last executing test programs: 16.587871093s ago: executing program 2 (id=4225): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1700000000000000040000000300000000000000", @ANYRES32=0x1, @ANYRES32=0x0], 0x48) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) write$binfmt_script(r0, &(0x7f0000000700)={'#! ', './file0', [{0x20, '/%:$:*-${%:$'}]}, 0x18) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000080000000800000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/22], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r5}, 0x10) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r7 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r8 = openat$cgroup_subtree(r7, &(0x7f0000000200), 0x2, 0x0) write$cgroup_subtree(r8, &(0x7f0000000280)=ANY=[@ANYBLOB], 0x5) write$cgroup_subtree(r8, &(0x7f0000000880)=ANY=[@ANYBLOB='-cpu'], 0x5) r9 = openat$cgroup_type(r6, &(0x7f0000000040), 0x2, 0x0) write$cgroup_type(r9, &(0x7f0000000080), 0x9) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) 14.587393004s ago: executing program 2 (id=4227): syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x3000000, &(0x7f00000006c0), 0x1, 0x513, &(0x7f0000000c40)="$eJzs3W9rJHcdAPDvTLJp7i41WxU5C7bFVu6K3m7S2DaKtBVEHxXU+jzGZBNCNtmQ3dRLKJriCxBEVPAF+ETwBQjSlyDCgT4XFUX0Th/qjczuRPNnN1mSTfbcfD4w2d9v/n2/vyE7O39+zARwbb0QEW9FxFhEvBwR08X4tBgW8sp+Z75HD99byocksuydvyWRFOMO1pXXxyPiVmeRmIyIr38l4lvJybjN3b31xXq9tl3Uq62NrWpzd+/e2sbiam21tjk3N/va/Ovzr87PZIULtbMcEW986U8/+v7PvvzGrz7z7d8v/OXud/K0vvCxTt4RsXShAD101l1qb4sD+TbavoxgQ5K3pzQ27CwAAOhHfoz/4Yj4ZPv4fzrG2kdzAAAAwCjJ3pyKfyURGQAAADCy0oiYiiStFH0BpiJNK5VOH96Pxs203mi2Pr3S2NlczqdFlKOUrqzVazNFX+FylJK8Plv0sT2ov3KsPhcRz0TED6dvtOuVpUZ9edgXPwAAAOCauPX80fP/f06n7TIAAAAwYso9KwAAAMCocMoPAAAAo8/5PwAAAIy0r779dj5kB+/xXn53d2e98e695VpzvbKxs1RZamxvVVYbjdX2M/s2zlpfvdHY+mxs7tyvtmrNVrW5u7ew0djZbC2sHXkFNgAAAHCFnnn+g98lEbH/+RvtIYrnAAIc8cdhJwAM0tiwEwCGZnzYCQBDUzpzDnsIGHXJGdNPdt7pXCuMX19OPgAAwODd+fjJ+/8TxbSzrw0A/8/09QGA68fdPbi+SuftAXh70JkAw/KhzsdTvab3fHhHH/f/O9cYsuxciQEAAAMz1R6StFIcp09FmlYqEU+3XwtQSlbW6rWZ4vzgt9Olp/L6bHvJ5Mw+wwAAAAAAAAAAAAAAAAAAAAAAAABAR5YlkQEAAAAjLSL9c9J+mn/EnemXpo5eHTj21q+fvvPj+4ut1vZsxETy9+l81EREtH5SjH8l80oAAAAAeAJ0ztOLz9lhZwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqHn08L2lg+Eq4/71ixFR7hZ/PCbbn5NRioib/0hi/NBySUSMDSD+/vsRcbtb/CQeZ1lWLrLoFv/GJccvtzdN9/hpRNwaQHy4zj7I9z9vdfv+pfFC+7P792+8GC6q9/4v/e/+b6zH/ufpY/Venn3wi2rP+O9HPDveff9zED/pxD8SIq+82Gcbv/mNvb2uEw6tslv8w7GqrY2tanN3797axuJqbbW2OTc3+9r86/Ovzs9UV9bqteJv1zA/+MQvH5/W/ps94pePtv/E9n+pr9Zn8e8H9x9+pFMpdYt/98Xuv7+3e8RPi9++TxXlfPqdg/J+p3zYcz//zXOntX+5R/snz2j/3b7aH597+Wvf+0PXKSe2BgBwFZq7e+uL9Xpt+5TCZB/zXHHhzScjjQEW4slIY1iF7Lud/8eLreeCi58oZBdZfDwGkMbEie/pWJx3hUnEfr6uPv8hAQCAEfO/g/7T7iABAAAAAAAAAAAAAAAAAAAAl+mcjyWbjIi+Zz4ec384TQUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAONV/AgAA//8FStFZ") socket$inet6(0xa, 0x800000000000002, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) getdents64(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) umount2(0x0, 0x5) bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[], 0x50) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x4000000) sendmsg$key(r3, 0x0, 0x0) r4 = creat(&(0x7f0000000100)='./bus\x00', 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f00000006c0)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x1}}, {@resuid={'resuid', 0x3d, 0xee01}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@lazytime}, {@nombcache}, {@noload}]}, 0x3, 0x44a, &(0x7f0000001380)="$eJzs271vG2UYAPDn7CSlXyRU5aMfQKAgylfSpKV0YAGBxFAkJBjKGJK0CnUb1ASJVhEEhMqIKjGxIEYk/gImWBAwIbHCjipVKEsLk9HZd43t2E6dOnGpfz/p3Pe9O/d9nrt77ffujQPoW6PpSxKxKyL+iIjharV+h9HqPzdWlqb/WVmaTqJcfuvvpLLf9ZWl6XzX/H0788pAROGzJA40aXfh4qWzU6XS7IWsPr547v3xhYuXnp87N3Vm9szs+ckTJ44dnXjx+OQLXckzzev6/o/mD+57/Z0rb0yfuvLuL98lef4NeXTJaLuNT5bLXW6ut3bXlJOBHgZCR4rVbhqDlf4/HMVYPXnD8dqnPQ0O2FTlcrn8QOvNy2XgLpZEryMAeiP/ok/vf/Nli4Yed4RrL1dvgNK8b2RLdctAFLJ9Bhvub7tpNCJOLf/7dbrE5jyHAACo80M6/nmu2fivELXPhe7N5lBGIuK+iNgTEccjYm9E3B9R2ffBiHiow/YbJ0nWjn8KV2tr5aTDBtaRjv9eyua26sd/+egvRopZbXcl/8Hk9Fxp9kh2TA7H4La0PtGmjR9f/f2LVttqx3/pkrafjwWzOK4ObKt/z8zU4tTt5Fzr2icR+wca8j8ZlQm8fCYgPeT7ImL/BtuYe+bbg622rZ9/G12YZyp/E/FU9fwvR935X73Qkvbzk+P3RGn2yHh+Vaz162+X32zV/m3l3wXp+d/R9Pq/mf9IUjtfu9DJ//7V0+nr5T8/b3lPs9Hrfyh5u1IeytZ9OLW4eGEiYig5WQ26dv3k6nvzer5/mv/hQ837/55YPRIHIiK9iB+OiEci4tEs9sci4vGIONTmKPz8yhPvbTz/zZXmP9PR+V8tDEXjmuaF4tmfvq9rdKST/NPzf6xSOpytuZXPv1uJq9OrGQAAAP6vChGxK5LC2M1yoTA2Vv0b/r2xo1CaX1h89vT8B+dnqr8RGInBQv6ka7jmeehEdluf1ycb6kez58ZfFrdX6mPT86WZXicPfW5ni/6f+qvY6+iATef3WtC/9H/oX/o/9C/9H/pXk/6/vRdxAFuv2ff/xz2IA9h6Df3ftB/0Eff/0L820v99ZsDdoW1fHtq6OIAttbA91v+RvILCmkIU7ogwFDap0OtPJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgO74LwAA///lI+j0") r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) write$binfmt_aout(r5, &(0x7f00000002c0)=ANY=[], 0xc1) ioctl$FIBMAP(r5, 0x1, &(0x7f0000000000)) ftruncate(r4, 0x8001) ioctl$FS_IOC_RESVSP(r4, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7fffffff}) fallocate(r4, 0x8, 0x0, 0x1000) ioctl$EXT4_IOC_GET_ES_CACHE(r4, 0xc020662a, 0x0) 11.205101145s ago: executing program 1 (id=4236): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0xfffffffffffffddf, &(0x7f0000000040)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x71}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r4 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) unshare(0x10000080) ioctl$TIOCSTI(r4, 0x5412, &(0x7f00000000c0)) ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000180)) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r3}, &(0x7f0000000800), &(0x7f0000000840)=r5}, 0x20) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r6}, 0x10) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, 0x0, 0x0) sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) keyctl$set_timeout(0xf, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) unshare(0x42040080) 10.943773645s ago: executing program 3 (id=4238): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x800714, &(0x7f0000000000)={[{@nobarrier}]}, 0xff, 0x485, &(0x7f0000001040)="$eJzs3M9rHFUcAPDvTJL+bhNrrba2Gq1i8UfSpFV78KCi4EFB0EM9xiSttdtGmgi2BI0i9SgF7+JR8C/w5kXUgwheFTxKoWgQmnqKzK9mu9mkSZpkbfbzgc2+t/Nm3/vOzNt9My+zAbSt3uxPErEjIn6LiO4ie3OB3uJpZnpy+Pr05HASs7Nv/JXk5a5NTw5XRav1tpeZw2lE+mkSzyfz6x2/cPHMUK02er7M90+cfa9//MLFp06fHTo1emr03ODx48eODjz7zODTqxJnFte1/R+OHdj3yluXXxs+cfntH7/JmrX3YLG8Po5but4koCZ6s63292yucdmjy2j7nWBnXTrpbGFDWJaOiMh2V1fe/7ujI+Z2Xne8/ElLGwesqey7afPCi6dmgQ0siVa3AGiN6os+O/+tHus09PhfuPpCxKYyPTM9OTxzI/7OSMvXu9aw/t6IODH175fZI5Z7HQIAYAXysc2TzcZ/aezNn4u5jl3lHEpPRNwVEbsj4u6I2BMR90TkZe+NiPuKlWe7l1h/b0N+/vgnvdK0zaskG/89Vzf2m6mLv3zq6ShzO/P4u5KTp2ujR8ptcji6Nmf5gUXq+O6lXz9faFn9+C97ZPVXY8GyAVc6Gy7QjQxNDK3WRrj6ccT+zmbxJzdmArIjYF9E7F/eW++qEqcf//rAQoVuHf8iVmGeafariMeK/T8VDfFXksXnJ/u3RG30SH91VMz30y+XXl+o/tuKfxVk+3/bzcd/Q4nuf5JivrYrarXR8+PLr+PS758teE6z0uN/U/JmPmf98zvFax8MTUycH4jYlLya56tzuvz1wbl1q3xVPov/8KHm/X93uU4W//0RkR3EByPigYh4sGz7QxHxcEQcWiT+H1585N1F4k8iiZbu/5Gmn383jv+epH6+fgWJjjPff7vQjPnS9v+xmMo/awv5598tLLWBt7n5AAAA4I6QRsSOSNK+It27I9K0r6/4H/49sS2tjY1PPHFy7P1zI8U9Aj3RlVZXurrrrocOJFPlOxb5wfJacbX8aHnd+IuOrXm+b3isNtLi2KHdbb+5/0fV/zN/drS6dcCac78WtK/G/p+2qB3A+lvK979zAdiYmvT/ra1oB7D+nP9D+2rW/z9qyBv/w8Y0v///0eQn64CNyPgf2pf+D+1L/4e2dDv39a88Ud0ssPL32bLkO/zbJVH94sVa1rU15l6JtOUht1Ei6zHrW+ncb6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcyf4LAAD///ss5ts=") mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x0) open(0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x88e, &(0x7f0000000780), 0x3, 0x434, &(0x7f00000002c0)="$eJzs289rHFUcAPDv7CataVMTS/3RtGq0isEfSZPW2oMXRcGDgqCHeoxJWmK3jTQRbAkaRepRCt7Fo+Bf4Ekvop4Er3qXQpFcWj2tzO5MsrvZTbPpJlvdzwcmeW/mLe99d+btvjdvJ4CeNZr+SSIGI+L3iBiqZusLjFb/3Vpdnvl7dXkmiXL5rb+SSrmbq8szedH8dfvzTF9E4bMkjjSpd/HylfPTpdLcpSw/sXTh/YnFy1eem78wfW7u3NzFqdOnT56YfOHU1PMdiTON6+bIRwtHD7/2zrU3Zs5ce/fnb5M8/oY4OmR0s4NPlssdrq67DtSkk74uNoS2FKvdNPor/X8oirF+8obi1U+72jhgR5XL5fIDrQ+vlIH/sSS63QKgO/Iv+nT+m2+7NPS4K9x4qToBSuO+lW3VI31RyMr0N8xvO2k0Is6s/PNVusXO3IcAAKjzfTr+ebbZ+K8QtfeF7s3WUIYj4r6IOBgRpyLiUETcH1Ep+2BEPNRm/Y2LJBvHP4Xr2wpsi9Lx34vZ2lb9+C8f/cVwMcsdqMTfn5ydL80dz96Tsejfm+YnN6njh1d++6LVsdrxX7ql9edjwawd1/v21r9mdnpp+k5irnXjk4iRvmbxJ2srAUlEHI6IkW3WMf/0N0dbHbt9/JvowDpT+euIp6rnfyUa4s8lm69PTtwTpbnjE/lVsdEvv159s1X9dxR/B6Tnf1/T638t/uGkdr12sf06rv7xecs5zXav/z3J23X7PpxeWro0GbEneb3a6Nr9Uw3lptbLp/GPHWve/w/G+jtxJCLSi/jhiHgkIh7N2v5YRDweEcc2if+nl594r27H2GAb8e+sNP7Zts7/emJPNO5pniie//G7ukqHo4340/N/spIay/Zs5fNvK+3a3tUMAAAA/z2FiBiMpDC+li4Uxserv+E/FPsKpYXFpWfOLnxwcbb6jMBw9BfyO11DNfdDJ7NpfZ6fasifyO4bf1kcqOTHZxZKs90OHnrc/hb9P/VnsdutA3ac57Wgd+n/0Lv0f+hd+j/0rib9f6Ab7QB2X7Pv/4+70A5g9zX0f8t+0EPM/6F36f/Qu/R/6EmLA3H7h+QlJDYkonBXNENihxLd/mQCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADojH8DAAD//ygv5wk=") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000900)=ANY=[@ANYBLOB]) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]}) r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000001280)='./file1\x00', 0x0, 0x0) ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000180)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0dd7597db5bea16000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005000000fdffffffffffffff00"/180]) mknodat$loop(r0, &(0x7f0000001600)='./file1\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./bus\x00') linkat(r0, &(0x7f0000000100)='./file1\x00', r0, &(0x7f0000000240)='./file0\x00', 0x0) open(&(0x7f0000000200)='./bus\x00', 0x161b42, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000540)='mountinfo\x00') read$FUSE(r2, &(0x7f0000004480)={0x2020, 0x0, 0x0, 0x0}, 0x2020) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYRESHEX=r3]) r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) fchdir(r4) close(r4) mknod(0x0, 0x1000, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x42c03, 0x0) rename(&(0x7f0000000000)='./bus\x00', &(0x7f0000000180)='./file1\x00') 10.860048395s ago: executing program 2 (id=4240): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x800714, &(0x7f0000000000)={[{@nobarrier}]}, 0xff, 0x485, &(0x7f0000001040)="$eJzs3M9rHFUcAPDvTJL+bhNrrba2Gq1i8UfSpFV78KCi4EFB0EM9xiSttdtGmgi2BI0i9SgF7+JR8C/w5kXUgwheFTxKoWgQmnqKzK9mu9mkSZpkbfbzgc2+t/Nm3/vOzNt9My+zAbSt3uxPErEjIn6LiO4ie3OB3uJpZnpy+Pr05HASs7Nv/JXk5a5NTw5XRav1tpeZw2lE+mkSzyfz6x2/cPHMUK02er7M90+cfa9//MLFp06fHTo1emr03ODx48eODjz7zODTqxJnFte1/R+OHdj3yluXXxs+cfntH7/JmrX3YLG8Po5but4koCZ6s63292yucdmjy2j7nWBnXTrpbGFDWJaOiMh2V1fe/7ujI+Z2Xne8/ElLGwesqey7afPCi6dmgQ0siVa3AGiN6os+O/+tHus09PhfuPpCxKYyPTM9OTxzI/7OSMvXu9aw/t6IODH175fZI5Z7HQIAYAXysc2TzcZ/aezNn4u5jl3lHEpPRNwVEbsj4u6I2BMR90TkZe+NiPuKlWe7l1h/b0N+/vgnvdK0zaskG/89Vzf2m6mLv3zq6ShzO/P4u5KTp2ujR8ptcji6Nmf5gUXq+O6lXz9faFn9+C97ZPVXY8GyAVc6Gy7QjQxNDK3WRrj6ccT+zmbxJzdmArIjYF9E7F/eW++qEqcf//rAQoVuHf8iVmGeafariMeK/T8VDfFXksXnJ/u3RG30SH91VMz30y+XXl+o/tuKfxVk+3/bzcd/Q4nuf5JivrYrarXR8+PLr+PS758teE6z0uN/U/JmPmf98zvFax8MTUycH4jYlLya56tzuvz1wbl1q3xVPov/8KHm/X93uU4W//0RkR3EByPigYh4sGz7QxHxcEQcWiT+H1585N1F4k8iiZbu/5Gmn383jv+epH6+fgWJjjPff7vQjPnS9v+xmMo/awv5598tLLWBt7n5AAAA4I6QRsSOSNK+It27I9K0r6/4H/49sS2tjY1PPHFy7P1zI8U9Aj3RlVZXurrrrocOJFPlOxb5wfJacbX8aHnd+IuOrXm+b3isNtLi2KHdbb+5/0fV/zN/drS6dcCac78WtK/G/p+2qB3A+lvK979zAdiYmvT/ra1oB7D+nP9D+2rW/z9qyBv/w8Y0v///0eQn64CNyPgf2pf+D+1L/4e2dDv39a88Ud0ssPL32bLkO/zbJVH94sVa1rU15l6JtOUht1Ei6zHrW+ncb6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcyf4LAAD///ss5ts=") mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x0) open(0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x88e, &(0x7f0000000780), 0x3, 0x434, &(0x7f00000002c0)="$eJzs289rHFUcAPDv7CataVMTS/3RtGq0isEfSZPW2oMXRcGDgqCHeoxJWmK3jTQRbAkaRepRCt7Fo+Bf4Ekvop4Er3qXQpFcWj2tzO5MsrvZTbPpJlvdzwcmeW/mLe99d+btvjdvJ4CeNZr+SSIGI+L3iBiqZusLjFb/3Vpdnvl7dXkmiXL5rb+SSrmbq8szedH8dfvzTF9E4bMkjjSpd/HylfPTpdLcpSw/sXTh/YnFy1eem78wfW7u3NzFqdOnT56YfOHU1PMdiTON6+bIRwtHD7/2zrU3Zs5ce/fnb5M8/oY4OmR0s4NPlssdrq67DtSkk74uNoS2FKvdNPor/X8oirF+8obi1U+72jhgR5XL5fIDrQ+vlIH/sSS63QKgO/Iv+nT+m2+7NPS4K9x4qToBSuO+lW3VI31RyMr0N8xvO2k0Is6s/PNVusXO3IcAAKjzfTr+ebbZ+K8QtfeF7s3WUIYj4r6IOBgRpyLiUETcH1Ep+2BEPNRm/Y2LJBvHP4Xr2wpsi9Lx34vZ2lb9+C8f/cVwMcsdqMTfn5ydL80dz96Tsejfm+YnN6njh1d++6LVsdrxX7ql9edjwawd1/v21r9mdnpp+k5irnXjk4iRvmbxJ2srAUlEHI6IkW3WMf/0N0dbHbt9/JvowDpT+euIp6rnfyUa4s8lm69PTtwTpbnjE/lVsdEvv159s1X9dxR/B6Tnf1/T638t/uGkdr12sf06rv7xecs5zXav/z3J23X7PpxeWro0GbEneb3a6Nr9Uw3lptbLp/GPHWve/w/G+jtxJCLSi/jhiHgkIh7N2v5YRDweEcc2if+nl594r27H2GAb8e+sNP7Zts7/emJPNO5pniie//G7ukqHo4340/N/spIay/Zs5fNvK+3a3tUMAAAA/z2FiBiMpDC+li4Uxserv+E/FPsKpYXFpWfOLnxwcbb6jMBw9BfyO11DNfdDJ7NpfZ6fasifyO4bf1kcqOTHZxZKs90OHnrc/hb9P/VnsdutA3ac57Wgd+n/0Lv0f+hd+j/0rib9f6Ab7QB2X7Pv/4+70A5g9zX0f8t+0EPM/6F36f/Qu/R/6EmLA3H7h+QlJDYkonBXNENihxLd/mQCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADojH8DAAD//ygv5wk=") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000900)=ANY=[@ANYBLOB]) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000240)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000001280)='./file1\x00', 0x0, 0x0) ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000180)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0dd7597db5bea16000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005000000fdffffffffffffff00"/180]) mknodat$loop(r0, &(0x7f0000001600)='./file1\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./bus\x00') linkat(r0, &(0x7f0000000100)='./file1\x00', r0, &(0x7f0000000240)='./file0\x00', 0x0) open(&(0x7f0000000200)='./bus\x00', 0x161b42, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000540)='mountinfo\x00') read$FUSE(r2, &(0x7f0000004480)={0x2020, 0x0, 0x0, 0x0}, 0x2020) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYRESHEX=r3]) r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) fchdir(r4) close(r4) mknod(0x0, 0x1000, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x42c03, 0x0) rename(&(0x7f0000000000)='./bus\x00', &(0x7f0000000180)='./file1\x00') 10.138381748s ago: executing program 1 (id=4241): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000001440)={'\x00', 0x2}) getgid() sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000080a0504000073797a"], 0x54}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000480)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r3, @ANYBLOB="4900330080000000ffffffffffff08021100000050505050505000000000000000000000000000000100040600000000000025030000002a01"], 0x68}}, 0x0) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) sendto$inet6(r4, 0x0, 0x0, 0x20010004, 0x0, 0x0) socket$inet(0x2, 0x2, 0x1) r5 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r5, &(0x7f0000000340)='0', 0x1, 0x0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local, 0x1}, 0x1c) getsockopt$bt_hci(r5, 0x84, 0x15, 0x0, &(0x7f0000000000)) r6 = socket$inet_udplite(0x2, 0x2, 0x88) sendmsg$inet(r6, &(0x7f0000000600)={&(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10, &(0x7f00000001c0)=[{&(0x7f0000000400)='\b\x00', 0x2}, {&(0x7f00000003c0)="96bc1480bb58", 0x6}], 0x2, &(0x7f0000000500)=[@ip_retopts={{0x34, 0x0, 0x7, {[@noop, @rr={0x7, 0xa7a06628a4497d41, 0x53, [@empty, @broadcast, @local, @loopback, @multicast1, @empty, @multicast2]}, @noop]}}}, @ip_tos_int={{0x0, 0x0, 0x1, 0x7}}, @ip_ttl={{0x0, 0x0, 0x2, 0x4}}, @ip_tos_u8], 0x38}, 0x0) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x0, @empty}, 0x1c) getsockopt$inet6_mptcp_buf(r4, 0x11c, 0x4, &(0x7f0000000100)=""/146, &(0x7f00000001c0)=0x92) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r8, 0x10e, 0xc, &(0x7f0000000180)={0xffffff}, 0x10) write(r8, &(0x7f0000000000)="240000001a005f0214f9f407000904001f00000000010003000000000800040001000000", 0x24) socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$MPTCP_PM_CMD_REMOVE(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="01000000000000000000040000006937500fe169ca5bf10871441a71d6"], 0x14}, 0x1, 0xfcffffff00000000}, 0x0) ioctl$TUNSETOFFLOAD(r0, 0x400454c9, 0x9) ioctl$TUNSETLINK(r0, 0x400454cd, 0x93) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000040)=@generic={&(0x7f0000000000)='./file0\x00', 0x0, 0x10}, 0x18) 9.671169882s ago: executing program 3 (id=4242): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x3, &(0x7f0000000180)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r3}, 0x18) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_mptcp_buf(0xffffffffffffffff, 0x11c, 0x1, 0x0, 0xfffffffffffffffe) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f00000001c0)=[{0x6, 0x0, 0x0, 0x3654}]}, 0x10) connect$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) sendmsg$inet(r4, &(0x7f00000015c0)={0x0, 0x0, 0x0}, 0x0) r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="14010000250001000000000000000000030100800c000000000000000000000014000100fe80000000000000000000000000000050bb2d6f67d29d6fabadb107d0def49c88"], 0x114}], 0x1}, 0x0) recvmsg(r4, &(0x7f0000000580)={0x0, 0x2, &(0x7f0000000500)=[{&(0x7f0000000740)=""/4096, 0xa15b0}], 0x1}, 0x700) syz_open_procfs$namespace(r0, &(0x7f0000000340)='ns/ipc\x00') writev(0xffffffffffffffff, 0x0, 0x0) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) 9.668335062s ago: executing program 4 (id=4243): bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x6, 0x4, 0x40, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x7, 0x102, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000480), 0xb) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000800)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000007c0)={&(0x7f0000000b00)={0x514, 0x24, 0x200, 0x70bd29, 0x25dfdbff, {0x4}, [@generic="cc9024014078cfaf75677275380c544abdbbe418948ca4329e7a4b77a7c235807776ca7378b6fcfab9b6045a230ff68e4109ebdd76911ba3e5501542b1671cbe61a85b559ae9cff97f900ccb5796e9fa796db1dcb713dd8aab159d4bd5cca68bad6a47745067b57e413e15cdd10c038eec060624d2bd58ba3feb86579772dc7e1b42cb759aae9fa498e634cdb9c3c40e774842ec87b98227c697f7f242b6258ca497ede94b461192a9f3cacbc3ea0f3c55", @nested={0x28c, 0x6c, 0x0, 0x1, [@typed={0x34, 0x41, 0x0, 0x0, @binary="ea3f664a6489938b968510ec0d83206fd4cddd77d94f1862b69cc7eb96c702f6f3fec573ae0c6db99173d9e60bfc6e57"}, @generic="48f07492291486b531cb6a0e5265e9fad8f029d9fbd81f38961cd919bd1c1f8b5181f5154639524d162e546235e587c943cced61d5d78f875a6cd51e33d7062e1f6d37934df422f055f69a9ea958525a8b144cfd925174743d71572021fcea3e95fecb16ea887f9daa2927d253b833721f487782c881a982e77f512ceeae491fec01c74ac742822fb0f0697324a6", @generic="4bfbba584b8baa6527fff12b5528b03fccf761b3e30e366927dd080a8eacda1660f3ee3d518cf926ea630bdd127aeba24969e4503324b33d13868851b2e7d5ac4acea037612971a82cc228476fd32ee068a44b6f9bd71af419f9a632a223887d1a684a2306cecc4e646cd482f4c25cd858bcfcae", @generic="9c4512e7322f725e09154cd1deae14b81ee778d6465016252aa4d5d71fe4f4dcdbe9f8c7964d8b1ece4e7ad60d8294d4259216445f42482300a0ff92b3ea7db2f30d7b4ee6a7506606a26ded41099be0fec37299b6005e49f65493ed32431e04983fb2d0efd07152b00a36d86a34463a82c3bdb3778656adbd97ef3ab848f8204d5bf80828e968ff234724d64155838c1a8e66fa8fc88c9696b7fc62d616ad3406bac2e9c125d5b9bc0a248e4bad5d7ce745def1e59439c2776136bf95c9fef7419a3acac15b54b801701a76e8de202bba61e644e00bf1d35b03e2407db57d6b3d1ec771c7ec08ba63ad21670f7d121f5de0a1b3285968ba7f6f5d1f6fafaa", @generic="afb3e5159db627a41ba70beb299f562bc39600beb8a79deaf5e451c1f03ee90927de21aad9a9b1c02ae6c32c67154cb0b7d53f6f9da38185", @typed={0x5, 0x100, 0x0, 0x0, @str='\x00'}, @generic="d879bee6ec090d3b5c9cf63598577b349601c7"]}, @nested={0x1be, 0xa3, 0x0, 0x1, [@typed={0x8, 0xf3, 0x0, 0x0, @fd=r1}, @generic="11bd815d69d625f399fe4f9a7aabf9c51147d0538c22792cdf2e17876d5bda72cb6346d983b42d1052e12217abe2b48eb44a8beaa55edae3e5ac636ab787200e16cb4b08a60e1732aa1807590aefe4fe413f4be67793c629790a7a41b9c8bbe2b86b0ed01b23d50aea268c651f56bd3a8c0860e2933d10f3c7f09c4787", @typed={0xb3, 0x18, 0x0, 0x0, @binary="ab41d5347e1b735e9b70fca9d0501d438cc66000400091886bdb309f67b3dcb31448e89365f26c8b2c457b32996bac316e4ef5d9ba11550c99819a475b2e4556ea7863f71abeeacf0e48906f97fb37ec13d07a69270e998ec2acbbbe83311bf56e8b0e553faea34c1345167fddb42340181516c625dc0ff64c73ba2e579e1939efbc782e29114e7c2cffa592a7ef7f1b8436e121503a793dadaf8ffac46008705fd330951e29db491b7c6643459cf5"}, @generic="1d65d277bc221d1cb99450393c669c5526d2199caa5952abe95b82a89a9bc2252ccf407b97ace05132f3646ef3ea6a8be705e81a1802b01b07714afb5c59c9992094203abcef68d4ac08e2c3e770b8331ef95b56b03c6733bd1b1794b9a43cd0f97f43e01e778a1c093fbdf2f629d0aaebd2286d3190cc29409aaed65b14aff5b2"]}]}, 0x514}, 0x1, 0x0, 0x0, 0x8010}, 0x84) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000000280), 0xffffffffffffffff) r2 = socket(0x1e, 0x5, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000040)) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="580000000002000000000000000000000000000010000180f7000280050001000000000030"], 0x58}}, 0x0) r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)={0x18, 0x0, 0x0, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_DAEMON={0x4}]}, 0x18}}, 0x0) sendmsg$netlink(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{0x0, 0x24d8}], 0x1}, 0x0) r4 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r4, 0x4000000000000, 0x40, &(0x7f0000000040)=@raw={'raw\x00', 0x4001, 0x3, 0x218, 0x0, 0x720d, 0x148, 0x0, 0x148, 0x180, 0x240, 0x240, 0x180, 0x240, 0x7fffffe, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{}, {0x11e}}}}, {{@uncond, 0x0, 0x70, 0xb0}, @common=@inet=@TCPOPTSTRIP={0x40}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x278) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x10, &(0x7f0000001080)=ANY=[@ANYBLOB="180a0000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES64=0x0, @ANYBLOB="0000000000004000b70500000800000085000000a500000095000000"], &(0x7f0000000300)='GPL\x00', 0x4, 0xff8, &(0x7f0000001e00)=""/4088, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$kcm(r2, &(0x7f0000000580)={&(0x7f0000000600)=@vsock={0x28, 0x0, 0xffffffff, @my=0x1}, 0x80, &(0x7f00000003c0)=[{&(0x7f0000000680)="cd895b3140142cdca545a7dc574e97594bf753e64644312ebdba89d97ced9902ab158f122f5debefc80370cb466ba6f64fd5247cc1908720285d6ea26895a0fca0d9fafce6e520a4", 0x48}, {&(0x7f00000002c0)="42889dbe3fa3765e3da5ddfda8cd3a9c7dd2f158e8ada0f577a61d8a5e084a8922a50e258b4f81dfce6808b20a083dcb0bf95f71ba1988c87fccaf8e", 0x3c}, {&(0x7f0000000700)="254ed479f04e074511788a22d13e2f79c245c15ca145b2ef2cda05e896a0fb57f309ad2476367e02608df5bcf9e858ad827fb9ab4646d3ca79e9201277f003b9b0a84b13fcd2d8d7a686b39c", 0x4c}], 0x3, &(0x7f0000000980)=[{0xb8, 0x108, 0x7, "5c19cc3243a9d022e7400bc5872a5182289442307ab3d94118cb431844c4cc50faa2f89cebf83e94c8874b7e3a9ae0344be2954777495a1266bb6528d0b7dc8932d6ac85f19d6aabbb027c25488360059ddc831a5e5c670e0e0fe68cb1d4bcaa5bfd71c27d6353166ad63e7f9c9ddca7bdd62f51010f6c02580d12e247e7576008f1894bfdc6a8b9de0b6c5f645120a857d61590fdbf4c5b0c099cb8e7619b88e9386d61"}, {0x30, 0x102, 0x44, "d8e6e53d7ec901ef74bf3263da52cc3731882ffef616cbd1f876f08f56"}, {0x20, 0x1, 0xffffffff, "f4fd839c04d68c73efae72f5"}, {0x60, 0x10a, 0xfff, "f5ca88613df54ce02586765979fa08310920dd8912d6c45edacd9c5c7f80ee3b3b1d92711ca8595b215d91e14199765d8a046c93151e84fe29dd00241a3a0e2e28d68831397f42367c8dbb7b88cf"}], 0x168}, 0x4000800) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="5c000000020605000000000000000000000000000900020073797a31000000000500040000000000050005000200000005000100060000000c000780080006400000000016000300686173683a6e65742c706f72742c6e6574000000a0ab70ffcdaa3d654a95f55779519274ff3fd9e484a4682e4b6ef53fff3fd066db23f0ef62834e12dfe0fccae0856c95a2200335b126edfc06711a5a0c25734c31f1d462c17b7cfdf8aba147e688f87e51e6d9921dda3cbfb30be1d5d56335c1"], 0x5c}}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0), 0xffffffffffffffff) sendmsg$TIPC_NL_NET_SET(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000100)={0x20, r7, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_NET={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x5}]}]}, 0x20}}, 0x0) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0) 9.356208609s ago: executing program 4 (id=4246): bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000013c0)={{}, 0x0, &(0x7f0000001380), 0x8}, 0x20) r0 = socket(0xb, 0x0, 0x5) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="3400000011000500000000000000000007000000", @ANYRES32=r6, @ANYBLOB="000000000000000014001a80100004800c000880"], 0x34}}, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(r1, &(0x7f0000000600)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4400002}, 0xc, &(0x7f00000005c0)={&(0x7f0000000480)={0x128, 0x0, 0x300, 0x70bd26, 0x25dfdbfc, {}, [@NLBL_CIPSOV4_A_TAGLST={0x1c, 0x4, 0x0, 0x1, [{0x5}, {0x5, 0x3, 0x1}, {0x5}]}, @NLBL_CIPSOV4_A_TAGLST={0x4c, 0x4, 0x0, 0x1, [{0x5}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x6}, {0x5}, {0x5, 0x3, 0x6}, {0x5, 0x3, 0x2}, {0x5}]}, @NLBL_CIPSOV4_A_MLSCATLST={0xac, 0xc, 0x0, 0x1, [{0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xdc60}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5b1d63f3}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xbe7b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xf0a5}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x9991937}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc6da}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x816f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x224ea6d}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x182e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xf8c4}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1bd0652}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x2ceba7cb}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x639af61a}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4a6}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x6dad}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xf9e3}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7a24}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x586ff1b8}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x494f768}]}]}]}, 0x128}, 0x1, 0x0, 0x0, 0x20000804}, 0x4040) r7 = socket$l2tp(0x2, 0x2, 0x73) bind$inet(r7, &(0x7f0000000240)={0x2, 0x4e20, @multicast2}, 0x10) bind$inet(r7, &(0x7f0000000200)={0x2, 0x4e23, @rand_addr=0x64010102}, 0x10) getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000300)={0x0, 0x0}, &(0x7f0000000340)=0xc) setsockopt$inet_IP_IPSEC_POLICY(r7, 0x0, 0x10, &(0x7f0000000380)={{{@in=@empty, @in6=@remote, 0x4e22, 0x8000, 0x4e24, 0x2, 0xa, 0xa0, 0x100, 0xff, 0x0, r8}, {0xffffffffffffffff, 0x81, 0xffffffffffffffff, 0x1f99c78c, 0x5, 0x0, 0xea6, 0x1}, {0x4e3, 0xffffffffffffffff, 0x5, 0xfffffffffffffffc}, 0x6, 0x6e6bb8, 0x0, 0x0, 0x0, 0x1}, {{@in6=@loopback, 0x4d5, 0x2b}, 0x0, @in=@broadcast, 0x3502, 0x3, 0x2, 0x11, 0x1}}, 0xe8) setsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f00000002c0)={{{@in=@local, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x4e20, 0x0, 0x4e21, 0x7, 0xa, 0x0, 0x80, 0x2, r6, r8}, {0x6, 0x10000, 0x100000001, 0x2, 0xffffffff, 0x5, 0x1, 0x6}, {0xafc9, 0xffffffffffffff7f, 0x1, 0x1f}, 0x0, 0x6e6bbf, 0x2, 0x1, 0x0, 0x4}, {{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x4d4, 0x33}, 0xa, @in=@rand_addr=0x64010101, 0x3502, 0x1, 0x0, 0x6, 0x5, 0x6d1000, 0x7}}, 0xe8) sendmsg$DEVLINK_CMD_PORT_SET(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x44, r3, 0x1, 0x0, 0x0, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x6}}]}, 0x44}}, 0x0) r9 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r1) sendmsg$NLBL_MGMT_C_ADDDEF(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x4c, r9, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @private1}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_IPV6MASK={0xa, 0x6, @local}, @NLBL_MGMT_A_DOMAIN={0x6, 0x1, '*\x00'}]}, 0x4c}}, 0x0) syz_emit_ethernet(0x3ab, &(0x7f00000007c0)=ANY=[@ANYBLOB], 0x0) socket$inet_udp(0x2, 0x2, 0x0) socket(0x0, 0x0, 0x0) shutdown(0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff) r10 = socket$l2tp6(0xa, 0x2, 0x73) sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000640)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="230900000000000000000100000005000700000000000800090000000000060002000100000008000a000000000008001700", @ANYRES32=r10], 0x3c}}, 0x0) close(r10) 8.74289284s ago: executing program 2 (id=4247): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000000)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0xff, 0x1f}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42}]}) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r4 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r4, 0xc0184800, &(0x7f0000000100)={0x4, r3, 0x1}) add_key(0x0, 0x0, &(0x7f0000000340)="143fda06ec07c23fde3cb79ed88031e0525844da66056aa14d12625411d03e53ce8b21eb6a1f226e36e0cac952721ddf616e87e9ffe93ac1e52dd133000344f88e2bd1940b122e4b8bfe75b7064af951aebf4702ad6acc0594005cf451e566a70a32db2041f15744318ba584e6b34cb67ef7e7c0f5b45bb40534e3afdd3909e48f4e3e368043a32ed1c11081d1cbc2d4408637fcc3d9c30aa0f86b4d38219b35ad30cb1f4388f03e1d475300dde6374b94340632c98c8cb13273cece1688495104", 0xc1, 0x0) r5 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r5, 0xc100565c, &(0x7f0000000140)={0x0, 0x40, 0x4, {0x2, @raw_data="3d924b8271394fa4ec01eb92492ff84715d1a004d08b012a7cafe27a5f313d31bbdae50511ca5be6bfe92437ed0d21b5180e375be56b3b9306d7dbb26bf9f22de7ac7681cca450055250217bdf1113b4258293ba4efed33147bda8454dd115bd5ba066ba06f2854cc96db9a98055cbde9fd084a1223ada91ed2e832907a01ab5ee65f997b617f73d1aa5a6dfc47acdc5eb834f8e448469d235e4380cbcc3310200970349a3c1374ffec96177b67caa0656f9664277cadb8597e7d911ad1da457ef9744b0993c57a7"}}) ioctl$vim2m_VIDIOC_PREPARE_BUF(r5, 0xc058565d, &(0x7f00000003c0)=@fd={0x0, 0x2, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "f06e4b56"}, 0x0, 0x4, {}, 0x5c000000}) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000040)) syz_open_dev$sndmidi(&(0x7f0000000280), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) accept4(r0, 0x0, 0x0, 0x0) rseq(&(0x7f0000000040), 0x20, 0x0, 0x0) sync() r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r8 = dup(r7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x38011, r8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000001f80), 0xffffffffffffffff) r9 = socket(0x2, 0x1, 0x0) getsockopt(r9, 0x1, 0xe, &(0x7f0000000140)=""/120, &(0x7f0000000b00)=0x78) 8.428066436s ago: executing program 1 (id=4248): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) syz_mount_image$ext4(0x0, &(0x7f0000000440)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15) r4 = dup(r3) write$P9_RLERRORu(r4, &(0x7f0000000ac0)=ANY=[@ANYBLOB="5300000007000046009ce6e7e68cce73c582cfa39edf04e493585c78a7c3e3450db5"], 0x53) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[], [], 0x6b}}) ftruncate(0xffffffffffffffff, 0x800) lseek(0xffffffffffffffff, 0x0, 0x2) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0), 0x4) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@dellink={0x3c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r6}, [@IFLA_VFINFO_LIST={0x1c, 0x16, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, [@IFLA_VF_IB_PORT_GUID={0x14}]}]}]}, 0x3c}}, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)) pipe(&(0x7f0000000840)) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r8, &(0x7f0000000000)={0xa, 0x8000002, 0x0, @empty, 0xda6}, 0x1c) ioctl$int_in(r8, 0x0, 0x0) sendto$inet6(r8, 0x0, 0x0, 0x2200c851, &(0x7f0000000440)={0xa, 0x2, 0x6, @loopback}, 0x1c) shutdown(r8, 0x1) splice(r8, 0x0, r7, 0x0, 0x406f408, 0x0) umount2(0x0, 0x0) mount$bind(0x0, &(0x7f0000000480)='./file0/file0\x00', 0x0, 0x21, 0x0) 8.39137085s ago: executing program 3 (id=4258): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) keyctl$restrict_keyring(0x5, 0xffffffffffffffff, 0x0, 0x0) request_key(&(0x7f00000016c0)='id_resolver\x00', &(0x7f0000001ffb)={'syz', 0x3}, &(0x7f0000000080)='R\x10rusF\xd4co\x02\xd2\x88\xce\x1fT\x8c\xf9\x12\x13d\xf6\xcd*sgrVex:De', 0x0) socket$inet_udp(0x2, 0x2, 0x0) memfd_create(0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r0 = openat(0xffffffffffffff9c, 0x0, 0x103c41, 0x0) flock(r0, 0x5) truncate(&(0x7f0000000240)='./file0\x00', 0x0) r1 = landlock_create_ruleset(&(0x7f0000000140)={0x0, 0x2}, 0x10, 0x0) landlock_restrict_self(0xffffffffffffffff, 0x0) landlock_restrict_self(0xffffffffffffffff, 0x0) landlock_restrict_self(r1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_dev$sndpcmc(&(0x7f00000000c0), 0x2, 0x40081) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = dup(0xffffffffffffffff) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae09, 0x0) r4 = dup(r2) ioctl$KDSKBMODE(r2, 0x4b45, 0x0) ioctl$TIOCL_SETSEL(r4, 0x541c, &(0x7f0000001900)={0x2, {0xc, 0x0, 0xffff, 0x101, 0x100}}) syz_usb_connect$cdc_ncm(0x0, 0x6e, 0x0, 0x0) ioctl$USBDEVFS_CLAIM_PORT(r3, 0x80045518, &(0x7f00000001c0)=0x1) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x82, &(0x7f0000000100)={[{@auto_da_alloc}, {@nolazytime}]}, 0x9, 0x626, &(0x7f0000000d40)="$eJzs3c9vW0UeAPDvs/M7u5s0Wu1u97AbadVtJWjSpC2qEBKtkDhVVflxQOKCadKq1P2hJghSippK5YKEuHBA4sSBcuB/gEpInPgHOHDhhIoihHoBVWD0nGfjJn6JE2K7jT8fyfXMmxfPvMbfzHg8YwfQsybTfwoReyPiShIx0VDWF1nh5Op59366fia9JVGpvPBjEtdvJMuNj5Vk96MRkRb8OhbJVxExUVxf78LStQulcnn+apafXrx4ZXph6drB8xdL5+bPzV+afWL22NEjR4/NHGr4qbPPbvX69jSkT9567Y2xd0+9/MlH95OZT789lcTx2JeVpde11cfezGRMRiXTeDz9fz2205V1SbH+PPlDsvbAWs+0sUFsSe331x8R/4yxKDb8Nsfinee62jigrSpJ1PsooNck4h96VG0cUHtt39rr4IE2j0qATlg5EfH/evz3R0Qt/vtW5wZjqDo3MHIveWCeJ4mIQztQf1rH11+eupXeok3zcEBzyzcHs3n7tf1/Uo3N8Riq5kbuFR6I/0I2jTuezR8+v3E1Y3kFk2vyWf2D270eoHXLNyPiX83G/5vH/yvZfXr81W3WnxP/AAAAAAAAwDbcORERjzd7/69QX/8z0GT9z2hEHN+B+jd//69wdweqAZpYORHxVNP1v4XaKePFLPfX6nqA/uTs+fL8oYj4W0QciP7BND/T+KCfNfx0RBx8b+LDvPob1/+lt7T+2lrArB13+9asBporLZZ24NKh563cjPh3X/76n7T/T5r0/2l8X2mxjol9t0/nlW0e/0C7VD6O2N+0/0/q5yQbfz7HdHU8MF0bFaz3n7fe/zyvfvEP3ZP2/yMbx/9g0vh5PQtbe/yBiDi81FfJK9/u+H8gebEYDTsR3ywtLl6diRhITq4/Pru1NsOjZKj1U9+OiGo81OIljf8D/9t4/q8+/m+Iw+HsM75a8Y/fRr/LK9P/Q/esFCPmNu7/xx/s/7eemL09/kVe/adb6v+PVPv0A9kR83+wsVYDtNvtBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBHUSEi/hJJYaqeLhSmpiJGI+LvMVIoX15YfOzs5dcvzaVl1e//L9S+6XdsNZ/Uvv9/vCE/uyZ/OCL2RMQHxeFqfurM5fJcty8eAAAAAAAAAAAAAAAAAAAAHhKjq3fr9v+nvi92tWlAJ/Rl9+Idek9ftxsAdI34h94l/qF35cf/z/crVR1tDtBBrfb/lRttbgjQcdsc/3u7AHYBr/+hV/W3dtpQu9sBdIP+HwAAAAAAdpU9/73zTRIRy08OV2+pgays/sbgcLdaB7RTIa9gMJY72xKg06zhhd5l6Q/0rhYX/wK7WFJP/dJ0s3/+6v+kPQ0CAAAAAAAAAAAAANbZv7eF/f/ArpS7/x/Y9TbY/99sY4+PC4BdxP5/6F2D3W4A0HW1wX7eN/3b/w8AAAAAAAAAAAAAD4GhaxdK5fL81YWllhM3tnLyn0/8EHlFT3eyGTuVWC49FM14FBL9EbGmqDK2+rS9UCq/FJ1tTy1iOlHXQAfrykl06e8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwzu8BAAD//xeUKFM=") bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) 7.679862822s ago: executing program 4 (id=4249): openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000300), 0x1, 0x2) ioctl$VIDIOC_ENUM_FREQ_BANDS(r0, 0xc0405665, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0) r5 = dup(r4) write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c) write$P9_RMKNOD(r5, &(0x7f0000000040)={0x14, 0x13, 0x2, {0x4, 0x2}}, 0x14) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r6 = syz_open_dev$video4linux(&(0x7f0000000000), 0x100000000, 0x0) ioctl$VIDIOC_SUBDEV_S_CROP(r6, 0xc038563c, &(0x7f0000000080)={0x0, 0x0, {0x0, 0x7f, 0x0, 0x61f89ac7}}) r7 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$vim2m_VIDIOC_REQBUFS(r7, 0xc0145608, &(0x7f0000000100)={0x3, 0x2, 0x1}) r8 = dup(r7) mmap(&(0x7f0000fed000/0x12000)=nil, 0x12000, 0x2, 0x11, r8, 0x0) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f0000ffd000/0x1000)=nil) 7.678201833s ago: executing program 0 (id=4250): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000020000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, @void, @value}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) futex(&(0x7f0000004000), 0x5, 0x0, 0x0, 0x0, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = socket$netlink(0x10, 0x3, 0x15) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000040)={0x0, @dev, 0x0, 0x0, 'dh\x00'}, 0x2c) sendmsg$DEVLINK_CMD_SB_PORT_POOL_SET(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="04010000100053"], 0x104}}, 0x0) openat$cgroup_subtree(r4, &(0x7f0000000100), 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0xb, &(0x7f0000000040)=ANY=[], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x15, 0x4, 0x6, 0x20006, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r7 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r7, 0x4000000000000, 0x40, &(0x7f0000002700)=@raw={'raw\x00', 0x8, 0x3, 0x288, 0x0, 0x8, 0xfa04, 0x0, 0x6c02, 0x1f0, 0x194, 0x194, 0x1f0, 0x194, 0x3, 0x0, {[{{@ip={@empty=0x1e00, @broadcast, 0x0, 0x0, 'veth0_to_hsr\x00', 'veth0_virt_wifi\x00', {}, {}, 0x6}, 0x0, 0xa0, 0xc8, 0x0, {0x0, 0x74020000}, [@common=@inet=@tcp={{0x30}, {[], [], 0x0, 0x0, 0x7a}}]}, @common=@inet=@TCPMSS={0x28}}, {{@ip={@multicast2, @dev, 0x0, 0x0, '\x00', 'batadv_slave_0\x00'}, 0x0, 0xe0, 0x128, 0x0, {}, [@common=@unspec=@helper={{0x48}, {0x0, 'amanda\x00'}}, @common=@unspec=@connlabel={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2e8) r8 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r6}, &(0x7f0000000340), &(0x7f0000000380)=r8}, 0x20) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0) 7.408083884s ago: executing program 1 (id=4251): openat$mice(0xffffffffffffff9c, &(0x7f0000000000), 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$inet_udplite(0x2, 0x2, 0x88) inotify_init1(0x0) socket$inet_smc(0x2b, 0x1, 0x0) r0 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000400)='vlan1\x00', 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000080)='hugetlb.2MB.rsvd.limit_in_bytes\x00', 0x2, 0x0) read(r2, &(0x7f00000000c0)=""/138, 0x8a) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) capget(&(0x7f0000000000)={0x20080522}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x6c, 0x10, 0x609, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x44, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x34, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_EGRESS_QOS={0x28, 0x3, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x4, 0x3ec2}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x7, 0x4}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x7}}]}]}}}, @IFLA_LINK={0x8, 0x5, r5}]}, 0x6c}}, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$IPSET_CMD_FLUSH(r6, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x24, 0x4, 0x6, 0x401, 0x0, 0x0, {0x3, 0x0, 0x3}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x240058c4}, 0x40) syz_usb_connect(0x0, 0x24, &(0x7f0000000340)={{0x12, 0x1, 0x0, 0xe1, 0x23, 0x66, 0x8, 0x7c4, 0xa109, 0xf59, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x72, 0xe2, 0xf8}}]}}]}}, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_LIMIT_TYPE={0x8}, @NFTA_LIMIT_UNIT={0xc}, @NFTA_LIMIT_RATE={0xc}]}}}]}]}], {0x14}}, 0x80}}, 0x0) sendmmsg$inet(r0, &(0x7f00000000c0)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x10, 0x0}}], 0x1, 0x0) r7 = dup(r0) r8 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000240), r4) sendmsg$MPTCP_PM_CMD_SET_LIMITS(r7, &(0x7f00000003c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000380)={&(0x7f0000000500)=ANY=[@ANYBLOB="08010000", @ANYRES16=r8, @ANYBLOB="010028bd7000ffdbdf25050000000c00018008000300ac14141008000200070000001800068014000400fc020028e6000000000000000000000108000200030005004000068008000700", @ANYRES32=r5, @ANYBLOB="060005004e22000006000100d4220000050002000600000014000400fc000000000000000000000000000000060001000a00000048000180060005004e230000060005004e230000080006000e000000140004000000000000000000000000000000000008000300ffffffff050002000800000006000100010000000c00018008000300e000000208000200080000001c000680060005004e240000080006000000000008000600190000000500050040000000"], 0x108}, 0x1, 0x0, 0x0, 0x4}, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x40, 0x0) 5.471616597s ago: executing program 0 (id=4252): syz_mount_image$iso9660(&(0x7f00000000c0), &(0x7f0000000b40)='./file0\x00', 0x204018, &(0x7f0000000140)=ANY=[@ANYBLOB="6f76657272696465726f636b7065726d2c6e6f636f6d70726573732c686964652c73657373696f6e3d3078303030303030303030303030303032312c756e686964652c696f6368617273ff000000000000002c6f76657272696465726f636b7065726d2c626c6f636b3d3078303030303030303030303030303430302c005fb50aab29cf1d32d24be5ab2a6506aa524c8f1cd5781842ee1c86bee627767fee958f25bb6db8e631262ed8a59d337d730b6698271aeb8c31c1902a7e236e5dd878e6c1352c0c799d8e80d7346f8d2870acebe617c694bbb925d3ab4fb01784c564c03d88c81d2f84f58e8c6ba18548f09fa6"], 0x1, 0x550, &(0x7f0000000b80)="$eJzs3V9v01YfwPGfS/sQ5ZGqRw8TQlWBQ9mkIpXgJBAUcTPPOUkPOHZkO6i9QhVNUUUKE2XS2hvGDduk7UVwuxexF7N7tJewyXbS/0mA0qag7yeCc2of+/xOavknN/GxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsdyabRct8YzfXlKDubUwaO7+2Nv60AK5sa8Y0q+IlfyTXE4uZYsufbW7+mLy35zMZj/NSi4pcrL934v/u3dhcqK//ZCAT8Xm1vbTlW6382LcgZygy+cHr2to30SBaToNrUwUqGqlYt9arEeqbjwdLUexbio31E4chGrevaGK1WpZ6cJy0PYbNcfT/YV3b5Zsu6LuF1raCaPAv3W/ELmLxvOM30jbJKuTNneTA/GBiVWsnaZSa+vdTnnUAJJGxfdpVBrVqGSXSsViqVSs3KneuWvbk4cW2AfIoRbjP2gxXp/w7A0cz0Qv/4snRnxpy5KoI1+u1CSUQJoD1vf08/83t/TQfvfm/36Wv7S7ekbS/H9FRL4VuTIo/w+I5fRem7Il2/JUVqQrXenIi7FHdLqvhmjxxUgkgRhpipMuUb0lSqpSkYrY8kgWpS6RKKmLEU+0RLIskcSi0yPKlVC0OBJLIKEomRdXboiSolSlKmVRoqUgyxJIW3xpSE2cdC9rsp6+72VR1qAYdxoVBw4j3z/uOlIaMlryP47vU5/CgY/2Tz//AwAAAACAL5aV/vU9uf6fkstprW48bR9u+Nc4ogMAAAAAAJ9C+sn/bFJMJbXLYg24/gcAAAAAAJ8tK73HzhKRvFzNamtipbdL8UcAAAAAAAC+EOnn/1eSIp0D5apYO9OlcP0PAAAAAMAX4peRc+xHrfPWn39LGE5Zr1tLX1sb6dy8zsa5bLtzB/cY12es6d5O0qKSFZOTrp61clmjnUkw3/WKtVFxWLsBODsB/PQhAVyYlN/kWtbm2mpWrvbXZL3k68bTBTfw7hXFcaYnYr0U//Bs/UdJh/+r35y2crLe7RQeP++uprG8TvbyeqM3geKheRSHxPIynW8hvefiyBFPpTdi9PrNW7K23u3Ye8c/kW0+sb/HV9ND+nwjc1mrud6Mt/n9488lfRYLg0bfi6J4zJG/ketZm+vz17PiiChKo6Io7Y3i6Pfi+FGU90cxJQejKB8zCgAYl7URWciSQ3n3I85yH5fd5QOz+xuZz9rMz6Qn1smZI87o9qi8Yh8zu/1x6BlIg3Js0u/vB7Lq22SDtwP7jbySlbyF515ufC8XN7e2b65vrDzpPOk8K5XKFfu2bd8pyVQ6jF5B7gEAHCF7xo4MecbOyBbW7RFX1f/f+UpBQR7Lc+nKqiykdxuk3zg4cq/5PV9DWBhx1ZpP02T2hJeFIVd1/0nvcujvtzS07f4Yyif/iwAA4BTNDczDuffO/wsjrrv35/LhV8f5PU9rAwAAJ0OH76x8/LMVhqb1qFitFp14UaswcB+o0NQaWhk/1qG76PgNrVphEAdu4CWVh6amIxW1W60gjFU9CFUriMxSOn2g6j36PdJNx4+NG7U87URauYEfO26saiZyVav9nWeiRR2mG0ct7Zq6cZ3YBL6Kgnbo6oJSkdZ7Gpqa9mNTN0nVV63QNJ0wpx4GXrupVU1HbmhacZDtsN+X8etB2Ex3Wxj3mw0AwBmxubX9dKXb7bw4wcq4xwgAAPYjSwMAAAAAAAAAAAAAAAAAAAAAcPadxv1/VI5ZmTjjv6b+VNBnJZ73r5z/DGM+pcrIU8erEz85AThR/wYAAP//bYNNvw==") r0 = socket$inet(0x2b, 0x801, 0x0) r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x1c1842, 0x0) write$cgroup_devices(r1, 0x0, 0xffdd) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) socket$vsock_stream(0x28, 0x1, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r5, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f00000009c0)={0x24, 0x1, 0x4, 0x801, 0x0, 0x0, {0x0, 0x0, 0x4}, [@NFULA_CFG_CMD={0x5, 0x1, 0x2}, @NFULA_CFG_FLAGS={0x6}]}, 0x24}}, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, 0x0) setreuid(0x0, r6) sendmsg$unix(r4, &(0x7f00000016c0)={&(0x7f0000000240)=@abs={0x0, 0x0, 0x4e21}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x4081}, 0x20000000) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000000)={0x84, @loopback, 0x0, 0x0, 'lblc\x00'}, 0x2c) mount$9p_virtio(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x80442, &(0x7f0000000400)={'trans=virtio,', {[{@access_client}, {@msize={'msize', 0x3d, 0xe}}, {@access_client}, {@uname={'uname', 0x3d, 'udf\x00'}}, {@cache_loose}, {}, {@noextend}, {@mmap}], [{@smackfshat={'smackfshat', 0x3d, 'iso9660\x00'}}]}}) setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x485, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0) write$binfmt_script(r7, &(0x7f0000000140), 0xfcb8) ioctl$PPPIOCNEWUNIT(r7, 0xc004743e, &(0x7f0000000080)=0x3) mount(&(0x7f00000003c0)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='udf\x00', 0x0, 0x0) 5.321239975s ago: executing program 4 (id=4253): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x800714, &(0x7f0000000000)={[{@nobarrier}]}, 0xff, 0x485, &(0x7f0000001040)="$eJzs3M9rHFUcAPDvTJL+bhNrrba2Gq1i8UfSpFV78KCi4EFB0EM9xiSttdtGmgi2BI0i9SgF7+JR8C/w5kXUgwheFTxKoWgQmnqKzK9mu9mkSZpkbfbzgc2+t/Nm3/vOzNt9My+zAbSt3uxPErEjIn6LiO4ie3OB3uJpZnpy+Pr05HASs7Nv/JXk5a5NTw5XRav1tpeZw2lE+mkSzyfz6x2/cPHMUK02er7M90+cfa9//MLFp06fHTo1emr03ODx48eODjz7zODTqxJnFte1/R+OHdj3yluXXxs+cfntH7/JmrX3YLG8Po5but4koCZ6s63292yucdmjy2j7nWBnXTrpbGFDWJaOiMh2V1fe/7ujI+Z2Xne8/ElLGwesqey7afPCi6dmgQ0siVa3AGiN6os+O/+tHus09PhfuPpCxKYyPTM9OTxzI/7OSMvXu9aw/t6IODH175fZI5Z7HQIAYAXysc2TzcZ/aezNn4u5jl3lHEpPRNwVEbsj4u6I2BMR90TkZe+NiPuKlWe7l1h/b0N+/vgnvdK0zaskG/89Vzf2m6mLv3zq6ShzO/P4u5KTp2ujR8ptcji6Nmf5gUXq+O6lXz9faFn9+C97ZPVXY8GyAVc6Gy7QjQxNDK3WRrj6ccT+zmbxJzdmArIjYF9E7F/eW++qEqcf//rAQoVuHf8iVmGeafariMeK/T8VDfFXksXnJ/u3RG30SH91VMz30y+XXl+o/tuKfxVk+3/bzcd/Q4nuf5JivrYrarXR8+PLr+PS758teE6z0uN/U/JmPmf98zvFax8MTUycH4jYlLya56tzuvz1wbl1q3xVPov/8KHm/X93uU4W//0RkR3EByPigYh4sGz7QxHxcEQcWiT+H1585N1F4k8iiZbu/5Gmn383jv+epH6+fgWJjjPff7vQjPnS9v+xmMo/awv5598tLLWBt7n5AAAA4I6QRsSOSNK+It27I9K0r6/4H/49sS2tjY1PPHFy7P1zI8U9Aj3RlVZXurrrrocOJFPlOxb5wfJacbX8aHnd+IuOrXm+b3isNtLi2KHdbb+5/0fV/zN/drS6dcCac78WtK/G/p+2qB3A+lvK979zAdiYmvT/ra1oB7D+nP9D+2rW/z9qyBv/w8Y0v///0eQn64CNyPgf2pf+D+1L/4e2dDv39a88Ud0ssPL32bLkO/zbJVH94sVa1rU15l6JtOUht1Ei6zHrW+ncb6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcyf4LAAD///ss5ts=") mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x0) open(0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x88e, &(0x7f0000000780), 0x3, 0x434, &(0x7f00000002c0)="$eJzs289rHFUcAPDv7CataVMTS/3RtGq0isEfSZPW2oMXRcGDgqCHeoxJWmK3jTQRbAkaRepRCt7Fo+Bf4Ekvop4Er3qXQpFcWj2tzO5MsrvZTbPpJlvdzwcmeW/mLe99d+btvjdvJ4CeNZr+SSIGI+L3iBiqZusLjFb/3Vpdnvl7dXkmiXL5rb+SSrmbq8szedH8dfvzTF9E4bMkjjSpd/HylfPTpdLcpSw/sXTh/YnFy1eem78wfW7u3NzFqdOnT56YfOHU1PMdiTON6+bIRwtHD7/2zrU3Zs5ce/fnb5M8/oY4OmR0s4NPlssdrq67DtSkk74uNoS2FKvdNPor/X8oirF+8obi1U+72jhgR5XL5fIDrQ+vlIH/sSS63QKgO/Iv+nT+m2+7NPS4K9x4qToBSuO+lW3VI31RyMr0N8xvO2k0Is6s/PNVusXO3IcAAKjzfTr+ebbZ+K8QtfeF7s3WUIYj4r6IOBgRpyLiUETcH1Ep+2BEPNRm/Y2LJBvHP4Xr2wpsi9Lx34vZ2lb9+C8f/cVwMcsdqMTfn5ydL80dz96Tsejfm+YnN6njh1d++6LVsdrxX7ql9edjwawd1/v21r9mdnpp+k5irnXjk4iRvmbxJ2srAUlEHI6IkW3WMf/0N0dbHbt9/JvowDpT+euIp6rnfyUa4s8lm69PTtwTpbnjE/lVsdEvv159s1X9dxR/B6Tnf1/T638t/uGkdr12sf06rv7xecs5zXav/z3J23X7PpxeWro0GbEneb3a6Nr9Uw3lptbLp/GPHWve/w/G+jtxJCLSi/jhiHgkIh7N2v5YRDweEcc2if+nl594r27H2GAb8e+sNP7Zts7/emJPNO5pniie//G7ukqHo4340/N/spIay/Zs5fNvK+3a3tUMAAAA/z2FiBiMpDC+li4Uxserv+E/FPsKpYXFpWfOLnxwcbb6jMBw9BfyO11DNfdDJ7NpfZ6fasifyO4bf1kcqOTHZxZKs90OHnrc/hb9P/VnsdutA3ac57Wgd+n/0Lv0f+hd+j/0rib9f6Ab7QB2X7Pv/4+70A5g9zX0f8t+0EPM/6F36f/Qu/R/6EmLA3H7h+QlJDYkonBXNENihxLd/mQCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADojH8DAAD//ygv5wk=") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000900)=ANY=[@ANYBLOB]) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]}) r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000001280)='./file1\x00', 0x0, 0x0) ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000180)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0dd7597db5bea16000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005000000fdffffffffffffff00"/180]) mknodat$loop(r0, &(0x7f0000001600)='./file1\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./bus\x00') linkat(r0, &(0x7f0000000100)='./file1\x00', r0, &(0x7f0000000240)='./file0\x00', 0x0) open(&(0x7f0000000200)='./bus\x00', 0x161b42, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000540)='mountinfo\x00') read$FUSE(r2, &(0x7f0000004480)={0x2020, 0x0, 0x0, 0x0}, 0x2020) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYRESHEX=r3]) r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) fchdir(r4) close(r4) mknod(0x0, 0x1000, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x42c03, 0x0) rename(&(0x7f0000000000)='./bus\x00', &(0x7f0000000180)='./file1\x00') 5.010227781s ago: executing program 3 (id=4254): bind$alg(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8}, 0x0) ioctl$USBDEVFS_DISCONNECT_CLAIM(0xffffffffffffffff, 0x8108551b, 0x0) ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000380)=@urb_type_iso={0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/uts\x00') syz_open_procfs(r0, 0x0) rt_sigprocmask(0x0, &(0x7f0000000100)={[0xfffffffffffe]}, 0x0, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000b40)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8}, @NFTA_BITWISE_SREG={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x7c}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000540)='sys_enter\x00', r1}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xc, &(0x7f0000000000)={0x0, 0x6}, 0xb) iopl(0x3) fspick(0xffffffffffffffff, 0x0, 0x0) creat(&(0x7f0000000ac0)='./file0\x00', 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) bpf$BPF_PROG_TEST_RUN_LIVE(0xa, 0x0, 0x0) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) syz_emit_ethernet(0x86, &(0x7f0000000000)={@broadcast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x1b59, 0x64, 0x0, @wg=@response={0x2, 0x0, 0x0, "0002000000753904030405a024f0dd00", "9384bbeb3018ad591b661fe808b21b77", {"694c875dfb1be5d2a0057a62022a1564", "a329d3a13bd5b6cc6a9471314a1d8c69"}}}}}}}, 0x0) r3 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) preadv(r3, 0x0, 0x0, 0x0, 0x0) 4.574619451s ago: executing program 0 (id=4255): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$int_in(r0, 0x5421, &(0x7f0000000080)=0x10000) bind$inet(r0, &(0x7f0000000880)={0x2, 0x4e24, @loopback}, 0x10) r1 = socket$inet_smc(0x2b, 0x1, 0x0) bind$inet(r1, &(0x7f0000000140)={0x2, 0x4e22, @multicast2}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) getpeername$inet(r1, 0x0, &(0x7f0000000080)) sendmmsg(r0, &(0x7f0000003a80)=[{{&(0x7f00000000c0)=@in={0x2, 0x4e24, @loopback}, 0x80, 0x0}}], 0x1, 0x2c000011) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) syz_emit_ethernet(0x46, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c20000000800490000380000000000069078ac141400ac1e0001070357860c10245455f0095acaf41c0000ff0700", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000090780000"], 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$DCCPDIAG_GETSOCK(0xffffffffffffffff, 0x0, 0x0) r4 = epoll_create1(0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setlease(r4, 0x400, 0x2) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="18020000200000000000000000000000850000004100000095000000000000004be98911ed5a3cf4451d51e400827eef4df9eb3fd52b8f0a456c3a6cfd127868ad3fe3f9a9b946c97f9fc091e4c3f4b0a0d7ed298717a480c48868562f04005972b6a5265519fee4cb1b8b93f0b164770fd40c7a8060ce72beff7cda177e28a1a97b2c8c56a3f15b2f7a9b7ae2cf52d08555d3c3315e95095217bff8c9441a45fd00000000000000979ed4e35d21d13d428af521c553b9420385390207dc1634aee0244045e5c380e6090329d37b29a56c16d5c7bee160b91246bd2c205047bd92581165c774b1fd46072c161f1d33e6d5c1a5db7a714e3ed5468408f279bd9f98ec3c5ffd79cd37810f03000000b65d147fa05253a600adfb03775847b220369339529d434f3190c81c3dd501a780cfaaaa916c8a33ee4b52d18e160428893f33d206d3a7195e7f69c831099bdc940000aa2c2e61509bf6c58b100000000000000000000000005e3210346531c1eb14fbec6eb35d6f3e3853512c6bf186bd8b75d17aeeaa07"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000004d80)=0x10) r6 = syz_io_uring_setup(0xd79, 0x0, &(0x7f0000000100)=0x0, &(0x7f0000003580)) r8 = socket$inet_sctp(0x2, 0x5, 0x84) syz_io_uring_submit(r7, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r8, 0x80, &(0x7f0000000300)=@in={0x2, 0x0, @local}}) io_uring_enter(r6, 0x291c, 0x0, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_RTOINFO(r8, 0x84, 0xd, &(0x7f0000000000), &(0x7f0000000040)=0x10) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r5, r3, 0x25, 0x0, @void}, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000bc0)=ANY=[], 0x0) syz_emit_ethernet(0xc9, &(0x7f0000002480)={@remote, @multicast, @val={@void, {0x8100, 0x3, 0x0, 0x4}}, {@ipv6={0x86dd, @dccp_packet={0x1, 0x6, "0768e5", 0x8f, 0x21, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, @private1, {[@routing={0x0, 0xc, 0x1, 0x2, 0x0, [@private0, @private2={0xfc, 0x2, '\x00', 0x1}, @private1={0xfc, 0x1, '\x00', 0x1}, @empty, @mcast1, @remote]}], {{0x4e22, 0x4e24, 0x4, 0x1, 0xa, 0x0, 0x0, 0x1, 0x1, "397c1f", 0x4, "621755"}, "a5abf061d1d8e5ae8a8d6b9891282b64b135db12830971"}}}}}}, &(0x7f0000000000)={0x1, 0x7, [0x7b0, 0xa60, 0x16a, 0x6a]}) 4.558911603s ago: executing program 3 (id=4256): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18010000000020000000000000000000181900", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) r6 = socket(0x1e, 0x1, 0x0) connect$tipc(r6, &(0x7f0000000040)=@id, 0x10) shutdown(r6, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8970, &(0x7f0000000140)={'lo\x00', 0x0}) mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000290000/0x4000)=nil) syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000440)='./bus\x00', 0x0, &(0x7f0000000b40)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000018bbdecde39739fcd1df176dde746ec834120600000000003b814e50a959736d6572462abc30ef5b65c70f73ecea54b5e5bea9836c319f653557e79a002208ce996dda659bd5ba0f4ce5c2080002223dc60000000000000044cd0a1e3686873600000000005493b4b81d5b9fa9b40fe4d76afc3a989c6d60044e89eb96e44d01a1034e3797ffa86870b82939f41ffa0f3d726f085663c29cbdc4c766a7eb77cc36160191acf5ae7469c82ab4145b595b987d75912a0fcd1c061835294cc0c618aba204f8adaa20c80108d356cd88cc86177056b06e7068c40f807d9e539f8f5b64a8ee0725aa8d00000000007cb6020d90ea79b8027cf75964dd86c2ed2b5e75779677aa8c76b848dd03dab190b5f02ec52830a17b01eaae1c3df076000000000000000000000000000083a48a6b926c668b9b90195018ea3619f9d80a0b894e212178e1a19909d764666264fa29e2c055fd7f8e67c2acfb75f0a8d41692f4542a575ee42ed94a0014fba44985cca9df12fe93bfaccf0122a6e7e593613ac0111701b125cc6799c43aa4ff708dc4a00a6decad26f0378072a571da000000b1a6bdf03fd56697e348b5b494f6fddb9f56142a47a40ef81690a7eca421bd0ad198afa58ce69d61c29deaa93c0efea0df04f20020ee84075b4e1a2ad43d1be1138de4668e7b6137545708790c501f1ed7f6a571d500000000000000", @ANYRES64, @ANYRES64, @ANYRESDEC=0x0, @ANYRESHEX=0x0, @ANYRES32, @ANYRESHEX, @ANYRESDEC], 0x25, 0x5586, &(0x7f00000079c0)="$eJzs3EtvG2UXAOAzTtP71y9CLNh1pAopkWqrTi+CFQVacRGtKi4LVuDYruXW9kSx44SsumCJWPBPEEisWPIbWMASdogFiB0SyDMTaNoGSuM4avs80vjMHL8+874jK9KZiRzAU2sh/e2XJE7FsYiYi4iTSeT7SblF3Im4XIx9LiJOR0Tlri0p838lDkfE8Yg4NSle1EzKtz47Oz5z8ec3f/362yOHTnz+1XcHunDgQD0fEf3VYn+jX8SsU8RbZb4x7uaxf2FcxtUdNfpZkd9or+QVNhrb4xp5PN8pxmer68NJvNlrNCex072Z51cHxQmH4852nckH0luNtfy41V7JY3eY5bGzVZx3c6v427Y1HBV1WmW9j/LyMRptxyLf3mwX61m9ncfmYFTmi7pZq705ieMylqeLZtZr5fNYecSL/Bh4qztY30zH7bVhNxukF2v1F2r1S9X6WtZqj9oXqo1+69KFdLHTmwyrjtqN/uVOlnV67Voz6y+li51ms1qvp4tX2ivdxiCt12vna+eqF5fKvbPpa9ffS3utdHESX+kO1kfd3jC9ma2lxSeW0uXa+ReX0jP19J1rN9Ibb1+9eu3Gux9cef/6y9feeLUcdN+00sXlc8vL1fq56nJ96Sla/8flpP/D+pMHp3/4fm+XDQq7fMEA2N19/X/c2/+H/h+Yur30//3b5fH+9P/xMP1/TLP/n7RU+v9/738rB9D/zof+fx/XD3vyaP3/4anPAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAmftx/ovX852F4vhEmf9fmXqmPE4iohIRfzzAXBzeUXOurDO/y/j5e+bwTRJ5hck5jpTb8Yi4XG6//3+/rwIAAAA8ub68c/rTolsvXhYOekLMUnHTpnLywynVSyJifuGnKVWrTF6enVKx/Pt9KDanVC2/gXV0SsWKW26HplXtocztCEfvCkkRKjOdDgAAMBM7O4HZdiEAAADM0if/+O5LM5sHM5bE9qPM7WfB+X/e//1A8NiO9wAAAIDHUHLQEwAAAAD2Xd7/+/0/AAAAeLIVv/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf7JzP7lpA1EcgJ8Nhv5VUdV9r9IdHKNH6LLLwgF6CY5Ar9ALcAYiZZEjRBBhT5CcgBSJMU7Q90m2M+Po5xlg88bSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXbqpVrN/f77/PTdnuztPntkAAAAAx2yq1az+Y9K0P6b+z6nra2oXEVFGxLHafRCjVuYg5VQn/r96Mob/EXXCvn+cjg8R8SMd91+6/hQAAADgeq0Xy2lTrTentARw2++ouJBm0ab89DNTXhER1eQuU1q5P33LFFb/vofxO1NavYD1LlNYs+Q2PH5vlOshbYPW5XEm8/pLrFtlN88FAAD61K4ETlQhAAAAXIFffQ+AS3he2heH0+E947i5pBeC71stAAAA4A0q+h4AAAAA0Lm6/n9N+/8V9v8DAACA7Jr9/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOjSplrN1ovl9NT9+Qtztrvz5JsRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLA/7ygQAmEQBnvXdyZz/8NKg4bGJlUgfPyNwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJvf/eX/xNQ4k8y9NpaeR5K1U2Pr1Ng7N47+ML5+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxf68pEAIBEEUzBn/O+n7H1YS9AwiREDDo4paNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwRb/75f/E1DiTzJ02lo5HkrWrxtZVY+9B4+jBePs3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxb799EZRhgEAf3anu1DUWKtpYtVgwkEvUhYEuRqjaTz4EUyassXqIgo9CGnEXryZnrkYPRpjoqm3fgfONOGCNw491MSTh5r5V2bbFRqUmUJ/v+Td99nZ4f23E9Jn3lkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABKm+/Gq+0iTtKXiTwuj93eWp5P641ddWp99c50WtK4VfO4nwCvVd8cn2puIAAAABweSZnfR8TdztpsWrcnsvy/U56T5vw/PJfHZT6/O+/f2Fo+Wnw0Xeb/v/9276WdjiaSrJ+00YXFQf/U3qGMPaYpHnjPP/SMsWzls3svSfaFtD9ceXGzk61n67tbt97vZuGROkYLADyKk2VdBOXfQ2nda3JgABwaY5XEu8z/k4lmxwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQh82VeKaMWxExPXY/Tm1sLc+Pqr9ZvTO9XpRzN2+uVttMm+hExMLioH+qxrkcXOVqXv9sbjDoX7l6re7geESM+OjG/v55Ugz/X8/pRsTQkRMvj2jn4330taudPUFxeUa9aziezu+hJ7eGjrT2LPh727kmLoC6gnbx/TyOLsZr/96Hg/La+/9brvm/IwAAnnqdoqSZ6N3O2mx6rDUZsf3jcP7/RiWOobx/+0Z+JH+/Xsn/731y7na1r2r+36tpfk+CmaVLX8xcvXb9rcVLcxf7F/ufv326907vzPmzZ8/PZPdKZhai7Y4JAAAA/0G3KNX8vz25d///WCWOB+z/51vCef7/5fe9r6t9JfL/ke5v+jU9EgAAgMOouxO98Ppff7ZGnNHqduOruaWlK738def96fy11uE+oiNFqeb/yWTTowIAAADqsLnSGtr/v1CJ4wH7/9Xn/5/96ZVfqm0mETEecTki+ifnLw8u1DedA62OHypnHXWbnikAAABNGS9Kdf+/kz3/39555KEdEW+eiPi7+A1/7DP/Tz749udqX9Xn/8/UOsuDpz2Vr0dWT0WMTTU9IgAAAJ5mR4uSJvt/dNZmP/312Eddz/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1O2fAAAA//+FVSwP") open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[], 0x188}}, 0x0) open(&(0x7f0000000280)='./bus\x00', 0x800, 0x42) 4.444777316s ago: executing program 0 (id=4257): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x800714, &(0x7f0000000000)={[{@nobarrier}]}, 0xff, 0x485, &(0x7f0000001040)="$eJzs3M9rHFUcAPDvTJL+bhNrrba2Gq1i8UfSpFV78KCi4EFB0EM9xiSttdtGmgi2BI0i9SgF7+JR8C/w5kXUgwheFTxKoWgQmnqKzK9mu9mkSZpkbfbzgc2+t/Nm3/vOzNt9My+zAbSt3uxPErEjIn6LiO4ie3OB3uJpZnpy+Pr05HASs7Nv/JXk5a5NTw5XRav1tpeZw2lE+mkSzyfz6x2/cPHMUK02er7M90+cfa9//MLFp06fHTo1emr03ODx48eODjz7zODTqxJnFte1/R+OHdj3yluXXxs+cfntH7/JmrX3YLG8Po5but4koCZ6s63292yucdmjy2j7nWBnXTrpbGFDWJaOiMh2V1fe/7ujI+Z2Xne8/ElLGwesqey7afPCi6dmgQ0siVa3AGiN6os+O/+tHus09PhfuPpCxKYyPTM9OTxzI/7OSMvXu9aw/t6IODH175fZI5Z7HQIAYAXysc2TzcZ/aezNn4u5jl3lHEpPRNwVEbsj4u6I2BMR90TkZe+NiPuKlWe7l1h/b0N+/vgnvdK0zaskG/89Vzf2m6mLv3zq6ShzO/P4u5KTp2ujR8ptcji6Nmf5gUXq+O6lXz9faFn9+C97ZPVXY8GyAVc6Gy7QjQxNDK3WRrj6ccT+zmbxJzdmArIjYF9E7F/eW++qEqcf//rAQoVuHf8iVmGeafariMeK/T8VDfFXksXnJ/u3RG30SH91VMz30y+XXl+o/tuKfxVk+3/bzcd/Q4nuf5JivrYrarXR8+PLr+PS758teE6z0uN/U/JmPmf98zvFax8MTUycH4jYlLya56tzuvz1wbl1q3xVPov/8KHm/X93uU4W//0RkR3EByPigYh4sGz7QxHxcEQcWiT+H1585N1F4k8iiZbu/5Gmn383jv+epH6+fgWJjjPff7vQjPnS9v+xmMo/awv5598tLLWBt7n5AAAA4I6QRsSOSNK+It27I9K0r6/4H/49sS2tjY1PPHFy7P1zI8U9Aj3RlVZXurrrrocOJFPlOxb5wfJacbX8aHnd+IuOrXm+b3isNtLi2KHdbb+5/0fV/zN/drS6dcCac78WtK/G/p+2qB3A+lvK979zAdiYmvT/ra1oB7D+nP9D+2rW/z9qyBv/w8Y0v///0eQn64CNyPgf2pf+D+1L/4e2dDv39a88Ud0ssPL32bLkO/zbJVH94sVa1rU15l6JtOUht1Ei6zHrW+ncb6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcyf4LAAD///ss5ts=") mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x0) open(0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x88e, &(0x7f0000000780), 0x3, 0x434, &(0x7f00000002c0)="$eJzs289rHFUcAPDv7CataVMTS/3RtGq0isEfSZPW2oMXRcGDgqCHeoxJWmK3jTQRbAkaRepRCt7Fo+Bf4Ekvop4Er3qXQpFcWj2tzO5MsrvZTbPpJlvdzwcmeW/mLe99d+btvjdvJ4CeNZr+SSIGI+L3iBiqZusLjFb/3Vpdnvl7dXkmiXL5rb+SSrmbq8szedH8dfvzTF9E4bMkjjSpd/HylfPTpdLcpSw/sXTh/YnFy1eem78wfW7u3NzFqdOnT56YfOHU1PMdiTON6+bIRwtHD7/2zrU3Zs5ce/fnb5M8/oY4OmR0s4NPlssdrq67DtSkk74uNoS2FKvdNPor/X8oirF+8obi1U+72jhgR5XL5fIDrQ+vlIH/sSS63QKgO/Iv+nT+m2+7NPS4K9x4qToBSuO+lW3VI31RyMr0N8xvO2k0Is6s/PNVusXO3IcAAKjzfTr+ebbZ+K8QtfeF7s3WUIYj4r6IOBgRpyLiUETcH1Ep+2BEPNRm/Y2LJBvHP4Xr2wpsi9Lx34vZ2lb9+C8f/cVwMcsdqMTfn5ydL80dz96Tsejfm+YnN6njh1d++6LVsdrxX7ql9edjwawd1/v21r9mdnpp+k5irnXjk4iRvmbxJ2srAUlEHI6IkW3WMf/0N0dbHbt9/JvowDpT+euIp6rnfyUa4s8lm69PTtwTpbnjE/lVsdEvv159s1X9dxR/B6Tnf1/T638t/uGkdr12sf06rv7xecs5zXav/z3J23X7PpxeWro0GbEneb3a6Nr9Uw3lptbLp/GPHWve/w/G+jtxJCLSi/jhiHgkIh7N2v5YRDweEcc2if+nl594r27H2GAb8e+sNP7Zts7/emJPNO5pniie//G7ukqHo4340/N/spIay/Zs5fNvK+3a3tUMAAAA/z2FiBiMpDC+li4Uxserv+E/FPsKpYXFpWfOLnxwcbb6jMBw9BfyO11DNfdDJ7NpfZ6fasifyO4bf1kcqOTHZxZKs90OHnrc/hb9P/VnsdutA3ac57Wgd+n/0Lv0f+hd+j/0rib9f6Ab7QB2X7Pv/4+70A5g9zX0f8t+0EPM/6F36f/Qu/R/6EmLA3H7h+QlJDYkonBXNENihxLd/mQCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADojH8DAAD//ygv5wk=") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000900)=ANY=[@ANYBLOB]) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000240)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000001280)='./file1\x00', 0x0, 0x0) ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000180)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0dd7597db5bea16000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005000000fdffffffffffffff00"/180]) mknodat$loop(r0, &(0x7f0000001600)='./file1\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./bus\x00') linkat(r0, &(0x7f0000000100)='./file1\x00', r0, &(0x7f0000000240)='./file0\x00', 0x0) open(&(0x7f0000000200)='./bus\x00', 0x161b42, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000540)='mountinfo\x00') read$FUSE(r2, &(0x7f0000004480)={0x2020, 0x0, 0x0, 0x0}, 0x2020) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)=ANY=[@ANYRESHEX=r3]) r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) fchdir(r4) close(r4) mknod(0x0, 0x1000, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x42c03, 0x0) rename(&(0x7f0000000000)='./bus\x00', &(0x7f0000000180)='./file1\x00') 4.347369208s ago: executing program 2 (id=4259): open(&(0x7f0000000580)='./file0\x00', 0x100000001a1540, 0x88) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000440)={0x0, 'erspan0\x00'}, 0x18) setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0) lsetxattr$security_capability(0x0, &(0x7f00000000c0), &(0x7f0000000040)=@v2={0x2000000, [{0x2, 0x3}, {0x1, 0x81}]}, 0x14, 0x2) r1 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$VHOST_NET_SET_BACKEND(0xffffffffffffffff, 0x4008af30, &(0x7f0000000000)={0x3}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000001a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, 0xffffffffffffffff) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x8, 0x1c, &(0x7f00000005c0)=ANY=[@ANYBLOB="1808000000000000000000000700000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000b7020000000000007b2af0ff00000000d609080000000000db9af0ff41000000bf8600000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018280000", @ANYRES32=r3, @ANYBLOB="0000000000000000b705000008000000150000007600006626629700000000005608e1ffffff00008500000007000000b70000000000000095000000000000000703c4060e4d2a0bcf66ed1d4feffcb12c3abd1ce889859fd27fdf96397c18759a3549979422a2"], &(0x7f00000002c0)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r5 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x20080, 0x0) dup(r5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x38011, 0xffffffffffffffff, 0x0) syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0) r6 = syz_open_dev$dri(&(0x7f0000000080), 0x89, 0x8a403) r7 = syz_open_dev$dri(&(0x7f0000000080), 0x8d, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000780)=[0x0], 0x0, 0x0, 0x0, 0x30}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r6, 0xc05064a7, 0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000040000000160a01000000000000000000010000000900010073797a30000000000900020073797a3000000000140003800800014000000000080002400000000050000000160a0101000b000000000000010000000900020073797a30000000000900010073797a30000000001c00038018000380140001007465616d30000000000000000000000008000740000020"], 0xd8}}, 0x0) ioctl$VIDIOC_S_PRIORITY(r1, 0x40045644, 0x20000000) 4.345523728s ago: executing program 1 (id=4260): openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0) openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000495"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10) r4 = syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_TTSTAMP(r4, 0x80184151, 0x0) r5 = openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFMT(r5, 0xc0045005, &(0x7f0000002080)=0x2) ioctl$SNDCTL_DSP_STEREO(0xffffffffffffffff, 0xc0045003, &(0x7f0000000100)=0x1) mmap$dsp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x100000b, 0x8012, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(0xffffffffffffffff, 0x40045532, &(0x7f0000000100)) syz_open_dev$sndpcmp(0x0, 0x0, 0x0) r6 = socket(0x40000000015, 0x5, 0x0) connect$inet(r6, &(0x7f0000000000)={0x2, 0x0, @loopback}, 0x10) setsockopt$RDS_CONG_MONITOR(r6, 0x114, 0x6, &(0x7f0000000080)=0x1, 0x4) bind$inet(r6, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x57) ppoll(&(0x7f0000000040)=[{}], 0x1, &(0x7f00000000c0)={0x0, 0x3938700}, 0x0, 0x0) 2.899874205s ago: executing program 4 (id=4261): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) r1 = eventfd(0x0) ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f0000000c00)={0x1, 0x0, [{0x0, 0xaf, &(0x7f00000007c0)=""/175}]}) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f00000005c0)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0}) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f0000000680)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r2, 0xc0182101, &(0x7f0000000200)={r3}) r4 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x4040, 0x40) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r4, 0x800c6613, &(0x7f0000000300)=@v1={0x0, @aes128, 0x2, @desc4}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f0000000180)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r2, 0x40182103, &(0x7f0000000240)={r5, 0x1, r2, 0x3, 0x80000}) r6 = accept4$inet6(0xffffffffffffffff, &(0x7f00000002c0), &(0x7f0000000580)=0xfffffffffffffc5a, 0x80800) r7 = openat$full(0xffffffffffffff9c, &(0x7f0000000480), 0x420040, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f0000000340)={'batadv0\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000380)={r7, r8, 0x25, 0x10, @void}, 0x10) accept4$inet6(r6, &(0x7f0000000500)={0xa, 0x0, 0x0, @empty}, &(0x7f0000000540)=0x1c, 0x800) getsockopt$inet6_IPV6_XFRM_POLICY(r6, 0x29, 0x23, &(0x7f00000009c0)={{{@in6=@private2, @in6=@mcast1}}, {{@in=@broadcast}, 0x0, @in6=@local}}, &(0x7f00000004c0)=0xe8) ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r2, 0x40082102, &(0x7f0000000080)=r5) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r2, 0xc0182101, &(0x7f0000000280)={r5}) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="b40000004900d96d28bd7000fedbdf250a003800", @ANYBLOB="88502588c213cc2881347152060b52ca00035f00cf838f23008afd722c4a286bb3609659db88e76d69b490b9c1759e828a923d", @ANYBLOB="0100000014000100fcf8000000000000000000000000000014000100fe8000000000000000000000000000aa080002"], 0xb4}}, 0x0) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000000040)={0x4, 0x3, 0x7ffffffff000, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000600)={&(0x7f00000004c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x60, 0x2}}, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) 2.102015697s ago: executing program 1 (id=4262): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58) accept4$alg(r0, 0x0, 0x0, 0x0) accept4(r0, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000480)=0x4) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)={0x20, 0x10, 0x701, 0x0, 0x0, {0xa}, [@typed={0xc, 0x2, 0x0, 0x0, @str='nl80211\x00'}]}, 0x20}}, 0x0) recvmmsg(r5, &(0x7f0000003e00)=[{{&(0x7f00000002c0)=@pppol2tp, 0x80, &(0x7f00000010c0)=[{0x0}, {&(0x7f0000000a40)=""/211, 0xd3}, {&(0x7f0000000b40)=""/155, 0x9b}, {&(0x7f0000000c00)=""/200, 0xc8}, {&(0x7f0000003fc0)=""/247, 0xf7}, {&(0x7f0000000440)=""/28, 0x1c}, {&(0x7f0000000e00)=""/202, 0xca}, {0x0}, {0x0}, {&(0x7f0000001040)=""/90, 0x5a}], 0xa, &(0x7f0000001180)=""/209, 0xd1}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000001300)=""/28, 0x1c}, 0x1}, {{&(0x7f0000001340)=@caif, 0x80, &(0x7f00000016c0)=[{&(0x7f0000001440)=""/147, 0x93}, {&(0x7f00000040c0)=""/246, 0xf6}, {&(0x7f0000001600)=""/157, 0x9d}], 0x3}, 0x80}, {{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000001700)=""/191, 0xbf}, {&(0x7f0000001800)=""/56, 0x38}], 0x2}, 0x7}, {{&(0x7f0000000d00)=@phonet, 0x80, &(0x7f0000003f40)=[{0x0}, {0x0}, {&(0x7f0000001c00)=""/146, 0x92}, {&(0x7f0000002d80)=""/4109, 0x100d}, {&(0x7f0000002cc0)=""/39, 0x27}, {&(0x7f0000000d80)=""/97, 0x61}], 0x6}, 0x10}], 0x5, 0x160, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) ptrace$peek(0x3, r2, &(0x7f00000000c0)) open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x0) bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0) ioctl$RTC_SET_TIME(r1, 0x4024700a, &(0x7f0000000040)={0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x669, 0x1}) syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0xa0401a, &(0x7f00000000c0)=ANY=[], 0x1, 0x552, &(0x7f00000004c0)="$eJzs3W9v09YewPGf++dSciV0de8VF1UFDuVOKlIJTgKpIh55zkl6ILEj20HtI1TRFFWkMFEmrX2y8YRt0vYieLoXsXeE9hI22U5K/yRxR5u2qr6faPOJfezzO27kH25zjgUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIjlVm27YEnDeO0VNZxbDfzm57e9vY+skHsHFiPaFbHi/2RmRm6kq2789/Pm6/H/5mUufTcnM/FiRnb/ef1fj/8zNdHff0TAp2HySDcP2d7ZfbXW7XbejjmQ83TzyvBtde2Z0DdNp66VCX1VKZftB8u1UNVMQ4erYaSbyg20E/mBWnDvqUKlUlI6v+q3vXrVaej+yqX7Rdsuqyf5lnaC0PcePMmH7rJpNIxXT+rEm+M6S/EH8amJVKSdplIbm91OKasDcaXCcSoVsyoV7WKxUCgWC+VHlUdLtj11ZIV9iBypMfYPLS64U7pyAyc30cv/0hAjnrRlRdTAlytVCcSX5pDtPf38/9UDfXVUu/vzfz/L3/i8eVaS/H8rfXdrWP4fEsvZvbZlR3bllaxJV7rSkbfnHtHZvuqixRMjofhipClOskb11iipSFnKYstzWZaahKKkJkYaoiWUVQklEp18olwJRIsjkfgSiJIFceWeKClIRSpSEiVa8rIqvrTFk7pUxUmOsiGbyXkvjYhxr1JhaJVc/3PXkeKII5H/cUwTw3/Mp3sBB07gz37+BwAAAAAAl5aV/PY9vv+flptJqWYa2j7vsAAAAAAAwClK/vI/Fy+m49JNsbj/BwAAAADgsrGSMXaWiOTkdlraECsZLsUvAQAAAAAAuCSSv//fihfJHCi3xdqbLoX7fwAAAAAALomfMufYD1tXrN//kCCYtt63Vv5vbTlxPWerNzn+5OEjRrVZ61rvIMmiPNV75+o5qzf75d4kmL3dP23EcVwdEYd1CgHIL3InrXNnPV2u97ekreRqpqHzrt94XBDHuTYR6ZXo29eb30nS/Z+95jVLNja7nfyLN931JJb38VHeb/UmUDwyj+KIWN4l8y0kYy4G9ng6GYjRazeXtmvv7/9EuvvE32jzg8yndeZ7M97mDvZ/Jm6zkB/W+14UhRP2/IPcTevcXbibLgZEUcyKorg/ii86F4OimOnvmUZRyoqidMIoAOC8bGRkIeto4v+Cq9xG1r8yTiW7f5CFtM7CbHJhnZodkFfsrCu6fcLs9tuRZyANy7Fxu78eyqof4x0+Dm03bBSt+BROvtv6Rq5v7+ze39xae9l52XldLJbK9kPbflSU6aQbvQW5BwAwQPYzdjJrWA8z7qr/vfeVgry8kDfSlXVZTEYbJN84GHjU3L6vISxm3LXmkjSZPuFlccS95T+SUQ794xZH1j0YQ2n8PwgAAM7QfEYePk7+X8y47z6Yy0ffHef2Pa0NAACMhw4+WbnoRysITOt5oVIpONGyVoHvPlWBqda1Ml6kA3fZ8epatQI/8l2/EReemaoOVdhutfwgUjU/UC0/NCvJk99V79HvoW46XmTcsNXQTqiV63uR40aqakJXtdpfN0y4rINk57ClXVMzrhMZ31Oh3w5cnVcq1HpfRVPVXmRqJi56qhWYphOsqmd+o93UqqpDNzCtyE8P2G/LeDU/aCaHzZ/3yQYA4ILY3tl9tdbtdt6OsXDefQQAAAeRpQEAAAAAAAAAAAAAAAAAAAAAuPiOMYDv9gnH/8kPIqc5oHByrEMVreOeFgqDC9NyIcK41IWl/6WFK2NsK/PS8f0ZXJ4AjNFfAQAA//8BNUkH") bpf$ENABLE_STATS(0x20, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB='-0'], 0x9) 1.99205766s ago: executing program 2 (id=4263): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000840)='./file1\x00', 0x2000040, &(0x7f00000007c0)={[{@dioread_nolock}, {@nodiscard}, {@noquota}, {@init_itable}, {@stripe={'stripe', 0x3d, 0x79}}, {@resgid}, {@sysvgroups}, {@noacl}, {@usrquota}]}, 0x10, 0x4d2, &(0x7f00000002c0)="$eJzs3c9rHG8ZAPBnJtlvf+VrUvVQC7bFVtKi3U0a2wYPtYLYU8Fa7zUmmxCyyYbspm1CkRTvCiIqePLkRfAPEKR/gggFvUsVRbTVgwd1ZWdnaxt3m0i3OzX5fGA67zvv7j7P27Az88687ARwaJ2LiJsRMRIRlyJiPN+e5sutdvudzutePH80316SaLXu/jmJJN/W/awkX5+IiJ2IOBoRX70V8Y3kv+M2trZX5mq16kZerzRX1yuNre3Ly6tzS9Wl6trMzPS12euzV2enBtLPiYi48aXff/87P/nyjV989sFv7/3x4jfbaY3l7a/2Y5A6XS9l/xddoxGx8S6CFWAkX5f6tH97ZIjJAACwp/Y5/kcj4lPZ+f94jGRnpwAAAMBB0vrCWPwjiWgBAAAAB1aazYFN0nI+F2As0rRc7szh/XgcT2v1RvMzi/XNtYXOXNmJKKWLy7XqVD5XeCJKSbs+nc+x7dav7KrPRMTJiPje+LGsXp6v1xaKvvgBAAAAh8SJXeP/v41n4/8jRecFAAAADNhE0QkAAAAA75zxPwAAABx8xv8AAABwoH3l9u320uo+/3rh/tbmSv3+5YVqY6W8ujlfnq9vrJeX6vWl7Df7Vvf6vFq9vv65WNt8WGlWG81KY2v73mp9c615b/m1R2ADAAAAQ3Ty7JPfJBGx8/lj2dL2QdFJAUOR7NGePSTkWV753RASAoZmpOgEgMKMFp0AUJhS0QkAhdvrOkDfyTu/HHwuAADAuzH5if73/10bgIMtLToBAGDo3P+Hw6v0+gzAq8VlAhTlI3u0v/39/1brf0oIAAAYuLFsSdJyfi9wLNK0XI74MHssQClZXK5Vp/Lxwa/HS0fa9ensncmec4YBAAAAAAAAAAAAAAAAAAAAAAAAgI5WK4kWAAAAcKBFpH9Isl/zj5gcvzC2+/rAB8nfx7N1RDz40d0fPJxrNjem29v/8nJ784f59itFXMEAAAAAduuO07vjeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYpBfPH813l2HG/dMXI2KiZ/yzR7PV0ShFxPG/JjH6yvuSiBgZQPydxxFxqlf8pJ1WTEQni17xjxUYP42IEwOID4fZk/b+52av718a57J17+/faL68rf77vzS6+7+RPvufD/cZ4/TTn1X6xn8ccXq09/6nGz/pE//8PuN//Wvb2/3aWj+OmOx5/Elei1Vprq5XGlvbl5dX55aqS9W1mZnpa7PXZ6/OTlUWl2vV/N+eMb77yZ//6039P94n/sQe/b+wz/7/8+nD5x/rFEu94l883/v4e6pP/DQ/9n06L7fbJ7vlnU75VWd++qszb+r/Qp/+v/z79zjQtmNe3Gf/L9351rN9vhQAGILG1vbKXK1W3fh/LKTxXqShMJDCkfcjDYVOoeg9EwAAMGj/OekvOhMAAAAAAAAAAAAAAAAAAAA4vIbxc2K7Y+4U01UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgDf6dwAAAP//sf7Zeg==") bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000740)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1810714, &(0x7f0000000140)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x200000}}, {@user_xattr}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x200000}}, {@sb={'sb', 0x3d, 0x1}}, {@prjquota}, {@usrquota}, {@usrjquota}, {@nojournal_checksum}, {@test_dummy_encryption}]}, 0xff, 0x468, &(0x7f0000000780)="$eJzs289vFFUcAPDvzG4BQdmKiIIgVTRp/NHSgsrBxGg08aCJiR7wWNtCkIUaWhMhjVZj8GhIvBuPJv4FnjwZ9WTiFY8mhoQoMQG9uGZ2Z0q77JbWbtlN9/NJBt6befve+3bmzb6dtxtA3xrK/kki7o6IyxFRaWSXFxhq/Hfj2vzk39fmJ5Oo1d78I6mXu35tfrKWK163I69zOI1IP03yRmJgabWz5y+cnqhWp8/l+dG5M++Nzp6/8PSpMxMnp09Onx0/duzokbHnnh1/pkWvf7u01jiz+K7v+3Bm/95X3770+uTxS+/8+E3W3z0HGsezONZa5+0MZYH/2fjbNB97vNONddm/tZtxJuVu94bVKkVEOR+cl6MSpbh58irxyidd7RywobJ79tb2hxdqwCaWRLd7AHRH8Uafff4ttjs09egJV19sfADK4r6Rb40j5UjzMgMb2P5QRBxf+OfLbIum5xC1Fs8NAADW67ts/vNUq/lfGnuWlNuZrw0NRsS9EbErIu6LiN0RcX9EvewDEfHgGtsfasrfOv9Mr/yvwFYpm/89n69tLZ//FbO/GCzluXvq8Q8kJ05Vpw/nf5PhGNia5cdaVV5U8fIvn7drf+n8L9uy9ou5YF7JlXLjAd22Ys/UxNxEpyalVz+O2FduFX+yuBKQRMTeiNi3tqp3FolTT3y9v12h28e/gg6sM9W+KiqZX4im+AvJyuuTo9uiOn14tLgqbvXTzxffaNf+uuLvgOz8b19+/TeVqPyVLF2vnV088MJq27j462dtP1OWV3/9L8qu/y3JW/U13S35vg8m5ubOjUVsSV6r55ftH7/52iJflM/iHz7Uevzvyl+Txf9QRGQX8YGIeDgiDubn7pGIeDQiDq0Q/w8vPfZuu2O9cP6nWt7/Fq//weXnf+2J0unvv23X/uruf0frqeF8T/3+dxvtu1PcRpuuZgAAANjE0vp345N0ZDGdpiMjje/w747taXVmdu7JEzPvn51qfId+MAbS4klXZcnz0LFkIa+xkR/PnxUXx4/kz42/KN1Vz49MzlSnuhw79LsdbcZ/5vdSt3sHbDi/14L+1Tz+0y71A7jzvP9D/zL+oX8Z/9C/Wo3/j5ry1gJgM6pVut0DoHvM/6F/Gf/Qv4x/6Evr+V3/RiXKK/x6X6JXEpH2RDd6JnGwh0ZTuQOju8s3JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgA75LwAA///foPki") r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r0, &(0x7f0000002680)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c, &(0x7f0000000140)=[{0x0}], 0x1}}, {{&(0x7f00000003c0)={0xa, 0x0, 0x0, @dev, 0x8}, 0x1c, &(0x7f0000000180)=[{&(0x7f0000000380)='M', 0x1}], 0x1}}], 0x2, 0x0) shutdown(r0, 0x1) getsockopt$bt_hci(r0, 0x84, 0x81, &(0x7f0000002700)=""/4119, &(0x7f00000000c0)=0x1054) getsockopt$inet6_opts(r0, 0x29, 0x37, &(0x7f0000000c00)=""/4096, &(0x7f0000000280)=0x1000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000240)={'gre0\x00', &(0x7f0000000100)=@ethtool_gfeatures}) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0) r4 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$VIDIOC_G_CROP(r4, 0xc014563b, &(0x7f0000000080)={0x2}) openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000022c0)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0) r6 = io_uring_setup(0x6211, &(0x7f0000002300)={0x0, 0xfffffffc, 0x20}) syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) io_uring_register$IORING_REGISTER_BUFFERS(r6, 0x18, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r5, 0xc0145401, &(0x7f0000000080)={0x1, 0x0, 0x0, 0x3}) 1.99038301s ago: executing program 0 (id=4264): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) syz_mount_image$hfsplus(&(0x7f00000001c0), &(0x7f00000002c0)='./file0\x00', 0x120013, &(0x7f0000000700)=ANY=[@ANYBLOB='nodecomp\a\x00e,decompnsd=\x00'/36, @ANYRESHEX, @ANYBLOB="2c6e6c733d69736f383835392d310000000072726965722c00bcd0f0b5c4e2957974ff5d7ea3c3dcee087e4983684e8a4c4e4e87b134e30ce77162b12885b964b3506ff3eae0f3599447b17861d19be78079e5dd7bdc7f1eb36e31ac14de48349767a76ce3a2c4302374bc5535d7e2eb8dfb2e5d58a37b7e37836597c21f51bcdf6df4cad8273da523c958faad04b15cd3cea9e152d67b9a7eedc5dfe6d85a3ce7c342da8cc969b552197cb8bcc4a1009f38f4a85b7c742101ba5bc03115feca2b994c69981200"/214], 0x6, 0x63c, &(0x7f00000012c0)="$eJzs3c1rHOcdB/DvrFaK5IKjJHbilkBFDGmpqK0XlFa9xC2l6BBKSA89C1uOhddKkJSihFLUd+iph/wB6UG3ngq9G9Jze8tVx0Chl5x0U5nZWWltrRS9xbvbfj7m2ed55pl55pnfzszO7FpMgP9bS9NpPk6Rpem3tsr67s58a3dn/rm6uZWkLDeSZjtLsZYUnyZ30k75ejmxnr84bj0fry6+89kXu5+3a806VfM3TlrudLbrlKkkI3X+lLE/naW/0Xah7Odu7/7OoDjYwjJgNzuBg37bP2L7LItf8LgFBkHR/tw8YjK5kmS8vg5IfXZoPNvRXb4zneUAAABgSD2/l71s5Wq/xwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADDpH7+f1GnRqc8laLz/P+xelrq8lB73O8BAAAAAAAAAMAl+OZe9rKVq536flH95v9aVblWvX4tH2QjK1nPrWxlOZvZzHpmk0x2dTS2tby5uT57iiXnei4592y2FwAAAAAAAAD+R/0mS4e//wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQD+N1HnRLhZ1utYpT6bRTDKeZKycbzv5V6c8JIpeEx8/+3EAAADAhYyfY5nn97KXrVzt1PeL6p7/5ep+eTwfZC2bWc1mWlnJvfoeurzrb+zuzLd2d+Yflelovz/8z5mGUfV48DVErzXfqOaYyP2sVlNu5W41mHtpVEuWbnTG03tcvy7HVLxZO+XI7tV5ubI/H/ctQl9MVhEZPYjITD22MhovnByJL313mieuaTaNg29+rn0FMb9S5+X2/GEwY95IFYm5rr3v5ZMjkXzr73/9+YPW2sMH9zemB2eTzunpfWK+KxKvDHUkmmecf6aKxPWD+lJ+kp9lOlN5O+tZzS+ynM2sZL9uX6735/J18uRI3Xmi9vaXjWSsfl/aZ9HTjGkqP65Ky3mtWvZqVlPkvdzLSt6o/s1lNt/LQhay2PUOXz923NW2VUd942xH/c1v14WJJH+s835rf6SWcX2hK67d59zJqq17ymGUXrz8c2PzG3WhXMdv63wwPB2J2a5IvHRyJP5SHRsbrbWH6w+W3z+m/+2n6q/XebnH/X6gPiXK/eXFjNdnkif3jrLtpYOzzJPxGqt/cWm3NY60Xa/aiqJzpP702CN1rL6GO9rTXNX2Ss+2+artRlfbE9dbeS+tg+shAAbYle9cGZv498Q/Jz6Z+N3Eg4m3xn/03Pefe3Uso/8Y/UFzZuT1xqvF3/JJfnV4/w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJzfxocfPVxutVbWexcaxzddbqGoH+TzLNY1xIWFJAMwjIsWOg8RvHCHdwZic4a6MJKkV1P9Fp3n4aLAULi9+ej92xsffvTd1UfL7668u7I2urCwOLO48Mb87furrZWZ9mu/Rwl8FQ4/9Hu3FwP1gE0AAAAAAAAAAAAgp/t7m/36//+d+y8N+r2NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwHBbmk7zcYrMztyaKeu7O/OtMnXKh3M2kzQaSfHLpPg0uZN2ymRXd8Wbx6zn49XFdz77Yvfzw76a1fxlp3V+Adt1ylSSkTq/rP7uXri/4mALy4Dd7AQO+u2/AQAA//+4Q/8x") sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000440)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_POWER_SAVE(0xffffffffffffffff, &(0x7f0000000b40)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000280)={&(0x7f0000000b80)={0x4c, 0x0, 0x200, 0x70bd2c, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}, @NL80211_ATTR_PS_STATE={0x8}, @NL80211_ATTR_PS_STATE={0x8}, @NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}, @NL80211_ATTR_PS_STATE={0x8}, @NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}]}, 0x4c}}, 0x40) bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x0, 0x13, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) syz_emit_ethernet(0x8a, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r5, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_int(r5, 0x0, 0xb, &(0x7f00000000c0)=0x1, 0x4) recvmmsg(r5, &(0x7f00000032c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=""/131, 0x83}}, {{&(0x7f0000000300)=@un=@abs, 0x80, &(0x7f00000006c0), 0x0, &(0x7f0000000580)=""/220, 0xdc}, 0x6}, {{&(0x7f0000000840)=@nfc, 0x80, &(0x7f0000000680), 0x0, &(0x7f00000022c0)=""/4096, 0x1000}, 0xfff}], 0x3, 0x40002061, 0x0) r6 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCL_PASTESEL(r6, 0x541c, &(0x7f0000000000)) lseek(0xffffffffffffffff, 0x8, 0x0) r7 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0) ioctl$EVIOCSMASK(r7, 0x40104593, &(0x7f0000000040)={0x0, 0xffffffffffffff28, 0x0}) syz_open_dev$tty1(0xc, 0x4, 0x1) 57.495374ms ago: executing program 4 (id=4265): r0 = syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0xe, &(0x7f00000004c0)={[{@resuid}, {@grpquota}, {@stripe}, {@nobh}]}, 0x0, 0x451, &(0x7f0000000f80)="$eJzs3M2PU1UbAPDn3k6HlxdwRsQPPtRRNE78mGEAlYULNZq4wMREF7qczAwEKYxhxkQIUTAGV8aYuDcu/Rdc6cYYVyZudW9IiGEDuKq57b1MW9rCdFqq098vuXDOvedyztNzT3vuPS0BjKyp7I8kYntE/B4RE/Vsc4Gp+l/Xr55fuHH1/EIS1erbfyW1cteunl8oihbnbcsz02lE+lkSe9vUu3L23Mn5SmXpTJ6fXT31wezK2XPPnTg1f3zp+NLpg0eOHD409+ILB5/vS5xZm67t+Xh53+433vvqzaNfNMXfEkefTHU7+GS12ufqhmtHQzoZG2JDWJdSRGTdVa6N/4koxVrnTcTrnw61ccBAVavV6rbOhy9UgU0siea8IQ+jovigz+5/i611EvDy4KYfQ3fllfoNUBb39XyrHxmLNC9Tbrm/7aepiHj3wt/fZFsM5jkEAECTH7L5z7Pt5n9pPNBQ7p58bWgyIu6NiJ0RcV9E7IqI+yNqZR+MiIfWWX/rIsmt85/0ck+B3aFs/vdSvrbVPP8rZn8xWcpzO2rxl5NjJypLB/LXZDrKW7L8XJc6fnztty87HWuc/2VbVn8xF8zbcXlsS/M5i/Or8xuJudGVixF7xtrFn9xcCUgiYndE7OmxjhNPf7ev07Hbx99FH9aZqt9GPFXv/wvREn8h6b4+Ofu/qCwdmC2uilv98uultzrVv6H4+yDr//+3vf5vxj+ZNK7Xrqy/jkt/fN7xnqbX6388eaeWHs/3fTS/unpmLmI8OVpvdOP+g2vnFvmifBb/9P72439nrL0SeyMiu4gfjohHIuLRvO2PRcTjEbG/S/w/v/rE+73HP1hZ/Ivr6v+1xHi07mmfKJ386fumSidvif9G9/4/XEtN53vu5P3vTtrV29UMAAAA/z1pRGyPJJ25mU7TmZn69+V3RaSV5ZXVZ44tf3h6sf4bgckop8WTromG56Fz+W19PX8xIupfLSiOH8qfG39d2lrLzywsVxaHHTyMuG0dxn/mz9KwWwcMnN9rwegy/mF0Gf8wuox/GF1txv/WYbQDuPvaff5/MoR2AHdfy/i37AcjxP0/jK6O438z/88/QI3PfxhJK1vj9j+S75oo/qUeT9+0iSj/K5qx8UQ1adu5kQ67YRKDTAz3fQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBf/gkAAP//qmHgTw==") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x89}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x4e, &(0x7f0000000040)=0x5) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000080)=ANY=[], 0x15) r4 = fsopen(0x0, 0x0) fsconfig$FSCONFIG_SET_PATH_EMPTY(r4, 0x4, &(0x7f00000001c0)='\x14\x97\x8cR\xe5\x84p\x8a\xdaS\x8a9y\xe0', 0x0, r0) r5 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000400)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff) add_key(&(0x7f0000000440)='asymmetric\x00', 0x0, &(0x7f0000000000)="1080", 0x2, r5) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) chdir(&(0x7f0000000240)='./bus\x00') r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) fallocate(r6, 0x3, 0x1, 0x8000c62) socket$inet_tcp(0x2, 0x1, 0x0) r7 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000001600)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000500)=@gettaction={0x14, 0x32, 0x1}, 0x14}}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x2, [@volatile={0x0, 0x0, 0x0, 0x9, 0x3}, @union={0x0, 0x0, 0x0, 0xd}, @restrict={0x0, 0x0, 0x0, 0xb, 0x2}]}}, 0x0, 0x3e, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x28) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) 56.111824ms ago: executing program 3 (id=4275): bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) socket(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="4800000010001fff0000056800080000faff0000", @ANYRES32=0x0, @ANYBLOB="c30c424700000000280012800a00010076786c616e00000018000280140010", @ANYRES8=0x0, @ANYBLOB="fe88"], 0x48}}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/ptype\x00') r3 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, 0x0) syz_open_procfs(0x0, &(0x7f00000011c0)='cmdline\x00') r4 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r5 = dup2(r4, r4) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000b40)=@nat={'nat\x00', 0x62, 0x5, 0x528, 0x0, 0x2a0, 0xffffffff, 0x2a0, 0x2a0, 0x490, 0x490, 0xffffffff, 0x490, 0x490, 0x5, 0x0, {[{{@ip={@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'veth0_to_bond\x00', 'wg1\x00'}, 0x0, 0xa8, 0xe0, 0x0, {0x22e}, [@common=@unspec=@statistic={{0x38}}]}, @MASQUERADE={0x38, 'MASQUERADE\x00', 0x0, {0x4f00, {0x0, @multicast1, @remote, @icmp_id, @icmp_id}}}}, {{@uncond, 0x0, 0x70, 0xa8}, @SNAT0={0x38, 'SNAT\x00', 0x0, {0x3dc, {0x0, @private, @remote, @icmp_id, @gre_key}}}}, {{@ip={@broadcast, @multicast1, 0x0, 0x0, 'veth1_to_team\x00', 'ipvlan0\x00'}, 0x0, 0xe0, 0x118, 0x0, {}, [@common=@socket0={{0x20}}, @common=@osf={{0x50}, {'syz0\x00'}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x0, @private, @multicast2, @gre_key, @icmp_id}}}}, {{@ip={@remote, @dev, 0x0, 0x0, 'veth1_to_batadv\x00', 'netdevsim0\x00'}, 0x0, 0x1b8, 0x1f0, 0x0, {}, [@common=@unspec=@comment={{0x120}}, @common=@icmp={{0x28}, {0x0, "6e82"}}]}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x0, @remote, @broadcast, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x588) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r7, 0x6, 0x2, &(0x7f00000001c0)=0x7ff, 0x4) syz_emit_ethernet(0x3e, &(0x7f0000000340)=ANY=[@ANYBLOB="ffffffffffffbbbbbbbbbbbb86dd6000000000083a00fe04005de1b621000000000000000001ff0200000000000000000000000000018000907800000000b1ab91b0d6f9133b2d6af90da19fa9421a595a9ce4f9f2b91592f68f01c803376ee907e09c82251fc368083228f9a9eebc378a2d2e93bdd90325570b25d480492339aa327199fd4ba75b631332c85f9b8a825db53f9087dbb26c6a2dc6c83c510d5f1143f7824ca222a938b2f86cd1b7070c60adae74f33f111ef70597d5945d290fb1c89239253d0d69a5e604e83206f09fc3"], 0x0) bind$inet6(r7, &(0x7f0000000000)={0xa, 0x8000002, 0x2000, @private2={0xfc, 0x2, '\x00', 0x1}, 0x400}, 0x1c) sendto$inet6(r7, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) sendto$inet6(r7, &(0x7f0000000080)="44f9b108b1cdc885c9c533d21f474bec8bfef1df1e2da71e578dc6b91d09f7ab15378571d8e27546090000006e75436914ab717528ee4b7a9beaf908d11137c11903064e83b4951f4d433a5404970c85d92d7083fd38844cbb0c6c5eb508ddc2dc7a590aa7941b1e9eeb5a688138dea09b776cbfa784cbf550bf3074fb0d775da4df5a3f48bbdf452eeb6b923da9d0e25b80f76a873664b5753444fe05f33e5f91045540836c3cd6af10f0cd018f0c6f57f926ac959a5628c45088fbe0c87fbe6cbcda4662d2a12f6d00"/215, 0xd0d0c2ac, 0x1, 0x0, 0x0) splice(r7, 0x0, r6, 0x0, 0x406f413, 0x0) 0s ago: executing program 0 (id=4266): sendmsg$RDMA_NLDEV_CMD_SET(0xffffffffffffffff, 0x0, 0x0) r0 = socket$rds(0x15, 0x5, 0x0) r1 = openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000003c80)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_disconn_rsp={{0x7, 0x25, 0x4}}}}, 0x11) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x105982, 0x0) pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) sendfile(r3, r2, 0x0, 0x9205) r4 = syz_open_dev$video4linux(&(0x7f00000000c0), 0x200, 0x0) ioctl$VIDIOC_SUBDEV_G_FMT(r4, 0xc0585604, &(0x7f0000000100)={0x1}) r5 = syz_open_dev$evdev(&(0x7f0000000a00), 0x2, 0x802) fcntl$setstatus(r5, 0x4, 0x2800) r6 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') write$FUSE_BMAP(r6, 0x0, 0x0) sendmsg$NL80211_CMD_GET_SURVEY(r6, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x20, 0x0, 0x8, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x7f, 0x35}}}}, ["", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x800}, 0x200000c0) unshare(0x2a060400) ioctl$NS_GET_OWNER_UID(r1, 0xb704, &(0x7f0000000080)=0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000380)={0x0, 0x0, 0x0}, &(0x7f00000003c0)=0xc) r9 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000001640), 0x2, 0x0) ioctl$VIDIOC_ENUM_FMT(r9, 0xc0585609, &(0x7f0000001680)={0x0, 0x9, 0x0, "d8ef5d46bab9d328096ff00a9956801adfee37d04bd2a343af577962d8428ccd"}) fchownat(r1, &(0x7f0000000040)='./file0\x00', r7, r8, 0x400) fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) ioctl$KVM_GET_REG_LIST(r1, 0xc008aeb0, &(0x7f0000000400)={0x1, [0x994]}) poll(&(0x7f0000000000), 0x51, 0x0) r10 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), r6) sendmsg$NL80211_CMD_SET_REG(r1, &(0x7f0000000580)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x28, r10, 0x800, 0x70bd26, 0x25dfdbfc, {}, [@NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x23}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x4004055}, 0x24004080) write$binfmt_elf64(r5, &(0x7f0000000000)=ANY=[@ANYBLOB="7f454c460006000000e0ff0000ffffff02000000d4"], 0x78) syz_usb_connect$cdc_ncm(0x1, 0x77, &(0x7f0000000280)=ANY=[@ANYBLOB="12015002020000ff2505a1a4400001020301090265000201a250050904000001020d0000072406000153d905240001000d240f0101040000b902f5700106241a01f0000724140800010109058103000200267f0904010000020d00000904010102020d00000905820220000601010905030200040000075005ff8c56623736df0000000000008a52ee86e35cdabe62c51b38ce264b0a11c22b7b5270a8e1923c48768d8c5bd09730f51e5542ee581eb83a5273226517f032d9eb76e7740569c25528d5bc1edbb6a33ea9044e743721bd91e8fb"], &(0x7f0000000140)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x201, 0x9d, 0x40, 0x3, 0x8, 0x52}, 0x40, &(0x7f0000000440)={0x5, 0xf, 0x40, 0x3, [@ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0x3, "cf353e06608cb68a8cff7a8a7bac1b81"}, @ssp_cap={0x24, 0x10, 0xa, 0x3f, 0x6, 0xfff, 0x0, 0x4, [0x3f, 0xffcf, 0xc000, 0xff00cf, 0xc00f, 0xcf]}]}}) kernel console output (not intermixed with test programs): veth1_to_team: link becomes ready [ 1647.049600][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1647.065946][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1647.075729][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1647.095863][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1647.113269][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1647.134008][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1647.158019][ T4512] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 1647.276304][T21385] 9pnet: Insufficient options for proto=fd [ 1647.517754][ T4512] usb 5-1: Using ep0 maxpacket: 32 [ 1647.679203][ T4512] usb 5-1: New USB device found, idVendor=0458, idProduct=7006, bcdDevice=69.91 [ 1647.723384][ T4512] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1648.012272][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1648.023619][ T4512] usb 5-1: config 0 descriptor?? [ 1648.031021][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1648.062093][T21200] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1648.118909][ T4512] gspca_main: sunplus-2.14.0 probing 0458:7006 [ 1648.222884][T21391] x_tables: unsorted entry at hook 3 [ 1648.243822][ T3788] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1648.245151][T21391] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3815'. [ 1648.266701][ T3788] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1648.313094][T21391] netlink: 'syz.1.3815': attribute type 2 has an invalid length. [ 1648.341995][T21391] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3815'. [ 1648.349958][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1648.370671][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1648.423335][T21200] device veth0_vlan entered promiscuous mode [ 1648.765460][T21401] futex_wake_op: syz.4.3812 tries to shift op by 32; fix this program [ 1648.883382][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1648.903276][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1649.057942][T21405] overlayfs: failed to resolve './file1': -2 [ 1649.078075][T21200] device veth1_vlan entered promiscuous mode [ 1649.306255][ T3788] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1649.321512][ T3788] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1649.368708][T21200] device veth0_macvtap entered promiscuous mode [ 1649.614300][T21200] device veth1_macvtap entered promiscuous mode [ 1649.656853][T21200] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1649.668186][T21200] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1649.862615][T21200] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1649.925791][T21200] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1649.980389][T21200] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1650.038815][T21200] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1650.082882][T21200] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1650.111721][ T4512] gspca_sunplus: reg_w_riv err -110 [ 1650.117212][ T4512] sunplus: probe of 5-1:0.0 failed with error -110 [ 1650.134167][T21200] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1650.154829][ T4512] usb 5-1: USB disconnect, device number 31 [ 1650.167889][T21200] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1650.182444][T21200] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1650.195081][T21200] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1650.207310][T21200] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1650.221942][T21200] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1650.240500][T21200] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1650.252735][T21200] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1650.263227][T21200] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1650.273894][T21200] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1650.286154][T21200] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1650.297059][T21200] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1650.318476][T21200] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1650.361861][T21200] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1650.412625][T21200] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1650.440220][T21200] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1650.452844][T21200] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1650.472763][T21200] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1650.490715][T21200] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1650.501641][T21200] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1650.518512][T21200] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1650.577957][T21200] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1650.590760][T21200] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1651.296675][T20258] Bluetooth: hci3: command 0x0409 tx timeout [ 1651.438508][T21427] loop1: detected capacity change from 0 to 2048 [ 1651.487098][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1651.496121][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1651.505408][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1651.515111][T21427] UDF-fs: bad mount option "u" or missing value [ 1651.536663][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1651.572355][T21200] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1651.590414][T21200] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1651.601520][T21200] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1651.610508][T21200] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1651.769911][T21402] chnl_net:caif_netlink_parms(): no params data found [ 1651.893640][T14791] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1651.980614][T21444] Cannot find add_set index 0 as target [ 1652.106023][T14791] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1652.270634][T14791] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1652.287878][ T3656] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1652.308758][ T3656] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1652.317692][T21428] loop4: detected capacity change from 0 to 32768 [ 1652.367257][T21428] XFS (loop4): sunit and swidth options incompatible with the noalign option [ 1652.528910][ T3788] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1652.950825][T21402] bridge0: port 1(bridge_slave_0) entered blocking state [ 1653.117975][T21402] bridge0: port 1(bridge_slave_0) entered disabled state [ 1653.197385][T21402] device bridge_slave_0 entered promiscuous mode [ 1653.219199][T21402] bridge0: port 2(bridge_slave_1) entered blocking state [ 1653.306578][T21402] bridge0: port 2(bridge_slave_1) entered disabled state [ 1653.317211][T21459] loop1: detected capacity change from 0 to 512 [ 1653.338027][T21402] device bridge_slave_1 entered promiscuous mode [ 1653.364362][T21459] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 1653.377144][ T5814] Bluetooth: hci3: command 0x041b tx timeout [ 1653.412210][T14141] device hsr_slave_0 left promiscuous mode [ 1653.457527][T14141] device hsr_slave_1 left promiscuous mode [ 1653.490933][T21459] EXT4-fs (loop1): 1 truncate cleaned up [ 1653.496949][T21459] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1653.522139][T21459] overlayfs: './file1' not a directory [ 1653.530393][T14141] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1653.557097][T14141] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1653.619662][T21465] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1653.637833][ C1] vkms_vblank_simulate: vblank timer overrun [ 1653.684484][T14141] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1653.708817][T14141] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1653.737102][ C1] vkms_vblank_simulate: vblank timer overrun [ 1653.745550][T14141] device bridge_slave_1 left promiscuous mode [ 1653.787327][T14141] bridge0: port 2(bridge_slave_1) entered disabled state [ 1653.795545][T14141] device bridge_slave_0 left promiscuous mode [ 1653.802255][T14141] bridge0: port 1(bridge_slave_0) entered disabled state [ 1653.818185][T14141] device hsr_slave_0 left promiscuous mode [ 1653.824552][T14141] device hsr_slave_1 left promiscuous mode [ 1653.830954][T14141] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1653.838582][T14141] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1653.846400][T14141] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1653.854224][T14141] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1653.862351][T14141] device bridge_slave_1 left promiscuous mode [ 1653.868642][T14141] bridge0: port 2(bridge_slave_1) entered disabled state [ 1653.877600][T14141] device bridge_slave_0 left promiscuous mode [ 1653.883766][T14141] bridge0: port 1(bridge_slave_0) entered disabled state [ 1653.897110][T14141] device veth1_macvtap left promiscuous mode [ 1653.903390][T14141] device veth0_macvtap left promiscuous mode [ 1653.909518][T14141] device veth1_vlan left promiscuous mode [ 1653.915296][T14141] device veth0_vlan left promiscuous mode [ 1653.924915][T14141] device veth1_macvtap left promiscuous mode [ 1653.931242][T14141] device veth0_macvtap left promiscuous mode [ 1653.937975][T14141] device veth1_vlan left promiscuous mode [ 1653.943882][T14141] device veth0_vlan left promiscuous mode [ 1654.199830][T14141] team0 (unregistering): Port device team_slave_1 removed [ 1654.216329][T14141] team0 (unregistering): Port device team_slave_0 removed [ 1654.233649][T14141] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1654.246330][T14141] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1654.317525][T14141] bond0 (unregistering): Released all slaves [ 1654.453555][T14141] team0 (unregistering): Port device team_slave_1 removed [ 1654.467638][T14141] team0 (unregistering): Port device team_slave_0 removed [ 1654.479820][T14141] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1654.494740][T14141] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1654.566812][T14141] bond0 (unregistering): Released all slaves [ 1654.616393][T21402] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1654.627633][T21461] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3830'. [ 1654.657015][T21402] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1654.776786][T21402] team0: Port device team_slave_0 added [ 1654.789623][T21402] team0: Port device team_slave_1 added [ 1654.905089][ T25] audit: type=1326 audit(2000000752.700:987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21468 comm="syz.1.3843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f241c26dff9 code=0x7ffc0000 [ 1654.979300][T21402] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1654.989254][T21402] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1655.149337][T21476] loop1: detected capacity change from 0 to 128 [ 1655.400906][ T25] audit: type=1326 audit(2000000752.730:988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21468 comm="syz.1.3843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f241c26dff9 code=0x7ffc0000 [ 1655.460096][ T7] Bluetooth: hci3: command 0x040f tx timeout [ 1655.624438][T21402] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1655.829845][ T25] audit: type=1326 audit(2000000752.730:989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21468 comm="syz.1.3843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f241c26dff9 code=0x7ffc0000 [ 1655.893732][T21402] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1655.954254][T21402] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1656.051191][ T25] audit: type=1326 audit(2000000752.730:990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21468 comm="syz.1.3843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f241c26dff9 code=0x7ffc0000 [ 1656.073526][ C1] vkms_vblank_simulate: vblank timer overrun [ 1656.110713][T21402] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1656.140622][ T25] audit: type=1326 audit(2000000752.730:991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21468 comm="syz.1.3843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f241c26dff9 code=0x7ffc0000 [ 1656.312339][ T4893] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 1656.416359][ T25] audit: type=1326 audit(2000000752.730:992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21468 comm="syz.1.3843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f241c26dff9 code=0x7ffc0000 [ 1656.551156][ T4893] usb 5-1: device descriptor read/64, error -71 [ 1656.949973][ T4893] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 1657.554074][ T5814] Bluetooth: hci3: command 0x0419 tx timeout [ 1657.578892][T21402] device hsr_slave_0 entered promiscuous mode [ 1657.592641][T21402] device hsr_slave_1 entered promiscuous mode [ 1657.612953][T21496] tipc: Started in network mode [ 1657.617834][T21496] tipc: Node identity 00000000000000000000ffffe0000001, cluster identity 4711 [ 1657.627386][ T25] audit: type=1326 audit(2000000752.730:993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21468 comm="syz.1.3843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f241c26dff9 code=0x7ffc0000 [ 1657.650216][T21496] tipc: Enabling of bearer rejected, failed to enable media [ 1657.722776][ T4893] usb 5-1: device descriptor read/64, error -71 [ 1657.755694][T21500] loop2: detected capacity change from 0 to 256 [ 1657.772802][ T25] audit: type=1326 audit(2000000752.730:994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21468 comm="syz.1.3843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f241c26dff9 code=0x7ffc0000 [ 1657.846774][ T4893] usb usb5-port1: attempt power cycle [ 1657.922103][ T25] audit: type=1326 audit(2000000752.730:995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21468 comm="syz.1.3843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f241c26dff9 code=0x7ffc0000 [ 1658.027366][T21498] netlink: 'syz.2.3840': attribute type 25 has an invalid length. [ 1658.044673][T21498] netlink: 'syz.2.3840': attribute type 7 has an invalid length. [ 1658.133371][ T25] audit: type=1326 audit(2000000752.730:996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21468 comm="syz.1.3843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f241c26dff9 code=0x7ffc0000 [ 1658.436639][T21402] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1658.475048][T21514] loop1: detected capacity change from 0 to 1024 [ 1658.698572][T21514] EXT4-fs (loop1): Ignoring removed orlov option [ 1658.801348][ T3585] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201' [ 1658.812734][ T3585] CPU: 1 PID: 3585 Comm: kworker/u5:5 Not tainted 5.15.169-syzkaller #0 [ 1658.821074][ T3585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1658.831129][ T3585] Workqueue: hci4 hci_rx_work [ 1658.835839][ T3585] Call Trace: [ 1658.839115][ T3585] [ 1658.842045][ T3585] dump_stack_lvl+0x1e3/0x2d0 [ 1658.846726][ T3585] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 1658.852358][ T3585] ? panic+0x860/0x860 [ 1658.856430][ T3585] ? sysfs_create_dir_ns+0x282/0x390 [ 1658.861726][ T3585] sysfs_create_dir_ns+0x2c6/0x390 [ 1658.866839][ T3585] ? sysfs_warn_dup+0xa0/0xa0 [ 1658.871536][ T3585] kobject_add_internal+0x6e0/0xe00 [ 1658.876748][ T3585] kobject_add+0x14e/0x210 [ 1658.881158][ T3585] ? lockdep_hardirqs_on+0x94/0x130 [ 1658.886355][ T3585] ? device_add+0x3c2/0xfd0 [ 1658.890851][ T3585] ? kobject_init+0x1d0/0x1d0 [ 1658.895530][ T3585] ? get_device_parent+0x128/0x400 [ 1658.900645][ T3585] device_add+0x476/0xfd0 [ 1658.904981][ T3585] hci_conn_add_sysfs+0xe4/0x1f0 [ 1658.909916][ T3585] le_conn_complete_evt+0xc15/0x1500 [ 1658.915196][ T3585] ? __schedule+0x12cc/0x45b0 [ 1658.919879][ T3585] ? cs_le_create_conn+0x5f0/0x5f0 [ 1658.925005][ T3585] hci_le_meta_evt+0x28c/0x3f50 [ 1658.929864][ T3585] ? __lock_acquire+0x1ff0/0x1ff0 [ 1658.934893][ T3585] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 1658.940876][ T3585] ? hci_remote_host_features_evt+0x280/0x280 [ 1658.946946][ T3585] ? __mutex_unlock_slowpath+0x218/0x750 [ 1658.952588][ T3585] ? mutex_unlock+0x10/0x10 [ 1658.957085][ T3585] ? asm_sysvec_reschedule_ipi+0x16/0x20 [ 1658.962727][ T3585] hci_event_packet+0xc41/0x1550 [ 1658.967666][ T3585] ? rcu_lock_release+0x20/0x20 [ 1658.972499][ T3585] ? lockdep_hardirqs_on+0x94/0x130 [ 1658.977681][ T3585] ? hci_rx_work+0x11a/0x990 [ 1658.982250][ T3585] hci_rx_work+0x232/0x990 [ 1658.986650][ T3585] process_one_work+0x8a1/0x10c0 [ 1658.991574][ T3585] ? worker_detach_from_pool+0x260/0x260 [ 1658.997182][ T3585] ? _raw_spin_lock_irqsave+0x120/0x120 [ 1659.002707][ T3585] ? kthread_data+0x4e/0xc0 [ 1659.007186][ T3585] ? wq_worker_running+0x97/0x170 [ 1659.012187][ T3585] worker_thread+0xaca/0x1280 [ 1659.016876][ T3585] kthread+0x3f6/0x4f0 [ 1659.020950][ T3585] ? rcu_lock_release+0x20/0x20 [ 1659.025805][ T3585] ? kthread_blkcg+0xd0/0xd0 [ 1659.030406][ T3585] ret_from_fork+0x1f/0x30 [ 1659.034848][ T3585] [ 1659.041413][ T3585] kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 1659.055641][ T3585] Bluetooth: hci4: failed to register connection device [ 1659.110718][T21402] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1659.125642][T21514] EXT4-fs (loop1): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000010000,orlov,barrier=0x0000000000000002,jqfmt=vfsv1,quota,minixdf,data_err=abort,max_batch_time=0x0000000000000002,bsdgroups,min_batch_time=0x0000000000000002,quota,,errors=continue. Quota mode: writeback. [ 1659.201933][T21522] loop4: detected capacity change from 0 to 4096 [ 1659.352368][T21525] loop2: detected capacity change from 0 to 512 [ 1659.377979][T21522] NILFS (loop4): invalid segment: Checksum error in segment payload [ 1659.379103][T21402] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1659.405153][T21522] NILFS (loop4): trying rollback from an earlier position [ 1660.023364][T21525] EXT4-fs (loop2): 1 orphan inode deleted [ 1660.033565][T21525] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,delalloc,usrquota,. Quota mode: writeback. [ 1660.069837][T21522] NILFS (loop4): recovery complete [ 1660.099929][T21530] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1660.112762][ T3620] Bluetooth: hci0: command 0x0406 tx timeout [ 1660.141483][T21525] ext4 filesystem being mounted at /6/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1660.263128][T21402] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1660.730343][T21534] overlayfs: missing 'lowerdir' [ 1661.406403][T21402] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1661.452452][T21402] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1661.464212][T21402] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1661.476646][T21402] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1663.044103][T21402] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1663.102271][T13937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1663.122735][T13937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1663.154112][T21402] 8021q: adding VLAN 0 to HW filter on device team0 [ 1663.317083][T14791] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1663.338229][T14791] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1663.358641][T14791] bridge0: port 1(bridge_slave_0) entered blocking state [ 1663.365746][T14791] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1663.461387][T14791] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1663.511369][T14791] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1663.530094][T14791] bridge0: port 2(bridge_slave_1) entered blocking state [ 1663.537225][T14791] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1663.576146][T14791] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1663.796324][T21560] blk_update_request: I/O error, dev loop2, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1663.808421][T21560] blk_update_request: I/O error, dev loop2, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1663.879005][T14791] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1664.160883][T14791] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1664.192596][T14791] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1664.295908][T14791] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1664.307882][T14791] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1664.325036][T14791] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1664.337974][T14791] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1664.475388][T14791] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1664.497537][T14791] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1664.523135][T14791] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1664.531613][T14791] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1664.551187][T21402] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1665.314108][ T4893] Bluetooth: hci4: command 0x0406 tx timeout [ 1665.824008][T20258] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 1666.255035][T20258] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1666.322267][ T3620] Bluetooth: hci0: command 0x0409 tx timeout [ 1666.336420][T20258] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1666.352715][T14791] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1666.361208][T20258] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1666.374644][T14791] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1666.387374][T21402] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1666.400495][T20258] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 110, changing to 10 [ 1666.412834][T20258] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 25972, setting to 1024 [ 1666.416305][T21557] chnl_net:caif_netlink_parms(): no params data found [ 1666.471612][ T6839] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1666.484346][ T6839] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1666.541704][T14791] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1666.554967][T20258] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1666.565401][T14791] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1666.568279][T20258] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1666.573969][T14791] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1666.593864][T20258] usb 3-1: Product: syz [ 1666.601736][T20258] usb 3-1: Manufacturer: syz [ 1666.605360][T14791] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1666.625010][T21575] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 1666.641425][T21402] device veth0_vlan entered promiscuous mode [ 1666.665850][T20258] cdc_wdm 3-1:1.0: skipping garbage [ 1666.681901][T20258] cdc_wdm 3-1:1.0: skipping garbage [ 1666.709171][T21402] device veth1_vlan entered promiscuous mode [ 1666.739882][T21557] bridge0: port 1(bridge_slave_0) entered blocking state [ 1666.741511][T20258] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 1666.747424][T21557] bridge0: port 1(bridge_slave_0) entered disabled state [ 1666.761451][T21557] device bridge_slave_0 entered promiscuous mode [ 1666.766394][T20258] cdc_wdm 3-1:1.0: Unknown control protocol [ 1666.771117][T21557] bridge0: port 2(bridge_slave_1) entered blocking state [ 1666.781009][T21557] bridge0: port 2(bridge_slave_1) entered disabled state [ 1666.789381][T21557] device bridge_slave_1 entered promiscuous mode [ 1666.841827][T21557] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1666.867510][T21557] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1666.905116][ T3788] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1666.914418][ T3788] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1666.924106][ T3788] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1666.935446][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 1666.942343][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 1666.942486][ T3788] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1666.949992][T20258] usb 3-1: USB disconnect, device number 35 [ 1666.965031][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 1666.971631][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 1666.977692][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 1667.006419][T21402] device veth0_macvtap entered promiscuous mode [ 1667.044537][T21557] team0: Port device team_slave_0 added [ 1667.053927][T21557] team0: Port device team_slave_1 added [ 1667.065749][T21402] device veth1_macvtap entered promiscuous mode [ 1667.091851][T21557] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1667.099061][T21557] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1667.127199][T21557] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1667.140402][T21557] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1667.148108][T21557] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1667.190051][T21557] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1667.249728][T21402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1667.260574][T21402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1667.270793][T21402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1667.281794][T21402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1667.291852][T21402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1667.303720][T21402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1667.313746][T21402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1667.324996][T21402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1667.335174][T21402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1667.346402][T21402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1667.356696][T21402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1667.367352][T21402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1667.378754][T21402] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1667.390115][T21557] device hsr_slave_0 entered promiscuous mode [ 1667.398206][T21557] device hsr_slave_1 entered promiscuous mode [ 1667.404957][T21557] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1667.413931][T21557] Cannot create hsr debugfs directory [ 1667.431074][ T6839] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1667.439525][ T6839] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1667.454818][ T6839] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1667.463818][ T6839] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1667.481944][T21402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1667.499429][T21402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1667.509994][T21402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1667.521798][T21402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1667.531717][T21402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1667.542541][T21402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1667.552558][T21402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1667.563383][T21402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1667.573365][T21402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1667.583896][T21402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1667.593773][T21402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1667.604232][T21402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1667.615443][T21402] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1667.634319][T14141] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1667.648402][ T3788] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1667.662219][ T3788] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1667.679525][T21402] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1667.688435][T21402] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1667.697513][T21402] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1667.706377][T21402] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1667.726869][T14141] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1667.812072][T14141] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1667.874010][ T3788] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1667.887892][ T3788] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1667.912013][T14141] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1667.923831][ T6839] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1667.933330][T14791] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1667.945388][T14791] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1667.967907][ T6839] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1668.044804][T21587] overlayfs: failed to resolve './file1': -2 [ 1668.245947][T21592] overlayfs: failed to resolve './file1': -2 [ 1668.435480][T19459] Bluetooth: hci0: command 0x041b tx timeout [ 1668.479269][T21601] x_tables: duplicate underflow at hook 3 [ 1668.859828][T21596] netlink: 5 bytes leftover after parsing attributes in process `syz.3.3818'. [ 1669.739836][T21628] netlink: 'syz.0.3870': attribute type 16 has an invalid length. [ 1669.756910][T21627] loop3: detected capacity change from 0 to 2048 [ 1669.759263][T21628] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3870'. [ 1669.820100][T21627] UDF-fs: bad mount option "u" or missing value [ 1670.054703][T21638] loop3: detected capacity change from 0 to 512 [ 1670.136387][T21634] loop2: detected capacity change from 0 to 128 [ 1670.241364][T21638] EXT4-fs error (device loop3): ext4_orphan_get:1401: inode #16: comm syz.3.3871: iget: bad extended attribute block 128 [ 1670.270494][T21557] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1670.321546][T21638] EXT4-fs error (device loop3): ext4_orphan_get:1406: comm syz.3.3871: couldn't read orphan inode 16 (err -117) [ 1670.344226][T21557] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1670.379611][T21638] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1670.381718][T21557] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1670.422152][T21638] ext4 filesystem being mounted at /2/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1670.490951][T21638] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.3871: bg 0: block 352: padding at end of block bitmap is not set [ 1670.529211][ T4893] Bluetooth: hci0: command 0x040f tx timeout [ 1670.530017][T21557] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1670.591476][T21638] EXT4-fs error (device loop3): ext4_xattr_block_set:2197: inode #12: comm syz.3.3871: bad block 0 [ 1670.849180][T21557] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1670.914989][ T3788] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1670.939153][ T3788] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1670.971451][T21557] 8021q: adding VLAN 0 to HW filter on device team0 [ 1670.979752][T14141] IPVS: stopping master sync thread 20632 ... [ 1670.991530][ T25] kauditd_printk_skb: 40 callbacks suppressed [ 1670.991544][ T25] audit: type=1800 audit(2000000768.759:1037): pid=21651 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.3871" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 1671.027926][T21651] Quota error (device loop3): write_blk: dquota write failed [ 1671.040723][T21651] Quota error (device loop3): qtree_write_dquot: Error -28 occurred while creating quota [ 1671.059214][T21651] EXT4-fs error (device loop3): ext4_acquire_dquot:6197: comm syz.3.3871: Failed to acquire dquot type 1 [ 1671.077477][T13937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1671.106416][T13937] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1671.135378][T13937] bridge0: port 1(bridge_slave_0) entered blocking state [ 1671.142502][T13937] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1671.190759][T21656] loop4: detected capacity change from 0 to 512 [ 1671.197659][T13937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1671.256162][T13937] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1671.311000][T13937] bridge0: port 2(bridge_slave_1) entered blocking state [ 1671.318099][T13937] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1671.331167][T21656] EXT4-fs error (device loop4): ext4_orphan_get:1401: inode #15: comm syz.4.3873: casefold flag without casefold feature [ 1671.369896][T21656] EXT4-fs error (device loop4): ext4_orphan_get:1406: comm syz.4.3873: couldn't read orphan inode 15 (err -117) [ 1671.397199][T13937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1671.454873][T21656] EXT4-fs (loop4): mounted filesystem without journal. Opts: nobarrier,,errors=continue. Quota mode: writeback. [ 1671.470795][T13937] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1671.479068][T13937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1671.498776][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1671.516398][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1671.530032][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1671.605764][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1671.615080][T21656] overlayfs: failed to resolve './file1': -2 [ 1671.618319][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1671.636881][T14791] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1671.660158][T14791] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1671.709088][T21557] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1671.720687][T21557] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1671.730334][T14791] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1671.753033][T14791] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1671.765830][T21668] loop2: detected capacity change from 0 to 512 [ 1671.772269][ T3619] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 1671.920327][T21668] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 1672.058298][T21668] EXT4-fs (loop2): 1 truncate cleaned up [ 1672.071726][T21668] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1672.617028][ T3620] Bluetooth: hci0: command 0x0419 tx timeout [ 1672.786819][ T3619] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1672.795527][ T3619] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1672.806394][ T3619] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1672.831439][T21678] overlayfs: unrecognized mount option "./file0" or missing value [ 1672.852376][ T3619] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 110, changing to 10 [ 1672.892434][ T3619] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 25972, setting to 1024 [ 1672.927309][T14141] device hsr_slave_0 left promiscuous mode [ 1672.969245][T14141] device hsr_slave_1 left promiscuous mode [ 1673.004637][T21681] loop4: detected capacity change from 0 to 512 [ 1673.004848][T14141] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1673.019726][T14141] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1673.049913][ T3619] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1673.079451][ T3619] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1673.107376][T21681] EXT4-fs error (device loop4): ext4_orphan_get:1401: inode #15: comm syz.4.3875: casefold flag without casefold feature [ 1673.108481][ T3619] usb 4-1: Product: syz [ 1673.141177][T21681] EXT4-fs error (device loop4): ext4_orphan_get:1406: comm syz.4.3875: couldn't read orphan inode 15 (err -117) [ 1673.146929][ T3619] usb 4-1: Manufacturer: syz [ 1673.158245][T21681] EXT4-fs (loop4): mounted filesystem without journal. Opts: nobarrier,,errors=continue. Quota mode: writeback. [ 1673.253373][T21664] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 1673.268983][T21681] overlayfs: failed to resolve './file1': -2 [ 1673.276051][ T3619] cdc_wdm 4-1:1.0: skipping garbage [ 1673.281262][ T3619] cdc_wdm 4-1:1.0: skipping garbage [ 1673.316000][T21684] loop2: detected capacity change from 0 to 4096 [ 1673.339537][T14141] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1673.353807][ T3619] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 1673.359932][T14141] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1673.380083][ T3619] cdc_wdm 4-1:1.0: Unknown control protocol [ 1673.398914][T14141] device bridge_slave_1 left promiscuous mode [ 1673.409277][T14141] bridge0: port 2(bridge_slave_1) entered disabled state [ 1673.438440][T21684] NILFS (loop2): invalid segment: Checksum error in segment payload [ 1673.496541][T14141] device bridge_slave_0 left promiscuous mode [ 1673.511884][T14141] bridge0: port 1(bridge_slave_0) entered disabled state [ 1673.517155][T21684] NILFS (loop2): trying rollback from an earlier position [ 1673.639558][ T3620] usb 4-1: USB disconnect, device number 32 [ 1673.653362][ C1] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 1673.660046][ C1] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 1673.666123][ C1] cdc_wdm 4-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 1673.695179][T21684] NILFS (loop2): recovery complete [ 1673.733708][T21689] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1674.420508][T14141] device hsr_slave_0 left promiscuous mode [ 1674.453634][T14141] device hsr_slave_1 left promiscuous mode [ 1674.508263][T14141] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1674.523959][T14141] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1674.534186][T14141] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1674.549149][T14141] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1674.562283][T14141] device bridge_slave_1 left promiscuous mode [ 1674.577666][T14141] bridge0: port 2(bridge_slave_1) entered disabled state [ 1674.625789][T14141] device bridge_slave_0 left promiscuous mode [ 1674.632134][T14141] bridge0: port 1(bridge_slave_0) entered disabled state [ 1674.647645][T14141] device veth1_macvtap left promiscuous mode [ 1674.653685][T14141] device veth0_macvtap left promiscuous mode [ 1674.659817][T14141] device veth1_vlan left promiscuous mode [ 1674.743886][T21692] overlayfs: missing 'lowerdir' [ 1674.780912][T21692] overlayfs: missing 'lowerdir' [ 1675.005928][T14141] device veth0_vlan left promiscuous mode [ 1675.020670][T14141] device veth1_macvtap left promiscuous mode [ 1675.032476][T14141] device veth0_macvtap left promiscuous mode [ 1675.043427][T14141] device veth1_vlan left promiscuous mode [ 1675.057358][T14141] device veth0_vlan left promiscuous mode [ 1675.245543][T20565] Bluetooth: hci1: command 0x0406 tx timeout [ 1675.536482][T21698] binder: 21695:21698 ioctl c0306201 20000680 returned -14 [ 1676.207729][T14141] team0 (unregistering): Port device team_slave_1 removed [ 1676.407118][T14141] team0 (unregistering): Port device team_slave_0 removed [ 1676.419001][T14141] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1677.841853][T14141] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1677.999701][T14141] bond0 (unregistering): Released all slaves [ 1678.251280][T14141] team0 (unregistering): Port device team_slave_1 removed [ 1678.267619][T14141] team0 (unregistering): Port device team_slave_0 removed [ 1678.280577][T14141] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1678.294361][T14141] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1678.363728][T14141] bond0 (unregistering): Released all slaves [ 1678.418577][T14791] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1678.426725][T14791] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1678.510773][T21557] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1678.658881][T21710] loop4: detected capacity change from 0 to 512 [ 1678.691479][T21557] device veth0_vlan entered promiscuous mode [ 1678.749568][ T3656] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1679.060730][T21718] loop2: detected capacity change from 0 to 256 [ 1679.801213][ T3656] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1679.848915][ T3656] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1679.861245][T21710] EXT4-fs error (device loop4): ext4_orphan_get:1401: inode #16: comm syz.4.3883: iget: bad extended attribute block 128 [ 1679.881372][ T3656] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1679.891542][T21710] EXT4-fs error (device loop4): ext4_orphan_get:1406: comm syz.4.3883: couldn't read orphan inode 16 (err -117) [ 1679.917556][ T3656] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1679.935756][ T3656] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1679.950272][T21710] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1679.978797][T21716] netlink: 96 bytes leftover after parsing attributes in process `syz.0.3893'. [ 1679.994160][T21557] device veth1_vlan entered promiscuous mode [ 1680.033148][T21710] ext4 filesystem being mounted at /57/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1680.087320][T14791] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1680.169500][T14791] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1680.200679][T21557] device veth0_macvtap entered promiscuous mode [ 1680.213671][T21710] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.3883: bg 0: block 352: padding at end of block bitmap is not set [ 1680.238363][T21557] device veth1_macvtap entered promiscuous mode [ 1680.250497][T21710] EXT4-fs error (device loop4): ext4_xattr_block_set:2197: inode #12: comm syz.4.3883: bad block 0 [ 1680.347040][T21557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1680.358514][T21557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1680.372384][T21557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1680.388385][T21731] loop2: detected capacity change from 0 to 512 [ 1680.394779][T21557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1680.405130][T21557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1680.415863][T21557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1680.427893][T21557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1680.443171][T21557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1680.455716][T21557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1680.469016][T21557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1680.538422][T21557] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1680.561763][ T3788] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1680.945596][ T3788] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1681.057041][T21731] EXT4-fs error (device loop2): ext4_orphan_get:1401: inode #15: comm syz.2.3888: casefold flag without casefold feature [ 1681.295403][ T3788] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1681.316020][T21731] EXT4-fs error (device loop2): ext4_orphan_get:1406: comm syz.2.3888: couldn't read orphan inode 15 (err -117) [ 1681.346032][ T3788] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1681.356570][T21557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1681.374258][T21557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1681.402411][T21557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1681.414435][T21731] EXT4-fs (loop2): mounted filesystem without journal. Opts: nobarrier,,errors=continue. Quota mode: writeback. [ 1681.432387][T21557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1681.460163][T21557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1681.508779][T21731] overlayfs: failed to resolve './file1': -2 [ 1681.514897][T21557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1681.514944][T21557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1681.583738][T21557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1681.622903][T21557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1681.647805][T21557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1681.685292][T21557] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1681.747791][ T6839] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1681.771136][ T6839] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1681.841852][T21557] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1681.873605][T21557] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1681.875634][T21749] loop2: detected capacity change from 0 to 512 [ 1681.882323][T21557] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1681.882355][T21557] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1682.115563][ T25] audit: type=1800 audit(2000000779.876:1038): pid=21710 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.3883" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 1682.137993][T21710] Quota error (device loop4): write_blk: dquota write failed [ 1682.200322][T21752] binder: 21747:21752 ioctl c0306201 20000680 returned -14 [ 1682.759335][T21749] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 1682.791566][T21710] Quota error (device loop4): qtree_write_dquot: Error -28 occurred while creating quota [ 1682.821352][ T4424] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1682.842229][T21710] EXT4-fs error (device loop4): ext4_acquire_dquot:6197: comm syz.4.3883: Failed to acquire dquot type 1 [ 1682.855483][ T4424] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1682.884779][T21749] EXT4-fs (loop2): warning: checktime reached, running e2fsck is recommended [ 1682.974638][ T6839] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1682.983850][T21749] EXT4-fs error (device loop2): ext4_validate_block_bitmap:429: comm syz.2.3891: bg 0: block 18: invalid block bitmap [ 1683.020566][ T6839] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1683.075935][T21758] netlink: 'syz.0.3894': attribute type 1 has an invalid length. [ 1683.090016][ T6839] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1683.158422][T21749] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6183: Corrupt filesystem [ 1683.420124][T21749] EXT4-fs (loop2): 1 truncate cleaned up [ 1683.510674][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1683.555083][T21749] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1683.606561][T21749] ext2 filesystem being mounted at /20/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1683.814219][T21749] EXT4-fs error (device loop2): ext4_map_blocks:628: inode #2: block 3: comm syz.2.3891: lblock 0 mapped to illegal pblock 3 (length 1) [ 1683.853682][T21761] loop1: detected capacity change from 0 to 256 [ 1685.122437][T21770] xt_SECMARK: invalid mode: 0 [ 1685.910567][T21761] netlink: 'syz.1.3855': attribute type 25 has an invalid length. [ 1686.038264][T21761] netlink: 'syz.1.3855': attribute type 7 has an invalid length. [ 1686.397749][T21776] loop4: detected capacity change from 0 to 4096 [ 1686.460397][T21776] ntfs: (device loop4): ntfs_is_extended_system_file(): Inode hard link count doesn't match number of name attributes. You should run chkdsk. [ 1686.474898][T21776] ntfs: (device loop4): ntfs_read_locked_inode(): $DATA attribute is missing. [ 1686.483842][T21776] ntfs: (device loop4): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0xa as bad. Run chkdsk. [ 1686.497044][T21776] ntfs: (device loop4): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 1686.535053][T21776] ntfs: volume version 3.1. [ 1686.544746][T21776] ntfs: (device loop4): ntfs_read_locked_inode(): Index collation rule is not COLLATION_FILE_NAME. [ 1686.555678][T21776] ntfs: (device loop4): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xb as bad. Run chkdsk. [ 1686.568712][T21776] ntfs: (device loop4): load_system_files(): Failed to load $Extend. [ 1686.686992][T21781] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 1687.133467][T21775] loop4: detected capacity change from 0 to 512 [ 1687.246452][T21775] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 1687.256912][T21775] EXT4-fs (loop4): can't mount with journal_async_commit, fs mounted w/o journal [ 1687.597010][T21791] loop1: detected capacity change from 0 to 512 [ 1687.822060][T21797] netlink: 104 bytes leftover after parsing attributes in process `syz.2.3904'. [ 1687.942292][T21791] EXT4-fs error (device loop1): ext4_orphan_get:1401: inode #15: comm syz.1.3902: casefold flag without casefold feature [ 1688.347156][T21791] EXT4-fs error (device loop1): ext4_orphan_get:1406: comm syz.1.3902: couldn't read orphan inode 15 (err -117) [ 1688.385416][T21791] EXT4-fs (loop1): mounted filesystem without journal. Opts: nobarrier,,errors=continue. Quota mode: writeback. [ 1688.852360][T21807] netlink: 'syz.2.3906': attribute type 1 has an invalid length. [ 1689.285398][T21811] loop3: detected capacity change from 0 to 512 [ 1689.496093][T21811] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 1689.510550][T21811] EXT4-fs (loop3): warning: checktime reached, running e2fsck is recommended [ 1689.527551][T21811] EXT4-fs error (device loop3): ext4_validate_block_bitmap:429: comm syz.3.3908: bg 0: block 18: invalid block bitmap [ 1689.540475][T21811] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6183: Corrupt filesystem [ 1689.549756][T21811] EXT4-fs (loop3): 1 truncate cleaned up [ 1689.966851][T21821] binder: 21815:21821 ioctl c0306201 20000680 returned -14 [ 1691.599627][T21811] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1691.663374][T21830] loop2: detected capacity change from 0 to 512 [ 1691.671463][T21811] ext2 filesystem being mounted at /7/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1691.733507][T21811] EXT4-fs error (device loop3): ext4_map_blocks:628: inode #2: block 3: comm syz.3.3908: lblock 0 mapped to illegal pblock 3 (length 1) [ 1691.813318][T21830] EXT4-fs error (device loop2): ext4_orphan_get:1401: inode #15: comm syz.2.3913: casefold flag without casefold feature [ 1691.901109][T21830] EXT4-fs error (device loop2): ext4_orphan_get:1406: comm syz.2.3913: couldn't read orphan inode 15 (err -117) [ 1691.950556][T21840] loop1: detected capacity change from 0 to 128 [ 1691.988195][T21830] EXT4-fs (loop2): mounted filesystem without journal. Opts: nobarrier,,errors=continue. Quota mode: writeback. [ 1691.991317][T21838] loop4: detected capacity change from 0 to 256 [ 1692.093632][T21830] overlayfs: failed to resolve './file1': -2 [ 1692.185726][T21838] exfat: Deprecated parameter 'utf8' [ 1692.191058][T21838] exfat: Deprecated parameter 'namecase' [ 1692.205451][T21840] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1692.223270][T21840] ext4 filesystem being mounted at /6/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1692.249445][T21844] loop3: detected capacity change from 0 to 512 [ 1692.344325][T21838] exfat: Deprecated parameter 'namecase' [ 1692.394721][T21847] overlayfs: failed to resolve './file0': -2 [ 1692.420318][T21838] exfat: Deprecated parameter 'utf8' [ 1692.420604][T21844] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: comm syz.3.3916: inode #1: comm syz.3.3916: iget: illegal inode # [ 1692.474448][T21838] exFAT-fs (loop4): failed to load upcase table (idx : 0x00012153, chksum : 0x822ffc2e, utbl_chksum : 0xe619d30d) [ 1692.634804][T21844] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.3916: error while reading EA inode 1 err=-117 [ 1693.405667][T21844] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: comm syz.3.3916: inode #1: comm syz.3.3916: iget: illegal inode # [ 1693.647346][T21844] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.3916: error while reading EA inode 1 err=-117 [ 1694.527812][T21859] netlink: 312 bytes leftover after parsing attributes in process `syz.0.3920'. [ 1694.542308][T21863] loop2: detected capacity change from 0 to 4096 [ 1694.555890][T21844] EXT4-fs (loop3): 1 orphan inode deleted [ 1694.579652][T21844] EXT4-fs (loop3): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000004c,minixdf,abort,delalloc,usrjquota=,,errors=continue. Quota mode: none. [ 1694.672360][T21863] __ntfs_error: 1 callbacks suppressed [ 1694.672375][T21863] ntfs: (device loop2): ntfs_is_extended_system_file(): Inode hard link count doesn't match number of name attributes. You should run chkdsk. [ 1694.692996][T21863] ntfs: (device loop2): ntfs_read_locked_inode(): $DATA attribute is missing. [ 1694.701889][T21863] ntfs: (device loop2): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0xa as bad. Run chkdsk. [ 1694.715086][T21863] ntfs: (device loop2): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 1694.728258][T21863] ntfs: volume version 3.1. [ 1694.737557][T21863] ntfs: (device loop2): ntfs_read_locked_inode(): Index collation rule is not COLLATION_FILE_NAME. [ 1694.748373][T21863] ntfs: (device loop2): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xb as bad. Run chkdsk. [ 1694.761409][T21863] ntfs: (device loop2): load_system_files(): Failed to load $Extend. [ 1694.800020][T21863] ntfs: (device loop2): ntfs_fill_super(): Failed to load system files. [ 1695.050867][T21861] loop2: detected capacity change from 0 to 512 [ 1695.175892][T21861] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 1695.185717][T21861] EXT4-fs (loop2): can't mount with journal_async_commit, fs mounted w/o journal [ 1696.657463][T21917] loop1: detected capacity change from 0 to 1024 [ 1696.793750][T21922] loop4: detected capacity change from 0 to 128 [ 1696.878043][T21917] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option [ 1696.939651][T21922] FAT-fs (loop4): Unrecognized mount option "ÿÿÿÿ01777777777777777777777" or missing value [ 1696.994057][T21917] EXT4-fs (loop1): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,bsdgroups,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 1697.347402][T21929] device wireguard0 entered promiscuous mode [ 1698.223569][T21950] loop3: detected capacity change from 0 to 256 [ 1698.269422][T21939] device syz_tun entered promiscuous mode [ 1698.416374][T21939] device macsec1 entered promiscuous mode [ 1699.179902][T21951] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 1699.209555][T21951] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 1700.309199][T21965] loop1: detected capacity change from 0 to 764 [ 1700.338953][T21956] loop2: detected capacity change from 0 to 4096 [ 1700.400011][T21967] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3937'. [ 1700.426399][T21967] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3937'. [ 1700.680101][T21967] device hsr_slave_1 left promiscuous mode [ 1700.717728][T21956] (unnamed net_device) (uninitialized): option packets_per_slave: mode dependency failed, not supported in mode balance-xor(2) [ 1701.121597][T21975] loop2: detected capacity change from 0 to 512 [ 1701.354227][T21975] EXT4-fs error (device loop2): ext4_orphan_get:1401: inode #15: comm syz.2.3941: casefold flag without casefold feature [ 1701.412736][T21975] EXT4-fs error (device loop2): ext4_orphan_get:1406: comm syz.2.3941: couldn't read orphan inode 15 (err -117) [ 1701.460704][T21979] loop1: detected capacity change from 0 to 512 [ 1701.518532][T21975] EXT4-fs (loop2): mounted filesystem without journal. Opts: nobarrier,,errors=continue. Quota mode: writeback. [ 1701.578438][T21979] EXT4-fs error (device loop1): ext4_orphan_get:1401: inode #15: comm syz.1.3943: casefold flag without casefold feature [ 1701.702490][T21979] EXT4-fs error (device loop1): ext4_orphan_get:1406: comm syz.1.3943: couldn't read orphan inode 15 (err -117) [ 1701.783437][ T3620] usb 5-1: new low-speed USB device number 35 using dummy_hcd [ 1701.798663][T21979] EXT4-fs (loop1): mounted filesystem without journal. Opts: nobarrier,,errors=continue. Quota mode: writeback. [ 1701.966404][T21984] netlink: 100 bytes leftover after parsing attributes in process `syz.2.3944'. [ 1702.010832][T21985] netlink: 156 bytes leftover after parsing attributes in process `syz.3.3945'. [ 1702.037120][T21979] syz.1.3943 (21979) used greatest stack depth: 18200 bytes left [ 1702.099048][T21985] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1702.173979][T21990] loop2: detected capacity change from 0 to 1024 [ 1702.234260][ T3620] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 1702.241832][ T3620] usb 5-1: can't read configurations, error -61 [ 1702.347552][T21990] hfsplus: request for non-existent node 3 in B*Tree [ 1702.364300][T21990] hfsplus: request for non-existent node 3 in B*Tree [ 1704.434825][ T3620] usb 5-1: new low-speed USB device number 36 using dummy_hcd [ 1704.552283][T22012] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3953'. [ 1704.558861][T22010] 9pnet_virtio: no channels available for device syz [ 1704.612382][T22015] loop4: detected capacity change from 0 to 2048 [ 1704.743848][T22015] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1704.747894][T22027] loop3: detected capacity change from 0 to 512 [ 1704.806016][T22026] loop2: detected capacity change from 0 to 512 [ 1704.923297][T22027] EXT4-fs error (device loop3): ext4_orphan_get:1401: inode #15: comm syz.3.3957: casefold flag without casefold feature [ 1704.943035][T22027] EXT4-fs error (device loop3): ext4_orphan_get:1406: comm syz.3.3957: couldn't read orphan inode 15 (err -117) [ 1705.013789][T22026] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 1705.023507][T22026] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 1705.031965][T22026] System zones: 0-1, 15-15, 18-18, 34-34 [ 1705.039126][T22026] EXT4-fs (loop2): orphan cleanup on readonly fs [ 1705.045536][T22026] Quota error (device loop2): v2_read_header: Failed header read: expected=8 got=0 [ 1705.055352][T22026] EXT4-fs warning (device loop2): ext4_enable_quotas:6432: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 1705.070462][T22026] EXT4-fs (loop2): Cannot turn on quotas: error -22 [ 1705.079611][T22026] EXT4-fs error (device loop2): ext4_orphan_get:1427: comm syz.2.3951: bad orphan inode 16 [ 1705.090211][T22026] ext4_test_bit(bit=15, block=18) = 1 [ 1705.095601][T22026] is_bad_inode(inode)=0 [ 1705.101142][T22026] NEXT_ORPHAN(inode)=0 [ 1705.105221][T22026] max_ino=32 [ 1705.108741][T22026] i_nlink=2 [ 1705.112068][T22026] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1705.152846][T22018] fscrypt (loop2, inode 16): Error -61 getting encryption context [ 1705.307239][T22027] EXT4-fs (loop3): mounted filesystem without journal. Opts: nobarrier,,errors=continue. Quota mode: writeback. [ 1705.684579][T22042] loop1: detected capacity change from 0 to 512 [ 1705.722767][T22045] loop4: detected capacity change from 0 to 512 [ 1705.849014][T22045] EXT4-fs error (device loop4): ext4_orphan_get:1401: inode #15: comm syz.4.3972: casefold flag without casefold feature [ 1705.910705][T22051] loop3: detected capacity change from 0 to 128 [ 1705.926760][T22045] EXT4-fs error (device loop4): ext4_orphan_get:1406: comm syz.4.3972: couldn't read orphan inode 15 (err -117) [ 1705.977033][T22045] EXT4-fs (loop4): mounted filesystem without journal. Opts: nobarrier,,errors=continue. Quota mode: writeback. [ 1705.998229][T22051] FAT-fs (loop3): Unrecognized mount option "ÿÿÿÿ01777777777777777777777" or missing value [ 1706.009753][T22042] EXT4-fs error (device loop1): ext4_orphan_get:1401: inode #15: comm syz.1.3961: casefold flag without casefold feature [ 1706.031305][T22042] EXT4-fs error (device loop1): ext4_orphan_get:1406: comm syz.1.3961: couldn't read orphan inode 15 (err -117) [ 1706.056798][T22042] EXT4-fs (loop1): mounted filesystem without journal. Opts: nobarrier,,errors=continue. Quota mode: writeback. [ 1706.461993][T22054] device syz_tun entered promiscuous mode [ 1706.473697][T22054] device macsec1 entered promiscuous mode [ 1706.483234][T22054] device syz_tun left promiscuous mode [ 1707.376137][T22067] loop2: detected capacity change from 0 to 1024 [ 1707.386347][T22061] loop4: detected capacity change from 0 to 512 [ 1707.391879][T22069] tap0: tun_chr_ioctl cmd 2147767521 [ 1707.450490][T22061] EXT4-fs (loop4): Mount option "dioread_lock" incompatible with ext2 [ 1707.451028][T22067] EXT4-fs (loop2): Ignoring removed nobh option [ 1707.485381][T22067] EXT4-fs (loop2): Quota format mount options ignored when QUOTA feature is enabled [ 1707.568387][T22067] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,lazytime,errors=continue,noinit_itable,nobh,jqfmt=vfsold,usrquota,errors=continue,,errors=continue. Quota mode: writeback. [ 1707.624079][T22067] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3967'. [ 1707.919746][T22079] loop4: detected capacity change from 0 to 512 [ 1707.973754][T22079] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 1708.069809][T22079] EXT4-fs (loop4): 1 truncate cleaned up [ 1708.075582][T22079] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1708.625949][ T3620] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 1708.660393][T22084] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3973'. [ 1708.751141][T22087] ax25_connect(): syz.2.3970 uses autobind, please contact jreuter@yaina.de [ 1709.020431][ T3620] usb 4-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=14.d4 [ 1709.055819][T22084] device bridge_slave_1 left promiscuous mode [ 1709.093256][T22084] bridge0: port 2(bridge_slave_1) entered disabled state [ 1709.126633][ T3620] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1709.238603][ T3620] usb 4-1: config 0 descriptor?? [ 1709.246201][T22084] bridge2: port 1(bridge_slave_1) entered blocking state [ 1709.276702][T22084] bridge2: port 1(bridge_slave_1) entered disabled state [ 1709.303973][T22088] loop1: detected capacity change from 0 to 2048 [ 1709.332668][T22092] netlink: 'syz.4.3974': attribute type 1 has an invalid length. [ 1709.333091][T22084] device bridge_slave_1 entered promiscuous mode [ 1709.371016][T22084] bridge2: port 1(bridge_slave_1) entered blocking state [ 1709.377789][T22088] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 1709.378125][T22084] bridge2: port 1(bridge_slave_1) entered forwarding state [ 1709.396018][T22089] bridge2: port 2(veth1_to_bond) entered blocking state [ 1709.405192][T22089] bridge2: port 2(veth1_to_bond) entered disabled state [ 1709.413770][T22089] device veth1_to_bond entered promiscuous mode [ 1709.420821][T22089] bridge2: port 2(veth1_to_bond) entered blocking state [ 1709.420855][T22089] bridge2: port 2(veth1_to_bond) entered forwarding state [ 1709.424183][T22092] netlink: 92 bytes leftover after parsing attributes in process `syz.4.3974'. [ 1709.496140][T22088] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a002e01c, mo2=0002] [ 1709.496223][T22088] System zones: 0-19 [ 1709.499966][T22088] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1709.501274][T22096] overlayfs: failed to resolve './file0': -2 [ 1709.534013][T22088] EXT4-fs error (device loop1): ext4_add_entry:2486: inode #2: comm syz.1.3975: Directory hole found for htree leaf block 0 [ 1709.770861][ T3620] gs_usb 4-1:0.0: Configuring for 1 interfaces [ 1710.292533][ T3620] usb 4-1: USB disconnect, device number 33 [ 1710.770485][T22114] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3981'. [ 1711.704400][T22123] loop4: detected capacity change from 0 to 512 [ 1711.905468][T22128] netlink: 'syz.1.3982': attribute type 3 has an invalid length. [ 1711.913426][T22128] netlink: 56 bytes leftover after parsing attributes in process `syz.1.3982'. [ 1712.084565][T22123] EXT4-fs error (device loop4): ext4_orphan_get:1401: inode #15: comm syz.4.3983: casefold flag without casefold feature [ 1712.113440][T22130] device syzkaller0 entered promiscuous mode [ 1712.130596][T22123] EXT4-fs error (device loop4): ext4_orphan_get:1406: comm syz.4.3983: couldn't read orphan inode 15 (err -117) [ 1712.177285][T22130] device syzkaller0 left promiscuous mode [ 1712.219706][T22123] EXT4-fs (loop4): mounted filesystem without journal. Opts: nobarrier,,errors=continue. Quota mode: writeback. [ 1712.502978][T22140] loop1: detected capacity change from 0 to 512 [ 1712.523319][T22145] loop3: detected capacity change from 0 to 16 [ 1712.741681][T22147] netlink: 'syz.2.3990': attribute type 29 has an invalid length. [ 1712.749909][T22147] netlink: 'syz.2.3990': attribute type 3 has an invalid length. [ 1712.757883][T22147] netlink: 76 bytes leftover after parsing attributes in process `syz.2.3990'. [ 1713.301446][T22145] erofs: (device loop3): mounted with root inode @ nid 36. [ 1713.331270][T22147] XFS (nullb0): Invalid superblock magic number [ 1713.388495][T22140] EXT4-fs error (device loop1): ext4_orphan_get:1401: inode #15: comm syz.1.3988: casefold flag without casefold feature [ 1713.451236][T22140] EXT4-fs error (device loop1): ext4_orphan_get:1406: comm syz.1.3988: couldn't read orphan inode 15 (err -117) [ 1713.473868][T22140] EXT4-fs (loop1): mounted filesystem without journal. Opts: nobarrier,,errors=continue. Quota mode: writeback. [ 1714.698448][T22161] overlayfs: failed to resolve './file0': -2 [ 1714.863445][T22163] loop4: detected capacity change from 0 to 2048 [ 1715.268129][T22163] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1715.915182][T22181] futex_wake_op: syz.2.3996 tries to shift op by 36; fix this program [ 1716.998543][T22191] loop3: detected capacity change from 0 to 512 [ 1717.158220][T22191] EXT4-fs error (device loop3): ext4_orphan_get:1401: inode #15: comm syz.3.4001: casefold flag without casefold feature [ 1717.184243][T22191] EXT4-fs error (device loop3): ext4_orphan_get:1406: comm syz.3.4001: couldn't read orphan inode 15 (err -117) [ 1717.216233][T22193] binder: 22190:22193 ioctl c0306201 20000380 returned -14 [ 1717.252769][T22191] EXT4-fs (loop3): mounted filesystem without journal. Opts: nobarrier,,errors=continue. Quota mode: writeback. [ 1718.587287][T22211] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4004'. [ 1719.182867][T22220] loop4: detected capacity change from 0 to 512 [ 1719.541763][T22225] netlink: 100 bytes leftover after parsing attributes in process `syz.3.4009'. [ 1719.563923][T22226] netlink: 156 bytes leftover after parsing attributes in process `syz.2.4008'. [ 1719.607885][T22226] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1719.984415][T22230] loop3: detected capacity change from 0 to 2048 [ 1719.996184][T22220] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2 [ 1720.004254][T22220] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -2 [ 1720.013742][T22220] EXT4-fs (loop4): 1 truncate cleaned up [ 1720.019395][T22220] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsold,usrjquota="errors=continue,noload,data_err=ignore,grpjquota="errors=continue,errors=remount-ro,noblock_validity,. Quota mode: writeback. [ 1720.039836][ C1] vkms_vblank_simulate: vblank timer overrun [ 1720.054712][T22219] EXT4-fs (loop4): re-mounted. Opts: (null). Quota mode: writeback. [ 1720.109204][T22230] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1720.351334][T22241] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1720.385028][T22243] loop4: detected capacity change from 0 to 1024 [ 1720.407740][T22241] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4014'. [ 1720.423888][T22245] loop1: detected capacity change from 0 to 512 [ 1720.455535][T22243] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option [ 1720.463744][T22243] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option [ 1720.475070][T22243] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 1720.502271][T22243] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 1720.527371][T22245] EXT4-fs error (device loop1): ext4_orphan_get:1401: inode #15: comm syz.1.4015: casefold flag without casefold feature [ 1720.534005][T22243] EXT4-fs (loop4): can't mount with data=, fs mounted w/o journal [ 1720.603258][T22245] EXT4-fs error (device loop1): ext4_orphan_get:1406: comm syz.1.4015: couldn't read orphan inode 15 (err -117) [ 1720.641691][T22245] EXT4-fs (loop1): mounted filesystem without journal. Opts: nobarrier,,errors=continue. Quota mode: writeback. [ 1720.966665][T22252] xt_CONNSECMARK: invalid mode: 0 [ 1721.103160][T22256] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4018'. [ 1721.427835][T22269] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 1722.228704][T22274] loop1: detected capacity change from 0 to 1024 [ 1722.243796][T22275] loop2: detected capacity change from 0 to 512 [ 1722.365717][T22275] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz.2.4032: inode #1: comm syz.2.4032: iget: illegal inode # [ 1722.447639][T22275] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.4032: error while reading EA inode 1 err=-117 [ 1722.544414][T22275] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz.2.4032: inode #1: comm syz.2.4032: iget: illegal inode # [ 1722.568091][T22280] netlink: 156 bytes leftover after parsing attributes in process `syz.0.4023'. [ 1722.610065][T22275] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.4032: error while reading EA inode 1 err=-117 [ 1722.644465][T22280] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1722.646922][T22275] EXT4-fs (loop2): 1 orphan inode deleted [ 1722.680528][T22275] EXT4-fs (loop2): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000004c,minixdf,abort,delalloc,usrjquota=,,errors=continue. Quota mode: none. [ 1723.595871][T22286] loop3: detected capacity change from 0 to 736 [ 1723.788786][T22286] rock: directory entry would overflow storage [ 1723.816276][T22286] rock: sig=0x3b10, size=4, remaining=3 [ 1724.400242][ T25] audit: type=1326 audit(2000000822.115:1039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22297 comm="syz.4.4028" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37785c2ff9 code=0x7ffc0000 [ 1724.477395][ T25] audit: type=1326 audit(2000000822.195:1040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22297 comm="syz.4.4028" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37785c2ff9 code=0x7ffc0000 [ 1724.571216][ T25] audit: type=1326 audit(2000000822.195:1041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22297 comm="syz.4.4028" exe="/root/syz-executor" sig=0 arch=c000003e syscall=176 compat=0 ip=0x7f37785c2ff9 code=0x7ffc0000 [ 1724.643993][ T25] audit: type=1326 audit(2000000822.195:1042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22297 comm="syz.4.4028" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37785c2ff9 code=0x7ffc0000 [ 1724.703907][ T25] audit: type=1326 audit(2000000822.195:1043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22297 comm="syz.4.4028" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37785c2ff9 code=0x7ffc0000 [ 1724.819298][ T25] audit: type=1326 audit(2000000822.245:1044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22297 comm="syz.4.4028" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f37785c2ff9 code=0x7ffc0000 [ 1725.019050][ T25] audit: type=1326 audit(2000000822.245:1045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22297 comm="syz.4.4028" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f37785c3033 code=0x7ffc0000 [ 1725.071903][ T25] audit: type=1326 audit(2000000822.245:1046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22297 comm="syz.4.4028" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f37785c3033 code=0x7ffc0000 [ 1725.294587][ T25] audit: type=1326 audit(2000000822.245:1047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22297 comm="syz.4.4028" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37785c2ff9 code=0x7ffc0000 [ 1725.425003][T22321] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4033'. [ 1725.564014][ T25] audit: type=1326 audit(2000000822.245:1048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22297 comm="syz.4.4028" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37785c2ff9 code=0x7ffc0000 [ 1725.662598][T22324] tap0: tun_chr_ioctl cmd 2147767521 [ 1725.889639][T22331] loop4: detected capacity change from 0 to 512 [ 1726.151006][T22331] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: comm syz.4.4037: inode #1: comm syz.4.4037: iget: illegal inode # [ 1726.172451][T22331] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz.4.4037: error while reading EA inode 1 err=-117 [ 1726.205422][T22331] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: comm syz.4.4037: inode #1: comm syz.4.4037: iget: illegal inode # [ 1726.818818][T22331] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz.4.4037: error while reading EA inode 1 err=-117 [ 1726.958260][T22344] input: syz1 as /devices/virtual/input/input33 [ 1726.958546][T22331] EXT4-fs (loop4): 1 orphan inode deleted [ 1726.982816][T22344] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1727.011197][T22331] EXT4-fs (loop4): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000004c,minixdf,abort,delalloc,usrjquota=,,errors=continue. Quota mode: none. [ 1727.216070][T22348] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1730.087454][T22351] loop1: detected capacity change from 0 to 512 [ 1730.230548][T22351] EXT4-fs (loop1): 1 orphan inode deleted [ 1730.236332][T22351] EXT4-fs (loop1): mounted filesystem without journal. Opts: resgid=0x000000000000ee00,grpquota,noblock_validity,init_itable,stripe=0x000000000000002e,resgid=0x0000000000000000,sysvgroups,norecovery,usrquota,,errors=continue. Quota mode: writeback. [ 1730.260190][T22351] ext4 filesystem being mounted at /33/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1730.330716][T22361] loop4: detected capacity change from 0 to 512 [ 1730.609790][T22371] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4048'. [ 1730.625570][T22361] EXT4-fs error (device loop4): ext4_orphan_get:1401: inode #15: comm syz.4.4046: casefold flag without casefold feature [ 1730.670398][T22361] EXT4-fs error (device loop4): ext4_orphan_get:1406: comm syz.4.4046: couldn't read orphan inode 15 (err -117) [ 1730.738522][T22361] EXT4-fs (loop4): mounted filesystem without journal. Opts: nobarrier,,errors=continue. Quota mode: writeback. [ 1732.165901][T22393] tap0: tun_chr_ioctl cmd 2147767521 [ 1732.360781][T22398] netlink: 'syz.3.4053': attribute type 3 has an invalid length. [ 1732.368586][T22398] netlink: 56 bytes leftover after parsing attributes in process `syz.3.4053'. [ 1733.016574][T22408] loop1: detected capacity change from 0 to 512 [ 1733.034090][T22410] usb usb1: usbfs: process 22410 (syz.2.4065) did not claim interface 0 before use [ 1733.086621][T22410] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4065'. [ 1733.100548][T22408] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 1733.138755][T22413] fuse: Unknown parameter 'dont_appraise' [ 1733.221715][T22408] EXT4-fs (loop1): 1 truncate cleaned up [ 1733.240207][T22414] loop3: detected capacity change from 0 to 512 [ 1733.249690][T22408] EXT4-fs (loop1): mounted filesystem without journal. Opts: i_version,nombcache,debug_want_extra_isize=0x0000000000000006,lazytime,noblock_validity,quota,,errors=continue. Quota mode: writeback. [ 1733.362881][T22414] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 1733.371369][T22414] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 1733.379485][T22414] System zones: 0-1, 15-15, 18-18, 34-34 [ 1733.432387][T22414] EXT4-fs (loop3): orphan cleanup on readonly fs [ 1733.438905][T22414] Quota error (device loop3): v2_read_header: Failed header read: expected=8 got=0 [ 1733.449162][T22414] EXT4-fs warning (device loop3): ext4_enable_quotas:6432: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 1733.465406][T22414] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 1733.483995][T22414] EXT4-fs error (device loop3): ext4_orphan_get:1427: comm syz.3.4055: bad orphan inode 16 [ 1733.496030][T22414] ext4_test_bit(bit=15, block=18) = 1 [ 1733.521855][T22414] is_bad_inode(inode)=0 [ 1733.530112][T22414] NEXT_ORPHAN(inode)=0 [ 1733.534523][T22414] max_ino=32 [ 1733.546118][T22414] i_nlink=2 [ 1733.551725][T22414] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1733.604844][T22414] fscrypt (loop3, inode 16): Error -61 getting encryption context [ 1735.030100][T22436] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4061'. [ 1735.095271][T22436] loop3: detected capacity change from 0 to 512 [ 1735.190530][T22447] loop4: detected capacity change from 0 to 8 [ 1735.272018][T22436] EXT4-fs (loop3): 1 truncate cleaned up [ 1735.300753][T22436] EXT4-fs (loop3): mounted filesystem without journal. Opts: prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,errors=continue,grpjquota=,,errors=continue. Quota mode: writeback. [ 1735.302208][T22447] SQUASHFS error: zlib decompression failed, data probably corrupt [ 1735.330950][T22447] SQUASHFS error: Failed to read block 0x9b: -5 [ 1735.337467][T22447] SQUASHFS error: Unable to read metadata cache entry [99] [ 1735.344873][T22447] SQUASHFS error: Unable to read inode 0x127 [ 1736.431131][T22468] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4073'. [ 1739.558032][T22496] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 1740.361644][T22496] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 1742.198335][T22512] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4083'. [ 1742.379231][T22512] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4083'. [ 1742.598772][T22522] futex_wake_op: syz.3.4084 tries to shift op by 36; fix this program [ 1742.914051][T22530] loop4: detected capacity change from 0 to 2048 [ 1742.930235][T22535] loop3: detected capacity change from 0 to 128 [ 1742.937415][T22533] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4086'. [ 1742.976588][T22530] UDF-fs: bad mount option "uid=" or missing value [ 1744.348763][ T5814] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 1744.472214][T22553] tmpfs: Unknown parameter 'usrquota' [ 1745.299720][T20074] usb 3-1: new full-speed USB device number 36 using dummy_hcd [ 1745.383392][ T5814] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1745.403619][ T5814] usb 5-1: config 1 has no interface number 0 [ 1745.417392][ T5814] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1745.428723][ T5814] usb 5-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 1745.445195][ T5814] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1746.130239][ T5814] usb 5-1: string descriptor 0 read error: -71 [ 1746.138158][ T5814] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1746.171576][ T5814] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1746.315382][ T5814] usb 5-1: can't set config #1, error -71 [ 1746.950715][T20074] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1746.987335][ T5814] usb 5-1: USB disconnect, device number 37 [ 1747.014882][T20074] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1747.030404][T22568] loop1: detected capacity change from 0 to 512 [ 1747.099108][T20074] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 10 [ 1747.224835][T20074] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 1747.246123][T20074] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 1747.263424][T20074] usb 3-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00 [ 1747.340152][T20074] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1747.392595][T20074] usb 3-1: config 0 descriptor?? [ 1748.057533][T22568] EXT4-fs (loop1): 1 orphan inode deleted [ 1748.087889][T22568] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1748.233882][T22587] netlink: 92 bytes leftover after parsing attributes in process `syz.4.4102'. [ 1748.921221][T22587] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4102'. [ 1749.025067][T22568] ext4 filesystem being mounted at /44/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1749.180621][T22594] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4099'. [ 1750.427960][ T25] audit: type=1326 audit(2000000848.126:1049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22601 comm="syz.3.4106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48834a8ff9 code=0x7fc00000 [ 1750.487944][T22609] netlink: 104 bytes leftover after parsing attributes in process `syz.3.4106'. [ 1750.596142][T22611] loop1: detected capacity change from 0 to 512 [ 1750.611169][ T25] audit: type=1326 audit(2000000848.126:1050): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22601 comm="syz.3.4106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f48834a8ff9 code=0x7fc00000 [ 1750.712212][T22611] EXT4-fs error (device loop1): ext4_orphan_get:1401: inode #15: comm syz.1.4105: casefold flag without casefold feature [ 1750.795458][T22611] EXT4-fs error (device loop1): ext4_orphan_get:1406: comm syz.1.4105: couldn't read orphan inode 15 (err -117) [ 1750.849131][T22611] EXT4-fs (loop1): mounted filesystem without journal. Opts: nobarrier,,errors=continue. Quota mode: writeback. [ 1750.871587][ T25] audit: type=1326 audit(2000000848.565:1051): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22601 comm="syz.3.4106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48834a8ff9 code=0x7fc00000 [ 1750.931670][ T25] audit: type=1326 audit(2000000848.565:1052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22601 comm="syz.3.4106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f48834a8ff9 code=0x7fc00000 [ 1751.016044][T20074] usb 3-1: can't set config #0, error -71 [ 1751.036888][T20074] usb 3-1: USB disconnect, device number 36 [ 1751.065188][T22622] netlink: 'syz.0.4112': attribute type 4 has an invalid length. [ 1751.086737][T22622] netlink: 'syz.0.4112': attribute type 11 has an invalid length. [ 1751.107818][ T25] audit: type=1326 audit(2000000848.565:1053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22601 comm="syz.3.4106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48834a8ff9 code=0x7fc00000 [ 1751.135982][T22626] bridge0: port 2(bridge_slave_1) entered disabled state [ 1751.143367][T22626] bridge0: port 1(bridge_slave_0) entered disabled state [ 1751.225581][ T25] audit: type=1326 audit(2000000848.565:1054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22601 comm="syz.3.4106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48834a8ff9 code=0x7fc00000 [ 1751.389129][ T25] audit: type=1326 audit(2000000848.565:1055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22601 comm="syz.3.4106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48834a8ff9 code=0x7fc00000 [ 1751.518624][ T25] audit: type=1326 audit(2000000848.565:1056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22601 comm="syz.3.4106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48834a8ff9 code=0x7fc00000 [ 1751.589115][ T25] audit: type=1326 audit(2000000848.565:1057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22601 comm="syz.3.4106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48834a8ff9 code=0x7fc00000 [ 1751.939607][ T25] audit: type=1326 audit(2000000848.565:1058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22601 comm="syz.3.4106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48834a8ff9 code=0x7fc00000 [ 1751.959117][T22653] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4121'. [ 1751.962062][ C1] vkms_vblank_simulate: vblank timer overrun [ 1752.038522][T22646] netlink: 108 bytes leftover after parsing attributes in process `syz.4.4119'. [ 1752.556101][T22664] loop2: detected capacity change from 0 to 512 [ 1752.601550][T22663] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4125'. [ 1753.339470][T22675] loop1: detected capacity change from 0 to 512 [ 1753.446300][T22664] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 1753.570481][T22675] EXT4-fs error (device loop1): ext4_orphan_get:1401: inode #15: comm syz.1.4127: casefold flag without casefold feature [ 1754.797946][T22675] EXT4-fs error (device loop1): ext4_orphan_get:1406: comm syz.1.4127: couldn't read orphan inode 15 (err -117) [ 1754.822971][T22664] EXT4-fs error (device loop2): ext4_get_branch:178: inode #11: block 4294967295: comm syz.2.4124: invalid block [ 1754.906790][T22675] EXT4-fs (loop1): mounted filesystem without journal. Opts: nobarrier,,errors=continue. Quota mode: writeback. [ 1754.929426][T22664] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.4124: invalid indirect mapped block 4294967295 (level 1) [ 1755.057052][T22664] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.4124: invalid indirect mapped block 4294967295 (level 1) [ 1755.155214][T22664] EXT4-fs (loop2): 2 truncates cleaned up [ 1755.182688][T22664] EXT4-fs (loop2): mounted filesystem without journal. Opts: noauto_da_alloc,init_itable=0x0000000000000006,dioread_nolock,,errors=continue. Quota mode: writeback. [ 1755.258789][T22704] loop4: detected capacity change from 0 to 2048 [ 1756.088023][T22704] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1756.141251][T22712] 9pnet: p9_errstr2errno: server reported unknown error œæçæŒÎsÅ‚Ï£žßä“X\x§ÃãEµ [ 1756.206642][T22716] befs: (loop5): No write support. Marking filesystem read-only [ 1756.219190][T22716] blk_update_request: I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1756.232287][T22716] befs: (loop5): unable to read superblock [ 1756.328215][T22664] overlayfs: './file0' not a directory [ 1756.377105][T22664] overlayfs: failed to clone upperpath [ 1756.407020][T22722] loop1: detected capacity change from 0 to 512 [ 1756.536876][T22723] Invalid ELF header magic: != ELF [ 1757.035283][T22722] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: comm syz.1.4136: inode #1: comm syz.1.4136: iget: illegal inode # [ 1757.125367][T22722] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.4136: error while reading EA inode 1 err=-117 [ 1757.180043][T22730] loop3: detected capacity change from 0 to 64 [ 1757.207150][T22722] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: comm syz.1.4136: inode #1: comm syz.1.4136: iget: illegal inode # [ 1757.226498][T22722] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.4136: error while reading EA inode 1 err=-117 [ 1757.239599][T19459] Bluetooth: hci4: command 0x0406 tx timeout [ 1757.256661][T22727] loop2: detected capacity change from 0 to 2048 [ 1757.266897][T22722] EXT4-fs (loop1): 1 orphan inode deleted [ 1757.274395][T22722] EXT4-fs (loop1): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000004c,minixdf,abort,delalloc,usrjquota=,,errors=continue. Quota mode: none. [ 1757.290681][T22730] overlayfs: unrecognized mount option "fowner<00000000000000000000" or missing value [ 1757.362341][T22727] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1757.418324][T22727] UDF-fs: error (device loop2): udf_read_inode: (ino 1376) failed !bh [ 1757.432382][T22727] UDF-fs: error (device loop2): udf_fill_super: Error in udf_iget, block=64, partition=0 [ 1757.566310][ T3616] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 1758.353881][T22735] loop3: detected capacity change from 0 to 1024 [ 1758.394759][T22735] EXT4-fs (loop3): unsupported inode size: 0 [ 1758.416984][T22735] EXT4-fs (loop3): blocksize: 1024 [ 1758.548982][ T3616] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1758.586528][T19459] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 1760.472915][T22743] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1760.517046][ T3616] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1760.556430][ T3616] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1760.584701][ T3616] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1760.594218][ T3616] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1760.624378][ T3616] usb 5-1: config 0 descriptor?? [ 1760.629025][T22749] loop4: detected capacity change from 0 to 2048 [ 1760.655966][ T3616] usb 5-1: can't set config #0, error -71 [ 1760.685289][ T3616] usb 5-1: USB disconnect, device number 38 [ 1760.784821][T22754] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4143'. [ 1760.794682][T22749] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1760.875723][T22758] loop2: detected capacity change from 0 to 256 [ 1761.017215][T22762] device bond0 entered promiscuous mode [ 1761.024248][T22762] device bond_slave_0 entered promiscuous mode [ 1761.047308][T22762] device bond_slave_1 entered promiscuous mode [ 1761.093053][ T25] kauditd_printk_skb: 60 callbacks suppressed [ 1761.093067][ T25] audit: type=1804 audit(2000000858.788:1119): pid=22749 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.4144" name="/newroot/111/file1/bus" dev="loop4" ino=18 res=1 errno=0 [ 1761.195449][T22767] loop3: detected capacity change from 0 to 512 [ 1762.066025][T22779] loop4: detected capacity change from 0 to 512 [ 1762.134788][T22767] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1762.280018][T22767] ext4 filesystem being mounted at /56/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1762.283506][T22779] EXT4-fs error (device loop4): ext4_orphan_get:1427: comm syz.4.4149: bad orphan inode 1 [ 1762.473890][ T25] audit: type=1800 audit(2000000860.157:1120): pid=22762 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.4146" name="bus" dev="loop3" ino=18 res=0 errno=0 [ 1762.850194][T22779] EXT4-fs (loop4): Remounting filesystem read-only [ 1762.938764][T22779] EXT4-fs (loop4): mounted filesystem without journal. Opts: bsdgroups,i_version,usrquota,min_batch_time=0x0000000000000005,data_err=abort,jqfmt=vfsv1,errors=remount-ro,delalloc,. Quota mode: writeback. [ 1763.047679][T22791] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4154'. [ 1763.239832][T22797] loop3: detected capacity change from 0 to 512 [ 1763.337664][T22797] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: comm syz.3.4153: inode #1: comm syz.3.4153: iget: illegal inode # [ 1763.522518][T22797] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.4153: error while reading EA inode 1 err=-117 [ 1763.990460][T22797] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: comm syz.3.4153: inode #1: comm syz.3.4153: iget: illegal inode # [ 1765.407064][T22797] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.4153: error while reading EA inode 1 err=-117 [ 1765.670160][T22797] EXT4-fs (loop3): 1 orphan inode deleted [ 1765.768768][T22797] EXT4-fs (loop3): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000004c,minixdf,abort,delalloc,usrjquota=,,errors=continue. Quota mode: none. [ 1765.879879][T22817] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4159'. [ 1765.895508][T22822] loop2: detected capacity change from 0 to 2048 [ 1766.146033][T22822] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1766.770245][T20564] usb 2-1: new full-speed USB device number 39 using dummy_hcd [ 1766.908666][ T25] audit: type=1804 audit(2000000864.594:1121): pid=22822 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.4161" name="/newroot/69/file1/bus" dev="loop2" ino=18 res=1 errno=0 [ 1766.981856][T22835] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4162'. [ 1767.120348][T22838] siw: device registration error -23 [ 1767.144787][T20564] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1767.204611][T20564] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1767.392812][T20564] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 10 [ 1767.404262][T20564] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 1767.419107][T20564] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 1767.435995][T20564] usb 2-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00 [ 1767.981668][T20564] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1768.031742][T20564] usb 2-1: config 0 descriptor?? [ 1768.144068][T22857] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4169'. [ 1768.356968][T22864] 9pnet_virtio: no channels available for device syz [ 1769.610218][T22875] xt_limit: Overflow, try lower: 0/0 [ 1769.618476][T22875] loop4: detected capacity change from 0 to 8 [ 1770.840479][T22874] overlayfs: unrecognized mount option "fowner<00000000000000000000" or missing value [ 1770.867884][T22872] SQUASHFS error: Unable to read directory block [631:526] [ 1770.927003][ T5814] Bluetooth: hci0: command 0x0405 tx timeout [ 1771.543022][T22882] chnl_net:caif_netlink_parms(): no params data found [ 1771.703521][T20564] usbhid 2-1:0.0: can't add hid device: -71 [ 1771.709747][T20564] usbhid: probe of 2-1:0.0 failed with error -71 [ 1771.718315][T20564] usb 2-1: USB disconnect, device number 39 [ 1772.402933][T22882] bridge0: port 1(bridge_slave_0) entered blocking state [ 1772.417983][T22882] bridge0: port 1(bridge_slave_0) entered disabled state [ 1772.516541][T22882] device bridge_slave_0 entered promiscuous mode [ 1772.541816][T22902] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4178'. [ 1772.559600][T22882] bridge0: port 2(bridge_slave_1) entered blocking state [ 1772.569408][T22882] bridge0: port 2(bridge_slave_1) entered disabled state [ 1772.610384][T22882] device bridge_slave_1 entered promiscuous mode [ 1772.693524][T22882] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1772.722043][T22882] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1772.940671][T22911] loop1: detected capacity change from 0 to 512 [ 1773.107956][T22912] loop4: detected capacity change from 0 to 512 [ 1773.168566][ T3620] Bluetooth: hci4: command 0x0409 tx timeout [ 1773.240290][T22911] EXT4-fs error (device loop1): ext4_orphan_get:1401: inode #15: comm syz.1.4192: casefold flag without casefold feature [ 1773.384573][T22911] EXT4-fs error (device loop1): ext4_orphan_get:1406: comm syz.1.4192: couldn't read orphan inode 15 (err -117) [ 1773.416331][T22882] team0: Port device team_slave_0 added [ 1773.425228][T22882] team0: Port device team_slave_1 added [ 1773.447277][T22911] EXT4-fs (loop1): mounted filesystem without journal. Opts: nobarrier,,errors=continue. Quota mode: writeback. [ 1773.463648][T22882] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1773.471037][T22882] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1773.519856][T22912] EXT4-fs (loop4): 1 orphan inode deleted [ 1773.544070][T22912] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1773.577191][T22912] ext4 filesystem being mounted at /119/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1773.600250][T22882] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1773.680081][T22912] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4182'. [ 1773.709301][T22882] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1773.716492][T22882] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1773.765084][T22882] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1773.896953][T22882] device hsr_slave_0 entered promiscuous mode [ 1773.904021][T22882] device hsr_slave_1 entered promiscuous mode [ 1774.197024][T22882] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1774.212507][T22882] Cannot create hsr debugfs directory [ 1774.597280][T22925] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4184'. [ 1774.713900][T22935] loop3: detected capacity change from 0 to 128 [ 1774.723525][T22930] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4186'. [ 1774.801851][T22938] loop1: detected capacity change from 0 to 1024 [ 1774.948797][T22938] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 1774.965428][T22882] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1774.979792][T22938] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 1775.010629][T22938] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (59422!=20869) [ 1775.030360][T22938] journal_init_common: Cannot get buffer for journal superblock [ 1775.038161][T22938] EXT4-fs (loop1): Could not load journal inode [ 1775.046592][T22942] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100) [ 1775.055230][T22942] FAT-fs (loop3): Filesystem has been set read-only [ 1775.061878][T22942] attempt to access beyond end of device [ 1775.061878][T22942] loop3: rw=524288, want=2073, limit=128 [ 1775.073300][T22942] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100) [ 1775.081141][T22942] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100) [ 1775.182519][ T25] audit: type=1800 audit(2000000872.789:1122): pid=22942 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.4189" name="file2" dev="loop3" ino=1048948 res=0 errno=0 [ 1775.221158][T22882] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1775.540093][T20564] Bluetooth: hci4: command 0x041b tx timeout [ 1775.900457][ T25] audit: type=1326 audit(2000000873.509:1123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22937 comm="syz.1.4190" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7b3ee54ff9 code=0x0 [ 1776.493263][T22882] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1776.524488][T22957] loop4: detected capacity change from 0 to 512 [ 1777.163721][T22957] EXT4-fs error (device loop4): ext4_orphan_get:1401: inode #15: comm syz.4.4195: casefold flag without casefold feature [ 1777.204276][T22882] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1777.258064][T22957] EXT4-fs error (device loop4): ext4_orphan_get:1406: comm syz.4.4195: couldn't read orphan inode 15 (err -117) [ 1777.279236][T22972] overlayfs: missing 'lowerdir' [ 1777.349106][T22957] EXT4-fs (loop4): mounted filesystem without journal. Opts: nobarrier,,errors=continue. Quota mode: writeback. [ 1777.593119][ T3620] Bluetooth: hci4: command 0x040f tx timeout [ 1777.629226][T22882] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1777.664025][T22970] loop1: detected capacity change from 0 to 8192 [ 1777.683168][T22882] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1777.702386][T22882] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1778.091022][T22970] loop1: p1 p3 p4 [ 1778.095417][T22970] loop1: partition table partially beyond EOD, truncated [ 1778.204525][T22882] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1778.344003][T22970] loop1: p1 size 3523149824 extends beyond EOD, truncated [ 1778.446735][T22970] loop1: p3 start 4294901760 is beyond EOD, truncated [ 1778.634972][T22970] loop1: p4 size 50331648 extends beyond EOD, truncated [ 1780.246415][T23000] netlink: 'syz.0.4204': attribute type 1 has an invalid length. [ 1780.254197][T23000] netlink: 224 bytes leftover after parsing attributes in process `syz.0.4204'. [ 1780.263274][T23000] nbd: couldn't find a device at index 33022 [ 1780.912806][T19459] Bluetooth: hci4: command 0x0419 tx timeout [ 1780.953493][T22882] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1781.005789][T22882] 8021q: adding VLAN 0 to HW filter on device team0 [ 1781.032404][T14791] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1781.045874][T23014] ip6t_srh: unknown srh invflags 92A7 [ 1781.061142][T14791] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1781.071688][T23019] loop1: detected capacity change from 0 to 512 [ 1781.116592][T14791] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1781.155936][T20253] udevd[20253]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 1781.177063][T14791] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1781.180142][T19621] udevd[19621]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 1781.234427][T14791] bridge0: port 1(bridge_slave_0) entered blocking state [ 1781.241518][T14791] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1781.254781][T23019] EXT4-fs error (device loop1): ext4_orphan_get:1401: inode #15: comm syz.1.4209: casefold flag without casefold feature [ 1781.290361][T23025] loop4: detected capacity change from 0 to 512 [ 1781.299661][T23019] EXT4-fs error (device loop1): ext4_orphan_get:1406: comm syz.1.4209: couldn't read orphan inode 15 (err -117) [ 1781.344007][T14791] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1781.353048][T14791] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1781.355357][T23019] EXT4-fs (loop1): mounted filesystem without journal. Opts: nobarrier,,errors=continue. Quota mode: writeback. [ 1781.364417][T14791] bridge0: port 2(bridge_slave_1) entered blocking state [ 1781.379915][T14791] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1781.420155][T14791] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1781.429920][T23025] EXT4-fs error (device loop4): ext4_orphan_get:1401: inode #15: comm syz.4.4210: casefold flag without casefold feature [ 1781.433551][T14791] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1781.453528][T14791] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1781.463578][T14791] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1781.474910][T14791] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1781.483392][T14791] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1781.492278][T14791] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1781.496084][T23025] EXT4-fs error (device loop4): ext4_orphan_get:1406: comm syz.4.4210: couldn't read orphan inode 15 (err -117) [ 1781.501556][T14791] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1781.538313][ T777] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1781.566204][ T777] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1781.620616][T23019] overlayfs: missing 'lowerdir' [ 1781.644450][T23025] EXT4-fs (loop4): mounted filesystem without journal. Opts: nobarrier,,errors=continue. Quota mode: writeback. [ 1781.717063][ T3656] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1781.726709][ T3656] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1781.738975][T22882] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1782.583389][ T777] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1782.601380][ T777] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1782.642183][T22882] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1782.764653][ T3656] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1782.783893][ T3656] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1783.497255][T22882] device veth0_vlan entered promiscuous mode [ 1783.575526][ T3656] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1783.604780][ T3656] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1783.648359][T22882] device veth1_vlan entered promiscuous mode [ 1783.736786][T22882] device veth0_macvtap entered promiscuous mode [ 1783.764198][ T3656] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1783.794395][ T3656] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1783.805035][ T3656] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1783.819495][ T3656] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1783.953958][ T3656] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1784.132250][T22882] device veth1_macvtap entered promiscuous mode [ 1784.445906][ T5814] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 1784.469580][T22882] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1784.515568][T22882] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1784.585775][T22882] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1784.606946][T22882] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1784.688145][T23055] loop1: detected capacity change from 0 to 256 [ 1784.787053][T22882] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1784.918433][T22882] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1785.040307][T22882] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1785.169059][T22882] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1785.322183][T22882] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1785.348730][T22882] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1785.376135][T22882] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1785.400026][T23042] loop3: detected capacity change from 0 to 32768 [ 1785.415673][T22882] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1785.435243][T22882] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1785.494019][ T4162] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1785.503927][ T4162] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1785.513849][ T4162] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1785.525449][T22882] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1785.772710][ T5814] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1785.783822][ T5814] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1024 [ 1785.844654][T22882] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1785.862540][T22882] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1785.874692][T22882] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1785.892822][T22882] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1785.915026][T22882] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1785.933760][T22882] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1785.945832][T22882] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1785.968756][ T5814] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1785.978516][ T5814] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1785.986508][T22882] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1785.986528][T22882] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1785.986549][T22882] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1785.986562][T22882] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1785.987825][T22882] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1785.997640][ T5814] usb 5-1: Product: syz [ 1786.023472][T22882] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1786.048256][ T5814] usb 5-1: Manufacturer: syz [ 1786.052856][ T5814] usb 5-1: SerialNumber: syz [ 1786.062247][T22882] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1786.076084][T22882] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1786.084946][T22882] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1786.097145][T13181] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1786.106926][T13181] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1786.331415][T23047] udc-core: couldn't find an available UDC or it's busy [ 1786.358868][T23047] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 1786.445170][T14882] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1786.493705][T23069] netlink: 'syz.1.4219': attribute type 1 has an invalid length. [ 1786.501556][T23069] netlink: 224 bytes leftover after parsing attributes in process `syz.1.4219'. [ 1786.513597][T23069] nbd: couldn't find a device at index 33022 [ 1787.147290][T14882] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1787.169152][T20960] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1787.189689][T20960] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1787.212728][ T3656] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1787.229228][T13181] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1787.255483][T23075] loop3: detected capacity change from 0 to 512 [ 1787.349019][T23075] EXT4-fs (loop3): Ignoring removed nobh option [ 1787.355301][T23075] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 1787.428819][ T5814] cdc_ncm 5-1:1.0: bind() failure [ 1787.462148][ T5814] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found [ 1787.571576][ T5814] cdc_ncm 5-1:1.1: bind() failure [ 1788.112322][ T5814] usb 5-1: USB disconnect, device number 39 [ 1788.138200][T20258] Bluetooth: hci3: command 0x0406 tx timeout [ 1788.156652][T23075] EXT4-fs (loop3): 1 truncate cleaned up [ 1788.170976][T23075] EXT4-fs (loop3): mounted filesystem without journal. Opts: resuid=0x0000000000000000,grpquota,stripe=0x0000000000000000,nobh,,errors=continue. Quota mode: writeback. [ 1788.269870][T23089] loop1: detected capacity change from 0 to 512 [ 1790.252086][ T25] audit: type=1800 audit(2000000887.930:1124): pid=23098 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.4221" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 1790.527387][T23103] loop2: detected capacity change from 0 to 512 [ 1791.508917][T23115] binder: Bad value for 'max' [ 1791.517283][T23103] EXT4-fs (loop2): 1 orphan inode deleted [ 1791.528449][T23103] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1791.658980][T23103] ext4 filesystem being mounted at /2/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1791.698988][T14882] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1791.715768][T14882] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1791.792731][T23121] netlink: 'syz.4.4231': attribute type 1 has an invalid length. [ 1791.800552][T23121] netlink: 224 bytes leftover after parsing attributes in process `syz.4.4231'. [ 1791.809640][T23121] nbd: couldn't find a device at index 33022 [ 1792.408681][T23115] dlm: plock device version mismatch: kernel (1.2.0), user (314645249.2892448523.1886894762) [ 1792.420753][T23120] loop1: detected capacity change from 0 to 256 [ 1792.497558][T23106] block nbd0: shutting down sockets [ 1792.573121][T23120] FAT-fs (loop1): bogus sectors per cluster 0 [ 1792.581683][T23120] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1792.692912][T23131] 9pnet: p9_errstr2errno: server reported unknown error œæçæŒÎsÅ‚Ï£žßä“X\x§ÃãEµ [ 1794.772053][T23149] loop3: detected capacity change from 0 to 512 [ 1794.921820][T23149] EXT4-fs error (device loop3): ext4_orphan_get:1401: inode #15: comm syz.3.4238: casefold flag without casefold feature [ 1794.935435][T23160] loop2: detected capacity change from 0 to 512 [ 1794.950916][T23149] EXT4-fs error (device loop3): ext4_orphan_get:1406: comm syz.3.4238: couldn't read orphan inode 15 (err -117) [ 1794.982622][T23149] EXT4-fs (loop3): mounted filesystem without journal. Opts: nobarrier,,errors=continue. Quota mode: writeback. [ 1795.017896][T23163] tap0: tun_chr_ioctl cmd 1074025677 [ 1795.024454][T23163] tap0: linktype set to 147 [ 1795.101480][T23149] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1795.117234][T23149] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1795.136804][T23160] EXT4-fs error (device loop2): ext4_orphan_get:1401: inode #15: comm syz.2.4240: casefold flag without casefold feature [ 1795.184811][T23160] EXT4-fs error (device loop2): ext4_orphan_get:1406: comm syz.2.4240: couldn't read orphan inode 15 (err -117) [ 1795.246963][T23166] Cannot find del_set index 286 as target [ 1795.291763][T23160] EXT4-fs (loop2): mounted filesystem without journal. Opts: nobarrier,,errors=continue. Quota mode: writeback. [ 1795.386375][T23166] netlink: 'syz.4.4243': attribute type 2 has an invalid length. [ 1795.412133][T23160] overlayfs: missing 'workdir' [ 1795.571866][T23176] netlink: 'syz.3.4242': attribute type 1 has an invalid length. [ 1795.579709][T23176] netlink: 224 bytes leftover after parsing attributes in process `syz.3.4242'. [ 1795.588863][T23176] nbd: couldn't find a device at index 33022 [ 1796.250963][T23179] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4246'. [ 1796.276282][T23179] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4246'. [ 1796.799011][T23185] 9pnet: p9_errstr2errno: server reported unknown error œæçæŒÎsÅ‚Ï£žßä“X\x§ÃãEµ [ 1797.219031][T23190] loop3: detected capacity change from 0 to 1024 [ 1797.512445][T23190] JBD2: no valid journal superblock found [ 1797.638329][T23203] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4250'. [ 1797.802533][T23203] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1799.259577][T23190] EXT4-fs (loop3): error loading journal [ 1799.567986][T23210] loop4: detected capacity change from 0 to 512 [ 1800.028626][T23210] EXT4-fs error (device loop4): ext4_orphan_get:1401: inode #15: comm syz.4.4253: casefold flag without casefold feature [ 1800.288014][ T3619] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 1800.296710][T23210] EXT4-fs error (device loop4): ext4_orphan_get:1406: comm syz.4.4253: couldn't read orphan inode 15 (err -117) [ 1800.353502][T23210] EXT4-fs (loop4): mounted filesystem without journal. Opts: nobarrier,,errors=continue. Quota mode: writeback. [ 1800.453550][T23210] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1800.508429][T23210] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1800.918975][T23227] loop3: detected capacity change from 0 to 40427 [ 1801.926956][ T3619] usb 2-1: device not accepting address 40, error -71 [ 1801.972093][T23227] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 1801.979905][T23227] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 1801.995358][T23226] overlayfs: missing 'workdir' [ 1801.996111][T23227] F2FS-fs (loop3): invalid crc value [ 1802.152707][T23227] F2FS-fs (loop3): Found nat_bits in checkpoint [ 1802.787383][T23227] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 1802.794447][T23227] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 1802.809634][ T25] audit: type=1804 audit(2000000900.472:1125): pid=23225 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.4256" name="/newroot/81/bus/bus" dev="loop3" ino=10 res=1 errno=0 [ 1803.088630][T23243] loop2: detected capacity change from 0 to 512 [ 1803.213094][T23247] loop1: detected capacity change from 0 to 164 [ 1804.566916][ T25] audit: type=1326 audit(2000000902.221:1126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23242 comm="syz.4.4261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37785c2ff9 code=0x7fc00000 [ 1804.675968][T23246] netlink: 152 bytes leftover after parsing attributes in process `syz.4.4261'. [ 1804.764262][ T25] audit: type=1326 audit(2000000902.311:1127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23242 comm="syz.4.4261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f37785c2ff9 code=0x7fc00000 [ 1804.845678][T23243] EXT4-fs (loop2): Mount option "noacl" will be removed by 3.5 [ 1804.845678][T23243] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 1804.845678][T23243] [ 1804.863336][ C0] vkms_vblank_simulate: vblank timer overrun [ 1804.888237][T23247] rock: directory entry would overflow storage [ 1804.889880][ T25] audit: type=1326 audit(2000000902.451:1128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23242 comm="syz.4.4261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37785c2ff9 code=0x7fc00000 [ 1804.894536][T23247] rock: sig=0x5245, size=8, remaining=3 [ 1804.916904][ C0] vkms_vblank_simulate: vblank timer overrun [ 1804.974067][T23243] EXT4-fs (loop2): 1 orphan inode deleted [ 1804.979923][T23243] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_nolock,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,noacl,usrquota,,errors=continue. Quota mode: writeback. [ 1805.003458][T23243] ext4 filesystem being mounted at /6/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1805.032203][T23254] [ 1805.034551][T23254] ===================================================== [ 1805.041481][T23254] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 1805.048927][T23254] 5.15.169-syzkaller #0 Not tainted [ 1805.054111][T23254] ----------------------------------------------------- [ 1805.061027][T23254] syz.0.4266/23254 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 1805.068744][T23254] ffff8880582276a8 (&new->fa_lock){...-}-{2:2}, at: kill_fasync+0x16a/0x490 [ 1805.077453][T23254] [ 1805.077453][T23254] and this task is already holding: [ 1805.084812][T23254] ffff88807b54f028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0xe7/0xb60 [ 1805.094567][T23254] which would create a new lock dependency: [ 1805.100455][T23254] (&client->buffer_lock){....}-{2:2} -> (&new->fa_lock){...-}-{2:2} [ 1805.108551][T23254] [ 1805.108551][T23254] but this new dependency connects a HARDIRQ-irq-safe lock: [ 1805.117993][T23254] (&dev->event_lock#2){-.-.}-{2:2} [ 1805.118026][T23254] [ 1805.118026][T23254] ... which became HARDIRQ-irq-safe at: [ 1805.121435][T23257] loop4: detected capacity change from 0 to 512 [ 1805.123203][T23254] lock_acquire+0x1db/0x4f0 [ 1805.123227][T23254] _raw_spin_lock_irqsave+0xd1/0x120 [ 1805.147068][T23254] input_event+0x8a/0xd0 [ 1805.151399][T23254] psmouse_report_standard_packet+0x50/0x200 [ 1805.157468][T23254] psmouse_process_byte+0x45b/0x640 [ 1805.162747][T23254] psmouse_handle_byte+0x46/0x4b0 [ 1805.167856][T23254] psmouse_interrupt+0x697/0x10a0 [ 1805.172964][T23254] serio_interrupt+0x88/0x130 [ 1805.177735][T23254] i8042_interrupt+0x355/0x750 [ 1805.182582][T23254] __handle_irq_event_percpu+0x292/0xa70 [ 1805.188297][T23254] handle_irq_event+0xff/0x2b0 [ 1805.193137][T23254] handle_edge_irq+0x245/0xbf0 [ 1805.197966][T23254] __common_interrupt+0xd7/0x1f0 [ 1805.202968][T23254] common_interrupt+0xae/0xd0 [ 1805.207711][T23254] asm_common_interrupt+0x22/0x40 [ 1805.212807][T23254] _raw_spin_unlock_irqrestore+0xd4/0x130 [ 1805.218594][T23254] i8042_aux_write+0x112/0x190 [ 1805.223422][T23254] ps2_do_sendbyte+0x20a/0x720 [ 1805.228251][T23254] ps2_sendbyte+0x5c/0x120 [ 1805.232730][T23254] cypress_send_ext_cmd+0x21d/0x900 [ 1805.237993][T23254] cypress_detect+0x8f/0x220 [ 1805.242649][T23254] psmouse_extensions+0xc2a/0x1550 [ 1805.247825][T23254] psmouse_switch_protocol+0x308/0x840 [ 1805.253346][T23254] psmouse_connect+0x94b/0x1430 [ 1805.258262][T23254] serio_driver_probe+0x74/0x90 [ 1805.263179][T23254] really_probe+0x24e/0xb60 [ 1805.267747][T23254] __driver_probe_device+0x1a2/0x3d0 [ 1805.273096][T23254] driver_probe_device+0x50/0x420 [ 1805.278189][T23254] __driver_attach+0x479/0x690 [ 1805.283028][T23254] bus_for_each_dev+0x17c/0x1f0 [ 1805.287944][T23254] serio_handle_event+0x56a/0x8f0 [ 1805.293039][T23254] process_one_work+0x8a1/0x10c0 [ 1805.298048][T23254] worker_thread+0xaca/0x1280 [ 1805.302796][T23254] kthread+0x3f6/0x4f0 [ 1805.306936][T23254] ret_from_fork+0x1f/0x30 [ 1805.311425][T23254] [ 1805.311425][T23254] to a HARDIRQ-irq-unsafe lock: [ 1805.318425][T23254] (tasklist_lock){.+.+}-{2:2} [ 1805.318447][T23254] [ 1805.318447][T23254] ... which became HARDIRQ-irq-unsafe at: [ 1805.331120][T23254] ... [ 1805.331125][T23254] lock_acquire+0x1db/0x4f0 [ 1805.338254][T23254] _raw_read_lock+0x32/0x40 [ 1805.342822][T23254] do_wait+0x2a7/0xaf0 [ 1805.346953][T23254] kernel_wait+0xe5/0x230 [ 1805.351346][T23254] call_usermodehelper_exec_work+0xb5/0x220 [ 1805.357304][T23254] process_one_work+0x8a1/0x10c0 [ 1805.362306][T23254] worker_thread+0xaca/0x1280 [ 1805.367048][T23254] kthread+0x3f6/0x4f0 [ 1805.371181][T23254] ret_from_fork+0x1f/0x30 [ 1805.375670][T23254] [ 1805.375670][T23254] other info that might help us debug this: [ 1805.375670][T23254] [ 1805.385874][T23254] Chain exists of: [ 1805.385874][T23254] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 1805.385874][T23254] [ 1805.399407][T23254] Possible interrupt unsafe locking scenario: [ 1805.399407][T23254] [ 1805.407705][T23254] CPU0 CPU1 [ 1805.413053][T23254] ---- ---- [ 1805.418407][T23254] lock(tasklist_lock); [ 1805.422640][T23254] local_irq_disable(); [ 1805.429373][T23254] lock(&dev->event_lock#2); [ 1805.436553][T23254] lock(&client->buffer_lock); [ 1805.443898][T23254] [ 1805.447331][T23254] lock(&dev->event_lock#2); [ 1805.452168][T23254] [ 1805.452168][T23254] *** DEADLOCK *** [ 1805.452168][T23254] [ 1805.460291][T23254] 7 locks held by syz.0.4266/23254: [ 1805.465464][T23254] #0: ffff88802591d110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x26d/0x7c0 [ 1805.474586][T23254] #1: ffff888025916230 (&dev->event_lock#2){-.-.}-{2:2}, at: input_inject_event+0xc0/0x300 [ 1805.484669][T23254] #2: ffffffff8c91fc60 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 1805.493955][T23254] #3: ffffffff8c91fc60 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 1805.503245][T23254] #4: ffffffff8c91fc60 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 1805.512538][T23254] #5: ffff88807b54f028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0xe7/0xb60 [ 1805.522693][T23254] #6: ffffffff8c91fc60 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 1805.531974][T23254] [ 1805.531974][T23254] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 1805.542352][T23254] -> (&dev->event_lock#2){-.-.}-{2:2} { [ 1805.548003][T23254] IN-HARDIRQ-W at: [ 1805.552046][T23254] lock_acquire+0x1db/0x4f0 [ 1805.558353][T23254] _raw_spin_lock_irqsave+0xd1/0x120 [ 1805.565445][T23254] input_event+0x8a/0xd0 [ 1805.571487][T23254] psmouse_report_standard_packet+0x50/0x200 [ 1805.579268][T23254] psmouse_process_byte+0x45b/0x640 [ 1805.586269][T23254] psmouse_handle_byte+0x46/0x4b0 [ 1805.593094][T23254] psmouse_interrupt+0x697/0x10a0 [ 1805.599920][T23254] serio_interrupt+0x88/0x130 [ 1805.606400][T23254] i8042_interrupt+0x355/0x750 [ 1805.612963][T23254] __handle_irq_event_percpu+0x292/0xa70 [ 1805.620399][T23254] handle_irq_event+0xff/0x2b0 [ 1805.626976][T23254] handle_edge_irq+0x245/0xbf0 [ 1805.633556][T23254] __common_interrupt+0xd7/0x1f0 [ 1805.640302][T23254] common_interrupt+0xae/0xd0 [ 1805.646793][T23254] asm_common_interrupt+0x22/0x40 [ 1805.653633][T23254] _raw_spin_unlock_irqrestore+0xd4/0x130 [ 1805.661166][T23254] i8042_aux_write+0x112/0x190 [ 1805.667769][T23254] ps2_do_sendbyte+0x20a/0x720 [ 1805.674345][T23254] ps2_sendbyte+0x5c/0x120 [ 1805.680571][T23254] cypress_send_ext_cmd+0x21d/0x900 [ 1805.687575][T23254] cypress_detect+0x8f/0x220 [ 1805.693974][T23254] psmouse_extensions+0xc2a/0x1550 [ 1805.700887][T23254] psmouse_switch_protocol+0x308/0x840 [ 1805.708150][T23254] psmouse_connect+0x94b/0x1430 [ 1805.714806][T23254] serio_driver_probe+0x74/0x90 [ 1805.721459][T23254] really_probe+0x24e/0xb60 [ 1805.727773][T23254] __driver_probe_device+0x1a2/0x3d0 [ 1805.734858][T23254] driver_probe_device+0x50/0x420 [ 1805.741683][T23254] __driver_attach+0x479/0x690 [ 1805.748249][T23254] bus_for_each_dev+0x17c/0x1f0 [ 1805.754899][T23254] serio_handle_event+0x56a/0x8f0 [ 1805.761725][T23254] process_one_work+0x8a1/0x10c0 [ 1805.768468][T23254] worker_thread+0xaca/0x1280 [ 1805.774948][T23254] kthread+0x3f6/0x4f0 [ 1805.780817][T23254] ret_from_fork+0x1f/0x30 [ 1805.787037][T23254] IN-SOFTIRQ-W at: [ 1805.791086][T23254] lock_acquire+0x1db/0x4f0 [ 1805.797396][T23254] _raw_spin_lock_irqsave+0xd1/0x120 [ 1805.804501][T23254] input_inject_event+0xc0/0x300 [ 1805.811241][T23254] led_trigger_event+0x109/0x1e0 [ 1805.817980][T23254] kbd_bh+0x18a/0x260 [ 1805.823765][T23254] tasklet_action_common+0x3cb/0x4a0 [ 1805.830855][T23254] handle_softirqs+0x3a7/0x930 [ 1805.837422][T23254] __irq_exit_rcu+0x157/0x240 [ 1805.843900][T23254] irq_exit_rcu+0x5/0x20 [ 1805.849947][T23254] sysvec_apic_timer_interrupt+0xa0/0xc0 [ 1805.857385][T23254] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 1805.865170][T23254] _raw_spin_unlock_irqrestore+0xd4/0x130 [ 1805.872697][T23254] evdev_write+0x668/0x7c0 [ 1805.878918][T23254] vfs_write+0x30c/0xe50 [ 1805.884964][T23254] ksys_write+0x1a2/0x2c0 [ 1805.891099][T23254] do_syscall_64+0x3b/0xb0 [ 1805.897319][T23254] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1805.905014][T23254] INITIAL USE at: [ 1805.908974][T23254] lock_acquire+0x1db/0x4f0 [ 1805.915189][T23254] _raw_spin_lock_irqsave+0xd1/0x120 [ 1805.922186][T23254] input_inject_event+0xc0/0x300 [ 1805.928838][T23254] led_trigger_event+0x109/0x1e0 [ 1805.935489][T23254] kbd_led_trigger_activate+0xb9/0x100 [ 1805.942666][T23254] led_trigger_set+0x55a/0x970 [ 1805.949143][T23254] led_trigger_set_default+0x1c2/0x200 [ 1805.956315][T23254] led_classdev_register_ext+0x6cf/0x8d0 [ 1805.963661][T23254] input_leds_connect+0x503/0x740 [ 1805.970398][T23254] input_register_device+0xdae/0x1150 [ 1805.977484][T23254] atkbd_connect+0x7a7/0xa70 [ 1805.983786][T23254] serio_driver_probe+0x74/0x90 [ 1805.990356][T23254] really_probe+0x24e/0xb60 [ 1805.996572][T23254] __driver_probe_device+0x1a2/0x3d0 [ 1806.003569][T23254] driver_probe_device+0x50/0x420 [ 1806.010306][T23254] __driver_attach+0x479/0x690 [ 1806.016787][T23254] bus_for_each_dev+0x17c/0x1f0 [ 1806.023350][T23254] serio_handle_event+0x56a/0x8f0 [ 1806.030089][T23254] process_one_work+0x8a1/0x10c0 [ 1806.036744][T23254] worker_thread+0xaca/0x1280 [ 1806.043134][T23254] kthread+0x3f6/0x4f0 [ 1806.048918][T23254] ret_from_fork+0x1f/0x30 [ 1806.055050][T23254] } [ 1806.057618][T23254] ... key at: [] input_allocate_device.__key.6+0x0/0x20 [ 1806.066709][T23254] -> (&client->buffer_lock){....}-{2:2} { [ 1806.072417][T23254] INITIAL USE at: [ 1806.076287][T23254] lock_acquire+0x1db/0x4f0 [ 1806.082334][T23254] _raw_spin_lock_irqsave+0xd1/0x120 [ 1806.089161][T23254] evdev_ioctl_handler+0x197f/0x2090 [ 1806.095988][T23254] __se_sys_ioctl+0xf1/0x160 [ 1806.102119][T23254] do_syscall_64+0x3b/0xb0 [ 1806.108081][T23254] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1806.115514][T23254] } [ 1806.117988][T23254] ... key at: [] evdev_open.__key.23+0x0/0x20 [ 1806.126120][T23254] ... acquired at: [ 1806.129898][T23254] lock_acquire+0x1db/0x4f0 [ 1806.134549][T23254] _raw_spin_lock+0x2a/0x40 [ 1806.139205][T23254] evdev_pass_values+0xe7/0xb60 [ 1806.144208][T23254] evdev_events+0x198/0x2c0 [ 1806.148862][T23254] input_pass_values+0x873/0x1200 [ 1806.154038][T23254] input_handle_event+0xc9b/0x1600 [ 1806.159300][T23254] input_inject_event+0x1fc/0x300 [ 1806.164475][T23254] evdev_write+0x668/0x7c0 [ 1806.169042][T23254] vfs_write+0x30c/0xe50 [ 1806.173441][T23254] ksys_write+0x1a2/0x2c0 [ 1806.177921][T23254] do_syscall_64+0x3b/0xb0 [ 1806.182488][T23254] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1806.188536][T23254] [ 1806.190838][T23254] [ 1806.190838][T23254] the dependencies between the lock to be acquired [ 1806.190845][T23254] and HARDIRQ-irq-unsafe lock: [ 1806.204317][T23254] -> (tasklist_lock){.+.+}-{2:2} { [ 1806.209598][T23254] HARDIRQ-ON-R at: [ 1806.213728][T23254] lock_acquire+0x1db/0x4f0 [ 1806.220208][T23254] _raw_read_lock+0x32/0x40 [ 1806.226684][T23254] do_wait+0x2a7/0xaf0 [ 1806.232727][T23254] kernel_wait+0xe5/0x230 [ 1806.239038][T23254] call_usermodehelper_exec_work+0xb5/0x220 [ 1806.246911][T23254] process_one_work+0x8a1/0x10c0 [ 1806.253822][T23254] worker_thread+0xaca/0x1280 [ 1806.260474][T23254] kthread+0x3f6/0x4f0 [ 1806.266519][T23254] ret_from_fork+0x1f/0x30 [ 1806.272912][T23254] SOFTIRQ-ON-R at: [ 1806.277049][T23254] lock_acquire+0x1db/0x4f0 [ 1806.283526][T23254] _raw_read_lock+0x32/0x40 [ 1806.290003][T23254] do_wait+0x2a7/0xaf0 [ 1806.296052][T23254] kernel_wait+0xe5/0x230 [ 1806.302364][T23254] call_usermodehelper_exec_work+0xb5/0x220 [ 1806.310260][T23254] process_one_work+0x8a1/0x10c0 [ 1806.317191][T23254] worker_thread+0xaca/0x1280 [ 1806.323846][T23254] kthread+0x3f6/0x4f0 [ 1806.329894][T23254] ret_from_fork+0x1f/0x30 [ 1806.336291][T23254] INITIAL USE at: [ 1806.340337][T23254] lock_acquire+0x1db/0x4f0 [ 1806.346729][T23254] _raw_write_lock_irq+0xcf/0x110 [ 1806.353642][T23254] copy_process+0x22be/0x3ef0 [ 1806.360207][T23254] kernel_clone+0x210/0x960 [ 1806.366597][T23254] kernel_thread+0x168/0x1e0 [ 1806.373085][T23254] rest_init+0x21/0x330 [ 1806.379134][T23254] start_kernel+0x48c/0x540 [ 1806.385531][T23254] secondary_startup_64_no_verify+0xb1/0xbb [ 1806.393312][T23254] INITIAL READ USE at: [ 1806.397793][T23254] lock_acquire+0x1db/0x4f0 [ 1806.404615][T23254] _raw_read_lock+0x32/0x40 [ 1806.411440][T23254] do_wait+0x2a7/0xaf0 [ 1806.417830][T23254] kernel_wait+0xe5/0x230 [ 1806.424478][T23254] call_usermodehelper_exec_work+0xb5/0x220 [ 1806.432696][T23254] process_one_work+0x8a1/0x10c0 [ 1806.439960][T23254] worker_thread+0xaca/0x1280 [ 1806.446971][T23254] kthread+0x3f6/0x4f0 [ 1806.453372][T23254] ret_from_fork+0x1f/0x30 [ 1806.460116][T23254] } [ 1806.462767][T23254] ... key at: [] tasklist_lock+0x18/0x40 [ 1806.470640][T23254] ... acquired at: [ 1806.474597][T23254] lock_acquire+0x1db/0x4f0 [ 1806.479258][T23254] _raw_read_lock+0x32/0x40 [ 1806.483915][T23254] send_sigio+0xd2/0x330 [ 1806.488309][T23254] kill_fasync+0x20c/0x490 [ 1806.492879][T23254] pipe_release+0x1ab/0x330 [ 1806.497534][T23254] __fput+0x3fe/0x8e0 [ 1806.501673][T23254] task_work_run+0x129/0x1a0 [ 1806.506416][T23254] exit_to_user_mode_loop+0x106/0x130 [ 1806.511936][T23254] exit_to_user_mode_prepare+0xb1/0x140 [ 1806.517630][T23254] syscall_exit_to_user_mode+0x5d/0x240 [ 1806.523328][T23254] do_syscall_64+0x47/0xb0 [ 1806.527897][T23254] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1806.533940][T23254] [ 1806.536241][T23254] -> (&f->f_owner.lock){...-}-{2:2} { [ 1806.541692][T23254] IN-SOFTIRQ-R at: [ 1806.545739][T23254] lock_acquire+0x1db/0x4f0 [ 1806.552044][T23254] _raw_read_lock_irqsave+0xd9/0x120 [ 1806.559131][T23254] send_sigio+0x2f/0x330 [ 1806.565174][T23254] kill_fasync+0x20c/0x490 [ 1806.571392][T23254] sock_wake_async+0x145/0x170 [ 1806.577959][T23254] sk_wake_async+0x15d/0x250 [ 1806.584350][T23254] sock_def_readable+0x181/0x240 [ 1806.591091][T23254] mptcp_data_ready+0x41e/0x790 [ 1806.597743][T23254] subflow_data_ready+0x26e/0x3b0 [ 1806.604568][T23254] tcp_data_queue+0x2146/0x6f20 [ 1806.611220][T23254] tcp_rcv_established+0xe3e/0x1e20 [ 1806.618220][T23254] tcp_v4_do_rcv+0x423/0x960 [ 1806.624617][T23254] tcp_v4_rcv+0x2740/0x2d80 [ 1806.630921][T23254] ip_protocol_deliver_rcu+0x381/0x730 [ 1806.638180][T23254] ip_local_deliver_finish+0x1db/0x320 [ 1806.645435][T23254] NF_HOOK+0x364/0x410 [ 1806.651302][T23254] NF_HOOK+0x364/0x410 [ 1806.657170][T23254] __netif_receive_skb+0x1c6/0x530 [ 1806.664082][T23254] process_backlog+0x363/0x7f0 [ 1806.670647][T23254] __napi_poll+0xc7/0x440 [ 1806.676779][T23254] net_rx_action+0x617/0xda0 [ 1806.683174][T23254] handle_softirqs+0x3a7/0x930 [ 1806.689738][T23254] run_ksoftirqd+0xc6/0x120 [ 1806.696041][T23254] smpboot_thread_fn+0x51b/0x9d0 [ 1806.702778][T23254] kthread+0x3f6/0x4f0 [ 1806.708647][T23254] ret_from_fork+0x1f/0x30 [ 1806.714864][T23254] INITIAL USE at: [ 1806.718823][T23254] lock_acquire+0x1db/0x4f0 [ 1806.725037][T23254] _raw_write_lock_irq+0xcf/0x110 [ 1806.731776][T23254] __f_setown+0x38/0x350 [ 1806.737732][T23254] f_setown+0x11f/0x1c0 [ 1806.743601][T23254] do_fcntl+0x1b7/0x1600 [ 1806.749565][T23254] __se_sys_fcntl+0xd8/0x1b0 [ 1806.755871][T23254] do_syscall_64+0x3b/0xb0 [ 1806.762001][T23254] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1806.769610][T23254] INITIAL READ USE at: [ 1806.774001][T23254] lock_acquire+0x1db/0x4f0 [ 1806.780651][T23254] _raw_read_lock_irqsave+0xd9/0x120 [ 1806.788083][T23254] send_sigio+0x2f/0x330 [ 1806.794473][T23254] kill_fasync+0x20c/0x490 [ 1806.801038][T23254] sock_wake_async+0x145/0x170 [ 1806.807949][T23254] sk_wake_async+0x15d/0x250 [ 1806.814686][T23254] sock_def_readable+0x181/0x240 [ 1806.821770][T23254] mptcp_data_ready+0x41e/0x790 [ 1806.828768][T23254] subflow_data_ready+0x26e/0x3b0 [ 1806.835942][T23254] tcp_data_queue+0x2146/0x6f20 [ 1806.842945][T23254] tcp_rcv_established+0xe3e/0x1e20 [ 1806.850290][T23254] tcp_v4_do_rcv+0x423/0x960 [ 1806.857031][T23254] __release_sock+0x198/0x4b0 [ 1806.863855][T23254] release_sock+0x5d/0x1c0 [ 1806.870421][T23254] __mptcp_push_pending+0x300/0xb20 [ 1806.877765][T23254] mptcp_sendmsg+0xf96/0x1e10 [ 1806.884590][T23254] __sys_sendto+0x564/0x720 [ 1806.891243][T23254] __x64_sys_sendto+0xda/0xf0 [ 1806.898068][T23254] do_syscall_64+0x3b/0xb0 [ 1806.904631][T23254] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1806.912674][T23254] } [ 1806.915240][T23254] ... key at: [] __alloc_file.__key+0x0/0x10 [ 1806.923371][T23254] ... acquired at: [ 1806.927235][T23254] lock_acquire+0x1db/0x4f0 [ 1806.931889][T23254] _raw_read_lock_irqsave+0xd9/0x120 [ 1806.937332][T23254] send_sigio+0x2f/0x330 [ 1806.941726][T23254] kill_fasync+0x20c/0x490 [ 1806.946294][T23254] sock_wake_async+0x145/0x170 [ 1806.951212][T23254] sk_wake_async+0x15d/0x250 [ 1806.955952][T23254] sock_def_readable+0x181/0x240 [ 1806.961039][T23254] mptcp_data_ready+0x41e/0x790 [ 1806.966041][T23254] subflow_data_ready+0x26e/0x3b0 [ 1806.971216][T23254] tcp_data_queue+0x2146/0x6f20 [ 1806.976217][T23254] tcp_rcv_established+0xe3e/0x1e20 [ 1806.981566][T23254] tcp_v4_do_rcv+0x423/0x960 [ 1806.986308][T23254] __release_sock+0x198/0x4b0 [ 1806.991134][T23254] release_sock+0x5d/0x1c0 [ 1806.995701][T23254] __mptcp_push_pending+0x300/0xb20 [ 1807.001049][T23254] mptcp_sendmsg+0xf96/0x1e10 [ 1807.005876][T23254] __sys_sendto+0x564/0x720 [ 1807.010532][T23254] __x64_sys_sendto+0xda/0xf0 [ 1807.015360][T23254] do_syscall_64+0x3b/0xb0 [ 1807.019926][T23254] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1807.025975][T23254] [ 1807.028273][T23254] -> (&new->fa_lock){...-}-{2:2} { [ 1807.033372][T23254] IN-SOFTIRQ-R at: [ 1807.037330][T23254] lock_acquire+0x1db/0x4f0 [ 1807.043458][T23254] _raw_read_lock_irqsave+0xd9/0x120 [ 1807.050372][T23254] kill_fasync+0x16a/0x490 [ 1807.056415][T23254] sock_wake_async+0x145/0x170 [ 1807.062806][T23254] sk_wake_async+0x15d/0x250 [ 1807.069023][T23254] sock_def_readable+0x181/0x240 [ 1807.075586][T23254] mptcp_data_ready+0x41e/0x790 [ 1807.082066][T23254] subflow_data_ready+0x26e/0x3b0 [ 1807.088720][T23254] tcp_data_queue+0x2146/0x6f20 [ 1807.095197][T23254] tcp_rcv_established+0xe3e/0x1e20 [ 1807.102021][T23254] tcp_v4_do_rcv+0x423/0x960 [ 1807.108239][T23254] tcp_v4_rcv+0x2740/0x2d80 [ 1807.114376][T23254] ip_protocol_deliver_rcu+0x381/0x730 [ 1807.121474][T23254] ip_local_deliver_finish+0x1db/0x320 [ 1807.128559][T23254] NF_HOOK+0x364/0x410 [ 1807.134252][T23254] NF_HOOK+0x364/0x410 [ 1807.139948][T23254] __netif_receive_skb+0x1c6/0x530 [ 1807.146689][T23254] process_backlog+0x363/0x7f0 [ 1807.153082][T23254] __napi_poll+0xc7/0x440 [ 1807.159070][T23254] net_rx_action+0x617/0xda0 [ 1807.165330][T23254] handle_softirqs+0x3a7/0x930 [ 1807.171722][T23254] run_ksoftirqd+0xc6/0x120 [ 1807.177851][T23254] smpboot_thread_fn+0x51b/0x9d0 [ 1807.184413][T23254] kthread+0x3f6/0x4f0 [ 1807.190108][T23254] ret_from_fork+0x1f/0x30 [ 1807.196155][T23254] INITIAL USE at: [ 1807.200034][T23254] lock_acquire+0x1db/0x4f0 [ 1807.206080][T23254] _raw_write_lock_irq+0xcf/0x110 [ 1807.212644][T23254] fasync_remove_entry+0xfb/0x1d0 [ 1807.219211][T23254] sock_fasync+0x86/0xf0 [ 1807.224999][T23254] __fput+0x766/0x8e0 [ 1807.230560][T23254] task_work_run+0x129/0x1a0 [ 1807.236691][T23254] exit_to_user_mode_loop+0x106/0x130 [ 1807.243607][T23254] exit_to_user_mode_prepare+0xb1/0x140 [ 1807.250693][T23254] syscall_exit_to_user_mode+0x5d/0x240 [ 1807.257778][T23254] do_syscall_64+0x47/0xb0 [ 1807.263733][T23254] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1807.271169][T23254] INITIAL READ USE at: [ 1807.275475][T23254] lock_acquire+0x1db/0x4f0 [ 1807.281955][T23254] _raw_read_lock_irqsave+0xd9/0x120 [ 1807.289214][T23254] kill_fasync+0x16a/0x490 [ 1807.295605][T23254] sock_wake_async+0x145/0x170 [ 1807.302344][T23254] sk_wake_async+0x15d/0x250 [ 1807.308908][T23254] sock_def_readable+0x181/0x240 [ 1807.315818][T23254] mptcp_data_ready+0x41e/0x790 [ 1807.322651][T23254] subflow_data_ready+0x26e/0x3b0 [ 1807.329652][T23254] tcp_data_queue+0x2146/0x6f20 [ 1807.336477][T23254] tcp_rcv_established+0xe3e/0x1e20 [ 1807.343648][T23254] tcp_v4_do_rcv+0x423/0x960 [ 1807.350212][T23254] __release_sock+0x198/0x4b0 [ 1807.356868][T23254] release_sock+0x5d/0x1c0 [ 1807.363266][T23254] __mptcp_push_pending+0x300/0xb20 [ 1807.370444][T23254] mptcp_sendmsg+0xf96/0x1e10 [ 1807.377097][T23254] __sys_sendto+0x564/0x720 [ 1807.383575][T23254] __x64_sys_sendto+0xda/0xf0 [ 1807.390253][T23254] do_syscall_64+0x3b/0xb0 [ 1807.396646][T23254] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1807.404517][T23254] } [ 1807.406994][T23254] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 1807.415649][T23254] ... acquired at: [ 1807.419426][T23254] lock_acquire+0x1db/0x4f0 [ 1807.424081][T23254] _raw_read_lock_irqsave+0xd9/0x120 [ 1807.429517][T23254] kill_fasync+0x16a/0x490 [ 1807.434086][T23254] evdev_pass_values+0x5ad/0xb60 [ 1807.439175][T23254] evdev_events+0x198/0x2c0 [ 1807.443828][T23254] input_pass_values+0x873/0x1200 [ 1807.449003][T23254] input_handle_event+0xc9b/0x1600 [ 1807.454263][T23254] input_inject_event+0x1fc/0x300 [ 1807.459436][T23254] evdev_write+0x668/0x7c0 [ 1807.464005][T23254] vfs_write+0x30c/0xe50 [ 1807.468399][T23254] ksys_write+0x1a2/0x2c0 [ 1807.472880][T23254] do_syscall_64+0x3b/0xb0 [ 1807.477450][T23254] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1807.483494][T23254] [ 1807.485797][T23254] [ 1807.485797][T23254] stack backtrace: [ 1807.491665][T23254] CPU: 0 PID: 23254 Comm: syz.0.4266 Not tainted 5.15.169-syzkaller #0 [ 1807.499880][T23254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1807.509913][T23254] Call Trace: [ 1807.513174][T23254] [ 1807.516085][T23254] dump_stack_lvl+0x1e3/0x2d0 [ 1807.520742][T23254] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 1807.526353][T23254] ? panic+0x860/0x860 [ 1807.530407][T23254] ? print_shortest_lock_dependencies+0xee/0x150 [ 1807.536713][T23254] validate_chain+0x4d01/0x5930 [ 1807.541551][T23254] ? reacquire_held_locks+0x660/0x660 [ 1807.546901][T23254] ? try_to_wake_up+0x807/0x1300 [ 1807.551817][T23254] ? __lock_acquire+0x1ff0/0x1ff0 [ 1807.556819][T23254] ? register_lock_class+0x100/0x9a0 [ 1807.562082][T23254] ? is_dynamic_key+0x1f0/0x1f0 [ 1807.566910][T23254] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 1807.572782][T23254] ? mark_lock+0x98/0x340 [ 1807.577092][T23254] __lock_acquire+0x1295/0x1ff0 [ 1807.581931][T23254] lock_acquire+0x1db/0x4f0 [ 1807.586412][T23254] ? kill_fasync+0x16a/0x490 [ 1807.590983][T23254] ? read_lock_is_recursive+0x10/0x10 [ 1807.596336][T23254] ? read_lock_is_recursive+0x10/0x10 [ 1807.601685][T23254] ? read_lock_is_recursive+0x10/0x10 [ 1807.607037][T23254] _raw_read_lock_irqsave+0xd9/0x120 [ 1807.612302][T23254] ? kill_fasync+0x16a/0x490 [ 1807.616875][T23254] ? _raw_read_lock+0x40/0x40 [ 1807.621533][T23254] kill_fasync+0x16a/0x490 [ 1807.625929][T23254] evdev_pass_values+0x5ad/0xb60 [ 1807.630851][T23254] ? evdev_pass_values+0x541/0xb60 [ 1807.635945][T23254] evdev_events+0x198/0x2c0 [ 1807.640426][T23254] ? evdev_event+0x170/0x170 [ 1807.644998][T23254] input_pass_values+0x873/0x1200 [ 1807.650004][T23254] input_handle_event+0xc9b/0x1600 [ 1807.655096][T23254] input_inject_event+0x1fc/0x300 [ 1807.660104][T23254] evdev_write+0x668/0x7c0 [ 1807.664508][T23254] ? evdev_read+0xe00/0xe00 [ 1807.668996][T23254] ? end_current_label_crit_section+0x147/0x170 [ 1807.675216][T23254] ? common_file_perm+0x17d/0x1d0 [ 1807.680231][T23254] ? fsnotify_perm+0x64/0x590 [ 1807.684887][T23254] ? security_file_permission+0x75/0xa0 [ 1807.690413][T23254] ? evdev_read+0xe00/0xe00 [ 1807.694897][T23254] vfs_write+0x30c/0xe50 [ 1807.699127][T23254] ? file_end_write+0x250/0x250 [ 1807.703956][T23254] ? read_lock_is_recursive+0x10/0x10 [ 1807.709307][T23254] ? __context_tracking_exit+0x4c/0x80 [ 1807.714748][T23254] ? __lock_acquire+0x1ff0/0x1ff0 [ 1807.719749][T23254] ? __fdget+0x19c/0x220 [ 1807.723975][T23254] ? __fdget_pos+0x1e9/0x380 [ 1807.728544][T23254] ksys_write+0x1a2/0x2c0 [ 1807.732854][T23254] ? print_irqtrace_events+0x210/0x210 [ 1807.738295][T23254] ? __ia32_sys_read+0x80/0x80 [ 1807.743036][T23254] ? syscall_enter_from_user_mode+0x2e/0x240 [ 1807.748997][T23254] ? lockdep_hardirqs_on+0x94/0x130 [ 1807.754174][T23254] ? syscall_enter_from_user_mode+0x2e/0x240 [ 1807.760133][T23254] do_syscall_64+0x3b/0xb0 [ 1807.764528][T23254] ? clear_bhb_loop+0x15/0x70 [ 1807.769180][T23254] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1807.775053][T23254] RIP: 0033:0x7f2896fc3ff9 [ 1807.779453][T23254] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1807.799036][T23254] RSP: 002b:00007f289543c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1807.807430][T23254] RAX: ffffffffffffffda RBX: 00007f289717bf80 RCX: 00007f2896fc3ff9 [ 1807.815379][T23254] RDX: 0000000000000078 RSI: 0000000020000000 RDI: 0000000000000008 [ 1807.823327][T23254] RBP: 00007f2897036296 R08: 0000000000000000 R09: 0000000000000000 [ 1807.831275][T23254] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1807.839222][T23254] R13: 0000000000000000 R14: 00007f289717bf80 R15: 00007ffd9b953648 [ 1807.847175][T23254] [ 1807.850316][ C0] vkms_vblank_simulate: vblank timer overrun [ 1809.911219][ T5814] Bluetooth: hci0: command 0x0406 tx timeout