last executing test programs: 4.790606999s ago: executing program 0 (id=152): bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x808000, 0x4, 0x20300, 0xfc}, 0x1c) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000100)=@req3={0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x861}, 0x1c) 4.757705447s ago: executing program 1 (id=153): openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x2, 0x0) socket(0x20000000000000a, 0x2, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) recvmmsg(r0, 0x0, 0x0, 0x40000103, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10138, 0x2, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone3(&(0x7f00000002c0)={0x8040000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000940)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94) socket$inet6(0xa, 0x1, 0x0) socket$key(0xf, 0x3, 0x2) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)={0x2, 0x9, 0x0, 0x0, 0x2}, 0x10}}, 0x0) 3.930610817s ago: executing program 3 (id=155): sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_open_procfs$namespace(0xffffffffffffffff, 0x0) 3.901745172s ago: executing program 0 (id=156): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_VENDOR(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001b40)={&(0x7f00000001c0)={0x24, r0, 0x62c21a4ade68aba1, 0x0, 0x25dfdbfb, {{0x32}, {@val={0x8, 0x1, 0x60}, @val={0x8}, @void}}}, 0x24}, 0x1, 0x0, 0x0, 0x48d4}, 0x40010) 3.570637986s ago: executing program 0 (id=158): syz_read_part_table(0x59d, &(0x7f0000000000)="$eJzs0r1Ls1cYB+CTwEsoVCIiONhBMLg0KsRBh2SwEtMsRsSKFGfBQQfBwUFSorMf/4DiF4iL2NlRjCAKcZKM4lxQXDKltD6FtnZpiyl9ua4lnHPf59w5/J7A/1o8/NRsNmMhhGbi75/+7jQ/XuyZHJ2aDiEW5kII+a++/LUSizp+u/U8WpeidTGRqe3fjL2ctt/23ldTh/GofhEP4YcQwuLjUfLfvo3P31nuKrm+sVzYXM0tPBTWnobm+/PdW/mlneGDbHmmKzsbfVgX8dbMT9VGju+apefdtoFP1Vojcx31pWMfM5//1p/z3+us1CuNib6TlcF0R/2yvB3l/ip/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgg53lrpLrG8uFzdXcwkNh7Wlovj/fvZVf2hk+yJZnurKz8be+i3hr5qdqI8d3zdLzbtvAp2qtkbmO+tKxd0e/+fFj/hIt9HX4Y/57nZV6pTHRd7IymO6oX5a3o9xf3+cPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPCX8uPFnsnRqekQYmEuhPDt/fe9v+w3E2/1WNR3Hv2Wov1iIlPbvxl7OW2/7b2vpg4nEyEkfnfv4uNR8otWPoR/5OcAAAD//2wlhu4=") open(&(0x7f0000000140)='./file2\x00', 0x101980, 0x108) 3.570018022s ago: executing program 1 (id=159): epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, r0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48) r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10) write$P9_RWRITE(0xffffffffffffffff, &(0x7f0000000000)={0xb, 0x77, 0x1, 0x6}, 0xb) r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0) ioctl$VHOST_SET_LOG_FD(r5, 0x4004af07, &(0x7f0000000240)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) 3.496329202s ago: executing program 2 (id=160): syz_open_dev$sndmidi(0x0, 0x2, 0x141101) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000380)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b1}}, {@data_err_ignore}, {@grpquota}, {@nobh}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000000a40)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") r0 = open(&(0x7f0000000200)='./file1\x00', 0x4827e, 0xdc) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r0, 0x1000) fallocate(r0, 0x0, 0x0, 0x8800000) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000240)=ANY=[@ANYBLOB="050000000000000063112c0000000000851000000e000000850000000500000095000000000000009500a5050000000007e2d1cdbde0089a01eee460057573629400401b1982cf1725457c4c360cb8586b154acd75c2e1d356c603ea09fc806aa3831325b5839cd3435a510857ccec3690733c5e6ecb23817a9347d740b5"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x6}, 0x70) r1 = openat(0xffffffffffffff9c, &(0x7f0000000540)='./file1\x00', 0x105042, 0x1db) writev(r1, &(0x7f0000000140)=[{&(0x7f0000001200)="10", 0x64000}], 0x1) 3.183576271s ago: executing program 2 (id=161): r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0xa005, 0x10100}, &(0x7f0000000080)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {0x230}}) io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0) writev(r0, &(0x7f0000000180)=[{&(0x7f0000000200)="f82880678abc8ebd03d313b93fd5d278c5b4", 0x12}, {&(0x7f0000000400)="cd138a", 0x3}], 0x2) 3.134557862s ago: executing program 0 (id=162): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) timer_create(0xb, &(0x7f0000000680)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) 3.134154615s ago: executing program 4 (id=163): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x100000500) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) 3.085050074s ago: executing program 4 (id=164): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file1\x00', 0x200000, &(0x7f0000000440)={[{@utf8no}, {@utf8}, {@numtail}, {@fat=@codepage={'codepage', 0x3d, '864'}}, {@rodir}, {@numtail}, {@uni_xlate}, {@numtail}, {@shortname_lower}, {@utf8no}, {@utf8}, {@fat=@uid}, {@iocharset={'iocharset', 0x3d, 'cp874'}}]}, 0x81, 0x2a1, &(0x7f0000000500)="$eJzs3U9rI2UYAPBn0iRNVEgOnkRwQA+ewu5+gg1SYTEnJQe96OJ2QZJQaCHgH4w9eRc8+R38Dn4AL34DDx4Fb/YgjiQzk6RN0hqJ6dL+fpd5Mu/zzPsnb1so5M0nr48Gz07Onp9/9Ws0GklUHsfjuEiiHZUofRMAwF1ykWXxR5a7Kbca9YjIWsWryh6GBwD8D7b5+w8A3A0ffPjRe91e7+j9NG1EjL4d95PIr3l793l8FsM4jgfRir8isrk8fuVJ7yiqaVr+M2DcjH7E6OOfi9fd3yNm9Q+jFe2r9fUiK52Jt0aTcX/a8/Rai5eSiG6W5CmPohWvRmS1KB6SX9590jt6lK7WR78eb7/5QzH+v4+jE6345dM4iWE8mz1iUf/1wzR9J/v+zy/zGfQjksm4fzjLW8gO9vKGAAAAAAAAAAAAAAAAAAAAAABwL3TSufby+TnlaYCdzvr2jecDFSf8TJbO13mQpml5jM+4X4u8vhqvVaN6ezMHAAAAAAAAAAAAAAAAAACAF8fZ518Mng6Hx6eXgp+yadC8NudqUF26U36sf2PyxeamaTD4MeJfdbp1EAfF0IbJShdJ2bSDvg63SW6u6zQqm9awOox88N9tP7A3djXBa4Nydw2eJnFDcmP9TljadeU2PD1LttiQ2ZqlO9hYVd/J3BtRf/m/ljfXLtR0xrX5Yl6uakzfyaU7tR3/pFyR7Px3DwAAAAAAAAAAAAAAAAAAcNniQ7/x20rj+a0MCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD2bvH9//Ng3rbaVASTImF2p7I+pwwOlx640N7bBAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALgX/gkAAP//Ug9RvQ==") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='pids.events\x00', 0x275a, 0x0) 2.970193159s ago: executing program 4 (id=165): openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0) syz_emit_vhci(&(0x7f0000000380)=ANY=[@ANYBLOB="043e0b06c90008"], 0xe) 2.770417069s ago: executing program 2 (id=166): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) dup3(r6, r5, 0x0) r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r7, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000780)=@newtfilter={0x54, 0x2c, 0xd27, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {}, {0x9, 0xffff}}, [@filter_kind_options=@f_basic={{0xa}, {0x24, 0x2, [@TCA_BASIC_EMATCHES={0x20, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x3}}, @TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0xf, 0x1, 0x0, 0x0, {{0x3, 0x8, 0x2}}}]}]}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x14004880}, 0x2000d8d0) 2.770087404s ago: executing program 4 (id=167): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) ioctl$KDGKBSENT(0xffffffffffffffff, 0x4b48, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) socket$inet6_udp(0xa, 0x2, 0x0) syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f000000bc40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f0000000200)=ANY=[], 0x1, 0x6f2, &(0x7f0000000ac0)="$eJzs3U9sHFcZAPBv1mt7N1Udt03TIFWqaVFBWCSxLRfMJQYhZKQKqiDB2WqcxsrmD7aL3B6wC0hcOXBFKgdzgRMIISEhRSpnuFXcLE4VSFx6Snpg0Pxbr93d9TquvS78ftFk3rw3780338y+2V3J2gD+by1NR/1BNGNp+tXNbHt3Z661uzN3pyjXWhExHhG1iHpHr+S9iMUolvhMVlE19DrOL1YXrr//4e4HxVa9XGpR/NfsHWB9kLPYLpeYioiRcn0M+8Z7/fHGG98rJu3MZAl7qUocDNtoRKT7/ODiXks36UjHRs/XO/DpkRTPzQ7F638y4lxENKoH2nbRWDv9CA91pLlo++TiAAAAgDPj/MOtiM2YGHYcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8GlS/v5/Ui6PqvJUJNXv/3+uY/exIYbaX//IGlXhQe00ggEAAAAAAACAk/XCw/jN9TSdqLbTJGrfGyk3muX6zViPlXrE5diM5diIjViLmYiY7BhobHN5Y2NtJl7Mty58lKZpPFH0jLV9PWe79pwdMODmcc8YAAAAAAAAAP6nXJsfz9c/jqWYGHYwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQKYkYKVb5cqEqT0atHhGNiBjL9tuO+FtVPkPqR+3w4GTiAAAAgCEb3bd1/mE8jM2YqLbTJP/MfzH/3N+IN+NubMRqbEQrVuJG/l1A8am/truzNb27M3cnW8phv/Nke9yv/XvvGL+fODSofMQovnvofuRL+R7NuBmrec3leD3uRStuRC3vmblUxdMRV4d3spiSa4U0jfFB0nWjXGdn/vNyfSqah+0wmWdktJ2Rq1lsSZHHp/pnovPqDODgkWai1v7m50LvI7W/jKlyfq3vUZL/pGlROlfVRDzxrb45z++X0SOdzLEczMRsx913sX/OIz7/h99+/1br7u1byfb0qd1Gj+WF7tXj/6iuUJWJwnasxFxHJp4bOBM31894Jnra/01jLZ5tl5fim/HdmI6peC3WYjV+GMuxESsxFd/IS8vl/Zz9P9k/U4v7tl47LKax8rqMHIjps+eLdb+YXsz7TsRqfDvuxY1YiVfyf7MxE1+O+ZiPhY4r/OwAM22ty6v+j72Df+kLZSGb+H62NwGe4qu7lyyvT3XktXPOnczbOmtqkZZPlqeP8DzqPzdW9h5Z2ZX4ScdrcPjamWhE+ylRRfdMlYHRrpn4VT6trLfu3l67tXz/wLjJdvfjvRz7T//sTCTZ/fJ0e47Yf3dkbc90bZvJ2y6022oH237dbLcd9kodK9/DfXyk2bztuYj4ZRlt1pbJ5vCs7VJHv+z9ViNv+yhN0+L9FgBn3rkvnhtr/qv51+a7zZ82bzVfbXx9/Cvjz4/F6F9Gv1q/OvJy7fnkd/Fu/CgO/4QOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcav2tt28vt1orawcKaZpu9Wg6kULUI/bV/PlPHfvkvzUWEYMPmO29WIvIa+pRFgbo/s+IKGu2Hu903nncJPy9vCankvA+hWTgnRs975+ycO/J8nQepWl66qdT/VbbkbunpaFdgk+4UP1E1seaknpEj15DmY6AU3Rl4879K+tvvf2l1TvLb6y8sXJ3YX5+4erC/CtzV26uthrDDg84QfmzPn+fM+xIAAAAAAAAAAAAgEEN9sc5ye3lKGrq3f6K4LDuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMewNB31B5HEzNXLV7Pt3Z25VrZU5Ww9ku/5KCJqEZFMRSTvRSxGscRkx3BJr+NsR1x//8PdD4qternk+9eOfxbb5RJTZbhT3fdrdKtMt3qNl+Tj3O893oCSchlp1yweazz4hPw3AAD//xEwCSs=") renameat2(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, 0x0, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}]}, &(0x7f0000000100)=0x10) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, 0x0, 0x0) 2.618737429s ago: executing program 1 (id=168): r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x2, &(0x7f00000000c0)='\x00\x00', 0x3, 0x1, 0x16bf, 0x5505, 0xc3b8, 0x1, 0x0, 'syz0\x00'}) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0xe0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0), ""/16, 0x0, 0x0, 0x0, 0x0, 0x6, 0x5, &(0x7f0000000400)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x12, &(0x7f0000000480)=[{}, {}, {}, {}, {}, {}, {}], 0x38, 0x10, &(0x7f00000004c0), &(0x7f0000000500), 0x8, 0xb5, 0x8, 0x8, &(0x7f0000000540)}}, 0x10) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x4, &(0x7f00000007c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r1, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r2, 0x0, 0x4000000000004}, 0x18) r3 = socket$kcm(0x10, 0x2, 0x0) r4 = socket$can_j1939(0x1d, 0x2, 0x7) getsockopt$SO_J1939_PROMISC(r4, 0x6b, 0x2, &(0x7f0000000340), &(0x7f0000000380)=0x4) sendmsg$kcm(r3, &(0x7f0000000940)={0x0, 0xe, &(0x7f0000000000)=[{&(0x7f00000001c0)="d8000000180081054e81f782db44b904021d005c06007c09e8fe55a10a0015400600142603600e1208000b0000000401a8001600a400014009000200036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360d070100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r5}, 0x10) r6 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000011008108090f9becdb4cb92e264831371900000069bd6efb2502eaf60d002700020400bf050005001201", 0x2e}], 0x1}, 0x0) 2.443410581s ago: executing program 2 (id=169): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x4c02}) readv(r0, &(0x7f0000000080)=[{&(0x7f0000002140)=""/4096, 0x1000}], 0x1) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', @link_local}) 2.310578369s ago: executing program 3 (id=170): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c) 1.806053561s ago: executing program 4 (id=171): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000780)=ANY=[@ANYBLOB="48010000100001"], 0x148}}, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x4000000000000001, 0x0, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x1a, 0x3, &(0x7f0000000400)=ANY=[@ANYBLOB], 0x0, 0x8, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x800}, 0x94) recvmsg$kcm(0xffffffffffffffff, 0x0, 0x40002002) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, 0x0) r2 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) ioctl$USBDEVFS_SUBMITURB(r2, 0x802c550a, 0x0) socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x12) add_key(&(0x7f0000000140)='encrypted\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe) r3 = userfaultfd(0x80001) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_REGISTER(r3, 0xc020aa04, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x0, 0x2}) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000080)=0x474c, 0x4) ioctl$I2C_SMBUS(0xffffffffffffffff, 0x720, &(0x7f00000000c0)={0x0, 0x2, 0x6, &(0x7f0000000080)={0x6, "90f541a5e64f61909103f1fbbc2bd3c9f144d76e44c7b2986eb5e52829e7cb8393"}}) 1.739366792s ago: executing program 1 (id=172): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000140), 0x4) sendmsg$NL80211_CMD_GET_MPP(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000005c0)=ANY=[], 0x20}}, 0x40000) 1.414494052s ago: executing program 3 (id=173): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x9, 0x0, 0x0, 0x7ffffff}, 0x94) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha256)\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0) recvmmsg(r2, &(0x7f0000006100), 0x49f, 0x0, 0x0) 1.407778483s ago: executing program 0 (id=174): getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r0, 0x0, 0x0, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r1 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0) openat$audio1(0xffffff9c, 0x0, 0x40000, 0x0) ppoll(&(0x7f0000000040)=[{r1, 0x9620}], 0x1, 0x0, 0x0, 0x0) r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000001340)) write$dsp(r2, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001340)=[{0x0}], 0x1, 0x0, 0x0, 0xc9e}, 0x80) 1.359146396s ago: executing program 2 (id=175): ioctl$BLKBSZSET(0xffffffffffffffff, 0x40081271, &(0x7f0000000100)=0x10000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0) r4 = dup(r3) ioctl$BLKRRPART(r4, 0x125f, 0x0) kexec_load(0x0, 0x2, &(0x7f00000002c0)=[{0x0, 0x0, 0x1000000, 0x10000}, {0x0, 0x0, 0x3e0000}], 0x0) 774.530603ms ago: executing program 1 (id=176): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_WPAN_PHY(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x1c, r1, 0x2586ad4018a3b31b, 0x0, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20040080}, 0x0) 753.651534ms ago: executing program 1 (id=177): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000d00000000080000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000280)='netlink_extack\x00', r2}, 0x10) r3 = socket(0x1000000010, 0x80002, 0x0) r4 = socket$vsock_stream(0x28, 0x1, 0x0) getsockname(r4, &(0x7f00000014c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000001540)=0x80) sendmsg$nl_route_sched(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=@deltfilter={0x24, 0x2d, 0x1, 0x800000, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xd}, {0x10}, {0x0, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000840}, 0x80) 515.301852ms ago: executing program 0 (id=178): bpf$MAP_CREATE(0x0, 0x0, 0x50) mkdirat(0xffffffffffffff9c, 0x0, 0x0) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000540)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000001000000850000008600000095", @ANYRES16=r0], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r5}, 0x10) r6 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r7, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r7, 0xfff) syz_emit_ethernet(0x4a, &(0x7f00000004c0)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0xf00, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000540)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a3ff2", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x14}}}}}}}, 0x0) r8 = ioctl$LOOP_CTL_GET_FREE(r6, 0x4c82) ioctl$LOOP_CTL_REMOVE(r6, 0x4c81, r8) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0x1, 0x7, 0x7fffffff}]}) msgsnd(0x0, &(0x7f0000000040)={0x1}, 0x8, 0x0) r9 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r9, 0x84, 0x20, &(0x7f0000000280), &(0x7f0000000380)=0x4) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000001800", @ANYBLOB="00ff005f6b1a030000000000000000bafc0374"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x8, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$nl_netfilter(0x10, 0x3, 0xc) 370.502058ms ago: executing program 2 (id=179): syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f0000000680)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6e6f757365725f78617474722c636f686572656e63793d66756c6c2c646174613d77726974656261636b2c6c6f63616c616c6c6f633d30303030303030303030303030303030303030312c61636c2c6e6f61636c2c6c6f63616c616c6c6f633d30303030303030303030303030303030303030302c00a89f6b8d5800aa954e6c8735dcd52921ce08462fb4ce7c1600883251443ac332f4d17b77d29867e4321610936dbc5963e9fb59a032c92e32ebffc3b739951e866d52bff6bd63136a656222062a8eea0cf97480bc8ac6c0e8a2aa38ffa8fa758cd54b9ef39a7f536d7b85173a83c34d78e210ecf4d040817bbe989e9eb015acb84bb90577b8b405a48292eeca69f5275cb7b7027d4bf643bd69b034c0221a30"], 0x1, 0x442d, &(0x7f0000004480)="$eJzs3c9PHGUfAPBnBvoW+rZ9oW8PfZM3cRObaNQQ6EmliZTSUmixptrGeNkusG3RhW1gMR56wFsTTyYejIdGE2+cGg5e65/gxWM9N9GDFxOTRszuzgIz7IaVsGDr53NgmOc3fGeefeYw+8SJyp25pdzcUq6wkCvP3Fo6k/u4XFqeL4Z4nzTt/9D+9U97OnGdHPS190929fzFd2+cCeH72R+frK+vr4eq7tDU0Jbff/v13szWY0OcqVNtt3lre+WDEMLJbeOq6gohvP9dCFEI4VySNpoce0MIx0I978a9z27m9mg0Dx8Xz+afTt1fGz49ufpgrfXfHoXwVel/r92e//nFruGfXtmj7gEAAAAAAAAAAAAAAAAAeMaNX7t6/Z3BofAoCt2r0fb3dceTY6v3Y9f3zAsh9HX+7wUAAAAAAAAAAAAAAAAAAIC/o833/3PRiSbv/48lx5EW9dff6vwY6ZyJt6+OXRgcSvZ/j7blv54k/XKuK/Q32fc9u//7uUz95vu/b+9ntxrja/TbF6J4IHUexwMDIXyTbPx+KjoSl8pLlVdvlZcXZvdsGM+sdPzru/enopNs6N9u/Ecz7Xd+////bruaquc39+4Se66l49/Vsty3n0Ztxf98pt5+xJ/dS8e/u5bWu7XASH0CqMb/8+6d4z+Wab9T8T8eQshF1bHmUjNAdQ1TTW+1XiEtHf9DtbTU1Jn8I1vd/79n4n8h0/5Bzf8r2Q8imkrH/1+1tJ5Uic37vz/e+f6/mGn/IOJfHf+Kz/+2pON/uJ7YnSpS+0+2O/+PZ9rvVPyvx8k4j0epK2A1qqe3+r460tLx79mWv/n8F7e1/ruUqb9fz3+NfhvPf43p/+Wo/vxHc+n497Ys1+79P5Gp1+n5f6S2/mO30vE/UktLr53rX8rZbvwnM+13Kv61VUlPI/6b88kfh+vpX1v/tSUd/3/XE+OtJVZqP2vrv2jn9f/lTPsHsf6rjn8l7myvz4t0/I+2LFeN/w9tfP5fydTrfPxDGLTW37V0/I+1LFe7/3t2jv9Upl6n4/9SJxsHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeAaMJse+EMUDqfM4HhgI4XxyfiociaYLs/npUnnmo6UQxpL0XDgR3S6Vpwul/NxCebaYL5RK5ZkQLiT5J0NPtFQqV/LzhbsXN9rqje4UC4uV6WKhEkIYT9L/H4412pqeq8wX7oYQLm3k/ScuL969U1jIz84tvjk4ODgYJjbG0B8VP6kUFyr13uu5IUxu1O2Ltgyuln15YyxHow/Ly4sLhVIt/cqWOqXyTKG0pc5UkvdF6I8qi8sLM4VKMV8q3270d5BGkuPYxLX3rl0Z2pZ/M6ofR/d3WAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8RY+G3/gyhNBdP4tDCCONX6Jm5R8+Lp7NP526vzZ8enL1wdqTVuUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgT3bgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwS8coDQRRGIDfjIXaeQyrZbezXVFEC1cET6DH8DB6FC/hHVKkSJsiBJJZCJtd2Capvq95MD8z78E8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYJ6n9+7jrW4iUlxtLiP+vv4Xh/lLqT/34/cvzjAjp/P82j081k3593SU35WjZZt36Xr1/Rkjtfc72JPhPu31fa4n55rat6n5+r43kXIVEW3Jb1POVTXvLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAtO3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdiBYwEAAAAAYf7WUfRtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPwKAAD//+UFHyA=") r0 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) ftruncate(r0, 0x2007ffa) r1 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./bus\x00', 0x40942, 0x0) open(0x0, 0x60142, 0x0) r2 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r3, 0x40305829, 0x0) ftruncate(r2, 0x2007ffb) copy_file_range(r1, 0x0, r0, 0x0, 0xfffffbffa003e458, 0x700000000000000) 370.224712ms ago: executing program 3 (id=180): r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) bind$can_raw(r0, &(0x7f00000001c0)={0x1d, r1}, 0x10) sendmsg$can_raw(r0, 0x0, 0x20000000) read(r0, 0x0, 0x0) 369.950514ms ago: executing program 4 (id=181): r0 = socket$kcm(0x2, 0x5, 0x84) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$inet(r0, 0x0, 0x448e4) prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) pipe2$9p(0x0, 0x0) write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x15) r4 = dup(0xffffffffffffffff) write$FUSE_DIRENT(r4, &(0x7f0000000000)=ANY=[@ANYRES16, @ANYRES16], 0x58) sched_setscheduler(0x0, 0x2, &(0x7f0000000140)=0x6) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$smc(&(0x7f0000001500), 0xffffffffffffffff) sendmsg$SMC_PNETID_GET(r5, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000001540)={0x14, r6, 0x715, 0x70bd28, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x228e660f298b4052}, 0x40000) 47.309428ms ago: executing program 3 (id=182): syz_clone(0x808000, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0xa, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) userfaultfd(0x1) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffffff, 0x0, 0x0}, 0x10) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) r1 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c) socket$igmp6(0xa, 0x3, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r3 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r3, 0x0) r4 = getpid() process_vm_readv(r4, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) 0s ago: executing program 3 (id=183): bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000980)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x1200800, &(0x7f00000008c0)=ANY=[@ANYBLOB="706172743d3078303030303030303030303030303031302c6e6c733d69736f383835392d332c747970653d78fa42012c666f7263652c6769643d", @ANYRESHEX=0x0, @ANYBLOB="00000000f5", @ANYRESHEX=0x0, @ANYBLOB="056c"], 0x3, 0x6ae, &(0x7f0000000e40)="$eJzs3U9sHFcdB/DvbDbrbJBSt03TgJBqNVIFjUjsrEqChNSAEMohQhFcerUSp7GySSvHRWmEyAYoSJw4oR44FKFw6AkhhFQOCFHOSEhcOOUeiRuHHABXM7O7Xtsbx25ir9t+PtJ43ts3773f/DJ/dsexNsBn1rnXsr+XIueOn79Z1u/d7XTv3e1cG5STTCVpJM16laKdFB8mZ1Mv+Xz5Yn+44mHzvHL/g6L57vudutbsL9X2jc36bTB2y15yYFjZl2SmLv53y8NuGK9aqnEuro73cFObNRbDuMuEHRskDiZtZYPeamPjkd23ft4Ce9bt+r65wXRyMPXdtbrF9a8Oj74yTN6m16be7sUBAAAAO2XsZ/lRTz3Ig9zMod0JBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4divo7A4v+0hiUZ1IMvv+/NfKd+q0Jh/uY3rlcrb771KQDAQAAAAAAAIDH8sKDPMjNHBrUV4rqd/4vVpXD1c/P5a3cyEKWciI3M5/lLGcpc0mmRwZq3ZxfXl6a29jzlyl7rqys3O73PDW256m1cfXWBzrufxps2AgAAAAAAAAAPrN+lHOrv/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC9oEj21atqOTwoT6fRTHIgSauYGW7emmiwT8BfJh0AAAAA7Lx2f32o+H9dWCmqz/xHqs/9B/JWrmc5i1lONwu5VD0LqD/1N/7R63Tv3e1cK5eNA3/j39uKoxox9bOH8TPPVls8N+xxLt/O93I8M7mQpSzm+5nPchYyk29VpfkUme4/vZi+d7edQawb4z27pnZhfWwvjJTL+I5WkbRzOYtVbCdysTUIvdHf7ujIbH9sJetmvFNmp3i1b4s5utRfl3v0i/56b5iu9nz/MCOz/dyX2Xh6NO8bc7/N42T9THNpDJ9BHV6dpayun+lj5fxgf13m+qc7m/NtPkpbm4nez8va4Og7snnOky//868XrjSuX71y+cbxvXMYfUzrj4nOSCae31ImumUmeo+RiQOPE/+T0+pno76Kbu9q+WLV91AW8528kUtZyOnMZi5nMpuv5VQ6OTWS1+c2z2t1rjW2d64d+1K/UN6TfjZyb9o1Uw9rKPP69EheR69001Xb6CurWXpmC1kqWhmfpX+NDaX5hX6hnOPHI3ecyVufibmRTDy7eSZ+/b+VJDe6168uXZl/c5M5bv354EuD8qBQnrbvrL02/+ZJ7tc29He3PF6eKf+xUt82Ro+Osu3ZQVudr6KZ1X6Hh21r73OtVqrzuW571JlajnTkzriR6rbnx87SqdqOjrSteZeTN9IdvgsBYA87+PLBVvt+++/t99o/aV9pnz/wzakzU19sZf/fmn/a97vGbxtfL17Oe/lhDk06UgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+DS48fatq/Pd7sLSHiyk8YQHvDO2aZCK+pXW3tj3T2pharMj6vdJNunemkTM7SR7InVp7sJcUxnTdH74SjtpDONJcnWPfMEdsBNOLl978+SNt299ZfHa/OsLry9cP3Xm9KunO1+du33y8mJ3Ybb+OekogZ2w+jZg0pEAAAAAAAAAAAAAW7Ubf94wZtqiN4F9BQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD6Zzr2W/b0UmZs9MVvW793tdMtlUF7dspmkkaT4QVJ8mJxNvWR6ZLjiYfO8cv+DX7307vud1bGag+0b6/r94T8rK9vci15/yUySff31o01tabyLI+P1thlYrRjuYZmwY4PEwaR9FAAA///howfX") syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) fsopen(0x0, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) close_range(r0, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.126' (ED25519) to the list of known hosts. [ 31.162952][ T6537] cgroup: Unknown subsys name 'net' [ 31.277045][ T6537] cgroup: Unknown subsys name 'cpuset' [ 31.278920][ T6537] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 31.423326][ T6537] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS [ 32.627968][ T6551] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 32.628645][ T6551] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 32.629704][ T6551] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 32.629889][ T6551] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 32.630199][ T6551] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 32.630396][ T6551] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 32.640573][ T6556] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 32.643768][ T52] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 32.646525][ T52] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 32.647869][ T52] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 32.650226][ T52] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 32.653218][ T52] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 32.655410][ T6118] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 32.657443][ T6556] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 32.660017][ T6556] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 32.660072][ T6118] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 32.662866][ T6118] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 32.664289][ T6118] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 32.666460][ T6118] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 32.668912][ T6556] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 32.670705][ T6554] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 32.672759][ T6556] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 32.676044][ T6556] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 32.682332][ T6551] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 32.685898][ T6556] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 32.746206][ T6547] chnl_net:caif_netlink_parms(): no params data found [ 32.787619][ T6547] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.789174][ T6547] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.790410][ T6547] bridge_slave_0: entered allmulticast mode [ 32.791813][ T6547] bridge_slave_0: entered promiscuous mode [ 32.813524][ T6547] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.814796][ T6547] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.815813][ T6547] bridge_slave_1: entered allmulticast mode [ 32.817288][ T6547] bridge_slave_1: entered promiscuous mode [ 32.832007][ T6547] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 32.835239][ T6547] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 32.862553][ T6552] chnl_net:caif_netlink_parms(): no params data found [ 32.866144][ T6547] team0: Port device team_slave_0 added [ 32.866879][ T6547] team0: Port device team_slave_1 added [ 32.891097][ T6549] chnl_net:caif_netlink_parms(): no params data found [ 32.897112][ T6547] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 32.898389][ T6547] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 32.898418][ T6547] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 32.905980][ T6547] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 32.907215][ T6547] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 32.911702][ T6547] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 32.934748][ T6552] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.936135][ T6552] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.937410][ T6552] bridge_slave_0: entered allmulticast mode [ 32.938641][ T6552] bridge_slave_0: entered promiscuous mode [ 32.939545][ T6552] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.939563][ T6552] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.939614][ T6552] bridge_slave_1: entered allmulticast mode [ 32.940003][ T6552] bridge_slave_1: entered promiscuous mode [ 32.947910][ T6557] chnl_net:caif_netlink_parms(): no params data found [ 32.951725][ T6547] hsr_slave_0: entered promiscuous mode [ 32.952032][ T6547] hsr_slave_1: entered promiscuous mode [ 32.970548][ T6552] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 32.974650][ T6552] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 32.998200][ T6549] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.999627][ T6549] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.001121][ T6549] bridge_slave_0: entered allmulticast mode [ 33.002726][ T6549] bridge_slave_0: entered promiscuous mode [ 33.004955][ T6549] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.005745][ T6549] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.005831][ T6549] bridge_slave_1: entered allmulticast mode [ 33.006266][ T6549] bridge_slave_1: entered promiscuous mode [ 33.026522][ T6552] team0: Port device team_slave_0 added [ 33.027270][ T6552] team0: Port device team_slave_1 added [ 33.035498][ T6552] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 33.037233][ T6552] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 33.041395][ T6552] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 33.045106][ T6552] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 33.045129][ T6552] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 33.045155][ T6552] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 33.047988][ T6549] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 33.048930][ T6549] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 33.055589][ T6555] chnl_net:caif_netlink_parms(): no params data found [ 33.065051][ T6549] team0: Port device team_slave_0 added [ 33.073320][ T6557] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.073414][ T6557] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.073467][ T6557] bridge_slave_0: entered allmulticast mode [ 33.073896][ T6557] bridge_slave_0: entered promiscuous mode [ 33.079436][ T6549] team0: Port device team_slave_1 added [ 33.088360][ T6557] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.088734][ T6557] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.088786][ T6557] bridge_slave_1: entered allmulticast mode [ 33.089220][ T6557] bridge_slave_1: entered promiscuous mode [ 33.104255][ T6549] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 33.104279][ T6549] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 33.104292][ T6549] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 33.104820][ T6549] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 33.104832][ T6549] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 33.104846][ T6549] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 33.119001][ T6557] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 33.119849][ T6557] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 33.130077][ T6552] hsr_slave_0: entered promiscuous mode [ 33.130355][ T6552] hsr_slave_1: entered promiscuous mode [ 33.130524][ T6552] debugfs: 'hsr0' already exists in 'hsr' [ 33.130554][ T6552] Cannot create hsr debugfs directory [ 33.140513][ T6557] team0: Port device team_slave_0 added [ 33.154090][ T6557] team0: Port device team_slave_1 added [ 33.167375][ T6555] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.168668][ T6555] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.170144][ T6555] bridge_slave_0: entered allmulticast mode [ 33.171689][ T6555] bridge_slave_0: entered promiscuous mode [ 33.173390][ T6555] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.174610][ T6555] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.175881][ T6555] bridge_slave_1: entered allmulticast mode [ 33.177306][ T6555] bridge_slave_1: entered promiscuous mode [ 33.186581][ T6549] hsr_slave_0: entered promiscuous mode [ 33.186895][ T6549] hsr_slave_1: entered promiscuous mode [ 33.187087][ T6549] debugfs: 'hsr0' already exists in 'hsr' [ 33.187097][ T6549] Cannot create hsr debugfs directory [ 33.200605][ T6557] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 33.200624][ T6557] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 33.200646][ T6557] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 33.202486][ T6555] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 33.218646][ T6555] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 33.219416][ T6557] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 33.219426][ T6557] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 33.219444][ T6557] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 33.242913][ T6555] team0: Port device team_slave_0 added [ 33.243619][ T6555] team0: Port device team_slave_1 added [ 33.292791][ T6557] hsr_slave_0: entered promiscuous mode [ 33.293072][ T6557] hsr_slave_1: entered promiscuous mode [ 33.293223][ T6557] debugfs: 'hsr0' already exists in 'hsr' [ 33.293234][ T6557] Cannot create hsr debugfs directory [ 33.297091][ T6555] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 33.297112][ T6555] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 33.297127][ T6555] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 33.297636][ T6555] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 33.297643][ T6555] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 33.297655][ T6555] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 33.307394][ T6547] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 33.328362][ T6555] hsr_slave_0: entered promiscuous mode [ 33.330009][ T6555] hsr_slave_1: entered promiscuous mode [ 33.331651][ T6555] debugfs: 'hsr0' already exists in 'hsr' [ 33.332665][ T6555] Cannot create hsr debugfs directory [ 33.333734][ T6547] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 33.336074][ T6547] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 33.342297][ T6547] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 33.372605][ T6552] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 33.382594][ T6552] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 33.385114][ T6552] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 33.400927][ T6552] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 33.403430][ T6547] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.403477][ T6547] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.403630][ T6547] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.403653][ T6547] bridge0: port 1(bridge_slave_0) entered forwarding state [ 33.431056][ T6549] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 33.444770][ T6547] 8021q: adding VLAN 0 to HW filter on device bond0 [ 33.446912][ T6549] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 33.450643][ T6549] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 33.453441][ T6552] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.453476][ T6552] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.453549][ T6552] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.453577][ T6552] bridge0: port 1(bridge_slave_0) entered forwarding state [ 33.460080][ T6549] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 33.472555][ T2203] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.474342][ T2203] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.478599][ T2203] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.480161][ T2203] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.493863][ T6547] 8021q: adding VLAN 0 to HW filter on device team0 [ 33.509568][ T41] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.509613][ T41] bridge0: port 1(bridge_slave_0) entered forwarding state [ 33.512639][ T6557] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 33.518859][ T6557] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 33.521007][ T6557] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 33.523616][ T41] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.523642][ T41] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.524096][ T6557] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 33.543267][ T6552] 8021q: adding VLAN 0 to HW filter on device bond0 [ 33.552953][ T6555] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 33.556377][ T6555] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 33.559741][ T6555] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 33.561850][ T6555] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 33.593821][ T6552] 8021q: adding VLAN 0 to HW filter on device team0 [ 33.605157][ T342] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.605192][ T342] bridge0: port 1(bridge_slave_0) entered forwarding state [ 33.609886][ T6549] 8021q: adding VLAN 0 to HW filter on device bond0 [ 33.620631][ T1410] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.620668][ T1410] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.644965][ T6547] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 33.657442][ T6552] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 33.666572][ T6555] 8021q: adding VLAN 0 to HW filter on device bond0 [ 33.671112][ T6555] 8021q: adding VLAN 0 to HW filter on device team0 [ 33.673273][ T6557] 8021q: adding VLAN 0 to HW filter on device bond0 [ 33.680909][ T6557] 8021q: adding VLAN 0 to HW filter on device team0 [ 33.683279][ T6549] 8021q: adding VLAN 0 to HW filter on device team0 [ 33.692239][ T6547] veth0_vlan: entered promiscuous mode [ 33.699101][ T342] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.699139][ T342] bridge0: port 1(bridge_slave_0) entered forwarding state [ 33.704421][ T6547] veth1_vlan: entered promiscuous mode [ 33.716574][ T6557] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 33.716601][ T6557] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 33.734638][ T342] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.734670][ T342] bridge0: port 1(bridge_slave_0) entered forwarding state [ 33.735131][ T342] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.735150][ T342] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.735447][ T342] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.735461][ T342] bridge0: port 1(bridge_slave_0) entered forwarding state [ 33.735963][ T342] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.735978][ T342] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.759979][ T6555] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 33.761900][ T6555] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 33.768944][ T41] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.768975][ T41] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.777389][ T6552] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 33.784304][ T6547] veth0_macvtap: entered promiscuous mode [ 33.790607][ T6547] veth1_macvtap: entered promiscuous mode [ 33.801353][ T6547] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 33.809586][ T6557] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 33.824260][ T6557] veth0_vlan: entered promiscuous mode [ 33.834336][ T6547] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 33.837795][ T41] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.837829][ T41] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.837862][ T41] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.837881][ T41] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.850838][ T6555] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 33.854136][ T6557] veth1_vlan: entered promiscuous mode [ 33.864622][ T6549] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 33.899390][ T6557] veth0_macvtap: entered promiscuous mode [ 33.900332][ T6557] veth1_macvtap: entered promiscuous mode [ 33.903411][ T6557] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 33.910178][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 33.915800][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 33.919171][ T6552] veth0_vlan: entered promiscuous mode [ 33.921492][ T6557] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 33.922387][ T6549] veth0_vlan: entered promiscuous mode [ 33.923737][ T6549] veth1_vlan: entered promiscuous mode [ 33.934737][ T342] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.934944][ T342] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.934969][ T342] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.934984][ T342] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.958316][ T6549] veth0_macvtap: entered promiscuous mode [ 33.958680][ T342] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 33.958691][ T342] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 33.960438][ T6552] veth1_vlan: entered promiscuous mode [ 33.973137][ T6555] veth0_vlan: entered promiscuous mode [ 33.974786][ T6549] veth1_macvtap: entered promiscuous mode [ 33.980012][ T6549] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 33.995343][ T15] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 33.995366][ T15] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 34.001500][ T6547] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 34.009600][ T6549] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 34.016944][ T6555] veth1_vlan: entered promiscuous mode [ 34.020720][ T6552] veth0_macvtap: entered promiscuous mode [ 34.021711][ T6552] veth1_macvtap: entered promiscuous mode [ 34.024927][ T6552] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 34.032886][ T6552] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 34.043176][ T6555] veth0_macvtap: entered promiscuous mode [ 34.053799][ T6555] veth1_macvtap: entered promiscuous mode [ 34.061318][ T342] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.063068][ T342] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 34.064671][ T342] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 34.067230][ T342] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.067731][ T342] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.067814][ T342] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.079769][ T342] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.079807][ T342] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.079841][ T342] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.079861][ T342] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.121216][ T2203] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 34.123245][ T2203] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 34.127589][ T6555] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 34.136490][ T6555] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 34.148153][ T342] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.148675][ T342] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.149160][ T342] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.149646][ T342] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.404109][ T6666] input: syz1 as /devices/virtual/input/input2 [ 34.425948][ T15] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 34.425978][ T15] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 34.455064][ T342] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 34.455090][ T342] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 34.462946][ T15] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 34.462975][ T15] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 34.475422][ T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 34.475451][ T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 34.490274][ T15] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 34.490302][ T15] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 34.522354][ T6671] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1'. [ 34.524320][ T6671] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1'. [ 34.526259][ T6671] netlink: 'syz.0.1': attribute type 19 has an invalid length. [ 34.542518][ T6671] loop0: detected capacity change from 0 to 512 [ 34.577753][ T342] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 34.583199][ T6671] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 34.583248][ T6671] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 34.586553][ T15] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 34.587245][ T15] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 34.587738][ T15] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 34.594671][ T6671] EXT4-fs (loop0): orphan cleanup on readonly fs [ 34.595169][ T6671] EXT4-fs error (device loop0): mb_free_blocks:2017: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt. [ 34.599056][ T6671] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #11: comm syz.0.1: corrupted inode contents [ 34.602374][ T6671] EXT4-fs error (device loop0): ext4_dirty_inode:6538: inode #11: comm syz.0.1: mark_inode_dirty error [ 34.607167][ T6671] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.1: invalid indirect mapped block 327680 (level 0) [ 34.609793][ T6671] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #11: comm syz.0.1: corrupted inode contents [ 34.610265][ T6671] EXT4-fs error (device loop0) in ext4_orphan_del:305: Corrupt filesystem [ 34.610387][ T6671] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #11: comm syz.0.1: corrupted inode contents [ 34.610480][ T6671] EXT4-fs error (device loop0): ext4_truncate:4666: inode #11: comm syz.0.1: mark_inode_dirty error [ 34.610568][ T6671] EXT4-fs error (device loop0) in ext4_process_orphan:347: Corrupt filesystem [ 34.610710][ T6671] EXT4-fs (loop0): 1 truncate cleaned up [ 34.611269][ T6671] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 34.666389][ T6556] Bluetooth: hci0: command tx timeout [ 34.746020][ T6556] Bluetooth: hci2: command tx timeout [ 34.746199][ T6556] Bluetooth: hci3: command tx timeout [ 34.746281][ T6559] Bluetooth: hci4: command tx timeout [ 34.747183][ T6556] Bluetooth: hci1: command tx timeout [ 34.974991][ T6549] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 34.995435][ T6679] af_packet: tpacket_rcv: packet too big, clamped from 65238 to 3944. macoff=96 [ 35.029655][ T6676] loop4: detected capacity change from 0 to 32768 [ 35.104073][ T6683] syz.2.7 uses obsolete (PF_INET,SOCK_PACKET) [ 35.297977][ T6683] Zero length message leads to an empty skb [ 35.301709][ T6684] delete_channel: no stack [ 35.309355][ T6676] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names [ 35.309387][ T6676] allowing incompatible features above 0.0: (unknown version) [ 35.309412][ T6676] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 35.309435][ T6676] bcachefs (loop4): Using encoding defined by superblock: utf8-12.1.0 [ 35.309477][ T6676] bcachefs (loop4): initializing new filesystem [ 35.311829][ T6676] bcachefs (loop4): going read-write [ 35.327918][ T6676] bcachefs (loop4): marking superblocks [ 35.336705][ T6676] bcachefs (loop4): initializing freespace [ 35.339915][ T6676] bcachefs (loop4): done initializing freespace [ 35.343490][ T6676] bcachefs (loop4): reading snapshots table [ 35.343537][ T6676] bcachefs (loop4): reading snapshots done [ 35.408386][ T6676] bcachefs (loop4): done starting filesystem [ 35.715896][ T6676] bcachefs (loop4): shutdown by ioctl type 0emergency read only at seq 2 [ 35.717582][ T6616] bcachefs (loop4): going read-only [ 35.717646][ T6616] bcachefs (loop4): finished waiting for writes to stop [ 35.739676][ T6616] bcachefs (loop4): flushing journal and stopping allocators, journal seq 2 [ 35.739802][ T6616] bcachefs (loop4): flushing journal and stopping allocators complete, journal seq 2 [ 35.742375][ T6616] bcachefs (loop4): unclean shutdown complete, journal seq 2 [ 35.748175][ T6616] bcachefs (loop4): done going read-only, filesystem not clean [ 36.174587][ T6555] bcachefs (loop4): shutting down [ 36.193152][ T6724] netlink: 12 bytes leftover after parsing attributes in process `syz.2.16'. [ 36.391457][ T6728] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 36.392192][ T6728] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 36.400280][ T6555] bcachefs (loop4): shutdown complete [ 36.625795][ T6611] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 36.724174][ T6733] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 36.726276][ T6733] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 36.741403][ T6734] ptrace attach of "./syz-executor exec"[6547] was attempted by "./syz-executor exec"[6734] [ 36.758433][ T6551] Bluetooth: hci0: command tx timeout [ 36.775675][ T6611] usb 1-1: Using ep0 maxpacket: 32 [ 36.778171][ T6611] usb 1-1: config 0 has an invalid interface number: 230 but max is 0 [ 36.779862][ T6611] usb 1-1: config 0 has no interface number 0 [ 36.781198][ T6611] usb 1-1: config 0 interface 230 has no altsetting 0 [ 36.784088][ T6611] usb 1-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05 [ 36.784113][ T6611] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 36.784132][ T6611] usb 1-1: Product: syz [ 36.784142][ T6611] usb 1-1: Manufacturer: syz [ 36.784151][ T6611] usb 1-1: SerialNumber: syz [ 36.797631][ T6611] usb 1-1: config 0 descriptor?? [ 36.800971][ T6611] ums-usbat 1-1:0.230: USB Mass Storage device detected [ 36.804738][ T6611] ums-usbat 1-1:0.230: Quirks match for vid 0781 pid 0005: 1 [ 36.827922][ T6554] Bluetooth: hci1: command tx timeout [ 36.827961][ T6554] Bluetooth: hci3: command tx timeout [ 36.829838][ T6559] Bluetooth: hci2: command tx timeout [ 36.830872][ T6551] Bluetooth: hci4: command tx timeout [ 37.234021][ T6738] loop1: detected capacity change from 0 to 32768 [ 37.243827][ T6738] ======================================================= [ 37.243827][ T6738] WARNING: The mand mount option has been deprecated and [ 37.243827][ T6738] and is ignored by this kernel. Remove the mand [ 37.243827][ T6738] option from the mount to silence this warning. [ 37.243827][ T6738] ======================================================= [ 37.287295][ T6738] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 37.307715][ T6738] XFS (loop1): Ending clean mount [ 37.310757][ T6738] XFS (loop1): Quotacheck needed: Please wait. [ 37.324876][ T6738] XFS (loop1): Quotacheck: Done. [ 37.341452][ T6552] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 37.472421][ T6753] loop1: detected capacity change from 0 to 32768 [ 37.497067][ T6753] JBD2: Ignoring recovery information on journal [ 37.507804][ T6753] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 37.594981][ T6762] loop4: detected capacity change from 0 to 1764 [ 37.608329][ T6552] ocfs2: Unmounting device (7,1) on (node local) [ 37.647864][ T6764] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 37.649853][ T6764] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 38.124147][ T6773] loop2: detected capacity change from 0 to 1024 [ 38.142107][ T6773] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 38.204139][ T6779] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 38.572208][ T6788] loop4: detected capacity change from 0 to 1024 [ 38.830311][ T6556] Bluetooth: hci0: command tx timeout [ 38.905781][ T6556] Bluetooth: hci4: command tx timeout [ 38.905816][ T6556] Bluetooth: hci2: command tx timeout [ 38.905846][ T6556] Bluetooth: hci3: command tx timeout [ 38.905863][ T6556] Bluetooth: hci1: command tx timeout [ 38.958219][ T6711] hfsplus: b-tree write err: -5, ino 4 [ 38.968048][ T6557] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 39.061977][ T6795] loop4: detected capacity change from 0 to 32768 [ 39.065527][ T6795] (syz.4.35,6795,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 39.068464][ T6795] (syz.4.35,6795,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 39.118379][ T6795] JBD2: Ignoring recovery information on journal [ 39.143899][ T6795] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 39.532216][ T6555] ocfs2: Unmounting device (7,4) on (node local) [ 39.554162][ T6611] ums-usbat 1-1:0.230: probe with driver ums-usbat failed with error -5 [ 39.562002][ T6611] usb 1-1: USB disconnect, device number 2 [ 39.842001][ T6817] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 39.844196][ T6817] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 39.916044][ T6812] loop3: detected capacity change from 0 to 40427 [ 39.916513][ T6812] f2fs: Unknown parameter 'whint_mode' [ 40.372990][ T6826] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 40.374886][ T6826] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 40.855758][ T6604] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 40.905595][ T6551] Bluetooth: hci0: command tx timeout [ 40.957669][ T6841] loop2: detected capacity change from 0 to 4096 [ 40.985823][ T6551] Bluetooth: hci1: command tx timeout [ 40.986659][ T6556] Bluetooth: hci3: command tx timeout [ 40.986680][ T6556] Bluetooth: hci2: command tx timeout [ 40.986698][ T6556] Bluetooth: hci4: command tx timeout [ 41.025574][ T6604] usb 1-1: Using ep0 maxpacket: 8 [ 41.028456][ T6604] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 41.030518][ T6604] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 41.032745][ T6604] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 41.034548][ T6604] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 41.036687][ T6604] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 41.038172][ T6604] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 41.431502][ T6604] usb 1-1: GET_CAPABILITIES returned 0 [ 41.432722][ T6604] usbtmc 1-1:16.0: can't read capabilities [ 41.500904][ T6857] loop4: detected capacity change from 0 to 8 [ 41.906124][ T6604] usb 1-1: USB disconnect, device number 3 [ 42.307775][ T6879] loop2: detected capacity change from 0 to 512 [ 42.308868][ T6879] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (3832!=33349) [ 42.509679][ T6883] ubi31: attaching mtd0 [ 42.511074][ T6883] ubi31: scanning is finished [ 42.511092][ T6883] ubi31: empty MTD device detected [ 42.723887][ T6879] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a842e02c, mo2=0002] [ 42.723946][ T6879] System zones: 1-12 [ 42.724038][ T6879] EXT4-fs (loop2): orphan cleanup on readonly fs [ 42.724052][ T6879] EXT4-fs error (device loop2): ext4_read_inode_bitmap:167: comm syz.2.64: Inode bitmap for bg 0 marked uninitialized [ 42.724585][ T6879] EXT4-fs (loop2): Remounting filesystem read-only [ 42.725288][ T6879] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 42.748469][ T6557] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.792404][ T6890] loop2: detected capacity change from 0 to 1024 [ 42.793844][ T6883] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 42.793883][ T6883] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 42.793908][ T6883] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 42.793915][ T6883] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 42.793920][ T6883] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 42.793925][ T6883] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 42.793930][ T6883] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 227268008 [ 42.793936][ T6883] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 42.795715][ T6891] ubi31: background thread "ubi_bgt31d" started, PID 6891 [ 42.852500][ T6711] hfsplus: b-tree write err: -5, ino 4 [ 42.966376][ T6894] netlink: 'syz.0.67': attribute type 10 has an invalid length. [ 42.970892][ T6894] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 43.746096][ T6914] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input3 [ 43.747035][ T6913] loop4: detected capacity change from 0 to 512 [ 43.747338][ T6913] ext4: Unknown parameter 'fsuuid' [ 43.819214][ T6919] loop1: detected capacity change from 0 to 1024 [ 44.219562][ T6929] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 44.222488][ T6929] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 44.533738][ T6931] netlink: 4 bytes leftover after parsing attributes in process `syz.0.79'. [ 44.593288][ T6933] loop0: detected capacity change from 0 to 1024 [ 44.597085][ T6933] hfsplus: invalid btree flag [ 44.597336][ T6933] hfsplus: failed to load extents file [ 44.757856][ T6937] netlink: 8 bytes leftover after parsing attributes in process `syz.0.80'. [ 44.758795][ T6937] netlink: 12 bytes leftover after parsing attributes in process `syz.0.80'. [ 44.758943][ T6937] netlink: 8 bytes leftover after parsing attributes in process `syz.0.80'. [ 45.481180][ T6952] loop3: detected capacity change from 0 to 40427 [ 45.492001][ T6952] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 45.493951][ T6952] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 45.499148][ T6952] F2FS-fs (loop3): invalid crc value [ 45.516120][ T6952] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 45.520237][ T6952] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 45.521992][ T6952] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 45.684146][ T6962] loop3: detected capacity change from 0 to 16 [ 45.687541][ T6962] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 46.437811][ T6966] loop1: detected capacity change from 0 to 32768 [ 46.439591][ T6975] loop2: detected capacity change from 0 to 32768 [ 46.458004][ T6975] ocfs2: Mounting device (7,2) on (node local, slot 0) with writeback data mode. [ 46.458066][ T6966] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.89 (6966) [ 46.485867][ T6557] ocfs2: Unmounting device (7,2) on (node local) [ 46.487391][ T6966] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 46.487468][ T6966] BTRFS info (device loop1): using crc32c (crc32c-lib) checksum algorithm [ 46.487502][ T6966] BTRFS info (device loop1): disk space caching is enabled [ 46.487543][ T6966] BTRFS warning (device loop1): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 46.621979][ T6977] loop4: detected capacity change from 0 to 32768 [ 46.635999][ T6966] BTRFS info (device loop1): rebuilding free space tree [ 46.656044][ T6966] BTRFS info (device loop1): disabling free space tree [ 46.656093][ T6966] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 46.656117][ T6966] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 47.081022][ T6552] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 47.621906][ T7020] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 47.622092][ T7020] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 47.726770][ T7010] loop4: detected capacity change from 0 to 32768 [ 47.734559][ T7010] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 47.769393][ T7010] XFS (loop4): Ending clean mount [ 47.773906][ T7010] XFS (loop4): Quotacheck needed: Please wait. [ 47.779565][ T7038] loop1: detected capacity change from 0 to 8 [ 47.792606][ T7010] XFS (loop4): Quotacheck: Done. [ 47.811789][ T6555] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 47.850216][ T7040] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 47.859164][ T7040] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 47.876254][ T6558] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 47.898716][ T7044] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 47.901136][ T7044] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 47.953327][ T7046] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 47.953493][ T7046] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 48.035629][ T6558] usb 1-1: Using ep0 maxpacket: 16 [ 48.039362][ T6558] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 48.039788][ T6558] usb 1-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 48.039804][ T6558] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 48.041076][ T6558] usb 1-1: config 0 descriptor?? [ 48.046250][ T6558] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input4 [ 48.247171][ T6558] bcm5974 1-1:0.0: could not read from device [ 48.303967][ T7050] netlink: 60 bytes leftover after parsing attributes in process `syz.3.111'. [ 48.582175][ T6558] input: failed to attach handler mousedev to device input4, error: -5 [ 48.607291][ T6558] usb 1-1: USB disconnect, device number 4 [ 49.016763][ T7060] Device name cannot be null; rc = [-22] [ 49.068243][ T7063] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 49.068420][ T7063] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 50.480857][ T7077] netlink: 12 bytes leftover after parsing attributes in process `syz.3.119'. [ 50.486797][ T7077] vlan0: entered promiscuous mode [ 50.546497][ T7084] netlink: 32 bytes leftover after parsing attributes in process `syz.1.122'. [ 50.551524][ T7082] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 50.551540][ T7082] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 50.552005][ T7082] vhci_hcd vhci_hcd.0: Device attached [ 50.561319][ T7085] vhci_hcd: cannot find a urb of seqnum 1 max seqnum 0 [ 50.564022][ T342] vhci_hcd: stop threads [ 50.564185][ T342] vhci_hcd: release socket [ 50.564209][ T342] vhci_hcd: disconnect device [ 50.737356][ T7093] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 51.045799][ T7100] loop3: detected capacity change from 0 to 4096 [ 51.065243][ T7100] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512). [ 51.099329][ T7100] ntfs3(loop3): Failed to initialize $Extend/$Reparse. [ 51.108138][ T7100] ntfs3(loop3): Mark volume as dirty due to NTFS errors [ 51.210085][ T7106] loop4: detected capacity change from 0 to 512 [ 52.963628][ T7113] tipc: Enabling of bearer rejected, failed to enable media [ 53.041298][ T7116] loop2: detected capacity change from 0 to 256 [ 53.281542][ T7116] FAT-fs (loop2): count of clusters too big (178174) [ 53.281585][ T7116] FAT-fs (loop2): Can't find a valid FAT filesystem [ 53.281618][ T7106] EXT4-fs error (device loop4): ext4_iget_extra_inode:5104: inode #15: comm syz.4.127: corrupted in-inode xattr: invalid ea_ino [ 53.289138][ T7106] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.127: couldn't read orphan inode 15 (err -117) [ 53.289763][ T7106] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000001000000 r/w without journal. Quota mode: writeback. [ 53.788777][ T6555] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000001000000. [ 53.857165][ T7146] netlink: 40 bytes leftover after parsing attributes in process `syz.4.138'. [ 54.876794][ T7166] netlink: 196 bytes leftover after parsing attributes in process `syz.3.142'. [ 55.023427][ T7165] loop1: detected capacity change from 0 to 32768 [ 55.028516][ T7157] loop2: detected capacity change from 0 to 32768 [ 55.056368][ T7157] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.143 (7157) [ 55.119138][ T7165] JFS: metapage_get_blocks failed [ 55.121068][ T7165] ERROR: (device loop1): release_metapage: metapage_write_one() failed [ 55.121068][ T7165] [ 55.123987][ T7165] ERROR: (device loop1): remounting filesystem as read-only [ 55.213505][ T7157] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 55.213564][ T7157] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm [ 55.217423][ T7157] BTRFS info (device loop2): using free-space-tree [ 55.338965][ T7183] loop0: detected capacity change from 0 to 32768 [ 55.339322][ T7183] XFS: noikeep mount option is deprecated. [ 55.348129][ T7157] BTRFS info (device loop2): rebuilding free space tree [ 55.409374][ T7157] BTRFS info (device loop2): checking UUID tree [ 55.414491][ T7183] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 55.449623][ T7183] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 55.450116][ T7200] loop3: detected capacity change from 0 to 512 [ 55.450434][ T7200] EXT4-fs: Ignoring removed orlov option [ 55.555667][ T7183] XFS (loop0): Starting recovery (logdev: internal) [ 55.588078][ T7183] XFS (loop0): Ending recovery (logdev: internal) [ 55.681753][ T7200] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 55.708379][ T6549] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 55.710536][ T7200] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c119, mo2=0002] [ 55.715844][ T7200] EXT4-fs error (device loop3): ext4_iget_extra_inode:5104: inode #15: comm syz.3.151: corrupted in-inode xattr: e_value size too large [ 55.722950][ T7200] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.151: couldn't read orphan inode 15 (err -117) [ 55.730030][ T7200] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 55.738663][ T6557] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 55.901019][ T7212] loop2: detected capacity change from 0 to 512 [ 55.901696][ T7212] ext4: Unknown parameter 'fsuuid' [ 56.571679][ T6547] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.698644][ T7225] Illegal XDP return value 835425152 on prog (id 9) dev N/A, expect packet loss! [ 56.741292][ T7225] loop4: detected capacity change from 0 to 1024 [ 56.742988][ T7225] EXT4-fs: Ignoring removed orlov option [ 56.743109][ T7225] EXT4-fs: Ignoring removed i_version option [ 56.920445][ T7225] EXT4-fs (loop4): stripe (7) is not aligned with cluster size (16), stripe is disabled [ 56.932674][ T7229] loop2: detected capacity change from 0 to 256 [ 56.938212][ T7225] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 56.941295][ T7225] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.948363][ T7230] loop0: detected capacity change from 0 to 2048 [ 57.052489][ T7023] Alternate GPT is invalid, using primary GPT. [ 57.052692][ T7023] loop0: p2 p3 p7 [ 57.072505][ T7236] loop2: detected capacity change from 0 to 1024 [ 57.074073][ T7236] EXT4-fs: Ignoring removed nobh option [ 57.074784][ T7236] EXT4-fs: Ignoring removed bh option [ 57.080804][ T7230] Alternate GPT is invalid, using primary GPT. [ 57.080905][ T7230] loop0: p2 p3 p7 [ 57.091398][ T7236] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 57.356160][ T6557] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 57.416811][ T6541] udevd[6541]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory [ 57.425428][ T6672] udevd[6672]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory [ 57.433731][ T6539] udevd[6539]: inotify_add_watch(7, /dev/loop0p7, 10) failed: No such file or directory [ 57.442279][ T7023] udevd[7023]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory [ 57.446133][ T6541] udevd[6541]: inotify_add_watch(7, /dev/loop0p7, 10) failed: No such file or directory [ 57.450183][ T6672] udevd[6672]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory [ 57.497786][ T7251] loop4: detected capacity change from 0 to 256 [ 57.549271][ T7245] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 57.723911][ T6559] Bluetooth: min 8 > max 0 [ 57.883604][ T7261] loop4: detected capacity change from 0 to 1024 [ 57.900593][ T7258] binder: 7256:7258 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 57.977431][ T7263] netlink: 'syz.1.168': attribute type 21 has an invalid length. [ 57.984350][ T7263] netlink: 'syz.1.168': attribute type 39 has an invalid length. [ 58.881934][ T342] hfsplus: b-tree write err: -5, ino 8 [ 59.785959][ T6559] Bluetooth: hci3: command tx timeout [ 60.555417][ T7309] loop3: detected capacity change from 0 to 1024 [ 60.578700][ T7299] loop2: detected capacity change from 0 to 32768 [ 60.622546][ T7299] ocfs2: Mounting device (7,2) on (node local, slot 0) with writeback data mode. [ 60.641042][ T7299] [ 60.641453][ T7299] ====================================================== [ 60.642628][ T7299] WARNING: possible circular locking dependency detected [ 60.643818][ T7299] 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 Not tainted [ 60.644939][ T7299] ------------------------------------------------------ [ 60.646044][ T7299] syz.2.179/7299 is trying to acquire lock: [ 60.647023][ T7299] ffff0000f7da9538 (&oi->ip_xattr_sem){+.+.}-{4:4}, at: ocfs2_xattr_set_handle+0x2a8/0x5e4 [ 60.648734][ T7299] [ 60.648734][ T7299] but task is already holding lock: [ 60.649899][ T7299] ffff0000f8d34950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0xe4c/0x10dc [ 60.651344][ T7299] [ 60.651344][ T7299] which lock already depends on the new lock. [ 60.651344][ T7299] [ 60.652981][ T7299] [ 60.652981][ T7299] the existing dependency chain (in reverse order) is: [ 60.654335][ T7299] [ 60.654335][ T7299] -> #4 (jbd2_handle){++++}-{0:0}: [ 60.655554][ T7299] start_this_handle+0xe74/0x10dc [ 60.656484][ T7299] jbd2__journal_start+0x288/0x51c [ 60.657365][ T7299] jbd2_journal_start+0x3c/0x4c [ 60.658274][ T7299] ocfs2_start_trans+0x368/0x6b0 [ 60.659155][ T7299] ocfs2_shutdown_local_alloc+0x1ac/0x7e4 [ 60.660207][ T7299] ocfs2_dismount_volume+0x1ec/0x8cc [ 60.661134][ T7299] ocfs2_put_super+0xec/0x320 [ 60.661916][ T7299] generic_shutdown_super+0x12c/0x2b8 [ 60.662796][ T7299] kill_block_super+0x44/0x90 [ 60.663712][ T7299] deactivate_locked_super+0xc4/0x12c [ 60.664680][ T7299] deactivate_super+0xe0/0x100 [ 60.665496][ T7299] cleanup_mnt+0x31c/0x3ac [ 60.666206][ T7299] __cleanup_mnt+0x20/0x30 [ 60.666970][ T7299] task_work_run+0x1dc/0x260 [ 60.667778][ T7299] do_notify_resume+0x174/0x1f4 [ 60.668631][ T7299] el0_svc+0xb8/0x180 [ 60.669325][ T7299] el0t_64_sync_handler+0x84/0x12c [ 60.670231][ T7299] el0t_64_sync+0x198/0x19c [ 60.671093][ T7299] [ 60.671093][ T7299] -> #3 (&journal->j_trans_barrier){.+.+}-{4:4}: [ 60.672385][ T7299] down_read+0x58/0x2f8 [ 60.673113][ T7299] ocfs2_start_trans+0x35c/0x6b0 [ 60.673949][ T7299] ocfs2_shutdown_local_alloc+0x1ac/0x7e4 [ 60.674956][ T7299] ocfs2_dismount_volume+0x1ec/0x8cc [ 60.675874][ T7299] ocfs2_put_super+0xec/0x320 [ 60.676754][ T7299] generic_shutdown_super+0x12c/0x2b8 [ 60.677733][ T7299] kill_block_super+0x44/0x90 [ 60.678629][ T7299] deactivate_locked_super+0xc4/0x12c [ 60.679604][ T7299] deactivate_super+0xe0/0x100 [ 60.680503][ T7299] cleanup_mnt+0x31c/0x3ac [ 60.681296][ T7299] __cleanup_mnt+0x20/0x30 [ 60.682166][ T7299] task_work_run+0x1dc/0x260 [ 60.683003][ T7299] do_notify_resume+0x174/0x1f4 [ 60.683855][ T7299] el0_svc+0xb8/0x180 [ 60.684533][ T7299] el0t_64_sync_handler+0x84/0x12c [ 60.685460][ T7299] el0t_64_sync+0x198/0x19c [ 60.686306][ T7299] [ 60.686306][ T7299] -> #2 (sb_internal#3){.+.+}-{0:0}: [ 60.687544][ T7299] ocfs2_start_trans+0x1f4/0x6b0 [ 60.688426][ T7299] ocfs2_xattr_set+0xac4/0xe9c [ 60.689297][ T7299] ocfs2_set_acl+0x574/0x628 [ 60.690152][ T7299] ocfs2_iop_set_acl+0x190/0x25c [ 60.691118][ T7299] vfs_set_acl+0x70c/0x974 [ 60.691908][ T7299] do_set_acl+0xe0/0x1a8 [ 60.692676][ T7299] file_setxattr+0x210/0x294 [ 60.693525][ T7299] path_setxattrat+0x2ac/0x320 [ 60.694406][ T7299] __arm64_sys_fsetxattr+0xc0/0xdc [ 60.695309][ T7299] invoke_syscall+0x98/0x2b8 [ 60.696106][ T7299] el0_svc_common+0x130/0x23c [ 60.696884][ T7299] do_el0_svc+0x48/0x58 [ 60.697627][ T7299] el0_svc+0x58/0x180 [ 60.698376][ T7299] el0t_64_sync_handler+0x84/0x12c [ 60.699312][ T7299] el0t_64_sync+0x198/0x19c [ 60.700104][ T7299] [ 60.700104][ T7299] -> #1 (&ocfs2_sysfile_lock_key[EXTENT_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}: [ 60.701755][ T7299] down_write+0x50/0xc0 [ 60.702412][ T7299] ocfs2_reserve_suballoc_bits+0x12c/0x3b9c [ 60.703407][ T7299] ocfs2_reserve_new_metadata_blocks+0x368/0x810 [ 60.704427][ T7299] ocfs2_init_xattr_set_ctxt+0x318/0x774 [ 60.705350][ T7299] ocfs2_xattr_set+0x920/0xe9c [ 60.706168][ T7299] ocfs2_set_acl+0x574/0x628 [ 60.706961][ T7299] ocfs2_iop_set_acl+0x190/0x25c [ 60.707863][ T7299] vfs_set_acl+0x70c/0x974 [ 60.708642][ T7299] do_set_acl+0xe0/0x1a8 [ 60.709450][ T7299] file_setxattr+0x210/0x294 [ 60.710299][ T7299] path_setxattrat+0x2ac/0x320 [ 60.711171][ T7299] __arm64_sys_fsetxattr+0xc0/0xdc [ 60.712109][ T7299] invoke_syscall+0x98/0x2b8 [ 60.712954][ T7299] el0_svc_common+0x130/0x23c [ 60.713839][ T7299] do_el0_svc+0x48/0x58 [ 60.714548][ T7299] el0_svc+0x58/0x180 [ 60.715257][ T7299] el0t_64_sync_handler+0x84/0x12c [ 60.716147][ T7299] el0t_64_sync+0x198/0x19c [ 60.716962][ T7299] [ 60.716962][ T7299] -> #0 (&oi->ip_xattr_sem){+.+.}-{4:4}: [ 60.718121][ T7299] __lock_acquire+0x1774/0x30a4 [ 60.718905][ T7299] lock_acquire+0x14c/0x2e0 [ 60.719637][ T7299] down_write+0x50/0xc0 [ 60.720275][ T7299] ocfs2_xattr_set_handle+0x2a8/0x5e4 [ 60.721145][ T7299] ocfs2_init_security_set+0xb4/0xd8 [ 60.722033][ T7299] ocfs2_mknod+0x106c/0x1cf0 [ 60.722843][ T7299] ocfs2_create+0x190/0x474 [ 60.723598][ T7299] path_openat+0x12d8/0x2c40 [ 60.724355][ T7299] do_filp_open+0x18c/0x36c [ 60.725102][ T7299] do_sys_openat2+0x11c/0x1b4 [ 60.725890][ T7299] __arm64_sys_openat+0x120/0x158 [ 60.726720][ T7299] invoke_syscall+0x98/0x2b8 [ 60.727514][ T7299] el0_svc_common+0x130/0x23c [ 60.728378][ T7299] do_el0_svc+0x48/0x58 [ 60.729177][ T7299] el0_svc+0x58/0x180 [ 60.729883][ T7299] el0t_64_sync_handler+0x84/0x12c [ 60.730895][ T7299] el0t_64_sync+0x198/0x19c [ 60.731673][ T7299] [ 60.731673][ T7299] other info that might help us debug this: [ 60.731673][ T7299] [ 60.733244][ T7299] Chain exists of: [ 60.733244][ T7299] &oi->ip_xattr_sem --> &journal->j_trans_barrier --> jbd2_handle [ 60.733244][ T7299] [ 60.735451][ T7299] Possible unsafe locking scenario: [ 60.735451][ T7299] [ 60.736689][ T7299] CPU0 CPU1 [ 60.737594][ T7299] ---- ---- [ 60.738457][ T7299] rlock(jbd2_handle); [ 60.739122][ T7299] lock(&journal->j_trans_barrier); [ 60.740465][ T7299] lock(jbd2_handle); [ 60.741601][ T7299] lock(&oi->ip_xattr_sem); [ 60.742390][ T7299] [ 60.742390][ T7299] *** DEADLOCK *** [ 60.742390][ T7299] [ 60.743630][ T7299] 8 locks held by syz.2.179/7299: [ 60.744387][ T7299] #0: ffff0000d44c0428 (sb_writers#15){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c [ 60.745871][ T7299] #1: ffff0000f7db3480 (&type->i_mutex_dir_key#10){+.+.}-{4:4}, at: path_openat+0x638/0x2c40 [ 60.747479][ T7299] #2: ffff0000f7dadf40 (&ocfs2_sysfile_lock_key[INODE_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_reserve_suballoc_bits+0x12c/0x3b9c [ 60.749572][ T7299] #3: ffff0000f7db09c0 (&ocfs2_sysfile_lock_key[EXTENT_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_reserve_suballoc_bits+0x12c/0x3b9c [ 60.752091][ T7299] #4: ffff0000f7db2640 (&ocfs2_sysfile_lock_key[GLOBAL_BITMAP_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_reserve_suballoc_bits+0x12c/0x3b9c [ 60.754290][ T7299] #5: ffff0000d44c0618 (sb_internal#3){.+.+}-{0:0}, at: ocfs2_mknod+0xc50/0x1cf0 [ 60.755762][ T7299] #6: ffff0000cdc114e8 (&journal->j_trans_barrier){.+.+}-{4:4}, at: ocfs2_start_trans+0x35c/0x6b0 [ 60.757505][ T7299] #7: ffff0000f8d34950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0xe4c/0x10dc [ 60.758975][ T7299] [ 60.758975][ T7299] stack backtrace: [ 60.759880][ T7299] CPU: 1 UID: 0 PID: 7299 Comm: syz.2.179 Not tainted 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT [ 60.761522][ T7299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 60.763052][ T7299] Call trace: [ 60.763566][ T7299] show_stack+0x2c/0x3c (C) [ 60.764281][ T7299] __dump_stack+0x30/0x40 [ 60.764914][ T7299] dump_stack_lvl+0xd8/0x12c [ 60.765593][ T7299] dump_stack+0x1c/0x28 [ 60.766192][ T7299] print_circular_bug+0x324/0x32c [ 60.766904][ T7299] check_noncircular+0x154/0x174 [ 60.767613][ T7299] __lock_acquire+0x1774/0x30a4 [ 60.768330][ T7299] lock_acquire+0x14c/0x2e0 [ 60.768962][ T7299] down_write+0x50/0xc0 [ 60.769576][ T7299] ocfs2_xattr_set_handle+0x2a8/0x5e4 [ 60.770356][ T7299] ocfs2_init_security_set+0xb4/0xd8 [ 60.771174][ T7299] ocfs2_mknod+0x106c/0x1cf0 [ 60.771884][ T7299] ocfs2_create+0x190/0x474 [ 60.772611][ T7299] path_openat+0x12d8/0x2c40 [ 60.773334][ T7299] do_filp_open+0x18c/0x36c [ 60.774063][ T7299] do_sys_openat2+0x11c/0x1b4 [ 60.774833][ T7299] __arm64_sys_openat+0x120/0x158 [ 60.775619][ T7299] invoke_syscall+0x98/0x2b8 [ 60.776399][ T7299] el0_svc_common+0x130/0x23c [ 60.777135][ T7299] do_el0_svc+0x48/0x58 [ 60.777738][ T7299] el0_svc+0x58/0x180 [ 60.778363][ T7299] el0t_64_sync_handler+0x84/0x12c [ 60.779200][ T7299] el0t_64_sync+0x198/0x19c [ 60.780066][ C1] vkms_vblank_simulate: vblank timer overrun [ 60.811153][ T6557] ocfs2: Unmounting device (7,2) on (node local) [ 61.048912][ T1410] hfsplus: b-tree write err: -5, ino 4 [ 64.506557][ T2413] ieee802154 phy0 wpan0: encryption failed: -22 [ 64.506597][ T2413] ieee802154 phy1 wpan1: encryption failed: -22 [ 64.510676][ T9] cfg80211: failed to load regulatory.db