mapped:39290 shmem:17950 pagetables:991 [ 1219.064415][T17911] sec_pagetables:0 bounce:0 [ 1219.064415][T17911] kernel_misc_reclaimable:0 [ 1219.064415][T17911] free:1232806 free_pcp:451 free_cma:0 [ 1219.113492][T17911] Node 0 active_anon:156884kB inactive_anon:0kB active_file:0kB inactive_file:188636kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:157160kB dirty:28kB writeback:0kB shmem:70264kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12528kB pagetables:3964kB sec_pagetables:0kB all_unreclaimable? no [ 1219.262677][T17911] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 1219.328334][T17952] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1219.371082][T17911] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1219.461371][T17911] lowmem_reserve[]: 0 2565 2567 0 0 [ 1219.466740][T17911] Node 0 DMA32 free:963456kB boost:0kB min:35052kB low:43812kB high:52572kB reserved_highatomic:0KB active_anon:159436kB inactive_anon:0kB active_file:0kB inactive_file:186820kB unevictable:1536kB writepending:28kB present:3129332kB managed:2654756kB mlocked:0kB bounce:0kB free_pcp:3124kB local_pcp:1964kB free_cma:0kB [ 1219.562921][T17911] lowmem_reserve[]: 0 0 1 0 0 [ 1219.567765][T17911] Node 0 Normal free:24kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1816kB unevictable:0kB writepending:0kB present:1048576kB managed:1896kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 1219.691079][T17911] lowmem_reserve[]: 0 0 0 0 0 [ 1219.695915][T17911] Node 1 Normal free:3948348kB boost:0kB min:54828kB low:68532kB high:82236kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB writepending:0kB present:4194304kB managed:4109120kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1219.783638][T17911] lowmem_reserve[]: 0 0 0 0 0 [ 1219.788498][T17911] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1219.845693][T17911] Node 0 DMA32: 74*4kB (ME) 41*8kB (UE) 1*16kB (M) 115*32kB (UME) 165*64kB (UME) 62*128kB (UME) 37*256kB (UME) 38*512kB (UME) 13*1024kB (UME) 9*2048kB (ME) 214*4096kB (UM) = 960032kB [ 1219.911275][T17911] Node 0 Normal: 0*4kB 1*8kB (M) 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 24kB [ 1219.947717][T17952] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1219.965010][T17911] Node 1 Normal: 1*4kB (U) 11*8kB (UM) 14*16kB (UM) 10*32kB (UM) 7*64kB (U) 6*128kB (U) 6*256kB (UM) 7*512kB (UM) 1*1024kB (U) 2*2048kB (U) 961*4096kB (M) = 3948348kB [ 1219.990320][T17952] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1220.021032][T17911] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1220.045080][T17952] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1220.061059][T17911] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1220.094250][T17952] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1220.111058][T17911] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1220.133634][T17911] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1220.165076][T17911] 67238 total pagecache pages [ 1220.169810][T17911] 0 pages in swap cache [ 1220.193989][T17911] Free swap = 124472kB [ 1220.198207][T17911] Total swap = 124996kB [ 1220.219897][T17911] 2097051 pages RAM [ 1220.241353][T17911] 0 pages HighMem/MovableOnly [ 1220.252047][T17911] 401768 pages reserved [ 1220.256243][T17911] 0 pages cma reserved [ 1221.311421][T17952] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1221.508464][T17952] 8021q: adding VLAN 0 to HW filter on device team0 [ 1221.528322][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 1221.535712][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1221.585206][ T5175] bridge0: port 2(bridge_slave_1) entered blocking state [ 1221.592635][ T5175] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1221.703300][T17976] Bluetooth: hci13: sending frame failed (-49) [ 1221.716583][ T5124] Bluetooth: hci13: Opcode 0x1003 failed: -49 [ 1224.744777][T17952] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1225.358838][T17976] Bluetooth: hci9: command 0x0406 tx timeout [ 1225.679126][T17952] veth0_vlan: entered promiscuous mode [ 1225.772955][T17952] veth1_vlan: entered promiscuous mode [ 1226.648498][T17952] veth0_macvtap: entered promiscuous mode [ 1226.770111][T17952] veth1_macvtap: entered promiscuous mode [ 1227.073865][T17952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1227.132818][T17952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1227.181097][T17952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1227.211135][T17952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1227.228115][T17952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1227.251307][T17952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1227.287701][T17952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1227.328698][T17952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1227.360859][T17952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1227.382160][T17952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1227.410826][T17952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1227.416371][T18135] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1227.434209][T17952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1227.461819][T17952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1227.488464][T17952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1227.523446][T17952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1227.545559][T17952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1227.575042][T17952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1227.598579][T17952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1227.627717][T17952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1227.655622][T17952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1227.688892][T17952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1227.701757][T17952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1227.755670][T17952] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1227.845324][T17952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1227.883853][T17952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1227.894036][T17952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1227.904920][T17952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1227.941274][T17952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1227.968989][T17952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1227.995027][T17952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1228.031768][ T5178] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 1228.049909][T17952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1228.077150][T17952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1228.132292][T17952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1228.181090][T17952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1228.231610][T17952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1228.241714][ T5178] usb 3-1: Using ep0 maxpacket: 8 [ 1228.271457][ T5178] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 1228.297913][T17952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1228.312123][ T5178] usb 3-1: config 179 has no interface number 0 [ 1228.351198][ T5178] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 1228.377129][T17952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1228.409479][ T5178] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 1228.431141][T17952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1228.457969][T17952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1228.477566][ T5178] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 1228.497609][T17952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1228.512767][ T5178] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 1228.541082][T17952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1228.561141][ T5178] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 1228.572521][T17952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1228.596133][ T5178] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1228.608828][T17952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1228.641998][T18140] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1228.661066][T17952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1228.687644][T17952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1228.739342][T17952] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1228.976849][T17952] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1228.997695][T17952] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1229.021182][T17952] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1229.030018][T17952] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1229.124418][ T5178] input: Generic X-Box pad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input17 [ 1229.195812][ T5175] usb 3-1: USB disconnect, device number 33 [ 1229.195901][ C1] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 1229.210156][ C1] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 1229.227069][ T5175] xpad 3-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 1230.160365][ T29] audit: type=1800 audit(1719051226.259:229): pid=18150 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=1955 res=0 errno=0 [ 1230.713351][ T7745] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1230.756998][ T7745] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1231.895405][ T7745] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1231.946946][T17976] Bluetooth: hci13: sending frame failed (-49) [ 1231.956719][ T5124] Bluetooth: hci13: Opcode 0x1003 failed: -49 [ 1231.981618][ T7745] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1232.637894][T18162] syz-executor.2 (18162): drop_caches: 2 [ 1233.549834][T18185] fscrypt: AES-128-CBC-CTS using implementation "cts-cbc-aes-aesni" [ 1233.756257][T18185] fscrypt (sda1): Missing crypto API support for AES-128-CBC-ESSIV (API name: "essiv(cbc(aes),sha256)") [ 1234.611014][T18219] vhci_hcd: invalid port number 129 [ 1234.611041][T18219] vhci_hcd: default hub control req: 0200 v0000 i0081 l0 [ 1235.880238][T18232] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1237.034547][T17956] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 1237.050737][T17956] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 1237.060596][T17956] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 1237.081497][T17956] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 1237.090227][T17956] Bluetooth: hci14: unexpected cc 0x0c25 length: 249 > 3 [ 1237.100589][T17956] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2 [ 1237.191328][ T5124] Bluetooth: hci13: Opcode 0x1003 failed: -110 [ 1237.928222][T18235] lo speed is unknown, defaulting to 1000 [ 1239.192095][T17976] Bluetooth: hci14: command tx timeout [ 1239.502390][T18246] lo speed is unknown, defaulting to 1000 [ 1239.745821][T18269] vhci_hcd: invalid port number 129 [ 1239.751741][T18269] vhci_hcd: default hub control req: 0200 v0000 i0081 l0 [ 1241.271844][T17976] Bluetooth: hci14: command tx timeout [ 1243.351295][T17976] Bluetooth: hci14: command tx timeout [ 1244.567867][T18246] chnl_net:caif_netlink_parms(): no params data found [ 1245.134535][T18246] bridge0: port 1(bridge_slave_0) entered blocking state [ 1245.148676][T18246] bridge0: port 1(bridge_slave_0) entered disabled state [ 1245.166386][T18246] bridge_slave_0: entered allmulticast mode [ 1245.181511][T18246] bridge_slave_0: entered promiscuous mode [ 1245.208538][T18246] bridge0: port 2(bridge_slave_1) entered blocking state [ 1245.262480][T18246] bridge0: port 2(bridge_slave_1) entered disabled state [ 1245.269993][T18246] bridge_slave_1: entered allmulticast mode [ 1245.353319][T18246] bridge_slave_1: entered promiscuous mode [ 1245.471788][T17976] Bluetooth: hci14: command tx timeout [ 1245.930596][T18318] vhci_hcd: invalid port number 129 [ 1245.938642][T18318] vhci_hcd: default hub control req: 0200 v0000 i0081 l0 [ 1246.294212][T18246] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1246.392707][T18246] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1246.912756][T18246] team0: Port device team_slave_0 added [ 1246.996063][T18246] team0: Port device team_slave_1 added [ 1247.055922][ T29] audit: type=1326 audit(1719051243.709:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18324 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f195b87d0a9 code=0x7fc00000 [ 1247.141549][ T29] audit: type=1326 audit(1719051243.709:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18324 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f195b87d0a9 code=0x7fc00000 [ 1247.252029][ T29] audit: type=1326 audit(1719051243.709:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18324 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f195b87d0a9 code=0x7fc00000 [ 1247.314179][T18246] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1247.335400][T18246] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1247.391098][T18246] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1247.415188][T18246] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1247.431082][T18246] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1247.491416][T18246] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1247.505707][T18333] bond0: (slave bond_slave_0): Releasing backup interface [ 1247.807790][T18246] hsr_slave_0: entered promiscuous mode [ 1247.836310][T18246] hsr_slave_1: entered promiscuous mode [ 1247.871648][T18246] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1247.903444][T18246] Cannot create hsr debugfs directory [ 1248.924931][ T1244] ieee802154 phy0 wpan0: encryption failed: -22 [ 1248.935653][ T1244] ieee802154 phy1 wpan1: encryption failed: -22 [ 1249.862874][T18246] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1249.878974][T18352] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1249.996795][ T29] audit: type=1800 audit(1719051246.629:233): pid=18348 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="overlay" ino=1957 res=0 errno=0 [ 1250.270897][T18246] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1250.497176][T18246] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1250.903077][T18246] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1252.507857][T18246] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1252.562861][T18246] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1252.602659][T18246] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1252.642771][T18246] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1253.251577][T18246] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1253.383714][T18246] 8021q: adding VLAN 0 to HW filter on device team0 [ 1253.429465][ T6713] bridge0: port 1(bridge_slave_0) entered blocking state [ 1253.436931][ T6713] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1253.516350][ T6713] bridge0: port 2(bridge_slave_1) entered blocking state [ 1253.523751][ T6713] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1256.959071][T18246] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1257.273231][T18246] veth0_vlan: entered promiscuous mode [ 1257.346309][T18246] veth1_vlan: entered promiscuous mode [ 1257.643560][T18246] veth0_macvtap: entered promiscuous mode [ 1257.680407][T18246] veth1_macvtap: entered promiscuous mode [ 1257.852661][T18246] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1257.881821][T18246] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1257.948249][T18246] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1257.973049][T18246] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1258.000181][T18246] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1258.050831][T18246] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1258.074128][T18246] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1258.097345][T18246] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1258.131127][T18246] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1258.151068][T18246] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1258.171079][T18246] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1258.186507][T18246] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1258.197311][T18246] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1258.208096][T18246] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1258.251558][T18246] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1258.338624][T18246] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1258.384238][T18246] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1258.403606][T18246] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1258.450980][T18246] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1258.491155][T18246] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1258.523938][T18246] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1258.607891][T18246] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1258.658795][T18246] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1258.681247][T18246] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1258.727062][T18246] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1258.820498][T18246] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1258.864915][T18246] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1258.892188][T18246] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1258.944513][T18246] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1258.992853][T18246] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1259.019970][T18246] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1259.070307][T18246] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1259.119367][T18246] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1259.132260][T18246] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1259.171344][T18246] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1259.200224][T18246] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1259.212151][T18246] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1259.224846][T18246] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1259.238296][T18246] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1259.257837][T18246] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1259.274373][T18246] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1259.323860][T18246] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1259.391115][T18246] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1259.434861][T18246] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1259.489405][T18246] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1259.521840][T18246] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1259.535858][T18246] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1259.547734][T18246] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1259.564632][T18246] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1260.690911][T18246] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1260.852691][T18246] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1260.907141][T18246] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1261.224661][ T5124] Bluetooth: hci10: command 0x0406 tx timeout [ 1261.780657][T18246] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1261.821116][T18246] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1263.686067][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1263.706371][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1263.948151][ T7739] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1263.993959][ T7739] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1266.910000][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 1267.456239][T18517] vhci_hcd: invalid port number 129 [ 1267.461642][T18517] vhci_hcd: default hub control req: 0200 v0000 i0081 l0 [ 1271.213103][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 1272.239560][ T5124] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 1272.261335][ T5124] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 1272.270428][ T5124] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 1272.282666][ T5124] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 1272.296677][ T5124] Bluetooth: hci13: unexpected cc 0x0c25 length: 249 > 3 [ 1272.305197][ T5124] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 1272.338422][T18565] pimreg: entered allmulticast mode [ 1274.208052][T18563] lo speed is unknown, defaulting to 1000 [ 1274.391495][ T5124] Bluetooth: hci13: command tx timeout [ 1276.967763][ T5124] Bluetooth: hci13: command tx timeout [ 1277.862503][T18609] tmpfs: Unknown parameter 'nolazytimeÿÿ' [ 1278.448084][T18563] chnl_net:caif_netlink_parms(): no params data found [ 1279.031094][ T5124] Bluetooth: hci13: command tx timeout [ 1279.189002][ T29] audit: type=1800 audit(1719051275.839:234): pid=18638 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=1979 res=0 errno=0 [ 1279.517087][ T29] audit: type=1804 audit(1719051275.959:235): pid=18639 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir1124762058/syzkaller.Wey5L5/490/bus" dev="sda1" ino=1979 res=1 errno=0 [ 1279.581308][T18638] sit0: entered promiscuous mode [ 1279.672412][T18638] netlink: 'syz-executor.5': attribute type 1 has an invalid length. [ 1279.721451][T18638] netlink: 1 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1280.157214][T18647] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1280.413397][T18649] vhci_hcd: invalid port number 129 [ 1280.418739][T18649] vhci_hcd: default hub control req: 0200 v0000 i0081 l0 [ 1280.745222][T18563] bridge0: port 1(bridge_slave_0) entered blocking state [ 1280.819898][T18563] bridge0: port 1(bridge_slave_0) entered disabled state [ 1280.873604][T18563] bridge_slave_0: entered allmulticast mode [ 1280.922063][T18563] bridge_slave_0: entered promiscuous mode [ 1280.996023][T18563] bridge0: port 2(bridge_slave_1) entered blocking state [ 1281.041245][T18563] bridge0: port 2(bridge_slave_1) entered disabled state [ 1281.092006][T18563] bridge_slave_1: entered allmulticast mode [ 1281.111238][ T5124] Bluetooth: hci13: command tx timeout [ 1281.151902][T18563] bridge_slave_1: entered promiscuous mode [ 1282.600211][T18655] capability: warning: `syz-executor.1' uses deprecated v2 capabilities in a way that may be insecure [ 1282.810618][T18563] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1282.940122][T18563] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1283.525676][T18563] team0: Port device team_slave_0 added [ 1283.587437][T18563] team0: Port device team_slave_1 added [ 1284.722094][T18563] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1284.761490][T18563] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1284.841005][T18563] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1285.231402][T18563] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1286.203386][T18563] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1286.351072][T18563] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1286.817585][T18563] hsr_slave_0: entered promiscuous mode [ 1286.840674][T18563] hsr_slave_1: entered promiscuous mode [ 1286.886258][T18563] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1286.944850][T18563] Cannot create hsr debugfs directory [ 1289.859258][T18563] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1290.165743][T18563] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1291.164258][T18563] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1291.614199][T18563] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1292.368137][T18563] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1292.495507][T18563] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1292.553867][T18563] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1292.713550][T18563] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1294.439199][T18563] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1294.784247][T18563] 8021q: adding VLAN 0 to HW filter on device team0 [ 1294.867867][ T5197] bridge0: port 1(bridge_slave_0) entered blocking state [ 1294.875202][ T5197] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1295.055466][ T5175] bridge0: port 2(bridge_slave_1) entered blocking state [ 1295.062856][ T5175] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1296.630744][T18563] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1297.041540][T17976] Bluetooth: hci11: command 0x0406 tx timeout [ 1297.126651][T18563] veth0_vlan: entered promiscuous mode [ 1297.246887][T18563] veth1_vlan: entered promiscuous mode [ 1297.516703][T18563] veth0_macvtap: entered promiscuous mode [ 1297.631588][T18563] veth1_macvtap: entered promiscuous mode [ 1297.796229][T18563] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1297.862434][T18563] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1297.930112][T18563] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1297.993638][T18563] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1298.041236][T18563] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1298.081492][T18563] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1298.101094][T18563] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1298.126171][T18563] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1298.178612][T18563] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1298.201257][T18563] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1298.221136][T18563] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1298.250760][T18563] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1298.301126][T18563] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1298.343304][T18563] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1298.395106][T18563] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1298.431018][T18563] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1298.461487][T18563] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1298.510999][T18563] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1298.540451][T18563] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1298.576796][T18563] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1298.601004][T18563] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1298.631686][T18563] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1298.641882][T18563] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1298.681173][T18563] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1298.712314][T18563] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1298.741036][T18563] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1298.777742][T18563] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1298.861379][ T5175] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 1298.883829][T18563] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1298.931896][T18563] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1298.950950][T18563] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1298.991149][T18563] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1299.030164][T18563] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1299.064373][ T5175] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1299.071254][T18563] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1299.105017][ T5175] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1299.131545][T18563] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1299.145978][ T5175] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1299.165438][ T5175] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1299.189347][T18563] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1299.193684][ T5175] usb 1-1: SerialNumber: syz [ 1299.220952][T18563] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1299.251815][T18563] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1299.295838][T18563] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1299.332080][T18563] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1299.361806][T18563] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1299.395471][T18563] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1299.432496][T18563] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1299.460949][T18563] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1299.482621][ T5175] usb 1-1: 0:2 : does not exist [ 1299.516063][T18563] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1299.560952][T18563] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1299.570897][T18563] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1299.631244][T18563] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1299.671760][T18563] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1299.706569][T18563] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1299.738505][T18563] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1299.781152][T18563] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1299.821202][T18563] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1299.890711][ T5178] usb 1-1: USB disconnect, device number 17 [ 1299.909519][T18563] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1300.066239][T18563] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1300.195088][T18563] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1300.288713][T18563] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1300.342733][T18563] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1300.391513][T18563] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1301.180097][ T7739] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1301.209980][ T7739] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1301.671677][ T7739] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1301.703656][ T7739] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1302.653966][ T5178] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 1302.863769][T18919] 9pnet_fd: Insufficient options for proto=fd [ 1302.901055][ T5178] usb 1-1: Using ep0 maxpacket: 8 [ 1302.914017][ T5178] usb 1-1: New USB device found, idVendor=0ccd, idProduct=10b2, bcdDevice=45.3e [ 1302.935033][ T5178] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1302.959287][ T5178] usb 1-1: Product: syz [ 1302.981497][ T5178] usb 1-1: Manufacturer: syz [ 1302.991889][ T5178] usb 1-1: SerialNumber: syz [ 1303.083618][ T5178] usb 1-1: config 0 descriptor?? [ 1303.318570][ T5178] usb 1-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 1303.366884][ T5178] dvb_usb_af9035 1-1:0.0: probe with driver dvb_usb_af9035 failed with error -22 [ 1303.445595][ T5178] usb 1-1: USB disconnect, device number 18 [ 1304.314544][T18953] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1310.382208][ T1244] ieee802154 phy0 wpan0: encryption failed: -22 [ 1310.388849][ T1244] ieee802154 phy1 wpan1: encryption failed: -22 [ 1314.138596][T19094] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1314.148945][T19094] netlink: 7 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1314.161074][T19094] netlink: 5 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1314.170319][T19094] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1314.457784][ T5124] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 1314.464609][ T5124] Bluetooth: Wrong link type (-22) [ 1314.477886][ T5124] Bluetooth: Unknown BR/EDR signaling command 0x10 [ 1314.484800][ T5124] Bluetooth: Wrong link type (-22) [ 1314.492627][ T5124] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 1314.499352][ T5124] Bluetooth: Wrong link type (-22) [ 1314.505027][ T5124] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 1314.833700][ T5124] Bluetooth: Wrong link type (-22) [ 1314.855455][ T5124] Bluetooth: Unknown BR/EDR signaling command 0x0f [ 1314.863346][ T5124] Bluetooth: Wrong link type (-22) [ 1314.868812][ T5124] Bluetooth: hci14: link tx timeout [ 1314.884974][ T5124] Bluetooth: hci14: killing stalled connection 11:aa:aa:aa:aa:aa [ 1316.044786][T19103] overlayfs: failed to resolve './file1': -2 [ 1316.965065][ T5124] Bluetooth: hci14: command 0x0406 tx timeout [ 1317.054818][T19103] netlink: 16126 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1317.071099][T19103] netlink: 105116 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1319.225986][T19137] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1319.237408][T19137] netlink: 7 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1319.246956][T19137] netlink: 5 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1319.261106][T19137] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1319.274514][T17976] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 1319.281249][T17976] Bluetooth: Wrong link type (-22) [ 1319.286582][T17976] Bluetooth: Unknown BR/EDR signaling command 0x10 [ 1319.306313][T17976] Bluetooth: Wrong link type (-22) [ 1319.538548][T17976] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 1319.545453][T17976] Bluetooth: Wrong link type (-22) [ 1319.551566][T17976] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 1319.563469][T17976] Bluetooth: Wrong link type (-22) [ 1319.569453][T17976] Bluetooth: Unknown BR/EDR signaling command 0x0f [ 1319.576501][T17976] Bluetooth: Wrong link type (-22) [ 1320.375287][T19143] fscrypt: key with description 'fscrypt:e8dab99234bb312e' has invalid payload [ 1320.627130][T19144] 9pnet_fd: Insufficient options for proto=fd [ 1323.722338][T19181] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1323.742942][T19181] netlink: 7 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1323.754657][T19181] netlink: 5 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1323.769245][T19181] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1323.782665][T17976] Bluetooth: hci6: ACL packet for unknown connection handle 200 [ 1324.981646][ T5197] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 1326.075566][ T5197] usb 1-1: config index 0 descriptor too short (expected 23569, got 27) [ 1326.124633][ T5197] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1326.197354][ T5197] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 1326.259210][ T5197] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 1326.298307][ T5197] usb 1-1: Manufacturer: syz [ 1326.372536][ T5197] usb 1-1: config 0 descriptor?? [ 1326.767620][ T5197] rc_core: IR keymap rc-hauppauge not found [ 1326.839782][ T5197] Registered IR keymap rc-empty [ 1326.919511][ T5197] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 1326.969324][T19225] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1327.004495][T19225] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1327.052632][ T5197] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input19 [ 1327.174014][T19225] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1327.904361][T19229] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1327.915533][T19229] netlink: 7 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1327.924871][T19229] netlink: 5 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1327.934159][T19229] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1329.022125][T19225] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1329.030156][T17976] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 1329.037700][T17976] Bluetooth: Wrong link type (-22) [ 1329.399835][T17976] ================================================================== [ 1329.407961][T17976] BUG: KASAN: slab-use-after-free in l2cap_connect.constprop.0+0x10d8/0x1270 [ 1329.416959][T17976] Read of size 8 at addr ffff88804298d800 by task kworker/u9:2/17976 [ 1329.425050][T17976] [ 1329.427381][T17976] CPU: 0 PID: 17976 Comm: kworker/u9:2 Not tainted 6.10.0-rc4-syzkaller-00179-g4545981f33be #0 [ 1329.437735][T17976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1329.447812][T17976] Workqueue: hci12 hci_rx_work [ 1329.452622][T17976] Call Trace: [ 1329.455913][T17976] [ 1329.458856][T17976] dump_stack_lvl+0x116/0x1f0 [ 1329.463575][T17976] print_report+0xc3/0x620 [ 1329.468022][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1329.473704][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1329.479372][T17976] ? __phys_addr+0xc6/0x150 [ 1329.483922][T17976] kasan_report+0xd9/0x110 [ 1329.488376][T17976] ? l2cap_connect.constprop.0+0x10d8/0x1270 [ 1329.494455][T17976] ? l2cap_connect.constprop.0+0x10d8/0x1270 [ 1329.500480][T17976] l2cap_connect.constprop.0+0x10d8/0x1270 [ 1329.506327][T17976] ? do_raw_spin_unlock+0x172/0x230 [ 1329.511578][T17976] ? __pfx_l2cap_connect.constprop.0+0x10/0x10 [ 1329.517792][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1329.523458][T17976] ? __mutex_unlock_slowpath+0x164/0x650 [ 1329.529139][T17976] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1329.535162][T17976] ? lockdep_hardirqs_on+0x7c/0x110 [ 1329.540404][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1329.546067][T17976] ? __entry_text_end+0xfdfc7/0x1020c9 [ 1329.551562][T17976] l2cap_recv_frame+0xf07/0x8e50 [ 1329.556541][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1329.562256][T17976] ? hci_rx_work+0xa83/0x1610 [ 1329.566974][T17976] ? __pfx_lock_release+0x10/0x10 [ 1329.572032][T17976] ? __pfx___lock_acquire+0x10/0x10 [ 1329.577287][T17976] ? __pfx_l2cap_recv_frame+0x10/0x10 [ 1329.582714][T17976] ? trace_contention_end+0xea/0x140 [ 1329.588042][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1329.593732][T17976] ? __mutex_unlock_slowpath+0x164/0x650 [ 1329.599414][T17976] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1329.605433][T17976] ? hci_rx_work+0xa6f/0x1610 [ 1329.610144][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1329.615808][T17976] ? hci_conn_enter_active_mode+0x219/0x360 [ 1329.621786][T17976] ? __pfx_lock_release+0x10/0x10 [ 1329.627114][T17976] ? __pfx_hci_conn_enter_active_mode+0x10/0x10 [ 1329.633411][T17976] l2cap_recv_acldata+0x9ac/0xb60 [ 1329.638476][T17976] hci_rx_work+0xaa7/0x1610 [ 1329.643026][T17976] process_one_work+0x9fe/0x1b60 [ 1329.648014][T17976] ? __pfx_lock_acquire+0x10/0x10 [ 1329.653070][T17976] ? __pfx_process_one_work+0x10/0x10 [ 1329.658479][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1329.664150][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1329.669819][T17976] ? assign_work+0x1a0/0x250 [ 1329.674447][T17976] worker_thread+0x6c8/0xf70 [ 1329.679083][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1329.684743][T17976] ? __kthread_parkme+0x148/0x220 [ 1329.689815][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1329.695487][T17976] ? __pfx_worker_thread+0x10/0x10 [ 1329.700646][T17976] kthread+0x2c4/0x3a0 [ 1329.704765][T17976] ? _raw_spin_unlock_irq+0x23/0x50 [ 1329.709992][T17976] ? __pfx_kthread+0x10/0x10 [ 1329.714632][T17976] ret_from_fork+0x48/0x80 [ 1329.719095][T17976] ? __pfx_kthread+0x10/0x10 [ 1329.723731][T17976] ret_from_fork_asm+0x1a/0x30 [ 1329.728556][T17976] [ 1329.731584][T17976] [ 1329.733910][T17976] Allocated by task 5124: [ 1329.738241][T17976] kasan_save_stack+0x33/0x60 [ 1329.742940][T17976] kasan_save_track+0x14/0x30 [ 1329.747638][T17976] __kasan_kmalloc+0xaa/0xb0 [ 1329.752274][T17976] l2cap_conn_add.part.0+0x60/0xa60 [ 1329.757512][T17976] l2cap_connect_cfm+0x428/0xf80 [ 1329.762474][T17976] hci_remote_features_evt+0x54b/0x9e0 [ 1329.767959][T17976] hci_event_packet+0x9e6/0x1170 [ 1329.772923][T17976] hci_rx_work+0x2c4/0x1610 [ 1329.777459][T17976] process_one_work+0x9fe/0x1b60 [ 1329.782429][T17976] worker_thread+0x6c8/0xf70 [ 1329.787050][T17976] kthread+0x2c4/0x3a0 [ 1329.791159][T17976] ret_from_fork+0x48/0x80 [ 1329.795621][T17976] ret_from_fork_asm+0x1a/0x30 [ 1329.800428][T17976] [ 1329.802760][T17976] Freed by task 5124: [ 1329.806753][T17976] kasan_save_stack+0x33/0x60 [ 1329.811459][T17976] kasan_save_track+0x14/0x30 [ 1329.816160][T17976] kasan_save_free_info+0x3b/0x60 [ 1329.821228][T17976] poison_slab_object+0xf7/0x160 [ 1329.826215][T17976] __kasan_slab_free+0x32/0x50 [ 1329.831009][T17976] kfree+0x12a/0x3b0 [ 1329.834927][T17976] l2cap_conn_del+0x59d/0x740 [ 1329.839648][T17976] l2cap_connect_cfm+0x9e6/0xf80 [ 1329.844619][T17976] hci_conn_failed+0x1c6/0x370 [ 1329.849436][T17976] hci_abort_conn_sync+0x75a/0xb50 [ 1329.854585][T17976] abort_conn_sync+0x197/0x360 [ 1329.859472][T17976] hci_cmd_sync_work+0x1a7/0x410 [ 1329.864433][T17976] process_one_work+0x9fe/0x1b60 [ 1329.869407][T17976] worker_thread+0x6c8/0xf70 [ 1329.874031][T17976] kthread+0x2c4/0x3a0 [ 1329.878143][T17976] ret_from_fork+0x48/0x80 [ 1329.882609][T17976] ret_from_fork_asm+0x1a/0x30 [ 1329.887447][T17976] [ 1329.889781][T17976] Last potentially related work creation: [ 1329.895498][T17976] kasan_save_stack+0x33/0x60 [ 1329.900288][T17976] __kasan_record_aux_stack+0xba/0xd0 [ 1329.905707][T17976] insert_work+0x36/0x230 [ 1329.910069][T17976] __queue_work+0x944/0x1020 [ 1329.914695][T17976] call_timer_fn+0x1a3/0x610 [ 1329.919340][T17976] __run_timers+0x567/0xaf0 [ 1329.923874][T17976] run_timer_base+0x111/0x190 [ 1329.928582][T17976] run_timer_softirq+0x1a/0x40 [ 1329.933420][T17976] handle_softirqs+0x219/0x8f0 [ 1329.938226][T17976] irq_exit_rcu+0xbb/0x120 [ 1329.942688][T17976] sysvec_apic_timer_interrupt+0x95/0xb0 [ 1329.948361][T17976] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1329.954391][T17976] [ 1329.956716][T17976] Second to last potentially related work creation: [ 1329.963304][T17976] kasan_save_stack+0x33/0x60 [ 1329.968002][T17976] __kasan_record_aux_stack+0xba/0xd0 [ 1329.973410][T17976] insert_work+0x36/0x230 [ 1329.977765][T17976] __queue_work+0x525/0x1020 [ 1329.982384][T17976] queue_work_on+0x11a/0x140 [ 1329.987007][T17976] l2cap_connect_cfm+0x9c9/0xf80 [ 1329.991970][T17976] hci_remote_features_evt+0x54b/0x9e0 [ 1329.997450][T17976] hci_event_packet+0x9e6/0x1170 [ 1330.002420][T17976] hci_rx_work+0x2c4/0x1610 [ 1330.006973][T17976] process_one_work+0x9fe/0x1b60 [ 1330.011954][T17976] worker_thread+0x6c8/0xf70 [ 1330.016586][T17976] kthread+0x2c4/0x3a0 [ 1330.020708][T17976] ret_from_fork+0x48/0x80 [ 1330.025166][T17976] ret_from_fork_asm+0x1a/0x30 [ 1330.029974][T17976] [ 1330.032303][T17976] The buggy address belongs to the object at ffff88804298d800 [ 1330.032303][T17976] which belongs to the cache kmalloc-1k of size 1024 [ 1330.046377][T17976] The buggy address is located 0 bytes inside of [ 1330.046377][T17976] freed 1024-byte region [ffff88804298d800, ffff88804298dc00) [ 1330.060117][T17976] [ 1330.062447][T17976] The buggy address belongs to the physical page: [ 1330.068861][T17976] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x42988 [ 1330.077642][T17976] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1330.086161][T17976] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1330.094192][T17976] page_type: 0xffffefff(slab) [ 1330.098892][T17976] raw: 00fff00000000040 ffff888015441dc0 0000000000000000 dead000000000001 [ 1330.107508][T17976] raw: 0000000000000000 0000000000100010 00000001ffffefff 0000000000000000 [ 1330.116130][T17976] head: 00fff00000000040 ffff888015441dc0 0000000000000000 dead000000000001 [ 1330.124833][T17976] head: 0000000000000000 0000000000100010 00000001ffffefff 0000000000000000 [ 1330.133533][T17976] head: 00fff00000000003 ffffea00010a6201 ffffffffffffffff 0000000000000000 [ 1330.142230][T17976] head: 0000000700000008 0000000000000000 00000000ffffffff 0000000000000000 [ 1330.150912][T17976] page dumped because: kasan: bad access detected [ 1330.157344][T17976] page_owner tracks the page as allocated [ 1330.163070][T17976] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 17355, tgid 17340 (syz-executor.1), ts 1141896683865, free_ts 1140859576102 [ 1330.184481][T17976] post_alloc_hook+0x2d1/0x350 [ 1330.189313][T17976] get_page_from_freelist+0x136a/0x2e50 [ 1330.194904][T17976] __alloc_pages_noprof+0x22b/0x2460 [ 1330.200240][T17976] alloc_slab_page+0x56/0x110 [ 1330.204959][T17976] new_slab+0x84/0x260 [ 1330.209056][T17976] ___slab_alloc+0xdac/0x1870 [ 1330.213769][T17976] __slab_alloc.constprop.0+0x56/0xb0 [ 1330.219170][T17976] __kmalloc_noprof+0x36d/0x410 [ 1330.224053][T17976] ieee802_11_parse_elems_full+0xea/0x15d0 [ 1330.229903][T17976] ieee80211_inform_bss+0xfd/0x1140 [ 1330.235149][T17976] cfg80211_inform_single_bss_data+0x880/0x2080 [ 1330.241437][T17976] cfg80211_inform_bss_data+0x205/0x39d0 [ 1330.247108][T17976] cfg80211_inform_bss_frame_data+0x271/0x7c0 [ 1330.253214][T17976] ieee80211_bss_info_update+0x311/0xab0 [ 1330.258888][T17976] ieee80211_scan_rx+0x47c/0xad0 [ 1330.263869][T17976] ieee80211_rx_list+0x1be1/0x2e90 [ 1330.269035][T17976] page last free pid 17353 tgid 17353 stack trace: [ 1330.275545][T17976] free_unref_page+0x64a/0xe40 [ 1330.280348][T17976] __put_partials+0x14c/0x170 [ 1330.285050][T17976] qlist_free_all+0x4e/0x140 [ 1330.289712][T17976] kasan_quarantine_reduce+0x192/0x1e0 [ 1330.295218][T17976] __kasan_slab_alloc+0x69/0x90 [ 1330.300092][T17976] kmem_cache_alloc_noprof+0x121/0x2f0 [ 1330.305582][T17976] getname_flags.part.0+0x50/0x4f0 [ 1330.310736][T17976] getname_flags+0x9b/0xf0 [ 1330.315209][T17976] vfs_fstatat+0x9a/0x150 [ 1330.319570][T17976] __do_sys_newfstatat+0xa6/0x130 [ 1330.324628][T17976] do_syscall_64+0xcd/0x250 [ 1330.329168][T17976] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1330.335109][T17976] [ 1330.337437][T17976] Memory state around the buggy address: [ 1330.343076][T17976] ffff88804298d700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1330.351158][T17976] ffff88804298d780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1330.359236][T17976] >ffff88804298d800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1330.367398][T17976] ^ [ 1330.371475][T17976] ffff88804298d880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1330.379547][T17976] ffff88804298d900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1330.387617][T17976] ================================================================== 2024/06/22 10:15:27 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 1330.456695][T17976] Disabling lock debugging due to kernel taint [ 1330.462991][T17976] ================================================================== [ 1330.471160][T17976] BUG: KASAN: slab-use-after-free in l2cap_send_cmd+0x786/0x920 [ 1330.478856][T17976] Read of size 4 at addr ffff88804298d810 by task kworker/u9:2/17976 [ 1330.486982][T17976] [ 1330.489322][T17976] CPU: 0 PID: 17976 Comm: kworker/u9:2 Tainted: G B 6.10.0-rc4-syzkaller-00179-g4545981f33be #0 [ 1330.501164][T17976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1330.511334][T17976] Workqueue: hci12 hci_rx_work [ 1330.516150][T17976] Call Trace: [ 1330.519445][T17976] [ 1330.522396][T17976] dump_stack_lvl+0x116/0x1f0 [ 1330.527117][T17976] print_report+0xc3/0x620 [ 1330.531575][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1330.537247][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1330.542920][T17976] ? __phys_addr+0xc6/0x150 [ 1330.547466][T17976] kasan_report+0xd9/0x110 [ 1330.551920][T17976] ? l2cap_send_cmd+0x786/0x920 [ 1330.556833][T17976] ? l2cap_send_cmd+0x786/0x920 [ 1330.561835][T17976] l2cap_send_cmd+0x786/0x920 [ 1330.566574][T17976] l2cap_connect.constprop.0+0x6f7/0x1270 [ 1330.572338][T17976] ? do_raw_spin_unlock+0x172/0x230 [ 1330.577590][T17976] ? __pfx_l2cap_connect.constprop.0+0x10/0x10 [ 1330.583787][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1330.589465][T17976] ? __mutex_unlock_slowpath+0x164/0x650 [ 1330.595156][T17976] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1330.601205][T17976] ? lockdep_hardirqs_on+0x7c/0x110 [ 1330.606458][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1330.612140][T17976] ? __entry_text_end+0xfdfc7/0x1020c9 [ 1330.617650][T17976] l2cap_recv_frame+0xf07/0x8e50 [ 1330.622644][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1330.628315][T17976] ? hci_rx_work+0xa83/0x1610 [ 1330.633031][T17976] ? __pfx_lock_release+0x10/0x10 [ 1330.638088][T17976] ? __pfx___lock_acquire+0x10/0x10 [ 1330.643321][T17976] ? __pfx_l2cap_recv_frame+0x10/0x10 [ 1330.648723][T17976] ? trace_contention_end+0xea/0x140 [ 1330.654051][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1330.659715][T17976] ? __mutex_unlock_slowpath+0x164/0x650 [ 1330.665388][T17976] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1330.671403][T17976] ? hci_rx_work+0xa6f/0x1610 [ 1330.676115][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1330.681775][T17976] ? hci_conn_enter_active_mode+0x219/0x360 [ 1330.687708][T17976] ? __pfx_lock_release+0x10/0x10 [ 1330.692766][T17976] ? __pfx_hci_conn_enter_active_mode+0x10/0x10 [ 1330.699057][T17976] l2cap_recv_acldata+0x9ac/0xb60 [ 1330.704120][T17976] hci_rx_work+0xaa7/0x1610 [ 1330.708670][T17976] process_one_work+0x9fe/0x1b60 [ 1330.713657][T17976] ? __pfx_lock_acquire+0x10/0x10 [ 1330.718721][T17976] ? __pfx_process_one_work+0x10/0x10 [ 1330.724226][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1330.729893][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1330.735559][T17976] ? assign_work+0x1a0/0x250 [ 1330.740196][T17976] worker_thread+0x6c8/0xf70 [ 1330.744833][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1330.750495][T17976] ? __kthread_parkme+0x148/0x220 [ 1330.755566][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1330.761231][T17976] ? __pfx_worker_thread+0x10/0x10 [ 1330.766380][T17976] kthread+0x2c4/0x3a0 [ 1330.770497][T17976] ? _raw_spin_unlock_irq+0x23/0x50 [ 1330.775722][T17976] ? __pfx_kthread+0x10/0x10 [ 1330.780358][T17976] ret_from_fork+0x48/0x80 [ 1330.784823][T17976] ? __pfx_kthread+0x10/0x10 [ 1330.789458][T17976] ret_from_fork_asm+0x1a/0x30 [ 1330.794289][T17976] [ 1330.797325][T17976] [ 1330.799653][T17976] Allocated by task 5124: [ 1330.803987][T17976] kasan_save_stack+0x33/0x60 [ 1330.808684][T17976] kasan_save_track+0x14/0x30 [ 1330.813379][T17976] __kasan_kmalloc+0xaa/0xb0 [ 1330.818028][T17976] l2cap_conn_add.part.0+0x60/0xa60 [ 1330.823273][T17976] l2cap_connect_cfm+0x428/0xf80 [ 1330.828247][T17976] hci_remote_features_evt+0x54b/0x9e0 [ 1330.833731][T17976] hci_event_packet+0x9e6/0x1170 [ 1330.838692][T17976] hci_rx_work+0x2c4/0x1610 [ 1330.843228][T17976] process_one_work+0x9fe/0x1b60 [ 1330.848208][T17976] worker_thread+0x6c8/0xf70 [ 1330.852832][T17976] kthread+0x2c4/0x3a0 [ 1330.856950][T17976] ret_from_fork+0x48/0x80 [ 1330.861416][T17976] ret_from_fork_asm+0x1a/0x30 [ 1330.866222][T17976] [ 1330.868558][T17976] Freed by task 5124: [ 1330.872544][T17976] kasan_save_stack+0x33/0x60 [ 1330.877242][T17976] kasan_save_track+0x14/0x30 [ 1330.881937][T17976] kasan_save_free_info+0x3b/0x60 [ 1330.886998][T17976] poison_slab_object+0xf7/0x160 [ 1330.891985][T17976] __kasan_slab_free+0x32/0x50 [ 1330.896771][T17976] kfree+0x12a/0x3b0 [ 1330.900683][T17976] l2cap_conn_del+0x59d/0x740 [ 1330.905418][T17976] l2cap_connect_cfm+0x9e6/0xf80 [ 1330.910385][T17976] hci_conn_failed+0x1c6/0x370 [ 1330.915192][T17976] hci_abort_conn_sync+0x75a/0xb50 [ 1330.920341][T17976] abort_conn_sync+0x197/0x360 [ 1330.925141][T17976] hci_cmd_sync_work+0x1a7/0x410 [ 1330.930112][T17976] process_one_work+0x9fe/0x1b60 [ 1330.935088][T17976] worker_thread+0x6c8/0xf70 [ 1330.939711][T17976] kthread+0x2c4/0x3a0 [ 1330.943822][T17976] ret_from_fork+0x48/0x80 [ 1330.948279][T17976] ret_from_fork_asm+0x1a/0x30 [ 1330.953085][T17976] [ 1330.955410][T17976] Last potentially related work creation: [ 1330.961128][T17976] kasan_save_stack+0x33/0x60 [ 1330.965828][T17976] __kasan_record_aux_stack+0xba/0xd0 [ 1330.971235][T17976] insert_work+0x36/0x230 [ 1330.975593][T17976] __queue_work+0x944/0x1020 [ 1330.980262][T17976] call_timer_fn+0x1a3/0x610 [ 1330.984877][T17976] __run_timers+0x567/0xaf0 [ 1330.989413][T17976] run_timer_base+0x111/0x190 [ 1330.994120][T17976] run_timer_softirq+0x1a/0x40 [ 1330.998913][T17976] handle_softirqs+0x219/0x8f0 [ 1331.003720][T17976] irq_exit_rcu+0xbb/0x120 [ 1331.008178][T17976] sysvec_apic_timer_interrupt+0x95/0xb0 [ 1331.013844][T17976] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1331.019872][T17976] [ 1331.022200][T17976] Second to last potentially related work creation: [ 1331.028786][T17976] kasan_save_stack+0x33/0x60 [ 1331.033486][T17976] __kasan_record_aux_stack+0xba/0xd0 [ 1331.038896][T17976] insert_work+0x36/0x230 [ 1331.043257][T17976] __queue_work+0x525/0x1020 [ 1331.047890][T17976] queue_work_on+0x11a/0x140 [ 1331.052528][T17976] l2cap_connect_cfm+0x9c9/0xf80 [ 1331.057497][T17976] hci_remote_features_evt+0x54b/0x9e0 [ 1331.062979][T17976] hci_event_packet+0x9e6/0x1170 [ 1331.067944][T17976] hci_rx_work+0x2c4/0x1610 [ 1331.072477][T17976] process_one_work+0x9fe/0x1b60 [ 1331.077444][T17976] worker_thread+0x6c8/0xf70 [ 1331.082065][T17976] kthread+0x2c4/0x3a0 [ 1331.086174][T17976] ret_from_fork+0x48/0x80 [ 1331.090628][T17976] ret_from_fork_asm+0x1a/0x30 [ 1331.095433][T17976] [ 1331.097760][T17976] The buggy address belongs to the object at ffff88804298d800 [ 1331.097760][T17976] which belongs to the cache kmalloc-1k of size 1024 [ 1331.111836][T17976] The buggy address is located 16 bytes inside of [ 1331.111836][T17976] freed 1024-byte region [ffff88804298d800, ffff88804298dc00) [ 1331.125746][T17976] [ 1331.128079][T17976] The buggy address belongs to the physical page: [ 1331.134499][T17976] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x42988 [ 1331.143277][T17976] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1331.151795][T17976] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1331.159791][T17976] page_type: 0xffffefff(slab) [ 1331.164495][T17976] raw: 00fff00000000040 ffff888015441dc0 0000000000000000 dead000000000001 [ 1331.173111][T17976] raw: 0000000000000000 0000000000100010 00000001ffffefff 0000000000000000 [ 1331.181719][T17976] head: 00fff00000000040 ffff888015441dc0 0000000000000000 dead000000000001 [ 1331.190415][T17976] head: 0000000000000000 0000000000100010 00000001ffffefff 0000000000000000 [ 1331.199113][T17976] head: 00fff00000000003 ffffea00010a6201 ffffffffffffffff 0000000000000000 [ 1331.207987][T17976] head: 0000000700000008 0000000000000000 00000000ffffffff 0000000000000000 [ 1331.216668][T17976] page dumped because: kasan: bad access detected [ 1331.223090][T17976] page_owner tracks the page as allocated [ 1331.228807][T17976] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 17355, tgid 17340 (syz-executor.1), ts 1141896683865, free_ts 1140859576102 [ 1331.250231][T17976] post_alloc_hook+0x2d1/0x350 [ 1331.255046][T17976] get_page_from_freelist+0x136a/0x2e50 [ 1331.260638][T17976] __alloc_pages_noprof+0x22b/0x2460 [ 1331.265970][T17976] alloc_slab_page+0x56/0x110 [ 1331.270710][T17976] new_slab+0x84/0x260 [ 1331.274803][T17976] ___slab_alloc+0xdac/0x1870 [ 1331.279505][T17976] __slab_alloc.constprop.0+0x56/0xb0 [ 1331.284905][T17976] __kmalloc_noprof+0x36d/0x410 [ 1331.289784][T17976] ieee802_11_parse_elems_full+0xea/0x15d0 [ 1331.295641][T17976] ieee80211_inform_bss+0xfd/0x1140 [ 1331.300883][T17976] cfg80211_inform_single_bss_data+0x880/0x2080 [ 1331.307171][T17976] cfg80211_inform_bss_data+0x205/0x39d0 [ 1331.312847][T17976] cfg80211_inform_bss_frame_data+0x271/0x7c0 [ 1331.318953][T17976] ieee80211_bss_info_update+0x311/0xab0 [ 1331.324629][T17976] ieee80211_scan_rx+0x47c/0xad0 [ 1331.329633][T17976] ieee80211_rx_list+0x1be1/0x2e90 [ 1331.334800][T17976] page last free pid 17353 tgid 17353 stack trace: [ 1331.341351][T17976] free_unref_page+0x64a/0xe40 [ 1331.346169][T17976] __put_partials+0x14c/0x170 [ 1331.350870][T17976] qlist_free_all+0x4e/0x140 [ 1331.355517][T17976] kasan_quarantine_reduce+0x192/0x1e0 [ 1331.361029][T17976] __kasan_slab_alloc+0x69/0x90 [ 1331.365927][T17976] kmem_cache_alloc_noprof+0x121/0x2f0 [ 1331.371422][T17976] getname_flags.part.0+0x50/0x4f0 [ 1331.376569][T17976] getname_flags+0x9b/0xf0 [ 1331.381031][T17976] vfs_fstatat+0x9a/0x150 [ 1331.385388][T17976] __do_sys_newfstatat+0xa6/0x130 [ 1331.390443][T17976] do_syscall_64+0xcd/0x250 [ 1331.395071][T17976] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1331.401017][T17976] [ 1331.403343][T17976] Memory state around the buggy address: [ 1331.408980][T17976] ffff88804298d700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1331.417056][T17976] ffff88804298d780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1331.425165][T17976] >ffff88804298d800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1331.433325][T17976] ^ [ 1331.438299][T17976] ffff88804298d880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1331.446377][T17976] ffff88804298d900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1331.454449][T17976] ================================================================== [ 1331.520730][T17976] ================================================================== [ 1331.528856][T17976] BUG: KASAN: slab-use-after-free in l2cap_send_cmd+0x880/0x920 [ 1331.536557][T17976] Read of size 8 at addr ffff88804298d800 by task kworker/u9:2/17976 [ 1331.544661][T17976] [ 1331.547053][T17976] CPU: 1 PID: 17976 Comm: kworker/u9:2 Tainted: G B 6.10.0-rc4-syzkaller-00179-g4545981f33be #0 [ 1331.558907][T17976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1331.569007][T17976] Workqueue: hci12 hci_rx_work [ 1331.573838][T17976] Call Trace: [ 1331.577141][T17976] [ 1331.580100][T17976] dump_stack_lvl+0x116/0x1f0 [ 1331.584843][T17976] print_report+0xc3/0x620 [ 1331.589313][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1331.594998][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1331.600676][T17976] ? __phys_addr+0xc6/0x150 [ 1331.605267][T17976] kasan_report+0xd9/0x110 [ 1331.609736][T17976] ? l2cap_send_cmd+0x880/0x920 [ 1331.614655][T17976] ? l2cap_send_cmd+0x880/0x920 [ 1331.619569][T17976] l2cap_send_cmd+0x880/0x920 [ 1331.624342][T17976] l2cap_connect.constprop.0+0x6f7/0x1270 [ 1331.630106][T17976] ? do_raw_spin_unlock+0x172/0x230 [ 1331.635361][T17976] ? __pfx_l2cap_connect.constprop.0+0x10/0x10 [ 1331.641560][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1331.647242][T17976] ? __mutex_unlock_slowpath+0x164/0x650 [ 1331.652937][T17976] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1331.658997][T17976] ? lockdep_hardirqs_on+0x7c/0x110 [ 1331.664242][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1331.669912][T17976] ? __entry_text_end+0xfdfc7/0x1020c9 [ 1331.675413][T17976] l2cap_recv_frame+0xf07/0x8e50 [ 1331.680520][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1331.686277][T17976] ? hci_rx_work+0xa83/0x1610 [ 1331.690996][T17976] ? __pfx_lock_release+0x10/0x10 [ 1331.696052][T17976] ? __pfx___lock_acquire+0x10/0x10 [ 1331.701286][T17976] ? __pfx_l2cap_recv_frame+0x10/0x10 [ 1331.706710][T17976] ? trace_contention_end+0xea/0x140 [ 1331.712047][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1331.717715][T17976] ? __mutex_unlock_slowpath+0x164/0x650 [ 1331.723392][T17976] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1331.729500][T17976] ? hci_rx_work+0xa6f/0x1610 [ 1331.734218][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1331.739880][T17976] ? hci_conn_enter_active_mode+0x219/0x360 [ 1331.745855][T17976] ? __pfx_lock_release+0x10/0x10 [ 1331.750931][T17976] ? __pfx_hci_conn_enter_active_mode+0x10/0x10 [ 1331.757227][T17976] l2cap_recv_acldata+0x9ac/0xb60 [ 1331.762377][T17976] hci_rx_work+0xaa7/0x1610 [ 1331.766931][T17976] process_one_work+0x9fe/0x1b60 [ 1331.771929][T17976] ? __pfx_lock_acquire+0x10/0x10 [ 1331.776991][T17976] ? __pfx_process_one_work+0x10/0x10 [ 1331.782405][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1331.788163][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1331.793832][T17976] ? assign_work+0x1a0/0x250 [ 1331.798467][T17976] worker_thread+0x6c8/0xf70 [ 1331.803109][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1331.808868][T17976] ? __kthread_parkme+0x148/0x220 [ 1331.813950][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1331.819708][T17976] ? __pfx_worker_thread+0x10/0x10 [ 1331.824867][T17976] kthread+0x2c4/0x3a0 [ 1331.828994][T17976] ? _raw_spin_unlock_irq+0x23/0x50 [ 1331.834223][T17976] ? __pfx_kthread+0x10/0x10 [ 1331.838863][T17976] ret_from_fork+0x48/0x80 [ 1331.843328][T17976] ? __pfx_kthread+0x10/0x10 [ 1331.847970][T17976] ret_from_fork_asm+0x1a/0x30 [ 1331.852808][T17976] [ 1331.855836][T17976] [ 1331.858162][T17976] Allocated by task 5124: [ 1331.862499][T17976] kasan_save_stack+0x33/0x60 [ 1331.867205][T17976] kasan_save_track+0x14/0x30 [ 1331.871910][T17976] __kasan_kmalloc+0xaa/0xb0 [ 1331.876550][T17976] l2cap_conn_add.part.0+0x60/0xa60 [ 1331.881788][T17976] l2cap_connect_cfm+0x428/0xf80 [ 1331.886927][T17976] hci_remote_features_evt+0x54b/0x9e0 [ 1331.892424][T17976] hci_event_packet+0x9e6/0x1170 [ 1331.897402][T17976] hci_rx_work+0x2c4/0x1610 [ 1331.901944][T17976] process_one_work+0x9fe/0x1b60 [ 1331.906916][T17976] worker_thread+0x6c8/0xf70 [ 1331.911540][T17976] kthread+0x2c4/0x3a0 [ 1331.915649][T17976] ret_from_fork+0x48/0x80 [ 1331.920134][T17976] ret_from_fork_asm+0x1a/0x30 [ 1331.924948][T17976] [ 1331.927273][T17976] Freed by task 5124: [ 1331.931257][T17976] kasan_save_stack+0x33/0x60 [ 1331.935963][T17976] kasan_save_track+0x14/0x30 [ 1331.940662][T17976] kasan_save_free_info+0x3b/0x60 [ 1331.945728][T17976] poison_slab_object+0xf7/0x160 [ 1331.950721][T17976] __kasan_slab_free+0x32/0x50 [ 1331.955519][T17976] kfree+0x12a/0x3b0 [ 1331.959437][T17976] l2cap_conn_del+0x59d/0x740 [ 1331.964163][T17976] l2cap_connect_cfm+0x9e6/0xf80 [ 1331.969150][T17976] hci_conn_failed+0x1c6/0x370 [ 1331.973964][T17976] hci_abort_conn_sync+0x75a/0xb50 [ 1331.979116][T17976] abort_conn_sync+0x197/0x360 [ 1331.983913][T17976] hci_cmd_sync_work+0x1a7/0x410 [ 1331.988875][T17976] process_one_work+0x9fe/0x1b60 [ 1331.993858][T17976] worker_thread+0x6c8/0xf70 [ 1331.998484][T17976] kthread+0x2c4/0x3a0 [ 1332.002595][T17976] ret_from_fork+0x48/0x80 [ 1332.007055][T17976] ret_from_fork_asm+0x1a/0x30 [ 1332.011864][T17976] [ 1332.014195][T17976] Last potentially related work creation: [ 1332.019938][T17976] kasan_save_stack+0x33/0x60 [ 1332.024644][T17976] __kasan_record_aux_stack+0xba/0xd0 [ 1332.030058][T17976] insert_work+0x36/0x230 [ 1332.034420][T17976] __queue_work+0x944/0x1020 [ 1332.039044][T17976] call_timer_fn+0x1a3/0x610 [ 1332.043664][T17976] __run_timers+0x567/0xaf0 [ 1332.048199][T17976] run_timer_base+0x111/0x190 [ 1332.052908][T17976] run_timer_softirq+0x1a/0x40 [ 1332.057711][T17976] handle_softirqs+0x219/0x8f0 [ 1332.062513][T17976] irq_exit_rcu+0xbb/0x120 [ 1332.066993][T17976] sysvec_apic_timer_interrupt+0x95/0xb0 [ 1332.072664][T17976] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1332.078696][T17976] [ 1332.081021][T17976] Second to last potentially related work creation: [ 1332.087607][T17976] kasan_save_stack+0x33/0x60 [ 1332.092305][T17976] __kasan_record_aux_stack+0xba/0xd0 [ 1332.097711][T17976] insert_work+0x36/0x230 [ 1332.102086][T17976] __queue_work+0x525/0x1020 [ 1332.106711][T17976] queue_work_on+0x11a/0x140 [ 1332.111334][T17976] l2cap_connect_cfm+0x9c9/0xf80 [ 1332.116300][T17976] hci_remote_features_evt+0x54b/0x9e0 [ 1332.121848][T17976] hci_event_packet+0x9e6/0x1170 [ 1332.126818][T17976] hci_rx_work+0x2c4/0x1610 [ 1332.131354][T17976] process_one_work+0x9fe/0x1b60 [ 1332.136326][T17976] worker_thread+0x6c8/0xf70 [ 1332.140952][T17976] kthread+0x2c4/0x3a0 [ 1332.145068][T17976] ret_from_fork+0x48/0x80 [ 1332.149532][T17976] ret_from_fork_asm+0x1a/0x30 [ 1332.154343][T17976] [ 1332.156678][T17976] The buggy address belongs to the object at ffff88804298d800 [ 1332.156678][T17976] which belongs to the cache kmalloc-1k of size 1024 [ 1332.170788][T17976] The buggy address is located 0 bytes inside of [ 1332.170788][T17976] freed 1024-byte region [ffff88804298d800, ffff88804298dc00) [ 1332.184537][T17976] [ 1332.186888][T17976] The buggy address belongs to the physical page: [ 1332.193302][T17976] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x42988 [ 1332.202083][T17976] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1332.210602][T17976] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1332.218602][T17976] page_type: 0xffffefff(slab) [ 1332.223306][T17976] raw: 00fff00000000040 ffff888015441dc0 0000000000000000 dead000000000001 [ 1332.231920][T17976] raw: 0000000000000000 0000000000100010 00000001ffffefff 0000000000000000 [ 1332.240533][T17976] head: 00fff00000000040 ffff888015441dc0 0000000000000000 dead000000000001 [ 1332.249236][T17976] head: 0000000000000000 0000000000100010 00000001ffffefff 0000000000000000 [ 1332.257938][T17976] head: 00fff00000000003 ffffea00010a6201 ffffffffffffffff 0000000000000000 [ 1332.266646][T17976] head: 0000000700000008 0000000000000000 00000000ffffffff 0000000000000000 [ 1332.275344][T17976] page dumped because: kasan: bad access detected [ 1332.281764][T17976] page_owner tracks the page as allocated [ 1332.287485][T17976] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 17355, tgid 17340 (syz-executor.1), ts 1141896683865, free_ts 1140859576102 [ 1332.308997][T17976] post_alloc_hook+0x2d1/0x350 [ 1332.313840][T17976] get_page_from_freelist+0x136a/0x2e50 [ 1332.319451][T17976] __alloc_pages_noprof+0x22b/0x2460 [ 1332.324785][T17976] alloc_slab_page+0x56/0x110 [ 1332.329504][T17976] new_slab+0x84/0x260 [ 1332.333604][T17976] ___slab_alloc+0xdac/0x1870 [ 1332.338302][T17976] __slab_alloc.constprop.0+0x56/0xb0 [ 1332.343701][T17976] __kmalloc_noprof+0x36d/0x410 [ 1332.348579][T17976] ieee802_11_parse_elems_full+0xea/0x15d0 [ 1332.354445][T17976] ieee80211_inform_bss+0xfd/0x1140 [ 1332.359691][T17976] cfg80211_inform_single_bss_data+0x880/0x2080 [ 1332.365992][T17976] cfg80211_inform_bss_data+0x205/0x39d0 [ 1332.371672][T17976] cfg80211_inform_bss_frame_data+0x271/0x7c0 [ 1332.377960][T17976] ieee80211_bss_info_update+0x311/0xab0 [ 1332.383646][T17976] ieee80211_scan_rx+0x47c/0xad0 [ 1332.388626][T17976] ieee80211_rx_list+0x1be1/0x2e90 [ 1332.393786][T17976] page last free pid 17353 tgid 17353 stack trace: [ 1332.400299][T17976] free_unref_page+0x64a/0xe40 [ 1332.405201][T17976] __put_partials+0x14c/0x170 [ 1332.410083][T17976] qlist_free_all+0x4e/0x140 [ 1332.414724][T17976] kasan_quarantine_reduce+0x192/0x1e0 [ 1332.420236][T17976] __kasan_slab_alloc+0x69/0x90 [ 1332.425117][T17976] kmem_cache_alloc_noprof+0x121/0x2f0 [ 1332.430616][T17976] getname_flags.part.0+0x50/0x4f0 [ 1332.435768][T17976] getname_flags+0x9b/0xf0 [ 1332.440233][T17976] vfs_fstatat+0x9a/0x150 [ 1332.444593][T17976] __do_sys_newfstatat+0xa6/0x130 [ 1332.449649][T17976] do_syscall_64+0xcd/0x250 [ 1332.454283][T17976] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1332.460237][T17976] [ 1332.462581][T17976] Memory state around the buggy address: [ 1332.468316][T17976] ffff88804298d700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1332.476398][T17976] ffff88804298d780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1332.484473][T17976] >ffff88804298d800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1332.492549][T17976] ^ [ 1332.496622][T17976] ffff88804298d880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1332.504697][T17976] ffff88804298d900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1332.512978][T17976] ================================================================== [ 1332.532612][T17976] ================================================================== [ 1332.540811][T17976] BUG: KASAN: slab-use-after-free in l2cap_send_cmd+0x7c5/0x920 [ 1332.548493][T17976] Read of size 1 at addr ffff88807ee48ceb by task kworker/u9:2/17976 [ 1332.556584][T17976] [ 1332.558911][T17976] CPU: 1 PID: 17976 Comm: kworker/u9:2 Tainted: G B 6.10.0-rc4-syzkaller-00179-g4545981f33be #0 [ 1332.570739][T17976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1332.580838][T17976] Workqueue: hci12 hci_rx_work [ 1332.585662][T17976] Call Trace: [ 1332.588971][T17976] [ 1332.591928][T17976] dump_stack_lvl+0x116/0x1f0 [ 1332.596664][T17976] print_report+0xc3/0x620 [ 1332.601114][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1332.606782][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1332.612514][T17976] ? __phys_addr+0xc6/0x150 [ 1332.617056][T17976] kasan_report+0xd9/0x110 [ 1332.621499][T17976] ? l2cap_send_cmd+0x7c5/0x920 [ 1332.626398][T17976] ? l2cap_send_cmd+0x7c5/0x920 [ 1332.631308][T17976] l2cap_send_cmd+0x7c5/0x920 [ 1332.636047][T17976] l2cap_connect.constprop.0+0x6f7/0x1270 [ 1332.641819][T17976] ? do_raw_spin_unlock+0x172/0x230 [ 1332.647067][T17976] ? __pfx_l2cap_connect.constprop.0+0x10/0x10 [ 1332.653386][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1332.659151][T17976] ? __mutex_unlock_slowpath+0x164/0x650 [ 1332.664853][T17976] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1332.670896][T17976] ? lockdep_hardirqs_on+0x7c/0x110 [ 1332.676149][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1332.681822][T17976] ? __entry_text_end+0xfdfc7/0x1020c9 [ 1332.687331][T17976] l2cap_recv_frame+0xf07/0x8e50 [ 1332.692324][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1332.697988][T17976] ? hci_rx_work+0xa83/0x1610 [ 1332.702721][T17976] ? __pfx_lock_release+0x10/0x10 [ 1332.707778][T17976] ? __pfx___lock_acquire+0x10/0x10 [ 1332.713023][T17976] ? __pfx_l2cap_recv_frame+0x10/0x10 [ 1332.718444][T17976] ? trace_contention_end+0xea/0x140 [ 1332.723784][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1332.729456][T17976] ? __mutex_unlock_slowpath+0x164/0x650 [ 1332.735140][T17976] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1332.741183][T17976] ? hci_rx_work+0xa6f/0x1610 [ 1332.745925][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1332.751600][T17976] ? hci_conn_enter_active_mode+0x219/0x360 [ 1332.757544][T17976] ? __pfx_lock_release+0x10/0x10 [ 1332.762610][T17976] ? __pfx_hci_conn_enter_active_mode+0x10/0x10 [ 1332.768908][T17976] l2cap_recv_acldata+0x9ac/0xb60 [ 1332.774001][T17976] hci_rx_work+0xaa7/0x1610 [ 1332.778560][T17976] process_one_work+0x9fe/0x1b60 [ 1332.783597][T17976] ? __pfx_lock_acquire+0x10/0x10 [ 1332.788663][T17976] ? __pfx_process_one_work+0x10/0x10 [ 1332.794067][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1332.799750][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1332.805435][T17976] ? assign_work+0x1a0/0x250 [ 1332.810074][T17976] worker_thread+0x6c8/0xf70 [ 1332.814723][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1332.820401][T17976] ? __kthread_parkme+0x148/0x220 [ 1332.825486][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1332.831162][T17976] ? __pfx_worker_thread+0x10/0x10 [ 1332.836399][T17976] kthread+0x2c4/0x3a0 [ 1332.840526][T17976] ? _raw_spin_unlock_irq+0x23/0x50 [ 1332.845755][T17976] ? __pfx_kthread+0x10/0x10 [ 1332.850398][T17976] ret_from_fork+0x48/0x80 [ 1332.854874][T17976] ? __pfx_kthread+0x10/0x10 [ 1332.859529][T17976] ret_from_fork_asm+0x1a/0x30 [ 1332.864351][T17976] [ 1332.867387][T17976] [ 1332.869724][T17976] Allocated by task 17330: [ 1332.874163][T17976] kasan_save_stack+0x33/0x60 [ 1332.878938][T17976] kasan_save_track+0x14/0x30 [ 1332.883649][T17976] __kasan_slab_alloc+0x89/0x90 [ 1332.888531][T17976] kmem_cache_alloc_noprof+0x121/0x2f0 [ 1332.894029][T17976] security_inode_alloc+0x3e/0x240 [ 1332.899181][T17976] inode_init_always+0xc2f/0xf50 [ 1332.904169][T17976] alloc_inode+0x7d/0x230 [ 1332.908526][T17976] new_inode_pseudo+0x16/0x80 [ 1332.913258][T17976] sock_alloc+0x40/0x280 [ 1332.917534][T17976] __sock_create+0xc0/0x800 [ 1332.922084][T17976] __sys_socket+0x14f/0x260 [ 1332.926620][T17976] __x64_sys_socket+0x72/0xb0 [ 1332.931351][T17976] do_syscall_64+0xcd/0x250 [ 1332.935890][T17976] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1332.941830][T17976] [ 1332.944156][T17976] Freed by task 5124: [ 1332.948140][T17976] kasan_save_stack+0x33/0x60 [ 1332.952866][T17976] kasan_save_track+0x14/0x30 [ 1332.957573][T17976] kasan_save_free_info+0x3b/0x60 [ 1332.962635][T17976] poison_slab_object+0xf7/0x160 [ 1332.967617][T17976] __kasan_slab_free+0x32/0x50 [ 1332.972402][T17976] kmem_cache_free+0x12f/0x3a0 [ 1332.977204][T17976] rcu_core+0x82b/0x16b0 [ 1332.981482][T17976] handle_softirqs+0x219/0x8f0 [ 1332.986288][T17976] irq_exit_rcu+0xbb/0x120 [ 1332.990785][T17976] sysvec_apic_timer_interrupt+0x95/0xb0 [ 1332.996459][T17976] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1333.002505][T17976] [ 1333.004843][T17976] Last potentially related work creation: [ 1333.010562][T17976] kasan_save_stack+0x33/0x60 [ 1333.015266][T17976] __kasan_record_aux_stack+0xba/0xd0 [ 1333.020674][T17976] __call_rcu_common.constprop.0+0x9a/0x790 [ 1333.026598][T17976] security_inode_free+0x9c/0xc0 [ 1333.031556][T17976] __destroy_inode+0x1f8/0x750 [ 1333.036425][T17976] destroy_inode+0x91/0x1b0 [ 1333.040959][T17976] iput.part.0+0x5a8/0x7f0 [ 1333.045401][T17976] iput+0x5c/0x80 [ 1333.049062][T17976] dentry_unlink_inode+0x295/0x480 [ 1333.054211][T17976] __dentry_kill+0x1d0/0x600 [ 1333.058914][T17976] dput.part.0+0x4b1/0x9b0 [ 1333.063373][T17976] dput+0x1f/0x30 [ 1333.067030][T17976] __fput+0x54e/0xbb0 [ 1333.071036][T17976] __fput_sync+0x47/0x50 [ 1333.075307][T17976] __x64_sys_close+0x86/0x100 [ 1333.080036][T17976] do_syscall_64+0xcd/0x250 [ 1333.084611][T17976] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1333.090636][T17976] [ 1333.092997][T17976] The buggy address belongs to the object at ffff88807ee48cb0 [ 1333.092997][T17976] which belongs to the cache lsm_inode_cache of size 80 [ 1333.107335][T17976] The buggy address is located 59 bytes inside of [ 1333.107335][T17976] freed 80-byte region [ffff88807ee48cb0, ffff88807ee48d00) [ 1333.120995][T17976] [ 1333.123332][T17976] The buggy address belongs to the physical page: [ 1333.129753][T17976] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7ee48 [ 1333.138527][T17976] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 1333.145660][T17976] page_type: 0xffffefff(slab) [ 1333.150356][T17976] raw: 00fff00000000000 ffff8880162f13c0 ffffea00009a8600 dead000000000002 [ 1333.159046][T17976] raw: 0000000000000000 0000000000240024 00000001ffffefff 0000000000000000 [ 1333.167818][T17976] page dumped because: kasan: bad access detected [ 1333.174236][T17976] page_owner tracks the page as allocated [ 1333.179960][T17976] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 5126, tgid 5126 (syz-executor.1), ts 123217450724, free_ts 123162195201 [ 1333.200873][T17976] post_alloc_hook+0x2d1/0x350 [ 1333.205693][T17976] get_page_from_freelist+0x136a/0x2e50 [ 1333.211307][T17976] __alloc_pages_noprof+0x22b/0x2460 [ 1333.216655][T17976] alloc_slab_page+0x56/0x110 [ 1333.221368][T17976] new_slab+0x84/0x260 [ 1333.225471][T17976] ___slab_alloc+0xdac/0x1870 [ 1333.230271][T17976] __slab_alloc.constprop.0+0x56/0xb0 [ 1333.235669][T17976] kmem_cache_alloc_noprof+0x2a7/0x2f0 [ 1333.241154][T17976] security_inode_alloc+0x3e/0x240 [ 1333.246286][T17976] inode_init_always+0xc2f/0xf50 [ 1333.251275][T17976] alloc_inode+0x7d/0x230 [ 1333.255625][T17976] new_inode+0x22/0x270 [ 1333.259797][T17976] __debugfs_create_file+0x11a/0x660 [ 1333.265130][T17976] debugfs_hw_add+0x284/0x360 [ 1333.269850][T17976] ieee80211_register_hw+0x26a3/0x43b0 [ 1333.275352][T17976] mac80211_hwsim_new_radio+0x22f6/0x4e50 [ 1333.281237][T17976] page last free pid 5114 tgid 5114 stack trace: [ 1333.287591][T17976] free_unref_page+0x64a/0xe40 [ 1333.292394][T17976] rcu_core+0x82b/0x16b0 [ 1333.296680][T17976] handle_softirqs+0x219/0x8f0 [ 1333.301599][T17976] do_softirq+0xb2/0xf0 [ 1333.305859][T17976] __local_bh_enable_ip+0x100/0x120 [ 1333.311105][T17976] ndisc_netdev_event+0xf4/0x590 [ 1333.316114][T17976] notifier_call_chain+0xbc/0x410 [ 1333.321362][T17976] call_netdevice_notifiers_info+0xbe/0x140 [ 1333.327323][T17976] dev_set_mac_address+0x370/0x4a0 [ 1333.332492][T17976] dev_set_mac_address_user+0x30/0x50 [ 1333.337925][T17976] do_setlink+0x901/0x3ff0 [ 1333.342415][T17976] __rtnl_newlink+0xc35/0x1960 [ 1333.347225][T17976] rtnl_newlink+0x67/0xa0 [ 1333.351588][T17976] rtnetlink_rcv_msg+0x3ca/0xea0 [ 1333.356554][T17976] netlink_rcv_skb+0x16e/0x440 [ 1333.361345][T17976] netlink_unicast+0x545/0x820 [ 1333.366157][T17976] [ 1333.368494][T17976] Memory state around the buggy address: [ 1333.374164][T17976] ffff88807ee48b80: fb fb fb fb fb fb fc fc fc fc 00 00 00 00 00 00 [ 1333.382262][T17976] ffff88807ee48c00: 00 00 00 00 fc fc fc fc 00 00 00 00 00 00 00 00 [ 1333.390454][T17976] >ffff88807ee48c80: 00 00 fc fc fc fc fa fb fb fb fb fb fb fb fb fb [ 1333.398525][T17976] ^ [ 1333.406009][T17976] ffff88807ee48d00: fc fc fc fc fa fb fb fb fb fb fb fb fb fb fc fc [ 1333.414184][T17976] ffff88807ee48d80: fc fc 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 1333.422266][T17976] ================================================================== [ 1333.481020][T17976] ================================================================== [ 1333.489150][T17976] BUG: KASAN: slab-use-after-free in l2cap_send_cmd+0x908/0x920 [ 1333.496859][T17976] Read of size 8 at addr ffff88804298d800 by task kworker/u9:2/17976 [ 1333.504969][T17976] [ 1333.507317][T17976] CPU: 1 PID: 17976 Comm: kworker/u9:2 Tainted: G B 6.10.0-rc4-syzkaller-00179-g4545981f33be #0 [ 1333.519173][T17976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1333.529273][T17976] Workqueue: hci12 hci_rx_work [ 1333.534101][T17976] Call Trace: [ 1333.537406][T17976] [ 1333.540367][T17976] dump_stack_lvl+0x116/0x1f0 [ 1333.545089][T17976] print_report+0xc3/0x620 [ 1333.549546][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1333.555308][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1333.560991][T17976] ? __phys_addr+0xc6/0x150 [ 1333.565550][T17976] kasan_report+0xd9/0x110 [ 1333.569996][T17976] ? l2cap_send_cmd+0x908/0x920 [ 1333.574911][T17976] ? l2cap_send_cmd+0x908/0x920 [ 1333.579828][T17976] l2cap_send_cmd+0x908/0x920 [ 1333.584574][T17976] l2cap_connect.constprop.0+0x6f7/0x1270 [ 1333.590337][T17976] ? do_raw_spin_unlock+0x172/0x230 [ 1333.595611][T17976] ? __pfx_l2cap_connect.constprop.0+0x10/0x10 [ 1333.601816][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1333.607484][T17976] ? __mutex_unlock_slowpath+0x164/0x650 [ 1333.613170][T17976] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1333.619200][T17976] ? lockdep_hardirqs_on+0x7c/0x110 [ 1333.624452][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1333.630124][T17976] ? __entry_text_end+0xfdfc7/0x1020c9 [ 1333.635627][T17976] l2cap_recv_frame+0xf07/0x8e50 [ 1333.640735][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1333.646407][T17976] ? hci_rx_work+0xa83/0x1610 [ 1333.651153][T17976] ? __pfx_lock_release+0x10/0x10 [ 1333.656222][T17976] ? __pfx___lock_acquire+0x10/0x10 [ 1333.661456][T17976] ? __pfx_l2cap_recv_frame+0x10/0x10 [ 1333.666868][T17976] ? trace_contention_end+0xea/0x140 [ 1333.672202][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1333.678317][T17976] ? __mutex_unlock_slowpath+0x164/0x650 [ 1333.684003][T17976] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1333.690036][T17976] ? hci_rx_work+0xa6f/0x1610 [ 1333.694776][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1333.700506][T17976] ? hci_conn_enter_active_mode+0x219/0x360 [ 1333.706450][T17976] ? __pfx_lock_release+0x10/0x10 [ 1333.711522][T17976] ? __pfx_hci_conn_enter_active_mode+0x10/0x10 [ 1333.717841][T17976] l2cap_recv_acldata+0x9ac/0xb60 [ 1333.722917][T17976] hci_rx_work+0xaa7/0x1610 [ 1333.727471][T17976] process_one_work+0x9fe/0x1b60 [ 1333.732476][T17976] ? __pfx_lock_acquire+0x10/0x10 [ 1333.737543][T17976] ? __pfx_process_one_work+0x10/0x10 [ 1333.742973][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1333.748750][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1333.754583][T17976] ? assign_work+0x1a0/0x250 [ 1333.759217][T17976] worker_thread+0x6c8/0xf70 [ 1333.763869][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1333.769543][T17976] ? __kthread_parkme+0x148/0x220 [ 1333.774659][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1333.780339][T17976] ? __pfx_worker_thread+0x10/0x10 [ 1333.785488][T17976] kthread+0x2c4/0x3a0 [ 1333.789621][T17976] ? _raw_spin_unlock_irq+0x23/0x50 [ 1333.794861][T17976] ? __pfx_kthread+0x10/0x10 [ 1333.799554][T17976] ret_from_fork+0x48/0x80 [ 1333.804034][T17976] ? __pfx_kthread+0x10/0x10 [ 1333.808688][T17976] ret_from_fork_asm+0x1a/0x30 [ 1333.813785][T17976] [ 1333.816818][T17976] [ 1333.819154][T17976] Allocated by task 5124: [ 1333.823491][T17976] kasan_save_stack+0x33/0x60 [ 1333.828183][T17976] kasan_save_track+0x14/0x30 [ 1333.832894][T17976] __kasan_kmalloc+0xaa/0xb0 [ 1333.837539][T17976] l2cap_conn_add.part.0+0x60/0xa60 [ 1333.842771][T17976] l2cap_connect_cfm+0x428/0xf80 [ 1333.847742][T17976] hci_remote_features_evt+0x54b/0x9e0 [ 1333.853238][T17976] hci_event_packet+0x9e6/0x1170 [ 1333.858216][T17976] hci_rx_work+0x2c4/0x1610 [ 1333.862746][T17976] process_one_work+0x9fe/0x1b60 [ 1333.867719][T17976] worker_thread+0x6c8/0xf70 [ 1333.872385][T17976] kthread+0x2c4/0x3a0 [ 1333.876505][T17976] ret_from_fork+0x48/0x80 [ 1333.880964][T17976] ret_from_fork_asm+0x1a/0x30 [ 1333.885774][T17976] [ 1333.888159][T17976] Freed by task 5124: [ 1333.892154][T17976] kasan_save_stack+0x33/0x60 [ 1333.896860][T17976] kasan_save_track+0x14/0x30 [ 1333.901578][T17976] kasan_save_free_info+0x3b/0x60 [ 1333.906742][T17976] poison_slab_object+0xf7/0x160 [ 1333.911734][T17976] __kasan_slab_free+0x32/0x50 [ 1333.916533][T17976] kfree+0x12a/0x3b0 [ 1333.920449][T17976] l2cap_conn_del+0x59d/0x740 [ 1333.925174][T17976] l2cap_connect_cfm+0x9e6/0xf80 [ 1333.930151][T17976] hci_conn_failed+0x1c6/0x370 [ 1333.934954][T17976] hci_abort_conn_sync+0x75a/0xb50 [ 1333.940115][T17976] abort_conn_sync+0x197/0x360 [ 1333.944909][T17976] hci_cmd_sync_work+0x1a7/0x410 [ 1333.949866][T17976] process_one_work+0x9fe/0x1b60 [ 1333.954846][T17976] worker_thread+0x6c8/0xf70 [ 1333.959478][T17976] kthread+0x2c4/0x3a0 [ 1333.963598][T17976] ret_from_fork+0x48/0x80 [ 1333.968054][T17976] ret_from_fork_asm+0x1a/0x30 [ 1333.972867][T17976] [ 1333.975201][T17976] Last potentially related work creation: [ 1333.980924][T17976] kasan_save_stack+0x33/0x60 [ 1333.985639][T17976] __kasan_record_aux_stack+0xba/0xd0 [ 1333.991050][T17976] insert_work+0x36/0x230 [ 1333.995422][T17976] __queue_work+0x944/0x1020 [ 1334.000066][T17976] call_timer_fn+0x1a3/0x610 [ 1334.004702][T17976] __run_timers+0x567/0xaf0 [ 1334.009235][T17976] run_timer_base+0x111/0x190 [ 1334.013954][T17976] run_timer_softirq+0x1a/0x40 [ 1334.018754][T17976] handle_softirqs+0x219/0x8f0 [ 1334.023556][T17976] irq_exit_rcu+0xbb/0x120 [ 1334.028020][T17976] sysvec_apic_timer_interrupt+0x95/0xb0 [ 1334.033692][T17976] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1334.039727][T17976] [ 1334.042051][T17976] Second to last potentially related work creation: [ 1334.048641][T17976] kasan_save_stack+0x33/0x60 [ 1334.053350][T17976] __kasan_record_aux_stack+0xba/0xd0 [ 1334.058773][T17976] insert_work+0x36/0x230 [ 1334.063234][T17976] __queue_work+0x525/0x1020 [ 1334.067863][T17976] queue_work_on+0x11a/0x140 [ 1334.072492][T17976] l2cap_connect_cfm+0x9c9/0xf80 [ 1334.077547][T17976] hci_remote_features_evt+0x54b/0x9e0 [ 1334.083043][T17976] hci_event_packet+0x9e6/0x1170 [ 1334.088007][T17976] hci_rx_work+0x2c4/0x1610 [ 1334.092532][T17976] process_one_work+0x9fe/0x1b60 [ 1334.097510][T17976] worker_thread+0x6c8/0xf70 [ 1334.102144][T17976] kthread+0x2c4/0x3a0 [ 1334.106301][T17976] ret_from_fork+0x48/0x80 [ 1334.110780][T17976] ret_from_fork_asm+0x1a/0x30 [ 1334.115588][T17976] [ 1334.117920][T17976] The buggy address belongs to the object at ffff88804298d800 [ 1334.117920][T17976] which belongs to the cache kmalloc-1k of size 1024 [ 1334.131989][T17976] The buggy address is located 0 bytes inside of [ 1334.131989][T17976] freed 1024-byte region [ffff88804298d800, ffff88804298dc00) [ 1334.145771][T17976] [ 1334.148098][T17976] The buggy address belongs to the physical page: [ 1334.154518][T17976] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x42988 [ 1334.163316][T17976] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1334.171829][T17976] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1334.179826][T17976] page_type: 0xffffefff(slab) [ 1334.184517][T17976] raw: 00fff00000000040 ffff888015441dc0 0000000000000000 dead000000000001 [ 1334.193125][T17976] raw: 0000000000000000 0000000000100010 00000001ffffefff 0000000000000000 [ 1334.201738][T17976] head: 00fff00000000040 ffff888015441dc0 0000000000000000 dead000000000001 [ 1334.210446][T17976] head: 0000000000000000 0000000000100010 00000001ffffefff 0000000000000000 [ 1334.219177][T17976] head: 00fff00000000003 ffffea00010a6201 ffffffffffffffff 0000000000000000 [ 1334.227876][T17976] head: 0000000700000008 0000000000000000 00000000ffffffff 0000000000000000 [ 1334.236618][T17976] page dumped because: kasan: bad access detected [ 1334.243091][T17976] page_owner tracks the page as allocated [ 1334.248819][T17976] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 17355, tgid 17340 (syz-executor.1), ts 1141896683865, free_ts 1140859576102 [ 1334.270239][T17976] post_alloc_hook+0x2d1/0x350 [ 1334.275062][T17976] get_page_from_freelist+0x136a/0x2e50 [ 1334.280651][T17976] __alloc_pages_noprof+0x22b/0x2460 [ 1334.285993][T17976] alloc_slab_page+0x56/0x110 [ 1334.290708][T17976] new_slab+0x84/0x260 [ 1334.294809][T17976] ___slab_alloc+0xdac/0x1870 [ 1334.299510][T17976] __slab_alloc.constprop.0+0x56/0xb0 [ 1334.304919][T17976] __kmalloc_noprof+0x36d/0x410 [ 1334.309815][T17976] ieee802_11_parse_elems_full+0xea/0x15d0 [ 1334.315684][T17976] ieee80211_inform_bss+0xfd/0x1140 [ 1334.320928][T17976] cfg80211_inform_single_bss_data+0x880/0x2080 [ 1334.327226][T17976] cfg80211_inform_bss_data+0x205/0x39d0 [ 1334.332909][T17976] cfg80211_inform_bss_frame_data+0x271/0x7c0 [ 1334.339031][T17976] ieee80211_bss_info_update+0x311/0xab0 [ 1334.344714][T17976] ieee80211_scan_rx+0x47c/0xad0 [ 1334.349714][T17976] ieee80211_rx_list+0x1be1/0x2e90 [ 1334.354868][T17976] page last free pid 17353 tgid 17353 stack trace: [ 1334.361386][T17976] free_unref_page+0x64a/0xe40 [ 1334.366203][T17976] __put_partials+0x14c/0x170 [ 1334.370917][T17976] qlist_free_all+0x4e/0x140 [ 1334.375562][T17976] kasan_quarantine_reduce+0x192/0x1e0 [ 1334.381079][T17976] __kasan_slab_alloc+0x69/0x90 [ 1334.385970][T17976] kmem_cache_alloc_noprof+0x121/0x2f0 [ 1334.391465][T17976] getname_flags.part.0+0x50/0x4f0 [ 1334.396617][T17976] getname_flags+0x9b/0xf0 [ 1334.401074][T17976] vfs_fstatat+0x9a/0x150 [ 1334.405448][T17976] __do_sys_newfstatat+0xa6/0x130 [ 1334.410527][T17976] do_syscall_64+0xcd/0x250 [ 1334.415090][T17976] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1334.421039][T17976] [ 1334.423376][T17976] Memory state around the buggy address: [ 1334.429027][T17976] ffff88804298d700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1334.437114][T17976] ffff88804298d780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1334.445199][T17976] >ffff88804298d800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1334.453367][T17976] ^ [ 1334.457438][T17976] ffff88804298d880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1334.465519][T17976] ffff88804298d900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1334.473599][T17976] ================================================================== [ 1334.492292][T17976] ================================================================== [ 1334.500419][T17976] BUG: KASAN: slab-use-after-free in l2cap_send_cmd+0x8b5/0x920 [ 1334.508132][T17976] Read of size 8 at addr ffff88807ee49c90 by task kworker/u9:2/17976 [ 1334.516241][T17976] [ 1334.518583][T17976] CPU: 0 PID: 17976 Comm: kworker/u9:2 Tainted: G B 6.10.0-rc4-syzkaller-00179-g4545981f33be #0 [ 1334.530441][T17976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1334.540579][T17976] Workqueue: hci12 hci_rx_work [ 1334.545413][T17976] Call Trace: [ 1334.548710][T17976] [ 1334.551655][T17976] dump_stack_lvl+0x116/0x1f0 [ 1334.556373][T17976] print_report+0xc3/0x620 [ 1334.560822][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1334.566492][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1334.572159][T17976] ? __phys_addr+0xc6/0x150 [ 1334.576696][T17976] kasan_report+0xd9/0x110 [ 1334.581148][T17976] ? l2cap_send_cmd+0x8b5/0x920 [ 1334.586053][T17976] ? l2cap_send_cmd+0x8b5/0x920 [ 1334.590960][T17976] l2cap_send_cmd+0x8b5/0x920 [ 1334.595701][T17976] l2cap_connect.constprop.0+0x6f7/0x1270 [ 1334.601461][T17976] ? do_raw_spin_unlock+0x172/0x230 [ 1334.606721][T17976] ? __pfx_l2cap_connect.constprop.0+0x10/0x10 [ 1334.612913][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1334.618579][T17976] ? __mutex_unlock_slowpath+0x164/0x650 [ 1334.624317][T17976] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1334.630351][T17976] ? lockdep_hardirqs_on+0x7c/0x110 [ 1334.635601][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1334.641276][T17976] ? __entry_text_end+0xfdfc7/0x1020c9 [ 1334.646775][T17976] l2cap_recv_frame+0xf07/0x8e50 [ 1334.651759][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1334.657422][T17976] ? hci_rx_work+0xa83/0x1610 [ 1334.662141][T17976] ? __pfx_lock_release+0x10/0x10 [ 1334.667199][T17976] ? __pfx___lock_acquire+0x10/0x10 [ 1334.672433][T17976] ? __pfx_l2cap_recv_frame+0x10/0x10 [ 1334.677949][T17976] ? trace_contention_end+0xea/0x140 [ 1334.683284][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1334.688950][T17976] ? __mutex_unlock_slowpath+0x164/0x650 [ 1334.694629][T17976] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1334.700757][T17976] ? hci_rx_work+0xa6f/0x1610 [ 1334.705484][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1334.711157][T17976] ? hci_conn_enter_active_mode+0x219/0x360 [ 1334.717097][T17976] ? __pfx_lock_release+0x10/0x10 [ 1334.722164][T17976] ? __pfx_hci_conn_enter_active_mode+0x10/0x10 [ 1334.728468][T17976] l2cap_recv_acldata+0x9ac/0xb60 [ 1334.733535][T17976] hci_rx_work+0xaa7/0x1610 [ 1334.738091][T17976] process_one_work+0x9fe/0x1b60 [ 1334.743083][T17976] ? __pfx_lock_acquire+0x10/0x10 [ 1334.748142][T17976] ? __pfx_process_one_work+0x10/0x10 [ 1334.753559][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1334.759228][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1334.764890][T17976] ? assign_work+0x1a0/0x250 [ 1334.769521][T17976] worker_thread+0x6c8/0xf70 [ 1334.774158][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1334.779821][T17976] ? __kthread_parkme+0x148/0x220 [ 1334.784891][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1334.790561][T17976] ? __pfx_worker_thread+0x10/0x10 [ 1334.795713][T17976] kthread+0x2c4/0x3a0 [ 1334.799829][T17976] ? _raw_spin_unlock_irq+0x23/0x50 [ 1334.805056][T17976] ? __pfx_kthread+0x10/0x10 [ 1334.809693][T17976] ret_from_fork+0x48/0x80 [ 1334.814161][T17976] ? __pfx_kthread+0x10/0x10 [ 1334.818807][T17976] ret_from_fork_asm+0x1a/0x30 [ 1334.823632][T17976] [ 1334.826672][T17976] [ 1334.829013][T17976] Allocated by task 7745: [ 1334.833347][T17976] kasan_save_stack+0x33/0x60 [ 1334.838046][T17976] kasan_save_track+0x14/0x30 [ 1334.842745][T17976] __kasan_kmalloc+0xaa/0xb0 [ 1334.847478][T17976] __kmalloc_noprof+0x1ec/0x410 [ 1334.852357][T17976] cfg80211_inform_single_bss_data+0x51d/0x2080 [ 1334.858641][T17976] cfg80211_inform_bss_data+0x205/0x39d0 [ 1334.864310][T17976] cfg80211_inform_bss_frame_data+0x271/0x7c0 [ 1334.870420][T17976] ieee80211_bss_info_update+0x311/0xab0 [ 1334.876100][T17976] ieee80211_ibss_rx_queued_mgmt+0x1898/0x2f40 [ 1334.882298][T17976] ieee80211_iface_work+0xc07/0xf00 [ 1334.887540][T17976] cfg80211_wiphy_work+0x258/0x330 [ 1334.892697][T17976] process_one_work+0x9fe/0x1b60 [ 1334.897667][T17976] worker_thread+0x6c8/0xf70 [ 1334.902291][T17976] kthread+0x2c4/0x3a0 [ 1334.906401][T17976] ret_from_fork+0x48/0x80 [ 1334.910860][T17976] ret_from_fork_asm+0x1a/0x30 [ 1334.915677][T17976] [ 1334.918008][T17976] Freed by task 5178: [ 1334.922004][T17976] kasan_save_stack+0x33/0x60 [ 1334.926716][T17976] kasan_save_track+0x14/0x30 [ 1334.931502][T17976] kasan_save_free_info+0x3b/0x60 [ 1334.936565][T17976] poison_slab_object+0xf7/0x160 [ 1334.941571][T17976] __kasan_slab_free+0x32/0x50 [ 1334.946373][T17976] kmem_cache_free_bulk.part.0+0x148/0x390 [ 1334.952216][T17976] kvfree_rcu_bulk+0x454/0x550 [ 1334.957014][T17976] kfree_rcu_work+0x2f2/0x5a0 [ 1334.961729][T17976] process_one_work+0x9fe/0x1b60 [ 1334.966722][T17976] worker_thread+0x6c8/0xf70 [ 1334.971347][T17976] kthread+0x2c4/0x3a0 [ 1334.975634][T17976] ret_from_fork+0x48/0x80 [ 1334.980093][T17976] ret_from_fork_asm+0x1a/0x30 [ 1334.984943][T17976] [ 1334.987277][T17976] Last potentially related work creation: [ 1334.993082][T17976] kasan_save_stack+0x33/0x60 [ 1334.997783][T17976] __kasan_record_aux_stack+0xba/0xd0 [ 1335.003230][T17976] kvfree_call_rcu+0x74/0xbe0 [ 1335.007931][T17976] cfg80211_update_known_bss+0x39f/0x1150 [ 1335.013717][T17976] __cfg80211_bss_update+0x1aa/0x24c0 [ 1335.019142][T17976] cfg80211_inform_single_bss_data+0x743/0x2080 [ 1335.025495][T17976] cfg80211_inform_bss_data+0x205/0x39d0 [ 1335.031193][T17976] cfg80211_inform_bss_frame_data+0x271/0x7c0 [ 1335.037332][T17976] ieee80211_bss_info_update+0x311/0xab0 [ 1335.043023][T17976] ieee80211_ibss_rx_queued_mgmt+0x1898/0x2f40 [ 1335.049226][T17976] ieee80211_iface_work+0xc07/0xf00 [ 1335.054472][T17976] cfg80211_wiphy_work+0x258/0x330 [ 1335.059632][T17976] process_one_work+0x9fe/0x1b60 [ 1335.064604][T17976] worker_thread+0x6c8/0xf70 [ 1335.069228][T17976] kthread+0x2c4/0x3a0 [ 1335.073340][T17976] ret_from_fork+0x48/0x80 [ 1335.077798][T17976] ret_from_fork_asm+0x1a/0x30 [ 1335.082607][T17976] [ 1335.084936][T17976] The buggy address belongs to the object at ffff88807ee49c80 [ 1335.084936][T17976] which belongs to the cache kmalloc-96 of size 96 [ 1335.098839][T17976] The buggy address is located 16 bytes inside of [ 1335.098839][T17976] freed 96-byte region [ffff88807ee49c80, ffff88807ee49ce0) [ 1335.112486][T17976] [ 1335.114814][T17976] The buggy address belongs to the physical page: [ 1335.121228][T17976] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7ee49 [ 1335.130016][T17976] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 1335.137144][T17976] page_type: 0xffffefff(slab) [ 1335.141845][T17976] raw: 00fff00000000000 ffff888015441280 dead000000000100 dead000000000122 [ 1335.150452][T17976] raw: 0000000000000000 0000000000200020 00000001ffffefff 0000000000000000 [ 1335.159045][T17976] page dumped because: kasan: bad access detected [ 1335.165466][T17976] page_owner tracks the page as allocated [ 1335.171196][T17976] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 4234, tgid 4234 (kworker/u8:8), ts 130496899908, free_ts 130473705135 [ 1335.192087][T17976] post_alloc_hook+0x2d1/0x350 [ 1335.196892][T17976] get_page_from_freelist+0x136a/0x2e50 [ 1335.202480][T17976] __alloc_pages_noprof+0x22b/0x2460 [ 1335.207807][T17976] alloc_slab_page+0x56/0x110 [ 1335.212529][T17976] new_slab+0x84/0x260 [ 1335.216620][T17976] ___slab_alloc+0xdac/0x1870 [ 1335.221349][T17976] __slab_alloc.constprop.0+0x56/0xb0 [ 1335.226750][T17976] kmalloc_node_track_caller_noprof+0x355/0x430 [ 1335.233291][T17976] kmemdup_noprof+0x29/0x60 [ 1335.237836][T17976] ieee80211_check_fast_xmit+0xc2c/0x18e0 [ 1335.243591][T17976] ieee80211_ibss_rx_queued_mgmt+0x282e/0x2f40 [ 1335.249787][T17976] ieee80211_iface_work+0xc07/0xf00 [ 1335.255036][T17976] cfg80211_wiphy_work+0x258/0x330 [ 1335.260194][T17976] process_one_work+0x9fe/0x1b60 [ 1335.265168][T17976] worker_thread+0x6c8/0xf70 [ 1335.269791][T17976] kthread+0x2c4/0x3a0 [ 1335.273901][T17976] page last free pid 5174 tgid 5174 stack trace: [ 1335.280235][T17976] free_unref_page+0x64a/0xe40 [ 1335.285041][T17976] vfree+0x181/0x7a0 [ 1335.288983][T17976] delayed_vfree_work+0x56/0x70 [ 1335.293878][T17976] process_one_work+0x9fe/0x1b60 [ 1335.298851][T17976] worker_thread+0x6c8/0xf70 [ 1335.303474][T17976] kthread+0x2c4/0x3a0 [ 1335.307583][T17976] ret_from_fork+0x48/0x80 [ 1335.312042][T17976] ret_from_fork_asm+0x1a/0x30 [ 1335.316851][T17976] [ 1335.319176][T17976] Memory state around the buggy address: [ 1335.324813][T17976] ffff88807ee49b80: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 1335.332933][T17976] ffff88807ee49c00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 1335.341027][T17976] >ffff88807ee49c80: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 1335.349098][T17976] ^ [ 1335.353696][T17976] ffff88807ee49d00: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 1335.361773][T17976] ffff88807ee49d80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 1335.369845][T17976] ================================================================== [ 1335.411040][T17976] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000064: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 1335.423886][T17976] KASAN: null-ptr-deref in range [0x0000000000000320-0x0000000000000327] [ 1335.432321][T17976] CPU: 0 PID: 17976 Comm: kworker/u9:2 Tainted: G B 6.10.0-rc4-syzkaller-00179-g4545981f33be #0 [ 1335.444153][T17976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1335.454749][T17976] Workqueue: hci12 hci_rx_work [ 1335.459556][T17976] RIP: 0010:l2cap_send_cmd+0x5ce/0x920 [ 1335.465065][T17976] Code: 80 3c 02 00 0f 85 02 03 00 00 49 8b ac 24 e0 0f 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d bd 22 03 00 00 48 89 fa 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 ea 02 00 00 [ 1335.484710][T17976] RSP: 0018:ffffc9000931f7f8 EFLAGS: 00010212 [ 1335.490804][T17976] RAX: dffffc0000000000 RBX: ffff88802dd01280 RCX: ffffc9001397a000 [ 1335.498798][T17976] RDX: 0000000000000064 RSI: ffffffff81eb790e RDI: 0000000000000322 [ 1335.506793][T17976] RBP: 0000000000000000 R08: 0000000000000007 R09: 0000000000000000 [ 1335.514787][T17976] R10: 0000000000000000 R11: 3d3d3d3d3d3d3d3d R12: ffff88807ee48cb0 [ 1335.522782][T17976] R13: ffff888039cef748 R14: ffffc9000931f8f0 R15: ffff88804298d800 [ 1335.530862][T17976] FS: 0000000000000000(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000 [ 1335.539820][T17976] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1335.546428][T17976] CR2: 00007f5174901781 CR3: 000000000d97a000 CR4: 0000000000350ef0 [ 1335.554424][T17976] Call Trace: [ 1335.557714][T17976] [ 1335.560659][T17976] ? show_regs+0x8c/0xa0 [ 1335.564955][T17976] ? die_addr+0x4f/0xd0 [ 1335.569171][T17976] ? exc_general_protection+0x155/0x230 [ 1335.574779][T17976] ? asm_exc_general_protection+0x26/0x30 [ 1335.580562][T17976] ? end_report+0x8e/0x180 [ 1335.585011][T17976] ? l2cap_send_cmd+0x5ce/0x920 [ 1335.589910][T17976] ? l2cap_send_cmd+0x8b5/0x920 [ 1335.594824][T17976] l2cap_connect.constprop.0+0x6f7/0x1270 [ 1335.600586][T17976] ? do_raw_spin_unlock+0x172/0x230 [ 1335.605833][T17976] ? __pfx_l2cap_connect.constprop.0+0x10/0x10 [ 1335.612020][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1335.617682][T17976] ? __mutex_unlock_slowpath+0x164/0x650 [ 1335.623355][T17976] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1335.629372][T17976] ? lockdep_hardirqs_on+0x7c/0x110 [ 1335.634615][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1335.640286][T17976] ? __entry_text_end+0xfdfc7/0x1020c9 [ 1335.645796][T17976] l2cap_recv_frame+0xf07/0x8e50 [ 1335.650780][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1335.656450][T17976] ? hci_rx_work+0xa83/0x1610 [ 1335.661173][T17976] ? __pfx_lock_release+0x10/0x10 [ 1335.666261][T17976] ? __pfx___lock_acquire+0x10/0x10 [ 1335.671505][T17976] ? __pfx_l2cap_recv_frame+0x10/0x10 [ 1335.676912][T17976] ? trace_contention_end+0xea/0x140 [ 1335.682245][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1335.687914][T17976] ? __mutex_unlock_slowpath+0x164/0x650 [ 1335.693599][T17976] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1335.699618][T17976] ? hci_rx_work+0xa6f/0x1610 [ 1335.704333][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1335.709998][T17976] ? hci_conn_enter_active_mode+0x219/0x360 [ 1335.715940][T17976] ? __pfx_lock_release+0x10/0x10 [ 1335.721005][T17976] ? __pfx_hci_conn_enter_active_mode+0x10/0x10 [ 1335.727299][T17976] l2cap_recv_acldata+0x9ac/0xb60 [ 1335.732373][T17976] hci_rx_work+0xaa7/0x1610 [ 1335.736933][T17976] process_one_work+0x9fe/0x1b60 [ 1335.741946][T17976] ? __pfx_lock_acquire+0x10/0x10 [ 1335.747027][T17976] ? __pfx_process_one_work+0x10/0x10 [ 1335.752446][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1335.758122][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1335.763791][T17976] ? assign_work+0x1a0/0x250 [ 1335.768423][T17976] worker_thread+0x6c8/0xf70 [ 1335.773069][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1335.778735][T17976] ? __kthread_parkme+0x148/0x220 [ 1335.783821][T17976] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1335.789498][T17976] ? __pfx_worker_thread+0x10/0x10 [ 1335.794656][T17976] kthread+0x2c4/0x3a0 [ 1335.798779][T17976] ? _raw_spin_unlock_irq+0x23/0x50 [ 1335.804010][T17976] ? __pfx_kthread+0x10/0x10 [ 1335.808661][T17976] ret_from_fork+0x48/0x80 [ 1335.813132][T17976] ? __pfx_kthread+0x10/0x10 [ 1335.817784][T17976] ret_from_fork_asm+0x1a/0x30 [ 1335.822613][T17976] [ 1335.825642][T17976] Modules linked in: [ 1335.877290][T17976] ---[ end trace 0000000000000000 ]--- [ 1335.882891][T17976] RIP: 0010:l2cap_send_cmd+0x5ce/0x920 [ 1335.888469][T17976] Code: 80 3c 02 00 0f 85 02 03 00 00 49 8b ac 24 e0 0f 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d bd 22 03 00 00 48 89 fa 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 ea 02 00 00 [ 1335.922465][T17976] RSP: 0018:ffffc9000931f7f8 EFLAGS: 00010212 [ 1335.928602][T17976] RAX: dffffc0000000000 RBX: ffff88802dd01280 RCX: ffffc9001397a000 [ 1335.937067][T17976] RDX: 0000000000000064 RSI: ffffffff81eb790e RDI: 0000000000000322 [ 1335.951331][T17976] RBP: 0000000000000000 R08: 0000000000000007 R09: 0000000000000000 [ 1335.959363][T17976] R10: 0000000000000000 R11: 3d3d3d3d3d3d3d3d R12: ffff88807ee48cb0 [ 1335.967498][T17976] R13: ffff888039cef748 R14: ffffc9000931f8f0 R15: ffff88804298d800 [ 1335.971321][ T5174] usb 1-1: USB disconnect, device number 19 [ 1335.975577][T17976] FS: 0000000000000000(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000 [ 1335.991243][T17976] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1335.997890][T17976] CR2: 00007f5174901781 CR3: 000000000d97a000 CR4: 0000000000350ef0 [ 1336.005994][T17976] Kernel panic - not syncing: Fatal exception [ 1336.012350][T17976] Kernel Offset: disabled [ 1336.016679][T17976] Rebooting in 86400 seconds..