last executing test programs: 15m31.353725657s ago: executing program 1 (id=2): r0 = socket$inet6(0xa, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_BIND_MAP(0xa, 0x0, 0x0) bind$inet6(r0, &(0x7f0000000dc0)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @empty}, 0x1c) syz_emit_ethernet(0x2a, &(0x7f0000000e00)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x30}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @broadcast}, {0x0, 0x4e20, 0x8}}}}}, 0x0) 15m31.233675527s ago: executing program 1 (id=5): syz_mount_image$exfat(&(0x7f00000005c0), &(0x7f0000000240)='./file0\x00', 0x3800052, &(0x7f0000000600)=ANY=[], 0x1, 0x14fe, &(0x7f0000002180)="$eJzs3Au0ztXWMPA511p/NklPkvuaa/55kssiSXJJSCRJkiS5JSRJkoTEJrckJCH3JPeQ3GIn9/st9yQ5kiQJCUnWN3Q6n/e8nfftnO+c7/V9Z8/fGGvsNff/mfNZa889nv9ljL2/7Ti4av1qlesyM/xT8M9fUgEgBQD6AcA1ABABQKlspbIBDoNMGlP/uTcR/1oPTbvSKxBXkvQ/fZP+p2/S//RN+p++Sf/TN+l/+ib9T9+k/0KkZ1un575WRvod/3PP/0Ge//8/R87//0YOFxvz5fpi13f6B1Kk/+mb9D99k/6nb9L/9E36n75J///NRQCV/pvD0v/0TfovRHp2pZ8/y7iy40r//gkhhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGESB/OhcsMAPxlfqXXJYQQQgghhBBCiH+dkPFKr0AIIYQQQgghhBD/9yEo0GAgggyQEVIgE2SGqyALXA1Z4RpIwLWQDa6D7HA95ICckAtyQx7IC/nAAoEDhhjyQwFIwg1QEG6EQlAYikBR8FAMisNNUAJuhpJwC5SCW6E03AZloCyUg/JwO1SAO6AiVILKcCdUgbugKlSDu6E63AM14F6oCfdBLbgfasMDUAcehLrwENSDh6E+PAIN4FFoCI2gMTSBpv9H+S9CV3gJukF3SIUe0BNehl7QG/pAX+gHr0B/eBUGwGswEAbBYHgdhsAbMBTehGEwHEbAWzASRsFoGANjYRyMh7dhArwDE+FdmASTYQpMhWkwHWbAezATZsFseB/mwAcwF+bBfFgAC+FDWASLIQ0+giXwMSyFZbAcVsBKWAWrYQ2shXWwHjbARtgEm2ELbIVPYBtshx2wE3bBbtgDn8Je+Az2weewH774B/PP/qf8TggIqFChQYMZMAOmYApmxsyYBbNgVsyKCUxgNsyG2TE75sAcmAtzYR7Mg/kwHxISMjLmx/yYxCQWxIJYCAthESyCHj0Wx+JYAm/GklgSS2EpLI2lsQyWxbJYHstjBayAFbEiVsbKWAWrYFWsinfj3XgP1sAaWBNrYi2shbWxNtbBOlgX62I9rIf1sT42wAbYEBtiY2yMTbEpNsNm2BybY0tsia2wFbbG1tgG22BbbIvtsB22x/bYATtgR+yInbAzdsYX8UV8CV/C7lhF9cCe2BN7YS/sg32xL76C/fFVfBVfw4E4CAfj6/g6voFD8QwOw+E4AkdgBTUKR+MYZDUOx+N4nIATcCJOxEk4GSfjVJyG03EGzsCZOAtn4fs4Bz/AD3AezsMFuBAX4iJcjGmYhkvwLC7FZbgcV+BKXIUrcQ2uxTW4HjfgetyEm3ALbsFP8BPcjttxJ+7E3bgbP8VP8TP8DAfiftyPB/AAHsSDeAgP4WE8jEfwCB7Fo3gMj+FxPI4n8CSewpN4Gk/jGTyL5/AcnsfzeAGfz/N1vd2F1w0EdYlRRmVQGVSKSlGZVWaVRWVRWVVWlVAJlU1lU9lVdpVD5VC5VC6VR+VR+VQ+RYoUq1jlV/lVUiVVQVVQFVKFVBFVRHnlVXFVXJVQJVRJVVKVUreq0uo2VUaVVS18eVVeVVAtfUVVSVVWlVUVdZeqqqqpaqq6qq5qqBqqpqqpaqlaqrZ6QNVRPbAPPqQudaa+GoQN1GBsqBqpxqqJegMfU83UUGyuWqiW6gk1HIdha9XMt1FPq7ZqNLZTz6ox+JzqoMZhR/WC6qQ6qy7qRdVVNffdMvz2EaimYi/VW/VRfdVMvEtd6lhV9ZoaqAapwep1tQDfUEPVm2qYGq5GqLfUSDVKjVZj1Fg1To1Xb6sJ6h01Ub2rJqnJaoqaqqap6WqGek/NVLPUbPW+mqM+UHPVPDVfLVAL1YdqkVqs0tRHaon6WC1Vy9RytUKtVKvUarVGrVXr1Hq1QW1Um9RmtUVtVZ+obWq72qF2ql1qt9qjPlV71Wdqn/pc7VdfqAPqT+qg+lIdUl+pw+prdUR9o46qb9Ux9Z06rr5XJ9RJdUr9oE6rH9UZdVadUz+p8+pndUH9oi6qoECjVlproyOdQWfUKTqTzqyv0ln01TqrvkYn9LU6m75OZ9fX6xw6p86lc+s8Oq/Op60m7TTrWOfXBXRS36AL6ht1IV1YF9FFtdfFdHF9ky6hb9Yl9S26lL5Vl9a36TK6rC6ny+vbdQV9h66oK+nK+k5dRd+lq+pq+m5dXd+ja+h7dU19n66l79e19QO6jn5Q19UP6Xr6YV1fP6Ib6Ed1Q91IN9ZNdFP9mG6mH9fNdQvdUj+hW+kndWv9lG6jn9Zt9TO6nX5Wt9fP6Q76ed1Rv6A76c66i/5FX9RBd9PddaruoXvql3Uv3Vv30X11P/2K7q9f1QP0a3qgHqQH69f1EP2GHqrf1MP0cD1Cv6VH6lF6tB6jx+pxerx+W0/Q7+iJ+l09SU/WU/RUPU1P131+qzT778h/52/kD/j13bforfoTvU1v1zv0Tr1L79Z79B69V+/V+/Q+vV/v1wf0AX1QH9SH9CF9WB/WR/QRfVQf1cf0MX1cH9cn9En9k/5Bn9Y/6jP6rD6rf9Ln9Xl94befARg0ymhjTGQymIwmxWQymc1VJou52mQ115iEudZkM9eZ7OZ6k8PkNLlMbpPH5DX5jDVknGETm/ymgEmaG0xBc6MpZAqbIqao8aaYKW5u+qfz/2h9TU1T08w0M81Nc9PStDStTCvT2rQ2bUwb09a0Ne1MO9PetDcdTAfT0XQ0nUwn08V0MV1NV9PNdDOpJtX0NC+bXqa36WP6mn7mFdPf9DcDzAAz0Aw0g81gM8QMMUPNUDPMDDMjzAgz0ow0o81oM9aMNePNeDPBTDATzUQzyUwyU8wUM81MMzPMDDPTzDSzzWwzx8wxc81cM9/MNwvNQrPILDJpJs0sMUvMUrPMLDMrzAqzyqwya8was86sMxvMBrPJbDJLzVaz1Wwz28wOs8PsMrvMHrPH7DV7zT6zz+w3+80Bc8AcNAfNIXPIHDaHzRFzxBw1R80xc8wcN8fNCXPCnDKnzGlz2pwxZ8w5c86cN+fNBXPBXDQXL132RSpSkYlMlCHKEKVEKVHmKHOUJcoSZY2yRokoEWWLskXZo+ujHFHOKFeUO8oT5Y1SwUYUuYijOMofFYiS0Q1RwejGqFBUOCoSFY18VCwqHt0UlYhujkpGt0Sloluj0tFtUZmobFQuKh/dHlWI7ogqRpWiytGdUZXorqhqVC26O6oe3RPViO6Nakb3RbWi+6Pa0QNRnejBqG70UFQvejiqHz0SNYgejRpGjaLGUZOo6b+0fghncj7uu9nuNtX2sD3ty7aX7W372L62n33F9rev2gH2NTvQDrKD7et2iH3DDrVv2mF2uB1h37Ij7Sg72o6xY+04O96+bSfYd+xE+66dZCfbKXaqnWan2xn2PTvTzrKz7ft2jv3AzrXz7Hy7wC60H9pFdrFNsx/ZJfZju9Qus8vtCrvSrrKr7Rq71q6z6+0Gu9FuspvtFrvVfmK32e12h91pd9nddo/91O61n9l99nO7335hD9g/2YP2S3vIfmUP26/tEfuNPWq/tcfsd/a4/d6esCftKfuDPW1/tGfsWXvO/mTP25/tBfuLvWjDpYv7S6d3MmQoA2WgFEqhzJSZslAWykpZKUEJykbZKDtlpxyUg3JRLspDeSgf5aNLmJjyU35KUpIKUkEqRIWoCBUhT56KU3EqQSWoJJWkUlSKSlNpKkNlqByVo9vpdrqD7qBKVInupDvpLrqLqlE1qk7VqQbVoJpUk2pRLapNtakO1aG6VJfqUT2qT/WpATWghtSQGlNjakpNqRk1o+bUnFpSS2pFrag1taY21IbaUltqR+2oPbWnDtSBOlJH6kSdqAt1oa7UlbpRN0qlVOpJPakX9aI+1If6UT/qT/1pAA2ggTSQBtNgGkJDaCgNpWE0nEbQWzSSRtFoGkNjaRyNp/E0gSbQRJpIk2gSTaEpNI2m0QyaQTNpJs2m2TSH5tBcmkvzaT4tpIW0iBZRGqXRElpCS2kpLafltJJW0mpaTWtpLa2n9bSRNtJm2kxbaStto220g3bQLtpFe2gP7aW9tI/20X7aTwfoAB2kg3SIDtFhOkxH6AgdpaN0jI7RcTpOJ+gEnaJTdJpO0xk6Q+foHJ2nn+kC/UIXKVCKU5DZXeWyuKtdVneNS3GZ3KU4AoBLcS6X2+VxeV0+Z10Ol/OvYnLOFXKFXRFX1HlXzBV3N/0uLuPKunKuvLvdVXB3uIq/i6u7e1wNd6+r6e5z1dzdfxXXcve72u4RV8c96uq6Rq6ea+Lqu0dcA/eoa+gaucauiWvlnnSt3VOujXvatXXP/C5e5Ba7tW6dW+82uL3uM3fO/eSOum/defez6+a6u37uFdffveoGuNfcQDfod/EI95Yb6Ua50W6MG+vG/S6e4qa6aW66m+HeczPdrN/FC92Hbo5Lc3PdPDffLfg1vrSmNPeRW+I+dkvdMrfcrXAr3Sq32q3532td4Ta5zW6L2+M+ddvcdrfD7XS73O5f40v72Oc+d/vdF+6I+8YddF+6Q+6YO+y+/jW+tL9j7jt33H3vTriT7pT7wZ12P7oz7uyv+7+09x/cL+6iCw4YWbFmwxFn4Iycwpk4M1/FWfhqzsrXcIKv5Wx8HWfn6zkH5+RcnJvzcF7Ox5aJHTPHnJ8LcJJv4IJ8IxfiwlyEi7LnYlycb+ISfDOX5Fu4FN/Kpfk2LsNluRyX59u5At/BFbkSV+Y7uUoIXJWr8d1cne/hGnwv1+T7uBbfz7X5Aa7DD3Jdfojr8cNcnx/hBvwoN+RG3JibcFN+jJvx49ycW3BLfoJb8ZPcmp/iNvw0t+VnuB0/y+35Oe7Az3NHfoE7cWfuwi9yV36Ju3F3TuUe3JNf5l7cm/twX+7Hr3B/fpUH8Gs8kAfxYH6dh/AbPJTf5GE8nEfwWzySR/FoHsNjeRyP57d5Ar/DE/ldnsSTeQpP5Wk8nWfwezyTZ/Fsfp/n8Ac8l+fxfF7AC/lDXsSLOY0/4iX8MS/lZbycV/BKXsWreQ2v5XW8njfwRt7Em3kLb+VPeBtv5x28k3fxbt7Dn/Je/oz38ee8n7/gA/wnPshf8iH+ig/z13yEv+Gj/C0f4+/4OH/PJ/gkn+If+DT/yGf4LJ/jn/g8/8wX+Be+yIEhxljFOjZxFGeIM8YpcaY4c3xVnCW+Os4aXxMn4mvjbPF1cfb4+jhHnDPOFeeO88R543yxjSl2McdxnD8uECfjG+KC8Y1xobhwXCQuGvu4WFw8vikuEd8cl4xviUvFt8al49viMnHZ+JH7yse3xxXiO+KKcaW4cnxnXCW+K64aV4vvjqvH98Q14nvjmvF9ccn4/rh2/EBcJ34wrhs/FNeLH47rx4/EDeJH44Zxo7hx3CRuGj8WN4sfj5vHLeKW8RNxq/jJuHX8VNwmfjpuGz/zh8dT4x5xz/jl+OU4hHv1/OSC5MLkh8lFycXJtORHySXJj5NLk8uSy5MrkiuTq5Krk2uSa5PrkuuTG5Ibk5uSm5NbkiFUywgevfLaGx/5DD6jT/GZfGZ/lc/ir/ZZ/TU+4a/12fx1Pru/3ufwOX0un9vn8Xl9Pm89eefZxz6/L+CT/gZf0N/oC/nCvogv6r0v5ov7Jr6pb+qb+cd9c9/Ct/RP+Cf8k/5J/5R/yj/t2/pnfDv/rG/vn/Md/PP+ef+C7+Q7+y7+Rd/Vv+S7+e4+1af6nr6n7+V7+T6+j+/n+/n+vr8f4Af4gX6gH+wH+yF+iB/qh/phfpgf4Uf4kX6kH+1H+7F+rB/vx/sJfoKf6Cf6SX6Sn+Kn+Gl+mp/hZ/iZfqaf7Wf7OYXm+Ll+rp/v5/uFfqFf5Bf5NJ/ml/glfqlf6pf75X6lX+lX+9V+rV/r1/v1fqPf6Df7zX6r3+q3+W1+h9/hd/ldfo/f4/f6vX6f3+f3+/3+gD/gD/qD/pD/yh/2X/sj/ht/1H/rj/nv/HH/vT/hT/pT/gd/2v/oz/iz/pz/yZ/3P/sL/hd/0Qc/PvF2YkLincTExLuJSYnJiSmJqYlpiemJGYn3EjMTsxKzE+8n5iQ+SMxNzEvMTyxILEx8mFiUWJxIS3yUWJL4OLE0sSyxPLEisTKxKhFC3m1xyB8KhGS4IRQMN4ZCoXAoEooGH4qF4uGmUCLcHEqGW0KpcGsoHW4LZULZUC48GhqGRqFxaBKahsdCs/B4aB5ahJbhidAqPBlah6dCm/B0aBueCe3Cs6F9eC50CM+HjuGF0Cl0Dl3Ci6FreCl0C91DaugReoaXQ6/QO/QJfUO/8EroH14NA8JrYWAYFAaH18OQ8EYYGt4Mw8LwMCK8FUaGUWF0GBPGhnFhfHg7TAjvhInh3TApTA5TwtQwLUwPM8J7YWaYFWaH98Oc8EGYG+aF+WFBWBg+DIvC4pAWPgpLwsdhaVgWlocVYWVYFVaHNWFtWBfWhw1hY9gUNoctYWv4JGwL28OOsDPsCrvDnvBp2Bs+C/vC52F/+CIcCH8KB8OX4VD4KhwOX4cj4ZtwNHwbjoXvwvHwfTgRToZT4YdwOvwYzoSz4Vz4KZwPP4cL4ZdwUf5mTQghhBDi76L/4HiPv/G9DACgfpv3BICrt+c+/J9rbszx53lvladVAgCe7t7xob+MKlVSU1N/e+1SDVGBeQCQ+Ov6f4mXQUt4EtpACyjxN9fXW3U+z39QP3krQOb/kJMCl+PL9W/+L+o/9sSIRaXjc9n+m/rzAAoVuJyTCS7Hl+uX/C/q52z2B+vP9OV4gOb/IScLXI4v1y8Oj8Mz0OavXimEEEIIIYQQQvxZb1Wu/R/dP1+6P89jLudkhMvxH92fCyGEEEIIIYQQ4sp7rnOXpx5r06ZF+79vgr89F/jHsmQiE5n8fza50p9MQgghhBBCiH+1yxf9V3olQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCFE+vU/8e/ErvQehRBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCiCvtfwUAAP//luw5aQ==") chdir(&(0x7f0000000240)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f00000002c0)='./bus\x00', 0x141842, 0x3) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) rmdir(&(0x7f0000000180)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x141842, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x1c1002, 0x0) write(r1, &(0x7f0000004200)='t', 0x1) sendfile(r1, r0, 0x0, 0x40001) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='freezer.parent_freezing\x00', 0x275a, 0x0) 15m30.683440932s ago: executing program 1 (id=6): bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1, 0x12}, 0x50) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) quotactl$Q_SETQUOTA(0xffffffff80000801, &(0x7f0000000040)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000100)={0x0, 0x100000000, 0x2000000000000000, 0x3, 0x0, 0xffffffffffffffff, 0x7b, 0xfffffffffffffffd, 0x9b}) listen(r1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10) rt_sigqueueinfo(0x0, 0x9, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x7, &(0x7f0000000340)=0xf, 0x4) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10) 15m27.440623514s ago: executing program 1 (id=10): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) getdents64(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x840, &(0x7f0000000140)={[{@test_dummy_encryption_v1}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x2}}]}, 0x1, 0x241, &(0x7f0000000540)="$eJzs3U9oFFccB/DfzO42TbKUtL0UCm2hlNIGQnor9JJeWgiUEEoptIUUES9KIsQEb4knLx70rJKTlyDejB4ll+BFETxFzSFeBA0eDB70sDI7iUSz/oGJO+J8PjC7M7vvze8Ns983exkmgMoaiIiRiKhFxGBENCIi2dngm3wZ2Npc6F2ZiGi1/nyYtNvl27ntfv0RMR8RP0fEcprEwXrE7NK/649Xf//+xEzju3NL//R29SC3bKyv/bF5duz4xdGfZq/fvD+WxEg0XziuvZd0+KyeRHz2Loq9J5J62SPgbYwfvXAry/3nEfFtO/+NSCM/eSenP1puxI9nXtX31IMbX3ZzrMDea7Ua2TVwvgVUThoRzUjSoYjI19N0aCj/D3+71pcempo+MnhgamZyf9kzFbBXmhFrv13uudT/Uv7v1fL8Ax+uLP9/jS/eydY3a2WPBuimLP+D/8/9EPIPlSP/UF3yD9Ul/1Bdr8t/WtKYgO5w/Yfqkn+oLvmH6pJ/qC75h+ramX8AoFpaPWXfgQyUpez5BwAAAAAAAAAAAAAAAAAA2G2hd2Vie+lWzaunIzZ+jYh6p/q1recQfNx+7XuUZM2eS/Juhfz3dcEdFHS+5LuvP7lbbv1rX5Vbf24yYv5YRAzX67t/f0nh52B8+obvG/sKFijol7/Lrf90sdz6o6sRV7L5Z7jT/JPGF+33zvNPMzt/BesfflJwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTNswAAAP//ceptKw==") symlink(&(0x7f00000002c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000640)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000680)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x804071, 0x0, 0x0, 0x0, &(0x7f0000000140)) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) 15m27.060265185s ago: executing program 32 (id=10): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) getdents64(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x840, &(0x7f0000000140)={[{@test_dummy_encryption_v1}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x2}}]}, 0x1, 0x241, &(0x7f0000000540)="$eJzs3U9oFFccB/DfzO42TbKUtL0UCm2hlNIGQnor9JJeWgiUEEoptIUUES9KIsQEb4knLx70rJKTlyDejB4ll+BFETxFzSFeBA0eDB70sDI7iUSz/oGJO+J8PjC7M7vvze8Ns983exkmgMoaiIiRiKhFxGBENCIi2dngm3wZ2Npc6F2ZiGi1/nyYtNvl27ntfv0RMR8RP0fEcprEwXrE7NK/649Xf//+xEzju3NL//R29SC3bKyv/bF5duz4xdGfZq/fvD+WxEg0XziuvZd0+KyeRHz2Loq9J5J62SPgbYwfvXAry/3nEfFtO/+NSCM/eSenP1puxI9nXtX31IMbX3ZzrMDea7Ua2TVwvgVUThoRzUjSoYjI19N0aCj/D3+71pcempo+MnhgamZyf9kzFbBXmhFrv13uudT/Uv7v1fL8Ax+uLP9/jS/eydY3a2WPBuimLP+D/8/9EPIPlSP/UF3yD9Ul/1Bdr8t/WtKYgO5w/Yfqkn+oLvmH6pJ/qC75h+ramX8AoFpaPWXfgQyUpez5BwAAAAAAAAAAAAAAAAAA2G2hd2Vie+lWzaunIzZ+jYh6p/q1recQfNx+7XuUZM2eS/Juhfz3dcEdFHS+5LuvP7lbbv1rX5Vbf24yYv5YRAzX67t/f0nh52B8+obvG/sKFijol7/Lrf90sdz6o6sRV7L5Z7jT/JPGF+33zvNPMzt/BesfflJwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTNswAAAP//ceptKw==") symlink(&(0x7f00000002c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000640)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000680)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x804071, 0x0, 0x0, 0x0, &(0x7f0000000140)) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) 13m21.601872009s ago: executing program 2 (id=196): r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x20) ioctl$TUNSETLINK(r0, 0x400454cd, 0x30e) 13m21.268744816s ago: executing program 2 (id=197): bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"}) 13m21.092031601s ago: executing program 2 (id=198): bpf$ENABLE_STATS(0x20, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000200)=r2, 0x4) sendmsg$sock(r1, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) 13m20.802586484s ago: executing program 2 (id=200): prctl$PR_SET_TSC(0x1a, 0x1) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000080)='./file1\x00', 0x50, &(0x7f0000000440)={[{@usrquota}, {}, {@nobh}, {@resuid}, {@dioread_nolock}]}, 0x0, 0x3eb, &(0x7f0000000880)="$eJzs3M1uG0UcAPD/br5I+uEgcUCFQwQIgoCkDgQoQqJw5eMCPICVpKXCbarGSLTkUBAnThwQNw59AQ48QFUhJCRegRdAlSqU5gC3oLV3HTe2Qyw7der8ftLIM+txZv7ezWpmvTsBHFtzEXE+IsYiYikiSvn2NE9xs5Gyeve3Nle2tzZXktjZ+fjvJJJ8W/G3kvz1RF6YTyPSbyOeutne7sb1G59XqtW1a3l5sXb56uLG9RuvXLpcubh2ce1K+Y1z5fLy0pvl1wYW64/PvXhu7L3zZ376s3RneXJyOuvvyfy91jgGZS7mmt/JXsuDbmzIJofdAQAADiTNx/7j9fF/KcbquYZSLG4OtXMAAADAQOy8k78CAAAAIywx9wcAAIARV9wHcH9rc6VIB7pxoHRotyQ8VPfejYjZ3Webt5vxj8djeZ2JQ3y+dS4irj6flLIUh/QcMgBAqzvZ+Odsp/FfGk+21JuKqI+Hpgfc/tyecvv4J7074CYfkI3/3o6I7bbxX1pUmR3LS6fqQ8WJ5MKl6trZiDgdEfMxMZWVy/u08f4/P3/U7b0s/t+SU6eLlLWfve7WSO+OTz34mdVKrdJPzK3ufR1xZrxT/Elz/JtExEwfbYx9deutbu/9f/yHa+dWxAsd9//uyj3J/usTLdaPh8XiqGj37ze/fNit/WHHn+3/mf3jn01a12va6L2N25/98XQ90yGq1vlPL8f/ZPJJPV/My76s1GrXyhGTyQft25d2P1uUi/pZ/PPPdv7/L85/Sb6m1cn8HNCr777/9eX9azTiz1LWfjEXfBiy+Fd72v+9Z16//fun3dpv3f+d48/2f2MNsPl8y0HOfwftYD/fHQAAADwq0vp1jSRdaObTdGGhcb3jiZhJq+sbtZcurH9xZbVx/WM2JtLiSlep5XpoufEzerO8tKf8akQ8HhE/lKbr5YWV9erqsIMHAACAY+JEl/l/5q8RuccfAAAAyH+oBwAAAEab+T8AAACMtH7W9Tu+meybOwLdOPKZZ45GN4aQmYgj0Y0+MsM+MwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADza/gsAAP//Bdqy/A==") r2 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYRES16=r1], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) timer_create(0xa, 0x0, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000040)}], 0x1) r7 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$VT_DISALLOCATE(r7, 0x5608) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r2, &(0x7f0000000080), &(0x7f0000000300)=""/180}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r2, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000073013400000000009500000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='rss_stat\x00', r8}, 0x10) syz_clone(0x42000000, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$nl_route(r0, 0x0, 0x40) 13m19.524401788s ago: executing program 2 (id=202): openat$ptp0(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$sysfs(0xffffffffffffff9c, 0x0, 0x100102, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$inet6(0xa, 0x2, 0x3a) madvise(&(0x7f0000000000/0x4000)=nil, 0x0, 0x3) sendto$inet6(r3, &(0x7f0000000000)="800037bbfa9ba1ce", 0x8, 0x4000, &(0x7f0000001100)={0xa, 0x0, 0x0, @loopback}, 0x1c) recvmmsg(r3, &(0x7f0000000380)=[{{&(0x7f0000000640)=@l2tp6={0xa, 0x0, 0x0, @mcast2}, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000140)=""/144}, {&(0x7f0000000200)=""/230}, {&(0x7f0000000300)=""/86, 0xfffffe94}, {&(0x7f00000003c0)=""/253}, {&(0x7f00000004c0)=""/208}]}, 0x3422a61a}], 0x4000000000003c9, 0x10102, 0x0) 13m18.723107012s ago: executing program 2 (id=203): socket$inet_tcp(0x2, 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x3, 0x4, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x200}, [@call={0x85, 0x0, 0x0, 0x1d}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x101000, 0x0) mkdirat(0xffffffffffffffff, &(0x7f0000000380)='./file0\x00', 0xb8) bpf$MAP_CREATE(0x0, 0x0, 0x50) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x800001000088}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000) r2 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) write$binfmt_script(0xffffffffffffffff, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '\x86\x81\t\n\xac\"\xff4l\xaa\x91\xec\x99M.p\xdc4\x0e\x1c\xdf\xd3\xd4\x8d\xad\x99\x1c\xae\xb2vt\r@0K\x989\x1c\xd7%\x82\x94\x05\x06\xbeJ\x90\xd8&\xa6?~\x88\x01;\r7\xdf\xb7\xfb\x85\x133\x17I\xb4\xbc`7\xda\x91\xefP0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) mkdir(0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000440)={0x0, r1}, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000008c0)={'sit0\x00', &(0x7f0000000a40)={'syztnl1\x00', 0x0, 0x0, 0x7, 0xd51f, 0xf, {{0x2b, 0x4, 0x0, 0x18, 0xac, 0x66, 0x0, 0xc2, 0x2f, 0x0, @private=0xa010100, @empty, {[@noop, @cipso={0x86, 0x25, 0xffffffffffffffff, [{0x7, 0xc, "a2fc2363e5fe39062a71"}, {0x7, 0x3, 'F'}, {0x2, 0x10, "87605603209f8a94ee540520cdbe"}]}, @timestamp_prespec={0x44, 0x4, 0xe9, 0x3, 0xc}, @timestamp_prespec={0x44, 0x24, 0xac, 0x3, 0x4, [{@dev={0xac, 0x14, 0x14, 0x2a}, 0xfffffffd}, {@multicast1, 0x9}, {@loopback, 0x2}, {@empty, 0x3}]}, @rr={0x7, 0xf, 0x9e, [@initdev={0xac, 0x1e, 0x0, 0x0}, @empty, @loopback]}, @lsrr={0x83, 0x13, 0x5d, [@remote, @rand_addr=0x64010100, @private=0xa010101, @loopback]}, @ra={0x94, 0x4}, @timestamp_addr={0x44, 0x24, 0x87, 0x1, 0x1, [{@loopback, 0x7}, {@private=0xa010101, 0x4}, {@multicast2, 0x7}, {@broadcast, 0x2}]}]}}}}}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000900)={'veth0_vlan\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000940)={'veth0_macvtap\x00', 0x0}) sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000980)={0x9c, r5, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@ETHTOOL_A_DEBUG_HEADER={0x88, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macsec0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_vlan\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_macvtap\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}]}]}, 0x9c}, 0x1, 0x0, 0x0, 0x4008804}, 0x0) 8m41.062806396s ago: executing program 3 (id=829): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'bridge0\x00', 0x0}) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4) sendto$packet(r2, &(0x7f00000000c0)="3f031c000302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r3, 0x1, 0x0, 0x6, @multicast}, 0x14) 8m40.836764314s ago: executing program 3 (id=833): openat$ptp0(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$sysfs(0xffffffffffffff9c, 0x0, 0x100102, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$inet6(0xa, 0x2, 0x3a) madvise(&(0x7f0000000000/0x4000)=nil, 0x0, 0x3) sendto$inet6(r3, &(0x7f0000000000)="800037bbfa9ba1ce", 0x8, 0x4000, &(0x7f0000001100)={0xa, 0x0, 0x0, @loopback}, 0x1c) recvmmsg(r3, &(0x7f0000000380)=[{{&(0x7f0000000640)=@l2tp6={0xa, 0x0, 0x0, @mcast2}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000140)=""/144, 0x90}, {&(0x7f0000000300)=""/86, 0x56}, {&(0x7f00000003c0)=""/253, 0xfd}, {&(0x7f00000004c0)=""/208, 0xd0}], 0x4}, 0x3422a61a}], 0x1, 0x10102, 0x0) 8m39.737351513s ago: executing program 3 (id=837): gettid() bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) open(0x0, 0x0, 0x1a1) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000240)='./file2\x00', 0x0, &(0x7f0000000080)={[{@barrier_val={'barrier', 0x3d, 0x7}}]}, 0xc1, 0x7b7, &(0x7f00000007c0)="$eJzs3ctrXNcZAPDvjl6W7FYqFFp3JSi0AuNR5ap2C124dFEKNRjadW0xGgtXI43RjIwlBLYpgWwCScgikGy8zsPZZZvHNvkvsgg2TiKLKGQRJtzRHWlkzciSo5kR6PeDq3vOfeicb859nJlzmQngxBpP/+QizkbEq0nEaLY8iYiBeqo/4vLWdpvra4V0SqJW+/fXSX2bjfW1QjTtkzqdZX4dEZ+8FHEuly44tavcysrq/EypVFzK8pPVhVuTlZXV8zcXZuaKc8XFi1PT0xcu/enSxaOL9dvPV888fu0fv3//8vf//9XDVz5N4nKcydY1x3FUxmM8e00G0pdwl78fdWE9lvS6AryQ9NTs2zrL42yMRl891cZwN2sGAHTK3YioAQAnTOL+DwAnTONzgI31tUJj6u0nEt315G9bQ5Mb2djm5nb8/dmY3an6OOjIRrJrZCSJiLEjKH88It7+8L/vplN0aBwSoJV79yPi+tj43ut/sueZhcP6w34ra0P12fgzi13/oHs+Svs/f27V/8tt93+iRf9nqMW5+yKef/7nHh1BMW2l/b+/Nj3bttkUf2asL8v9rN7nG0hu3CwV02vbzyNiIgaG0vxUfdPWT0FNPP3habvym/t/37z+v3fS8tP5zha5R/1Du/eZnanO/NS4G57cj/hNf6v4k+32T9r0f68esIx//uXlt9qtS+NP421Me+PvrNqDiN+1bP+dtkz2fT5xsn44TDYOihY++OLNkXbl77T/UH2elt94L9ANafuP7B//WNL8vGbl8GV89mD043brmo//1vG3Pv4Hk//U04PZsjsz1erSVMRg8q+9yy/s7NvIN7ZP45/4bevzv93xn8uejb2+ndtf/+Ov3sv+Vcv46+61i7+z0vhnD9X++yRq2T7PrHq4Od/XrvyDtf90PTWRLTnI9e85NW0knt94AAAAAAAAAAAAAAAAAAAAAAAAAHAEchFxJpJcfjudy+XzW7/h/csYyZXKleq5G+Xlxdmo/1b2WAzkGl91Odr0fahT2ffhN/IXnsn/MSJ+ERFvDA3X8/lCuTTb6+ABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIHN69+//301n+fzWui+Hel07AKBjTvW6AgBA17n/A8DJc7j7/3DH6gEAdM+h3//Xks5UBADomgPf/693th4AQPcY/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDDrl65kk6179bXCml+9vbK8nz59vnZYmU+v7BcyBfKS7fyc+XyXKmYL5QX2v6je1uzUrl8azoWl+9MVouV6mRlZfXaQnl5sXrt5sLMXPFacaBrkQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAwVVWVudnSqXiksS+ieHjUY1jk+iPY1GNI0vU+rbOh+NRn/5oLBnsWTWarxLDPbo6AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABx/PwYAAP//eUchiw==") r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x185641, 0x0) r1 = open(&(0x7f00000003c0)='./bus\x00', 0x84902, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x11, r1, 0x0) syz_mount_image$vfat(&(0x7f00000001c0), &(0x7f0000000080)='./file2\x00', 0x404, &(0x7f0000000180)=ANY=[@ANYRES16=0x0, @ANYRES32=0x0, @ANYRES8, @ANYRES16], 0x1, 0x122e, &(0x7f0000002580)="$eJzs3MFrHFUcB/BftqlZU5tErdX2oA+9eBqaHDwJEiQFyYJSG6EVhCmZ6JJxN2SWwIoYe/Lq0b9BPHpTxH8gV/8Cb7mIpxzEEXZSk60NmlqyRT+fy/zIb76Z99hl4S3v7f7rX368uVFlG/kgWlNT0dqKSAcpUrTinhdXm+ut26vLnc7KjZSuL99cfC2lNPfSD+9/+s3LPw4uvPft3Hczsbfwwf4vSz/vXd67sv/7zY+6VepWqdcfpDzd6fcH+Z2ySOvdajNL6Z2yyKsidXtVsT3W3yj7W1vDlPfWL85ubRdVlfLeMG0WwzTop8H2MOUf5t1eyrIsXZwNTnT+729Z+/qgrr+PqOvz8UTUdV0/GbMxFU/FxZiLzyPi6Xgmno1L8Vxcjufjhbgyuusshg8AAAAAAAAAAAAAAAAAAAD/Hwej0/zj5/8vHJ7/n48F5/8BAAAAAAAAAAAAAAAAAADgDLx76/bqcqezciOldkT5xc7azlpzbfrLG9GNMoq4FvPxW4xO/zea+vpbnZVraeRcROwe5nd31s6N5xdHPydwmJ8e9e7lF5t8irvlsfxMzDb5dkQUsRTzcenY89tH+aUH5tvx6ivHnp/FfL0b0Y8y1kfPPsp/tpjSm2937stfHd0HAAAA/wVZ+tPC+Pq3Wb9n2Un9Jn+K7wfuW19Px9Xpyc6diGr4yWZelsX2eNH+y18mVsw8HsM4TdH6N/GZOLHVGmt99VPEpGf6WBTtw/fyo/iHU5OfzkMUdx/J3MeLCX8wcSaOXvRJjwQAAAAAAAAAAIDT+Cf7AX+Nh95FOB0P2Fn2xmSmCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/MEOHAsAAAAACPO3TqNjAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAoQIAAP//uXHE5A==") write$FUSE_ATTR(r0, &(0x7f0000000440)={0x78, 0x0, 0x0, {0x2000000000000000, 0x0, 0x0, {0xffffffffff7ffffe, 0x0, 0xffffffffffffffff, 0x6, 0x0, 0x6, 0x4, 0x6288f666, 0x0, 0xc000}}}, 0x6f) execve(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) 8m38.068821198s ago: executing program 3 (id=841): r0 = syz_usb_connect$hid(0x3, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x10, 0x5543, 0x4d, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x0, 0x50, 0x8, [{{0x9, 0x4, 0x0, 0xfb, 0x2, 0x3, 0x1, 0x3, 0x0, {0x9, 0x21, 0x8000, 0x1, 0x1, {0x22, 0x28b}}, {{{0x9, 0x5, 0x81, 0x3, 0x8, 0x2, 0x5, 0xf2}}, [{{0x9, 0x5, 0x2, 0x3, 0x3ff, 0x10, 0x4, 0x4}}]}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000640)={0x24, &(0x7f0000000380)={0x20, 0x2, 0x2, {0x2, 0xc}}, &(0x7f0000000580)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x427}}, 0x0, 0x0}, 0x0) 8m34.916556612s ago: executing program 3 (id=848): bind$unix(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xa, 0x4, 0x7fe2, 0x1}, 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r0}, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) syz_clone3(0x0, 0x0) ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bf"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10) r6 = socket$pppl2tp(0x18, 0x1, 0x1) r7 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r7, &(0x7f0000000b00)={0xa, 0xfdfe, 0x100007, @remote, 0xa}, 0x1c) connect$pppl2tp(r6, &(0x7f0000000300)=@pppol2tpin6={0x18, 0x1, {0x0, r7, 0x8, 0x0, 0x5, 0x0, {0xa, 0x0, 0xf9d, @private2}}}, 0x32) writev(r6, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x34000}], 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x1f, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0xffd0}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10000000}, @generic={0x66, 0x8}, @initr0, @exit, @alu={0x6, 0x0, 0x3, 0xa, 0x0, 0x2}, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0xff5c, &(0x7f0000000340)=""/222, 0x0, 0x8}, 0x78) socket$nl_route(0x10, 0x3, 0x0) 8m32.885509817s ago: executing program 34 (id=848): bind$unix(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xa, 0x4, 0x7fe2, 0x1}, 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r0}, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) syz_clone3(0x0, 0x0) ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bf"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10) r6 = socket$pppl2tp(0x18, 0x1, 0x1) r7 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r7, &(0x7f0000000b00)={0xa, 0xfdfe, 0x100007, @remote, 0xa}, 0x1c) connect$pppl2tp(r6, &(0x7f0000000300)=@pppol2tpin6={0x18, 0x1, {0x0, r7, 0x8, 0x0, 0x5, 0x0, {0xa, 0x0, 0xf9d, @private2}}}, 0x32) writev(r6, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x34000}], 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x1f, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0xffd0}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10000000}, @generic={0x66, 0x8}, @initr0, @exit, @alu={0x6, 0x0, 0x3, 0xa, 0x0, 0x2}, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0xff5c, &(0x7f0000000340)=""/222, 0x0, 0x8}, 0x78) socket$nl_route(0x10, 0x3, 0x0) 1m26.904297712s ago: executing program 6 (id=1860): r0 = syz_open_dev$evdev(&(0x7f0000000a00), 0x1, 0x0) ioctl$EVIOCGVERSION(r0, 0x80044501, &(0x7f0000000a40)=""/243) 1m26.032771433s ago: executing program 6 (id=1861): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000f000000c5"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000980)='kfree\x00', r0}, 0x18) r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x6cb, 0x73f6, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x110, 0x0, [{{0x9, 0x4, 0x0, 0x1, 0x2, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x1, 0x0, 0x1, {0x22, 0x3}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x0, 0x0, 0x5}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io(r1, &(0x7f0000000380)={0x2c, &(0x7f0000000080)={0x0, 0x3, 0x4, {0x4, 0xa, "ddd9"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 1m23.723988259s ago: executing program 6 (id=1867): bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB], 0x50) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x18) recvmsg$unix(0xffffffffffffffff, 0x0, 0x2121) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') r4 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r4, &(0x7f0000001fc0)=""/184, 0x20002078) 1m23.431779443s ago: executing program 6 (id=1869): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(0x0, 0x0, 0x0, 0x100000, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec8500000050000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r0}, 0x10) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) 1m23.137906456s ago: executing program 6 (id=1870): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f00000000c0)={'#! ', '', [{0x20, '^'}, {0x20, 'usrjquota='}, {0x20, '\x00'}, {0x20, 'usrjquota='}]}, 0x1e) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020700000000000002030207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000100850000002d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000001880), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc(&(0x7f00000006c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_RESET_LINK_STATS(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000700)={0x28, r5, 0x1, 0x70bd25, 0x25dfdbff, {{}, {0x0, 0x410c, 0xea}, {0xc, 0x14, 'syz0\x00'}}}, 0x28}, 0x1, 0x0, 0x0, 0x51}, 0x40000) 1m22.772783736s ago: executing program 6 (id=1871): setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x14, &(0x7f0000000000)={0x0, 0xea60}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000040)='sys_enter\x00'}, 0x10) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x903, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuset.memory_pressure\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 1m22.267909087s ago: executing program 35 (id=1871): setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x14, &(0x7f0000000000)={0x0, 0xea60}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000040)='sys_enter\x00'}, 0x10) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x903, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuset.memory_pressure\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 10.012032471s ago: executing program 5 (id=2035): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000600)={&(0x7f0000000480)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x5, [@typedef={0x3}]}, {0x0, [0x0, 0x0, 0x2e]}}, 0x0, 0x29}, 0x28) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1}, 0x50) socket$nl_netfilter(0x10, 0x3, 0xc) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x80000, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) pipe(&(0x7f0000000000)) socket$inet6(0xa, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x8042, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0xa0b41, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r2, &(0x7f00000002c0)=ANY=[@ANYRES64=r1], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000001, 0x12, r2, 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_GETKMSGREDIRECT(r3, 0x541c, &(0x7f0000000000)) 9.581932445s ago: executing program 5 (id=2038): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f00000000c0)={'#! ', '', [{0x20, '^'}, {0x20, 'usrjquota='}, {0x20, '\x00'}, {0x20, 'usrjquota='}]}, 0x1e) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020700000000000002030207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000100850000002d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sched_switch\x00', r2}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000001880), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000006c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_RESET_LINK_STATS(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000700)={0x28, r4, 0x1, 0x70bd25, 0x25dfdbff, {{}, {0x0, 0x410c, 0xea}, {0xc, 0x14, 'syz0\x00'}}}, 0x28}, 0x1, 0x0, 0x0, 0x51}, 0x40000) 8.366574634s ago: executing program 5 (id=2042): socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) r1 = creat(0x0, 0x90) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000800)={0x0, @dev, @remote}, &(0x7f0000000880)=0xc) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000001c0)=0x1, 0x4) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000280), 0x800, 0x0) ioctl$TCSETS2(r5, 0x402c542b, 0x0) getdents(0xffffffffffffffff, &(0x7f0000001fc0)=""/184, 0x20002078) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) 5.757502974s ago: executing program 5 (id=2043): setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x18) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r2 = syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000002240)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0) read$FUSE(r1, &(0x7f0000007100)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r1, &(0x7f0000002140)={0x50, 0x0, r3, {0x7, 0x2b, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}}, 0x50) read$FUSE(r1, &(0x7f0000002900)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r1, &(0x7f0000000000)={0x10, 0xffffffffffffffda, r4}, 0x10) syz_fuse_handle_req(r1, 0x0, 0x0, &(0x7f0000007040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000007000)={0x20, 0xfffffffffffffff5, 0x0, {0xfffffff8, 0x0, 0x200, 0x8}}, 0x0}) ioctl$FS_IOC_RESVSP(r2, 0x40086602, &(0x7f0000002740)) 5.6873589s ago: executing program 7 (id=2044): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000880)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r1}, 0x10) lstat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)) 5.608283987s ago: executing program 4 (id=2045): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000040)=[@textreal={0x8, 0x0}], 0x1, 0x59, 0x0, 0x0) ioctl$KVM_GET_NESTED_STATE(r2, 0xc080aebe, &(0x7f0000000480)={{0x0, 0x0, 0x80}, '\x00', "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002100"}) 5.602932277s ago: executing program 0 (id=2046): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000600)={&(0x7f0000000480)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x5, [@typedef={0x3}]}, {0x0, [0x0, 0x0, 0x2e]}}, 0x0, 0x29}, 0x28) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1}, 0x50) socket$nl_netfilter(0x10, 0x3, 0xc) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x80000, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) pipe(&(0x7f0000000000)) socket$inet6(0xa, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x8042, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0xa0b41, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r2, &(0x7f00000002c0)=ANY=[@ANYRES64=r1], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000001, 0x12, r2, 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_GETKMSGREDIRECT(r3, 0x541c, &(0x7f0000000000)) 5.464676229s ago: executing program 0 (id=2047): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b00)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) rt_sigprocmask(0x0, 0x0, 0x0, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaa8aaaa00000000000008"], 0x0) 5.409968313s ago: executing program 4 (id=2048): open(0x0, 0x14507e, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4) syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x589b}, 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000200)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000280)='GPL\x00', 0x5, 0xe2, &(0x7f00000002c0)=""/226, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0), 0x2}, 0x80) io_setup(0x7fff, &(0x7f0000000400)) 5.409762773s ago: executing program 7 (id=2049): timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x3ed4, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) 5.261144405s ago: executing program 0 (id=2050): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f00000000c0)={'#! ', '', [{0x20, '^'}, {0x20, 'usrjquota='}, {0x20, '\x00'}, {0x20, 'usrjquota='}]}, 0x1e) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020700000000000002030207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000100850000002d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000001880), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$tipc(&(0x7f00000006c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_RESET_LINK_STATS(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000700)={0x28, r6, 0x1, 0x70bd25, 0x25dfdbff, {{}, {0x0, 0x410c, 0xea}, {0xc, 0x14, 'syz0\x00'}}}, 0x28}, 0x1, 0x0, 0x0, 0x51}, 0x40000) 4.197050351s ago: executing program 0 (id=2051): socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) r1 = creat(0x0, 0x90) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000800)={0x0, @dev, @remote}, &(0x7f0000000880)=0xc) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000001c0)=0x1, 0x4) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000280), 0x800, 0x0) ioctl$TCSETS2(r5, 0x402c542b, 0x0) getdents(0xffffffffffffffff, &(0x7f0000001fc0)=""/184, 0x20002078) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) 4.126334326s ago: executing program 5 (id=2052): syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000380)='./file0\x00', 0x10, &(0x7f0000000200), 0x0, 0x5ae, &(0x7f00000016c0)="$eJzs3d9vFNUeAPDv2d22QOG23NzkXi4PNiERErWlBaMxJkLENx/8QeITibUthLBApTURxAgJ/gf6B5j4ZmKMj8QYor746puJf4AhEgN98W3N7M6WBXZLu2w7yHw+ybDnzNnhnNnNt2fm7JmZAEprIvunErEnIhZTxFhHWS3ywonW++7cvjy3cvvyXIpG4+0/U6R8Xfv9KX8dzTfeFhG//JDi39UH6126eOnMbL2+cCHPTy2fXZxaunjpudNnZ08tnFo4NzP9wvTzhw/NHD44kP3cFRE/TR6rXTv56t5v5r7c/cl3X11PcSR25uWd+zEoEzGx+pl0yj7XFwddWUGq+f50fsWpVmCD2JD29zcUEf+NsajG3S9vLD59s9DGAZuqkSIaQEkl8Q8l1T4OyM5/20uxRyTAVrl1tDUAcCe1xvZWVuO/1hobjG3NsYEdKyk6h3VSRAxiZC6rY/HpNJYtsUnjcEB3V65GxP+69f+pGZvjzVH8LP4r98R/JSLeyF+z9W/1Wf/EfXnxD1vnUeL/3Y74f6/P+rvH/0if/xsAAAAAAACU242jEfFst9//Kqvzf6LL/J/RiDgygPof/vt/5eYAqgG6uHU04uWIaM/9W+mI/9x4Nc/tas4HGEonT9cXDkbEvyLiQAyNZPnpNeqY2PvzUM+yjvl/2ZLVv3jPz/+Vm7X7pgPMzy7P9r/HQNutqxH/r3WL/7Ta/6cu/X/W9y+us47GsVd+7FXWNf7zucDA5mp8EbG/a/9/984Vae37c0w1jwem2kcFD/roxPVve9Uv/qE4Wf+/Y+34H0+d9+tZ2ngdH//x2yPEf/fj/+F0vHnLmeF83Yezy8sXpiOG0+sd64da62c23mZ4ErXjoR0vWfwf2Nf9/H+t4//tEXFlnXUe//61a73K9P9QnCz+5zfU/288se+dz//qVf/6+v/DzT79QL7G+B+sbb0BWnQ7AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCfqBIROyNVJlfTlcrkZMRoRPwndlTq55eWnzl5/oNz81lZ8/n/lfaTfsda+dR+/v94R37mvvyhiNgdEZ9Vtzfzk3Pn6/NF7zwAAAAAAAAAAAAAAAAAAAA8JkZ7XP+f+b1adOuATVe7mzxSZDuArVcrugFAYcQ/lJf4h/IS/1Be4h/KS/xDeYl/KC/xD+VVbXx9oug2AAAAAAAAA7P7qRu/poi48tL25pIZzsuGCm0ZsNlc7w/l5RY/UF6m/kF5tc7xR4puBlCg9JDybX1vCQAAAAAAAAAAAAAMyv49rv+HsqoU3QCgML2v/3dnAHjSuf4fyss5PvDw6//fn+tvSwAAAAAAAAAAAABgUJYuXjozW68vXOg3MfJom0tsaWIkHotmlDURaQARt0WJov8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbX8HAAD//97T+NI=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0xfa50, 0x0, 0x0, 0x0, 0x48}, 0x94) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) sendmsg$NL80211_CMD_GET_MPP(0xffffffffffffffff, 0x0, 0xc001) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuacct.usage_sys\x00', 0x275a, 0x0) fcntl$lock(r4, 0x25, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x2}) 4.004726226s ago: executing program 4 (id=2053): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000540)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f00000002c0)='kmem_cache_free\x00', r2}, 0x10) r3 = dup(r1) write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r3, &(0x7f0000002c00)=ANY=[@ANYBLOB="b0"], 0xb0) getresuid(&(0x7f0000000800), &(0x7f0000000000), &(0x7f0000000340)=0x0) r5 = syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x810408, 0x0, 0xff, 0x0, &(0x7f00000007c0)) renameat2(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x4) openat$dir(0xffffffffffffff9c, &(0x7f0000001940)='./bus\x00', 0x8200, 0x2) r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$FICLONERANGE(r5, 0x4020940d, &(0x7f0000000500)={{r5}, 0x1a84, 0x101, 0x8}) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',privport,access=', @ANYRESDEC=r4]) 2.704510671s ago: executing program 0 (id=2054): syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000000c0)='./file1\x00', 0x101880a, &(0x7f0000000400)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c61636c2c6673796e635f6d6f64653d7374726963742c696e6c696e655f78617474722c6673796e635f6d6f64653d706f7369782c646973636172645f756e69743d7365676d656e742c6261636b67726f756e645f67633d6f6e2c6e6f696e6c696e655f78617474722c646973636172645f756e69743d626c6f636b2c6673796e635f6d6f64653d7374726963742c617467632c657874656e745f63616368652c6661756c745f696e6a656374696f6e3d30303030303030303030303030303031343033302c00271d57a599b8b169a579679e220c689eaaec4fa6229021e75c68a687d319b615573b0b0ceefba8e2e2419434463974ef8174b66469344931de0ccad650792761"], 0x1, 0x550b, &(0x7f00000079c0)="$eJzs3M1rI2UYAPAn/dhv1yIevO3AIrSwiU0/Fr1V3cUP7FJWPXjSNElDdpNMadK09uTBo3jwPxEFTx79Gzx49iYeFG+Ckpmpbv0AoWlj298PJs+8b94887xhWXhmSgK4sOaSX34qxc24GhHTEXEjIjsvFUdmLQ/PRcStiJh64igV839MXIqIaxFxc5Q8z1kq3vrszvD26o9v/vz1t5dnrn/+1XeT2zUwac9HRHc7P9/r5jFt5fFRMV8btrPYXRkWMX+j+7gYp3nca25mGfZqh+tqWVxu5evT7d3+KG51avVRbLW3svntXn7B/rB1mCf7wKPaTjZuNDez2O6nWWwd5HXtH+T/tx30B3meRpHvwyx9DAaHMZ9v7jfz/Ww/zmK9Nyjm87xpo7k/isMiFpeLetppZHVsHueb/n97q93b3U+GzZ1+O+0lq5Xqi5Xq3XJ1J200B82Vcq3buLuSzLc6o2XlQbPWXWulaavTrNTT7kIy36rXy9VqMn+vudmu9ZJqtbJcWSyvLhRnd5LXHrybdBrJ/Ci+0u7tDtqdfrKV7iT5JxaSpcrySwvJ7Wry9vpGsvHw/v31jXfev/feg5fX33i1WPS3spL5pcWlpXJ1sbxUXbhA+/+4KHqM+4djKU26AICzR/8PTMLJ9f87DyNOvv8P/f9YnKn+9/z1/3svREx0/3As+n8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAvr+9kvXs9O5vLx9WL+qWLqmWJcioipiPjtH0zHpSM5p4s8s/+yfvYvNXxTiizD6BqXi+NaRKwVx69Pn/S3AAAAAOfXlx/d+jTv1vOXuUkXxGnKb9pM3fhgTPlKETE798OYsk2NXp4dU7Ls3/dM7I8pW3YD68qYkuW33GbGle0/mT4SrjwRSnmYOtVyAACAU3G0EzjdLgQAAIDT9MmkC2AySnH4KPPwWXD2l/d/PhC8emQEAAAAnEGlSRcAAAAAnLis//f7fwAAAHC+5b//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAv7NzP7eJA1EcgJ8NXth/WrTa+7ayNyhjS9jjHiMKSBMUkANpIQ1QA7mlhAgiPA6BiEMkj20l+j7JmYxlfrxBcJgZaQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAu3Vfrxe3V7+u2Obt9O3lGAwAAAFyyrdaL+p9Z6n9t7n9vbv1s+kVElBFxae4+ik9nmaMmp3p5/ub0+epVDXcRdcLhPSbN9SUi/jTX44+uPwUAAAD4uDbL1TzN1tOf2dAF0ae0aFN++5spr4iIavaQKa085P3KFFZ/v8fxP1NavYA1zRSWltzGudLepP65H1ftpidNkZry4suORWYbOwAA0KPRWdPvLAQAAIA+/Ru6AIZRxPNW5nErcJKaZnvv81kPAAAAeIeKoQsAAAAAOlfP/3s6/2/v/D8AAAAYRjr/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC5tq/Vis1zN2+bs9u3kGQ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyxP+8oEAJhEAZ713cmc//DSoOmpiZVIHz8jcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAm9/95f/E1DiTzL02lp5HkrVTY+vU2Ds3jv4wvn4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMX+vKRACARBFMwZ/zvp+x9WEvQMIkRAw6OKWjQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBFv/vl/8TUOJPMnTaWjkeStavG1lVj70Hj6MF4+zcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMXO/bzGUcUBAP/OzM7WtooxSg4RUfCgF5tua2tv4kEJHvwThJBua+zWH20QW4qYizfJuRfRo4igxFv/h55b6KXeethDBc/KzM5kp23A9dfMNvl84M377jDM+75ZCPnOewkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtfFb0zgrDguTOK3O3bp/bb3obz/UF25s31kuWhEnbSb9eHih+SFZioij3SUDAADAwZDV9X1E3M13Vos+XSjr/7y+pqj5v31qElf1/Gd1yfpw/V/X/kX75ed7z+0OtDAZp7jpuY3R8PijqfT+rznOu6f/8ope+eTLdy9Z+YWk7249O87L55l8ffPm2/0yPNRGtgDAP3Gs7qug/n2o6AddJgbAgdFrFN51/Z8tdJsTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQBvGW3G0jpOIWO5N48Lt+9fW9+pvbN9Zrtvp69e348vpPYtb5BFxbmM0PN7qbObb5StXL6yNRsNL7QcvRkRXo79ZTf/C+zNcHNHJ8xH8R0Fafdnzks/jEXT4QwkAgH0pr1pR19/Nd1aLc8lixB/fPVj/v9KIY8b6/94Hp281x2rW/4PWZjj/VjYvfrJy+crV1zYurp0fnh9+9PqJwRuDk2dOnTqzUr4rWfHGBAAAgH+nX7Vm/Z8uPrr+f6QRx4z1/6ffDL5ojpWp//c0XfTrOhMAAICD7ZmXfv8t2eN80u/H52ubm5cGk+Pu5xOTYwep/m2Hqtas/7PFrrMCAAAA2jDeSh5Y/z/biGPG9f8nv3/+x+Y9s4g4XK3/H1v/eHS2venMtTb+nLjrOQIAANCtw1Vrrv/n5f7/dHfLQxoRr748iat/AzhT/Z+989UPzbGa+/9PtjfFuZQuTZ5H2S9F9Ja6zggAAID97ImqFcX+r/nO6oc/HXmvb/8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQNv+DAAA///fxzxy") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) sendmsg$TIPC_CMD_GET_MAX_PORTS(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000380)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0100000004000000040000000800", @ANYBLOB], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x0, &(0x7f00000003c0)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x8000}}) 2.672326284s ago: executing program 4 (id=2055): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000600)={&(0x7f0000000480)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x5, [@typedef={0x3}]}, {0x0, [0x0, 0x0, 0x2e]}}, 0x0, 0x29}, 0x28) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1}, 0x50) socket$nl_netfilter(0x10, 0x3, 0xc) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x80000, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) pipe(&(0x7f0000000000)) socket$inet6(0xa, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x8042, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0xa0b41, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r2, &(0x7f00000002c0)=ANY=[@ANYRES64=r1], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000001, 0x12, r2, 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_GETKMSGREDIRECT(r3, 0x541c, &(0x7f0000000000)) 1.61214246s ago: executing program 7 (id=2056): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={0x0}, 0x18) r0 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) write$binfmt_script(r0, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001240)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000f7850000002d00000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) dup(0xffffffffffffffff) sendmsg(r0, &(0x7f00000000c0)={0x0, 0x9504, &(0x7f0000000100)=[{&(0x7f0000000000)="2b10", 0xd8ef}], 0x1, 0x0, 0x0, 0x2c}, 0x4) 1.60889143s ago: executing program 4 (id=2064): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000600)={&(0x7f0000000480)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x5, [@typedef={0x3}]}, {0x0, [0x0, 0x0, 0x2e]}}, 0x0, 0x29}, 0x28) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1}, 0x50) socket$nl_netfilter(0x10, 0x3, 0xc) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x80000, 0x0) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000000)) socket$inet6(0xa, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) dup(r0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x8042, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0xa0b41, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r2, &(0x7f00000002c0)=ANY=[@ANYRES64=r1], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000001, 0x12, r2, 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_GETKMSGREDIRECT(r3, 0x541c, &(0x7f0000000000)) 1.404453986s ago: executing program 4 (id=2057): syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x840, &(0x7f0000000180)={[{@test_dummy_encryption_v1}, {@nolazytime}]}, 0x1, 0x241, &(0x7f00000020c0)="$eJzs3U9oFFccB/DfzO42TbKUtL0UCm2hlNIGQnor9JJeWgiUEEoptIUUES9KIsQEb4knLx70rJKTlyDejB4ll+BFETxFzSFeBA0eDB70sDI7iUSz/oGJO+J8PjC7M7vvze8Ns983exkmgMoaiIiRiKhFxGBENCIi2dngm3wZ2Npc6F2ZiGi1/nyYtNvl27ntfv0RMR8RP0fEcprEwXrE7NK/649Xf//+xEzju3NL//R29SC3bKyv/bF5duz4xdGfZq/fvD+WxEg0XziuvZd0+KyeRHz2Loq9J5J62SPgbYwfvXAry/3nEfFtO/+NSCM/eSenP1puxI9nXtX31IMbX3ZzrMDea7Ua2TVwvgVUThoRzUjSoYjI19N0aCj/D3+71pcempo+MnhgamZyf9kzFbBXmhFrv13uudT/Uv7v1fL8Ax+uLP9/jS/eydY3a2WPBuimLP+D/8/9EPIPlSP/UF3yD9Ul/1Bdr8t/WtKYgO5w/Yfqkn+oLvmH6pJ/qC75h+ramX8AoFpaPWXfgQyUpez5BwAAAAAAAAAAAAAAAAAA2G2hd2Vie+lWzaunIzZ+jYh6p/q1recQfNx+7XuUZM2eS/Juhfz3dcEdFHS+5LuvP7lbbv1rX5Vbf24yYv5YRAzX67t/f0nh52B8+obvG/sKFijol7/Lrf90sdz6o6sRV7L5Z7jT/JPGF+33zvNPMzt/BesfflJwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTNswAAAP//ceptKw==") bpf$PROG_LOAD(0x5, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0100000004000000e27f000001"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4) r5 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_msfilter(r5, 0x0, 0x29, 0x0, 0x5000) 1.24215544s ago: executing program 7 (id=2058): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYRES16, @ANYRES16, @ANYRES8, @ANYRES64, @ANYRES32, @ANYRES8], 0x50) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000040)=@generic={&(0x7f00000000c0)='./file0\x00', 0x0, 0x10}, 0xfffffffffffffe08) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001400)={{r0}, 0x0, &(0x7f00000013c0)}, 0x20) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000240), 0x4000) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000200)=0x0) getpid() r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000540)='./binderfs2/binder1\x00', 0x2, 0x0) ioctl$BINDER_ENABLE_ONEWAY_SPAM_DETECTION(r3, 0x40046210, &(0x7f0000000580)=0x1) setpgid(0x0, r2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000280)={0x1, 0x0, 0x0, &(0x7f0000000040)=""/87, 0x0}) ioctl$VHOST_SET_FEATURES(r5, 0x4008af00, &(0x7f0000000400)=0x4000000) ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f0000000700)={0x2, 0x0, [{0x80a0000, 0xc3, &(0x7f0000000880)=""/195}, {0xdddd0000, 0x62, &(0x7f0000000440)=""/98}]}) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x11, 0x4, &(0x7f00000000c0)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x4, 0x8f, &(0x7f00000002c0)=""/143}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000600)='svcrdma_post_recv\x00', r6, 0x0, 0xfffffffffffffffd}, 0x18) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000980)={'#! ', './file0', [{0x20, '/dev/snd/timer\x00'}, {0x20, 'kmem_cache_free\x00'}, {0x20, ',:&(,&]\xf4\'^'}, {0x20, ':*--['}, {0x20, '@'}, {0x20, 'kmem_cache_free\x00'}, {0x20, '/dev/snd/timer\x00'}], 0xa, "d9fe4ee8efca4820d75a1ba074d052c3e79e5bd46d46421b73ee002f1ca79b9a50af22e25825424256bfd17c18814ba1db46a6bddf101bfb"}, 0x98) syz_emit_ethernet(0xfdef, &(0x7f0000001b80)=ANY=[], 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(r5, 0x4004af61, &(0x7f0000000500)=0x1) ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f0000000a40)={0x1, 0x0, [{0x3000, 0x31, &(0x7f00000003c0)=""/49}]}) sendto$inet6(r4, 0x0, 0x0, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0xb, @empty}, 0x1c) socket$inet_udp(0x2, 0x2, 0x0) 1.119047849s ago: executing program 5 (id=2059): syz_mount_image$vfat(&(0x7f0000000100), &(0x7f0000000640)='./bus\x00', 0x0, &(0x7f0000000440)=ANY=[], 0x1, 0x1268, &(0x7f0000002500)="$eJzs3U9rI2UcB/Bf2vTv2qbquroL4oNeFCFue/DkpcguiAWl2gUVhFmbamialCYUIuLWkyfBlyHq0ZsgvoFevHgWBJFePO5BHGmT1aZJu7ptU5HP5zIPzzzfeWYyzMCE+TF7L32+sb7WLK9lrRgpFKK4ORbFuylSjMRodOzEc7d+/OnJN956+9XFpaUbyyndXHxz/sWU0uxT373z0ddPf9+6dOub2W8nYnfu3b3fFn7evbJ7de+Pr6LaTNVmqjdaKUu3G41WdrtWSavV5no5pddrlaxZSdV6s7LVs36t1tjcbKesvjozvblVaTZTVm+n9Uo7tQqptdVO2ftZtZ7K5XKamQ5OY+XLu3meR+T5WIxHnuf5VEzHpXgoZmI2SjEXD8cj8WhcjsfiSjweT8TVg1EXvd8AAAAAAAAAAAAAAAAAAADw/3Kf+v+C+n8AAAAAAAAAAAAAAAAAAAA4f0fr/4sRvv8PAAAAAAAAAAAAAAAAAAAAQ3af7/8fqf9/Xv0/AAAAAAAAAAAAAAAAAAAAnIfJzmI5pcmIjU+3V7ZXOstO/+JaVKMWlbgepfg9Dqr/Ozrtm68s3bieDszFCxt3uvk72yujvfn5sVLMFQbm5zv51JufiOnD+YUoxeXB8y8MzE/Gs8/s5z/p5MtRih/ei0bUYjWi0D36g/zH8ym9/NrSVG/+2v64Y42e82kBAACAs1ROf+l/ft/pDhq4vrOq+3yeuiMLJ/w/cOT5vBjXihd11NzTbH+4ntVqla0HbIwfv53x0225r1GIiCwO98xO/7K8P/mZTfGgjdGhTjp28phTnNMo/gd+zDNo/PrFoZ7JGO7sI91LIqvt3z//WSp28vxcd2zgxThxUur4e0ZhCPclhuPvk37RewIAAAAAAAAAAMC/MfDtv6mI6Hsf8IO+nnuvh/fG+7d8/OyfDeEIAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/mQHjgUAAAAAhPlbp9GxAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFcBAAD///ME0UM=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000540)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbee7, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r4}, 0x10) r5 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) write$UHID_CREATE(r5, &(0x7f0000000a00)={0x0, {'syz0\x00', 'syz0\x00', 'syz0\x00', &(0x7f0000000940)=""/3, 0x3, 0x0, 0x4, 0x0, 0x0, 0xc08}}, 0x120) readv(r5, &(0x7f0000000140)=[{&(0x7f0000000080)=""/144, 0x90}], 0x1) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000001c0)='sched_switch\x00', r6}, 0x18) r7 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000740)='./binderfs/binder-control\x00', 0x802, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)=@newlink={0x38, 0x10, 0x403, 0x0, 0x300, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gre={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_PMTUDISC={0x5}]}}}]}, 0x38}, 0x1, 0xba01, 0x0, 0x4004001}, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r7, 0x89f1, &(0x7f0000000300)={'ip6_vti0\x00', 0x0}) sendmsg$nl_route_sched(r8, &(0x7f00000004c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)=@newchain={0x2c, 0x64, 0x1, 0x70bd28, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0xffff}, {0xd, 0x1}, {0xfff0, 0xfff1}}, [@TCA_RATE={0x6, 0x5, {0x4}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x8040) pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) write$FUSE_INIT(r9, &(0x7f00000003c0)={0x50, 0x0, 0x0, {0x7, 0x28, 0xd19e, 0x800080, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x4}}, 0x50) fcntl$setpipe(r9, 0x407, 0x2000000) bpf$PROG_LOAD(0x5, 0x0, 0x0) 888.501168ms ago: executing program 7 (id=2060): bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x4, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a000000050000000200000007"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000818110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000002ec0)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e01f3440cee51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cad32b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337602d3e5a815232f5e16c1b30c3a6abc85018e5ff2c91018afc9ffc2cc788bee1b47683db012469398685211dfbbae3e2ed0a50e7393bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d300006aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7af22e30d46a9d26d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977fb536a9caab37d9ac4cfc1c7b400000000000007ffc826b956ba859ac8e3c177b91bd7d5e41ff83ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d000069a16203a967c1bbe09315c29877a308bcc87dc3addb08142bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8240000e3428d2129369ee1b85af9ffffff0d0df414b315f651c8412392191fa83ee830548f11be359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92000000000f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb74d4ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905de328c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a978ee56c83a3466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342e0eaf6f330e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea95ec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf81700cd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be3827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f969369de47422604e2fc5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293b6c833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b612272d40f522d8c98c879aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbe71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd46dbd61627a2e0a74b5e6aefb7eee403502734137ff47a57f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a125e3af1130d66a7b66837ae7e7123dde7404a067ad0a6a2d6bec9411b61cad4121be3c72ff3a04713042253d438e7becf8120de3895b8ce974958bde39cb8da3427a2e9e2de936431e67fed5ab5684db07de39083d8948cc4c8a2608100000000000000000000aecb8b0b7941088f971ce17427eec32a012295cc0cdd32955176b6ad5a4bb953e58ccfa9428f452cfb5a48a9fda26db3985c8be3c2f99827da074825b01c4a3a71fb59d5798100000000000000c76b05a45d2dd8c20d971e2f3e4369168f5cb83d6ff3a18733fec726034fbfa95624135bee374414b2c8c61f52357a520efd6a10aff244bc8a62ed367981fb4d5d77f7bc093958ff46527499957da4934cd4b370cf76f72dd05fa80cdfb68c836fd81be7a58532e041a87f9222f157610a4bcdc05b2a55308c8e7568b90f7a338557e816a16972aea79dff5becefa6f9c5ce6c58fb38da9e7532dc53cfdc2e789b76f7d32aca1bfea2aa62621b78dded30fc07171866bf3d552900000000a32dda61eeda1750e157c2d569b9d08f583c0ee28daec2e8bb85f3c8e91c4448096ee953def18dc73e55cb30f9cd069d8780b00eaba382f0c3ae391c30a5f1b0f36dd0c2193b791995d2890327a10d7abac76d1202f72e97f0105184d7aaaab8d3e29c9a8d263f076b55cf53c5bb9c0662a3d19a6722d7f83ae4331d3256f90af0857788b380ccc3b266c418e66d1d756d5df6423dd0cea67bc235d3776d22270fc19301ead09f156893e9"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='fib_table_lookup\x00', r2}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0xe2c, 0x60000000, &(0x7f0000000100)="b9ff03316844268cb89e14f0080047e0ffff00124000632f77fbac14fe16e000030a07080403fe80000020006558845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0x24, 0x60000000}, 0x2c) 675.834865ms ago: executing program 7 (id=2061): setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x18) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r2 = syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000002240)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0) read$FUSE(r1, &(0x7f0000007100)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r1, &(0x7f0000002140)={0x50, 0x0, r3, {0x7, 0x2b, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}}, 0x50) read$FUSE(r1, &(0x7f0000002900)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r1, &(0x7f0000000000)={0x10, 0xffffffffffffffda, r4}, 0x10) syz_fuse_handle_req(r1, 0x0, 0x0, &(0x7f0000007040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000007000)={0x20, 0xfffffffffffffff5, 0x0, {0xfffffff8, 0x0, 0x200, 0x8}}, 0x0}) ioctl$FS_IOC_RESVSP(r2, 0x40086602, &(0x7f0000002740)) 0s ago: executing program 0 (id=2062): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000002200)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_udp_encap(r1, 0x11, 0x64, &(0x7f0000000180)=0x2, 0x4) syz_emit_ethernet(0xbe, &(0x7f00000014c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x3e, 0xb0, 0x1000, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x4e21, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "44cb6d37c6818e519c60ca92b05c8ad4ae74ea79fdb58e2b7f29fa51c12f5cbb", "529ce0c19fb809804c2ff3c5412218a7d847fbc93cfef70c00506d947ea54e7f53d1fdc46c7f32f5461c69dbb12ae334", "93789889a9e2835b672961b74d925e86afc527fa482ea332ce27b8a5", {"2e5da89a0ace8edabc766b388285d39f", "375c5bef000000000d4600"}}}}}}}, 0x0) kernel console output (not intermixed with test programs): g=0 arch=c000003e syscall=122 compat=0 ip=0x7f77b198ebe9 code=0x7ffc0000 [ 651.408800][ T28] audit: type=1326 audit(1756596004.168:496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10462 comm="syz.4.1098" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77b198ebe9 code=0x7ffc0000 [ 651.480211][ T28] audit: type=1326 audit(1756596004.168:497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10462 comm="syz.4.1098" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f77b198ebe9 code=0x7ffc0000 [ 651.531414][T10468] loop6: detected capacity change from 0 to 1024 [ 651.578371][ T28] audit: type=1326 audit(1756596004.168:498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10462 comm="syz.4.1098" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77b198ebe9 code=0x7ffc0000 [ 651.624822][T10468] EXT4-fs (loop6): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 651.666807][T10468] EXT4-fs (loop6): revision level too high, forcing read-only mode [ 651.677573][ T28] audit: type=1326 audit(1756596004.168:499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10462 comm="syz.4.1098" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77b198ebe9 code=0x7ffc0000 [ 651.701555][ T28] audit: type=1326 audit(1756596004.168:500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10462 comm="syz.4.1098" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f77b198ebe9 code=0x7ffc0000 [ 651.724933][ T28] audit: type=1326 audit(1756596004.168:501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10462 comm="syz.4.1098" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77b198ebe9 code=0x7ffc0000 [ 651.727315][T10468] EXT4-fs (loop6): orphan cleanup on readonly fs [ 651.747927][ T28] audit: type=1326 audit(1756596004.178:502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10462 comm="syz.4.1098" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f77b198ebe9 code=0x7ffc0000 [ 651.747987][ T28] audit: type=1326 audit(1756596004.178:503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10462 comm="syz.4.1098" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77b198ebe9 code=0x7ffc0000 [ 651.848687][T10468] EXT4-fs error (device loop6): ext4_free_blocks:6676: comm syz.6.1102: Freeing blocks not in datazone - block = 0, count = 4096 [ 651.921010][T10468] EXT4-fs (loop6): 1 orphan inode deleted [ 651.949662][T10468] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 652.110391][ T9360] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 652.444058][T10481] loop4: detected capacity change from 0 to 256 [ 652.537500][T10481] FAT-fs (loop4): Directory bread(block 64) failed [ 652.554615][T10481] FAT-fs (loop4): Directory bread(block 65) failed [ 652.581924][T10481] FAT-fs (loop4): Directory bread(block 66) failed [ 652.593404][T10481] FAT-fs (loop4): Directory bread(block 67) failed [ 652.604111][T10481] FAT-fs (loop4): Directory bread(block 68) failed [ 652.615497][T10481] FAT-fs (loop4): Directory bread(block 69) failed [ 652.810198][T10481] FAT-fs (loop4): Directory bread(block 70) failed [ 652.816803][T10481] FAT-fs (loop4): Directory bread(block 71) failed [ 652.829623][T10481] FAT-fs (loop4): Directory bread(block 72) failed [ 652.836348][T10481] FAT-fs (loop4): Directory bread(block 73) failed [ 654.225026][T10495] loop6: detected capacity change from 0 to 256 [ 654.274831][T10495] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 655.477203][T10500] netlink: 44 bytes leftover after parsing attributes in process `syz.6.1113'. [ 655.507449][T10500] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1113'. [ 655.806772][T10503] loop6: detected capacity change from 0 to 1024 [ 655.815486][T10503] EXT4-fs (loop6): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 655.844247][T10503] EXT4-fs (loop6): revision level too high, forcing read-only mode [ 655.873603][T10503] EXT4-fs (loop6): orphan cleanup on readonly fs [ 655.888730][T10503] EXT4-fs error (device loop6): ext4_free_blocks:6676: comm syz.6.1114: Freeing blocks not in datazone - block = 0, count = 4096 [ 655.905794][T10503] EXT4-fs (loop6): 1 orphan inode deleted [ 655.924251][T10503] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 655.970204][ T9360] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 656.192354][ T9122] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 656.374389][ T9122] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 656.519658][ T9122] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 656.605569][ T9122] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 656.988374][ T9122] tipc: Disabling bearer [ 656.997062][ T9122] tipc: Left network mode [ 658.506333][T10375] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 658.522976][T10375] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 658.542244][T10375] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 658.553401][T10375] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 658.563798][T10375] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 658.573584][T10375] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 659.417240][T10539] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1123'. [ 659.470524][T10539] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1123'. [ 660.552368][T10528] chnl_net:caif_netlink_parms(): no params data found [ 660.848552][ T5104] Bluetooth: hci3: command tx timeout [ 661.019446][T10528] bridge0: port 1(bridge_slave_0) entered blocking state [ 661.058365][T10528] bridge0: port 1(bridge_slave_0) entered disabled state [ 661.066973][T10528] bridge_slave_0: entered allmulticast mode [ 661.109611][T10528] bridge_slave_0: entered promiscuous mode [ 661.120880][T10528] bridge0: port 2(bridge_slave_1) entered blocking state [ 661.129587][T10528] bridge0: port 2(bridge_slave_1) entered disabled state [ 661.136982][T10528] bridge_slave_1: entered allmulticast mode [ 661.145891][T10528] bridge_slave_1: entered promiscuous mode [ 661.203749][ T9122] hsr_slave_0: left promiscuous mode [ 661.242031][ T9122] hsr_slave_1: left promiscuous mode [ 661.328042][ T9122] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 661.357906][ T9122] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 661.385209][ T9122] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 661.404823][ T9122] bridge_slave_1: left allmulticast mode [ 661.438023][ T9122] bridge_slave_1: left promiscuous mode [ 661.454141][ T9122] bridge0: port 2(bridge_slave_1) entered disabled state [ 661.492002][ T9122] bridge_slave_0: left allmulticast mode [ 661.508039][ T9122] bridge_slave_0: left promiscuous mode [ 661.524747][ T9122] bridge0: port 1(bridge_slave_0) entered disabled state [ 661.681045][ T9122] veth1_macvtap: left promiscuous mode [ 661.693745][ T9122] veth0_macvtap: left promiscuous mode [ 661.711248][ T9122] veth1_vlan: left promiscuous mode [ 661.717537][ T28] kauditd_printk_skb: 8 callbacks suppressed [ 661.717551][ T28] audit: type=1326 audit(1756596014.608:512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10584 comm="syz.5.1133" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81fb18ebe9 code=0x7ffc0000 [ 661.725025][ T9122] veth0_vlan: left promiscuous mode [ 661.778313][ T28] audit: type=1326 audit(1756596014.608:513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10584 comm="syz.5.1133" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81fb18ebe9 code=0x7ffc0000 [ 661.826068][ T28] audit: type=1326 audit(1756596014.618:514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10584 comm="syz.5.1133" exe="/root/syz-executor" sig=0 arch=c000003e syscall=127 compat=0 ip=0x7f81fb18ebe9 code=0x7ffc0000 [ 661.910826][ T28] audit: type=1326 audit(1756596014.618:515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10584 comm="syz.5.1133" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81fb18ebe9 code=0x7ffc0000 [ 662.928382][ T5104] Bluetooth: hci3: command tx timeout [ 664.726138][ T9122] team0 (unregistering): Port device team_slave_1 removed [ 664.805944][ T9122] team0 (unregistering): Port device team_slave_0 removed [ 664.884774][ T9122] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 664.959069][ T9122] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 665.015126][ T5104] Bluetooth: hci3: command tx timeout [ 665.982060][ T9122] bond0 (unregistering): Released all slaves [ 666.228437][T10528] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 666.266072][T10528] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 666.429714][T10528] team0: Port device team_slave_0 added [ 666.471816][T10528] team0: Port device team_slave_1 added [ 666.643336][T10528] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 666.659682][T10528] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 666.753043][T10528] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 666.830113][T10528] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 666.855584][T10528] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 666.918367][T10528] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 667.091682][ T5104] Bluetooth: hci3: command tx timeout [ 667.188729][T10528] hsr_slave_0: entered promiscuous mode [ 667.241004][T10528] hsr_slave_1: entered promiscuous mode [ 667.638593][ T27] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 668.040094][ T27] usb 7-1: config 0 has an invalid interface number: 28 but max is 0 [ 668.058451][ T27] usb 7-1: config 0 has no interface number 0 [ 668.064657][ T27] usb 7-1: config 0 interface 28 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 668.083156][ T27] usb 7-1: config 0 interface 28 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 668.161712][T10648] netlink: 96 bytes leftover after parsing attributes in process `syz.5.1146'. [ 668.199187][ T27] usb 7-1: New USB device found, idVendor=046d, idProduct=c534, bcdDevice= 0.00 [ 668.300032][ T27] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 668.713994][ T27] usb 7-1: config 0 descriptor?? [ 669.332474][T10528] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 669.359858][T10528] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 669.384774][ T27] usbhid 7-1:0.28: can't add hid device: -71 [ 669.404037][T10528] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 669.411047][ T27] usbhid: probe of 7-1:0.28 failed with error -71 [ 669.440127][ T27] usb 7-1: USB disconnect, device number 5 [ 669.483318][T10528] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 669.665920][T10528] 8021q: adding VLAN 0 to HW filter on device bond0 [ 669.748741][T10528] 8021q: adding VLAN 0 to HW filter on device team0 [ 669.775971][ T1093] bridge0: port 1(bridge_slave_0) entered blocking state [ 669.783338][ T1093] bridge0: port 1(bridge_slave_0) entered forwarding state [ 669.835103][ T1093] bridge0: port 2(bridge_slave_1) entered blocking state [ 669.842371][ T1093] bridge0: port 2(bridge_slave_1) entered forwarding state [ 670.256485][T10679] loop6: detected capacity change from 0 to 1024 [ 670.702513][T10679] EXT4-fs (loop6): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 671.060716][T10679] EXT4-fs (loop6): revision level too high, forcing read-only mode [ 671.128768][T10679] EXT4-fs (loop6): orphan cleanup on readonly fs [ 671.166820][T10679] EXT4-fs error (device loop6): ext4_free_blocks:6676: comm syz.6.1151: Freeing blocks not in datazone - block = 0, count = 4096 [ 671.272159][T10679] EXT4-fs (loop6): 1 orphan inode deleted [ 671.299803][T10679] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 671.510102][ T9360] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 671.763919][T10528] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 671.964671][T10528] veth0_vlan: entered promiscuous mode [ 672.023286][T10528] veth1_vlan: entered promiscuous mode [ 672.033714][T10700] loop6: detected capacity change from 0 to 512 [ 672.109255][T10700] EXT4-fs: Ignoring removed i_version option [ 672.124379][T10700] EXT4-fs: Ignoring removed nobh option [ 672.144122][T10528] veth0_macvtap: entered promiscuous mode [ 672.186834][T10700] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 672.214288][T10700] EXT4-fs (loop6): 1 truncate cleaned up [ 672.221387][T10528] veth1_macvtap: entered promiscuous mode [ 672.249605][T10700] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 672.264622][T10528] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 672.338409][T10528] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 672.370983][T10528] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 672.417808][T10528] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 672.432291][T10528] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 672.442912][T10528] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 672.480306][T10528] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 672.514701][ T9360] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 672.565935][T10528] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 672.598495][T10528] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 672.639651][T10528] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 672.681058][T10528] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 672.714085][T10528] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 672.755971][T10528] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 672.790582][T10528] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 672.816433][T10528] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 672.834473][T10528] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 672.872571][T10528] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 672.887167][T10528] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 673.062936][ T1079] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 673.108252][ T1079] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 673.224156][ T1079] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 673.258487][ T1079] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 673.479552][T10731] syz.0.1125[10731] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 673.479706][T10731] syz.0.1125[10731] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 673.946760][T10744] loop4: detected capacity change from 0 to 1024 [ 674.008387][T10744] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 674.032887][T10744] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 674.056011][T10744] EXT4-fs (loop4): orphan cleanup on readonly fs [ 674.063363][T10744] EXT4-fs error (device loop4): ext4_free_blocks:6676: comm syz.4.1161: Freeing blocks not in datazone - block = 0, count = 4096 [ 674.123131][T10744] EXT4-fs (loop4): 1 orphan inode deleted [ 674.159545][T10744] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 674.250781][ T5917] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 682.324977][T10824] loop4: detected capacity change from 0 to 4096 [ 682.338406][ T28] audit: type=1326 audit(1756596035.248:516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10826 comm="syz.6.1183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb7a38ebe9 code=0x7ffc0000 [ 682.398329][ T28] audit: type=1326 audit(1756596035.248:517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10826 comm="syz.6.1183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb7a38ebe9 code=0x7ffc0000 [ 682.448602][ T28] audit: type=1326 audit(1756596035.248:518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10826 comm="syz.6.1183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=6 compat=0 ip=0x7feb7a38ebe9 code=0x7ffc0000 [ 682.472752][T10824] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 682.493062][ T28] audit: type=1326 audit(1756596035.248:519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10826 comm="syz.6.1183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb7a38ebe9 code=0x7ffc0000 [ 682.733185][T10832] loop6: detected capacity change from 0 to 1024 [ 682.784504][T10832] Quota error (device loop6): do_check_range: Getting block 64 out of range 1-5 [ 682.848858][T10832] Quota error (device loop6): qtree_read_dquot: Can't read quota structure for id 0 [ 682.902907][T10832] EXT4-fs error (device loop6): ext4_acquire_dquot:6940: comm syz.6.1186: Failed to acquire dquot type 0 [ 682.958709][T10832] EXT4-fs error (device loop6): mb_free_blocks:1938: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt. [ 682.988656][T10832] EXT4-fs error (device loop6): ext4_do_update_inode:5230: inode #13: comm syz.6.1186: corrupted inode contents [ 683.033930][T10832] EXT4-fs error (device loop6): ext4_dirty_inode:6106: inode #13: comm syz.6.1186: mark_inode_dirty error [ 683.069312][T10832] EXT4-fs error (device loop6): ext4_do_update_inode:5230: inode #13: comm syz.6.1186: corrupted inode contents [ 683.084046][ T5917] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 683.097144][T10832] EXT4-fs error (device loop6): __ext4_ext_dirty:202: inode #13: comm syz.6.1186: mark_inode_dirty error [ 683.162965][T10832] EXT4-fs error (device loop6): ext4_do_update_inode:5230: inode #13: comm syz.6.1186: corrupted inode contents [ 683.238506][T10832] EXT4-fs error (device loop6) in ext4_orphan_del:305: Corrupt filesystem [ 683.287245][T10832] EXT4-fs error (device loop6): ext4_do_update_inode:5230: inode #13: comm syz.6.1186: corrupted inode contents [ 683.303515][T10832] EXT4-fs error (device loop6): ext4_truncate:4288: inode #13: comm syz.6.1186: mark_inode_dirty error [ 683.320533][T10832] EXT4-fs error (device loop6) in ext4_process_orphan:347: Corrupt filesystem [ 683.337104][T10832] EXT4-fs (loop6): 1 truncate cleaned up [ 683.350861][T10832] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 684.337933][ T9360] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 685.487801][ T28] audit: type=1326 audit(1756596038.368:520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10842 comm="syz.4.1188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77b198ebe9 code=0x7ffc0000 [ 685.847060][ T28] audit: type=1326 audit(1756596038.368:521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10842 comm="syz.4.1188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77b198ebe9 code=0x7ffc0000 [ 685.913978][ T28] audit: type=1326 audit(1756596038.368:522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10842 comm="syz.4.1188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=138 compat=0 ip=0x7f77b198ebe9 code=0x7ffc0000 [ 685.978663][ T28] audit: type=1326 audit(1756596038.368:523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10842 comm="syz.4.1188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77b198ebe9 code=0x7ffc0000 [ 686.216614][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.223228][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.230453][T10859] loop4: detected capacity change from 0 to 4096 [ 686.276038][T10859] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 686.288095][T10862] Zero length message leads to an empty skb [ 688.165658][ T5917] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 688.233595][T10870] loop6: detected capacity change from 0 to 1024 [ 688.272678][T10870] EXT4-fs (loop6): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 688.300469][T10870] EXT4-fs (loop6): revision level too high, forcing read-only mode [ 688.318908][T10870] EXT4-fs (loop6): orphan cleanup on readonly fs [ 688.326811][T10870] EXT4-fs error (device loop6): ext4_free_blocks:6676: comm syz.6.1196: Freeing blocks not in datazone - block = 0, count = 4096 [ 688.374534][T10870] EXT4-fs (loop6): 1 orphan inode deleted [ 688.389668][T10870] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 688.488904][ T9360] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 688.687268][ T28] kauditd_printk_skb: 22 callbacks suppressed [ 688.687284][ T28] audit: type=1326 audit(1756596041.588:546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10876 comm="syz.0.1199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 688.755900][ T28] audit: type=1326 audit(1756596041.628:547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10876 comm="syz.0.1199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=264 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 688.817012][ T28] audit: type=1326 audit(1756596041.628:548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10876 comm="syz.0.1199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 692.647265][T10895] loop4: detected capacity change from 0 to 512 [ 692.814476][T10895] EXT4-fs error (device loop4): ext4_do_update_inode:5230: inode #16: comm syz.4.1204: corrupted inode contents [ 692.878522][T10895] EXT4-fs (loop4): Remounting filesystem read-only [ 692.885921][T10895] EXT4-fs (loop4): 1 truncate cleaned up [ 692.908098][T10895] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 692.918784][ T9136] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 692.922691][T10895] ext4 filesystem being mounted at /297/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 692.973338][ T9136] Quota error (device loop4): write_blk: dquota write failed [ 693.018375][ T9136] Quota error (device loop4): remove_free_dqentry: Can't write block (5) with free entries [ 693.052980][ T9136] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 693.131165][ T9136] Quota error (device loop4): write_blk: dquota write failed [ 693.176368][ T9136] Quota error (device loop4): free_dqentry: Can't move quota data block (5) to free list [ 693.217892][ T9136] EXT4-fs (loop4): Quota write (off=8, len=24) cancelled because transaction is not started [ 693.228822][ T9136] Quota error (device loop4): v2_write_file_info: Can't write info structure [ 693.240024][ T9136] Quota error (device loop4): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 693.343298][T10909] xt_CT: You must specify a L4 protocol and not use inversions on it [ 693.982069][ T5917] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 696.488703][ T28] audit: type=1326 audit(1756596049.378:549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10931 comm="syz.6.1215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb7a38ebe9 code=0x7ffc0000 [ 696.642442][ T28] audit: type=1326 audit(1756596049.378:550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10931 comm="syz.6.1215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=88 compat=0 ip=0x7feb7a38ebe9 code=0x7ffc0000 [ 696.737174][ T28] audit: type=1326 audit(1756596049.378:551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10931 comm="syz.6.1215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb7a38ebe9 code=0x7ffc0000 [ 701.557646][ T28] audit: type=1326 audit(1756596054.448:552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10961 comm="syz.0.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 701.638973][ T28] audit: type=1326 audit(1756596054.448:553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10961 comm="syz.0.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 701.683023][ T28] audit: type=1326 audit(1756596054.448:554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10961 comm="syz.0.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 701.726436][ T28] audit: type=1326 audit(1756596054.458:555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10961 comm="syz.0.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 701.764909][ T28] audit: type=1326 audit(1756596054.458:556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10961 comm="syz.0.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 701.800526][ T28] audit: type=1326 audit(1756596054.458:557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10961 comm="syz.0.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 701.894770][ T28] audit: type=1326 audit(1756596054.458:558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10961 comm="syz.0.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 701.961420][ T28] audit: type=1326 audit(1756596054.458:559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10961 comm="syz.0.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 702.226387][ T28] audit: type=1326 audit(1756596054.458:560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10961 comm="syz.0.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 702.253658][ T28] audit: type=1326 audit(1756596054.458:561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10961 comm="syz.0.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 704.226956][T11017] input: syz1 as /devices/virtual/input/input10 [ 707.031524][T11056] tipc: Enabling of bearer rejected, failed to enable media [ 711.118542][T11098] loop6: detected capacity change from 0 to 1024 [ 711.170635][T11098] EXT4-fs (loop6): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 711.206714][T11098] EXT4-fs (loop6): revision level too high, forcing read-only mode [ 711.216078][T11098] EXT4-fs (loop6): orphan cleanup on readonly fs [ 711.228903][T11098] EXT4-fs error (device loop6): ext4_free_blocks:6676: comm syz.6.1269: Freeing blocks not in datazone - block = 0, count = 4096 [ 711.246947][T11098] EXT4-fs (loop6): 1 orphan inode deleted [ 711.266442][T11098] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 711.416450][ T9360] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 711.645425][T11113] loop6: detected capacity change from 0 to 1024 [ 711.736752][T11113] __quota_error: 22 callbacks suppressed [ 711.736769][T11113] Quota error (device loop6): do_check_range: Getting block 64 out of range 1-5 [ 711.799519][T11113] Quota error (device loop6): qtree_read_dquot: Can't read quota structure for id 0 [ 713.778466][T11113] EXT4-fs error (device loop6): ext4_acquire_dquot:6940: comm syz.6.1274: Failed to acquire dquot type 0 [ 713.842743][T11113] EXT4-fs error (device loop6): mb_free_blocks:1938: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt. [ 713.929690][T11113] EXT4-fs error (device loop6): ext4_do_update_inode:5230: inode #13: comm syz.6.1274: corrupted inode contents [ 713.997512][T11113] EXT4-fs error (device loop6): ext4_dirty_inode:6106: inode #13: comm syz.6.1274: mark_inode_dirty error [ 714.035863][T11113] EXT4-fs error (device loop6): ext4_do_update_inode:5230: inode #13: comm syz.6.1274: corrupted inode contents [ 714.073677][T11113] EXT4-fs error (device loop6): __ext4_ext_dirty:202: inode #13: comm syz.6.1274: mark_inode_dirty error [ 714.105932][T11113] EXT4-fs error (device loop6): ext4_do_update_inode:5230: inode #13: comm syz.6.1274: corrupted inode contents [ 714.151012][T11113] EXT4-fs error (device loop6) in ext4_orphan_del:305: Corrupt filesystem [ 714.173974][T11113] EXT4-fs error (device loop6): ext4_do_update_inode:5230: inode #13: comm syz.6.1274: corrupted inode contents [ 714.215188][T11113] EXT4-fs error (device loop6): ext4_truncate:4288: inode #13: comm syz.6.1274: mark_inode_dirty error [ 714.252041][T11113] EXT4-fs error (device loop6) in ext4_process_orphan:347: Corrupt filesystem [ 714.275147][T11113] EXT4-fs (loop6): 1 truncate cleaned up [ 714.303283][T11113] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 715.627918][ T9360] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 717.284347][T11155] loop6: detected capacity change from 0 to 512 [ 717.340562][T11155] EXT4-fs: Ignoring removed i_version option [ 717.346628][T11155] EXT4-fs: Ignoring removed nobh option [ 717.362399][T11155] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 717.456773][T11155] EXT4-fs (loop6): 1 truncate cleaned up [ 717.503379][T11155] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 718.885169][ T9360] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 721.142681][T11181] loop4: detected capacity change from 0 to 8192 [ 725.489385][ T28] audit: type=1326 audit(1756596078.388:584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11190 comm="syz.6.1295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb7a38ebe9 code=0x7fc00000 [ 725.828808][T11206] x_tables: duplicate underflow at hook 1 [ 726.026082][T11207] proc: Unknown parameter '' [ 727.886230][T11223] input: syz1 as /devices/virtual/input/input11 [ 727.979267][T11225] loop6: detected capacity change from 0 to 1024 [ 727.987470][T11225] EXT4-fs: Ignoring removed oldalloc option [ 728.012452][T11225] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 728.077592][T11225] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 730.495663][ T9360] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 731.968474][ T28] audit: type=1326 audit(1756596084.858:585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11259 comm="syz.6.1316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb7a38ebe9 code=0x7ffc0000 [ 732.044049][ T28] audit: type=1326 audit(1756596084.858:586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11259 comm="syz.6.1316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb7a38ebe9 code=0x7ffc0000 [ 732.526454][ T28] audit: type=1326 audit(1756596084.908:587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11259 comm="syz.6.1316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7feb7a38ebe9 code=0x7ffc0000 [ 732.527687][ T28] audit: type=1326 audit(1756596084.908:588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11259 comm="syz.6.1316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb7a38ebe9 code=0x7ffc0000 [ 732.531036][ T28] audit: type=1326 audit(1756596084.908:589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11259 comm="syz.6.1316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7feb7a38ebe9 code=0x7ffc0000 [ 732.532894][ T28] audit: type=1326 audit(1756596084.908:590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11259 comm="syz.6.1316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb7a38ebe9 code=0x7ffc0000 [ 732.537735][ T28] audit: type=1326 audit(1756596084.908:591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11259 comm="syz.6.1316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=200 compat=0 ip=0x7feb7a38ebe9 code=0x7ffc0000 [ 732.543606][ T28] audit: type=1326 audit(1756596084.908:592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11259 comm="syz.6.1316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb7a38ebe9 code=0x7ffc0000 [ 734.466579][T11279] loop6: detected capacity change from 0 to 40427 [ 734.493113][T11279] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12 [ 734.598684][T11279] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock [ 734.720554][T11279] F2FS-fs (loop6): Found nat_bits in checkpoint [ 735.569506][T11279] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0 [ 735.608321][T11279] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 735.711676][ T28] audit: type=1326 audit(1756596088.608:593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11315 comm="syz.0.1334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 735.861387][ T28] audit: type=1326 audit(1756596088.608:594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11315 comm="syz.0.1334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 737.296928][T11320] tipc: Enabling of bearer rejected, failed to enable media [ 738.065235][T11324] 9pnet_fd: Insufficient options for proto=fd [ 743.691652][T11372] loop4: detected capacity change from 0 to 1024 [ 743.758627][T11372] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 743.790749][T11372] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 743.834881][T11372] EXT4-fs (loop4): orphan cleanup on readonly fs [ 743.858121][T11372] EXT4-fs error (device loop4): ext4_free_blocks:6676: comm syz.4.1348: Freeing blocks not in datazone - block = 0, count = 4096 [ 743.877803][T11372] EXT4-fs (loop4): 1 orphan inode deleted [ 743.885439][T11372] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 744.113105][ T5917] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 745.634761][T11385] loop4: detected capacity change from 0 to 128 [ 747.662091][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.668808][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 750.883514][T11425] loop6: detected capacity change from 0 to 128 [ 755.278228][T11458] loop4: detected capacity change from 0 to 1024 [ 755.292062][T11458] ext4: Unknown parameter 'nouser_xattr' [ 756.330486][T10893] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 759.089670][T11470] loop4: detected capacity change from 0 to 256 [ 759.126917][T11470] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 763.925285][T11501] loop6: detected capacity change from 0 to 128 [ 766.472149][ T28] kauditd_printk_skb: 12 callbacks suppressed [ 766.472166][ T28] audit: type=1326 audit(1756596119.378:607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11525 comm="syz.0.1393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 766.524065][ T28] audit: type=1326 audit(1756596119.378:608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11525 comm="syz.0.1393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 766.618035][ T28] audit: type=1326 audit(1756596119.378:609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11525 comm="syz.0.1393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=125 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 766.649119][ T28] audit: type=1326 audit(1756596119.378:610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11525 comm="syz.0.1393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 767.328220][T11544] loop6: detected capacity change from 0 to 1024 [ 767.348217][T11544] ext4: Unknown parameter 'nouser_xattr' [ 771.947840][T11572] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 772.236054][T11580] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1408'. [ 774.976609][T11607] netlink: 'syz.5.1420': attribute type 12 has an invalid length. [ 774.988893][T11607] netlink: 'syz.5.1420': attribute type 4 has an invalid length. [ 774.997036][T11607] netlink: 156 bytes leftover after parsing attributes in process `syz.5.1420'. [ 775.836300][T11620] loop6: detected capacity change from 0 to 8192 [ 776.399857][T11628] loop4: detected capacity change from 0 to 1024 [ 776.489703][T11628] Quota error (device loop4): do_check_range: Getting block 64 out of range 1-5 [ 776.510561][T11628] Quota error (device loop4): qtree_read_dquot: Can't read quota structure for id 0 [ 776.583141][T11628] EXT4-fs error (device loop4): ext4_acquire_dquot:6940: comm syz.4.1426: Failed to acquire dquot type 0 [ 776.803428][T11637] fuse: Unknown parameter 'grou00000000000000000000' [ 776.815467][T11628] EXT4-fs error (device loop4): mb_free_blocks:1938: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt. [ 776.844291][T11628] EXT4-fs error (device loop4): ext4_do_update_inode:5230: inode #13: comm syz.4.1426: corrupted inode contents [ 776.856945][T11628] EXT4-fs error (device loop4): ext4_dirty_inode:6106: inode #13: comm syz.4.1426: mark_inode_dirty error [ 776.876341][T11628] EXT4-fs error (device loop4): ext4_do_update_inode:5230: inode #13: comm syz.4.1426: corrupted inode contents [ 776.898421][T11628] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #13: comm syz.4.1426: mark_inode_dirty error [ 776.914875][T11628] EXT4-fs error (device loop4): ext4_do_update_inode:5230: inode #13: comm syz.4.1426: corrupted inode contents [ 776.974408][T11628] EXT4-fs error (device loop4) in ext4_orphan_del:305: Corrupt filesystem [ 777.623771][T11628] EXT4-fs error (device loop4): ext4_do_update_inode:5230: inode #13: comm syz.4.1426: corrupted inode contents [ 777.668905][T11628] EXT4-fs error (device loop4): ext4_truncate:4288: inode #13: comm syz.4.1426: mark_inode_dirty error [ 777.687054][T11628] EXT4-fs error (device loop4) in ext4_process_orphan:347: Corrupt filesystem [ 777.701250][T11628] EXT4-fs (loop4): 1 truncate cleaned up [ 777.776145][T11628] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 778.289112][ T5883] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 778.574675][ T5883] usb 7-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 778.604190][ T5883] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 778.623288][ T5883] usb 7-1: config 0 descriptor?? [ 778.814382][ T5917] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 779.355415][ T5883] usb 7-1: Cannot set autoneg [ 779.361241][ T5883] MOSCHIP usb-ethernet driver: probe of 7-1:0.0 failed with error -71 [ 779.389772][ T5883] usb 7-1: USB disconnect, device number 6 [ 781.255245][T11684] loop6: detected capacity change from 0 to 512 [ 781.306875][T11684] EXT4-fs error (device loop6): ext4_do_update_inode:5230: inode #16: comm syz.6.1442: corrupted inode contents [ 781.331085][T11684] EXT4-fs (loop6): Remounting filesystem read-only [ 781.386963][T11684] EXT4-fs (loop6): 1 truncate cleaned up [ 781.394879][T11684] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 781.407993][T11684] ext4 filesystem being mounted at /121/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 781.484518][ T9122] EXT4-fs (loop6): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 781.533941][ T9122] Quota error (device loop6): write_blk: dquota write failed [ 781.558222][ T9122] Quota error (device loop6): remove_free_dqentry: Can't write block (5) with free entries [ 781.568649][ T9122] EXT4-fs (loop6): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 781.580437][ T9122] Quota error (device loop6): write_blk: dquota write failed [ 781.588364][ T9122] Quota error (device loop6): free_dqentry: Can't move quota data block (5) to free list [ 781.598548][ T9122] EXT4-fs (loop6): Quota write (off=8, len=24) cancelled because transaction is not started [ 781.609066][ T9122] Quota error (device loop6): v2_write_file_info: Can't write info structure [ 781.618033][ T9122] Quota error (device loop6): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 781.652171][T11693] loop4: detected capacity change from 0 to 1024 [ 784.041860][T11693] Quota error (device loop4): do_check_range: Getting block 64 out of range 1-5 [ 784.084271][T11693] Quota error (device loop4): qtree_read_dquot: Can't read quota structure for id 0 [ 784.132350][T11693] EXT4-fs error (device loop4): ext4_acquire_dquot:6940: comm syz.4.1444: Failed to acquire dquot type 0 [ 784.183006][T11693] EXT4-fs error (device loop4): mb_free_blocks:1938: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt. [ 784.184068][ T9360] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 784.209504][T11693] EXT4-fs error (device loop4): ext4_do_update_inode:5230: inode #13: comm syz.4.1444: corrupted inode contents [ 784.222164][T11693] EXT4-fs error (device loop4): ext4_dirty_inode:6106: inode #13: comm syz.4.1444: mark_inode_dirty error [ 784.260697][T11693] EXT4-fs error (device loop4): ext4_do_update_inode:5230: inode #13: comm syz.4.1444: corrupted inode contents [ 784.328871][T11693] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #13: comm syz.4.1444: mark_inode_dirty error [ 784.349207][T11693] EXT4-fs error (device loop4): ext4_do_update_inode:5230: inode #13: comm syz.4.1444: corrupted inode contents [ 784.381897][T11693] EXT4-fs error (device loop4) in ext4_orphan_del:305: Corrupt filesystem [ 784.402872][T11693] EXT4-fs error (device loop4): ext4_do_update_inode:5230: inode #13: comm syz.4.1444: corrupted inode contents [ 784.417123][T11693] EXT4-fs error (device loop4): ext4_truncate:4288: inode #13: comm syz.4.1444: mark_inode_dirty error [ 784.451337][T11693] EXT4-fs error (device loop4) in ext4_process_orphan:347: Corrupt filesystem [ 784.476188][T11693] EXT4-fs (loop4): 1 truncate cleaned up [ 784.489763][T11693] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 784.617808][ T5917] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 784.624265][T11709] loop6: detected capacity change from 0 to 1024 [ 784.664121][T11709] Quota error (device loop6): do_check_range: Getting block 64 out of range 1-5 [ 784.745743][T11709] Quota error (device loop6): qtree_read_dquot: Can't read quota structure for id 0 [ 784.755980][T11709] EXT4-fs error (device loop6): ext4_acquire_dquot:6940: comm syz.6.1449: Failed to acquire dquot type 0 [ 784.839459][T11709] EXT4-fs error (device loop6): mb_free_blocks:1938: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt. [ 784.889860][T11709] EXT4-fs error (device loop6): ext4_do_update_inode:5230: inode #13: comm syz.6.1449: corrupted inode contents [ 784.922154][T11713] loop4: detected capacity change from 0 to 1024 [ 784.930112][T11709] EXT4-fs error (device loop6): ext4_dirty_inode:6106: inode #13: comm syz.6.1449: mark_inode_dirty error [ 784.958240][T11709] EXT4-fs error (device loop6): ext4_do_update_inode:5230: inode #13: comm syz.6.1449: corrupted inode contents [ 784.965437][T11713] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 785.064200][T11713] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 785.105110][T11713] EXT4-fs (loop4): orphan cleanup on readonly fs [ 785.143023][T11713] EXT4-fs error (device loop4): ext4_free_blocks:6676: comm syz.4.1451: Freeing blocks not in datazone - block = 0, count = 4096 [ 785.201520][T11713] EXT4-fs (loop4): 1 orphan inode deleted [ 785.234188][T11709] EXT4-fs error (device loop6): __ext4_ext_dirty:202: inode #13: comm syz.6.1449: mark_inode_dirty error [ 785.256054][T11713] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 785.301239][T11709] EXT4-fs error (device loop6): ext4_do_update_inode:5230: inode #13: comm syz.6.1449: corrupted inode contents [ 785.362800][T11709] EXT4-fs error (device loop6) in ext4_orphan_del:305: Corrupt filesystem [ 785.374269][T11709] EXT4-fs error (device loop6): ext4_do_update_inode:5230: inode #13: comm syz.6.1449: corrupted inode contents [ 785.388316][T11709] EXT4-fs error (device loop6): ext4_truncate:4288: inode #13: comm syz.6.1449: mark_inode_dirty error [ 785.408926][T11709] EXT4-fs error (device loop6) in ext4_process_orphan:347: Corrupt filesystem [ 785.443154][ T5917] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 785.559865][T11709] EXT4-fs (loop6): 1 truncate cleaned up [ 785.567066][T11709] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 785.922514][T11728] loop4: detected capacity change from 0 to 512 [ 786.184034][T10375] Bluetooth: hci3: command 0x0406 tx timeout [ 786.502052][T11728] EXT4-fs error (device loop4): ext4_do_update_inode:5230: inode #16: comm syz.4.1456: corrupted inode contents [ 786.586794][T11728] EXT4-fs (loop4): Remounting filesystem read-only [ 786.607150][T11728] EXT4-fs (loop4): 1 truncate cleaned up [ 786.655927][T11728] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 786.685910][T11728] ext4 filesystem being mounted at /348/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 786.689894][ T9134] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 786.754776][ T9134] Quota error (device loop4): write_blk: dquota write failed [ 786.763102][ T9134] Quota error (device loop4): remove_free_dqentry: Can't write block (5) with free entries [ 786.773567][ T9134] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 786.785860][ T9134] Quota error (device loop4): write_blk: dquota write failed [ 786.793553][ T9134] Quota error (device loop4): free_dqentry: Can't move quota data block (5) to free list [ 786.804010][ T9134] EXT4-fs (loop4): Quota write (off=8, len=24) cancelled because transaction is not started [ 786.814907][ T9134] Quota error (device loop4): v2_write_file_info: Can't write info structure [ 786.824158][ T9134] Quota error (device loop4): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 786.853662][ T9360] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 789.070812][ T5917] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 789.156914][T11745] loop6: detected capacity change from 0 to 1024 [ 789.265656][T11745] Quota error (device loop6): do_check_range: Getting block 64 out of range 1-5 [ 789.372416][T11745] Quota error (device loop6): qtree_read_dquot: Can't read quota structure for id 0 [ 789.387261][T11745] EXT4-fs error (device loop6): ext4_acquire_dquot:6940: comm syz.6.1459: Failed to acquire dquot type 0 [ 789.419478][T11745] EXT4-fs error (device loop6): mb_free_blocks:1938: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt. [ 789.435075][T11745] EXT4-fs error (device loop6): ext4_do_update_inode:5230: inode #13: comm syz.6.1459: corrupted inode contents [ 789.453928][T11745] EXT4-fs error (device loop6): ext4_dirty_inode:6106: inode #13: comm syz.6.1459: mark_inode_dirty error [ 789.466419][T11745] EXT4-fs error (device loop6): ext4_do_update_inode:5230: inode #13: comm syz.6.1459: corrupted inode contents [ 789.489784][T11745] EXT4-fs error (device loop6): __ext4_ext_dirty:202: inode #13: comm syz.6.1459: mark_inode_dirty error [ 789.520896][T11745] EXT4-fs error (device loop6): ext4_do_update_inode:5230: inode #13: comm syz.6.1459: corrupted inode contents [ 789.546270][T11745] EXT4-fs error (device loop6) in ext4_orphan_del:305: Corrupt filesystem [ 789.564103][T11745] EXT4-fs error (device loop6): ext4_do_update_inode:5230: inode #13: comm syz.6.1459: corrupted inode contents [ 789.582273][T11745] EXT4-fs error (device loop6): ext4_truncate:4288: inode #13: comm syz.6.1459: mark_inode_dirty error [ 789.597290][T11745] EXT4-fs error (device loop6) in ext4_process_orphan:347: Corrupt filesystem [ 789.610451][T11745] EXT4-fs (loop6): 1 truncate cleaned up [ 789.617632][T11745] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 790.757499][ T9360] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 791.608289][T11466] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 791.798392][T11466] usb 5-1: Using ep0 maxpacket: 16 [ 791.817566][T11466] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 791.863019][T11466] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 791.896426][T11466] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 791.907086][T11466] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 791.917288][T11466] usb 5-1: Product: syz [ 791.928255][T11466] usb 5-1: Manufacturer: syz [ 791.936698][T11466] usb 5-1: SerialNumber: syz [ 792.286241][T11466] usb 5-1: 0:2 : does not exist [ 792.317459][T11466] usb 5-1: 5:0: failed to get current value for ch 0 (-22) [ 792.411210][T11466] usb 5-1: USB disconnect, device number 9 [ 792.463293][T11793] loop6: detected capacity change from 0 to 1024 [ 792.485146][T10893] udevd[10893]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 792.567642][T11793] Quota error (device loop6): do_check_range: Getting block 64 out of range 1-5 [ 792.611558][T11793] Quota error (device loop6): qtree_read_dquot: Can't read quota structure for id 0 [ 792.638718][T11793] EXT4-fs error (device loop6): ext4_acquire_dquot:6940: comm syz.6.1479: Failed to acquire dquot type 0 [ 792.655509][T11793] EXT4-fs error (device loop6): mb_free_blocks:1938: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt. [ 792.675125][T11793] EXT4-fs error (device loop6): ext4_do_update_inode:5230: inode #13: comm syz.6.1479: corrupted inode contents [ 792.701353][T11793] EXT4-fs error (device loop6): ext4_dirty_inode:6106: inode #13: comm syz.6.1479: mark_inode_dirty error [ 792.714907][T11793] EXT4-fs error (device loop6): ext4_do_update_inode:5230: inode #13: comm syz.6.1479: corrupted inode contents [ 792.733421][T11793] EXT4-fs error (device loop6): __ext4_ext_dirty:202: inode #13: comm syz.6.1479: mark_inode_dirty error [ 792.753385][T11793] EXT4-fs error (device loop6): ext4_do_update_inode:5230: inode #13: comm syz.6.1479: corrupted inode contents [ 792.767975][T11793] EXT4-fs error (device loop6) in ext4_orphan_del:305: Corrupt filesystem [ 792.777380][T11793] EXT4-fs error (device loop6): ext4_do_update_inode:5230: inode #13: comm syz.6.1479: corrupted inode contents [ 792.791337][T11793] EXT4-fs error (device loop6): ext4_truncate:4288: inode #13: comm syz.6.1479: mark_inode_dirty error [ 792.807590][T11793] EXT4-fs error (device loop6) in ext4_process_orphan:347: Corrupt filesystem [ 792.818647][T11793] EXT4-fs (loop6): 1 truncate cleaned up [ 792.825272][T11793] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 793.759486][ T9360] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 794.143728][T11821] loop6: detected capacity change from 0 to 256 [ 794.176086][T11821] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 796.894891][ T28] audit: type=1326 audit(1756596149.638:611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11842 comm="syz.0.1495" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 797.385737][ T28] audit: type=1326 audit(1756596149.638:612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11842 comm="syz.0.1495" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 797.602463][ T28] audit: type=1326 audit(1756596149.638:613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11842 comm="syz.0.1495" exe="/root/syz-executor" sig=0 arch=c000003e syscall=90 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 797.749521][ T28] audit: type=1326 audit(1756596149.638:614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11842 comm="syz.0.1495" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 797.890192][ T28] audit: type=1326 audit(1756596149.638:615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11842 comm="syz.0.1495" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 797.912903][ T28] audit: type=1326 audit(1756596149.638:616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11842 comm="syz.0.1495" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 797.935876][ T28] audit: type=1326 audit(1756596149.648:617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11842 comm="syz.0.1495" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 797.958425][ T28] audit: type=1326 audit(1756596149.648:618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11842 comm="syz.0.1495" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 797.981458][ T28] audit: type=1326 audit(1756596149.648:619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11842 comm="syz.0.1495" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 798.004344][ T28] audit: type=1326 audit(1756596149.648:620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11842 comm="syz.0.1495" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 798.027341][ T28] audit: type=1326 audit(1756596149.648:621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11842 comm="syz.0.1495" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 798.507078][ T28] audit: type=1326 audit(1756596149.648:622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11842 comm="syz.0.1495" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 800.500273][T11880] loop4: detected capacity change from 0 to 1024 [ 800.799828][T11880] EXT4-fs error (device loop4): ext4_acquire_dquot:6940: comm syz.4.1504: Failed to acquire dquot type 0 [ 801.198522][T11880] EXT4-fs error (device loop4): mb_free_blocks:1938: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt. [ 801.521644][T11880] EXT4-fs error (device loop4): ext4_do_update_inode:5230: inode #13: comm syz.4.1504: corrupted inode contents [ 801.552722][T11880] EXT4-fs error (device loop4): ext4_dirty_inode:6106: inode #13: comm syz.4.1504: mark_inode_dirty error [ 801.733921][T11880] EXT4-fs error (device loop4): ext4_do_update_inode:5230: inode #13: comm syz.4.1504: corrupted inode contents [ 801.746659][T11880] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #13: comm syz.4.1504: mark_inode_dirty error [ 801.763730][T11880] EXT4-fs error (device loop4): ext4_do_update_inode:5230: inode #13: comm syz.4.1504: corrupted inode contents [ 801.866125][T11880] EXT4-fs error (device loop4) in ext4_orphan_del:305: Corrupt filesystem [ 802.053258][T11880] EXT4-fs error (device loop4): ext4_do_update_inode:5230: inode #13: comm syz.4.1504: corrupted inode contents [ 802.124714][T11880] EXT4-fs error (device loop4): ext4_truncate:4288: inode #13: comm syz.4.1504: mark_inode_dirty error [ 802.176842][T11880] EXT4-fs error (device loop4) in ext4_process_orphan:347: Corrupt filesystem [ 802.233771][T11880] EXT4-fs (loop4): 1 truncate cleaned up [ 802.241235][T11880] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 803.222007][ T5917] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 803.590351][T11913] loop4: detected capacity change from 0 to 512 [ 803.613502][T11913] ext3: Unknown parameter 'rootcontext' [ 806.452806][T11939] loop6: detected capacity change from 0 to 1024 [ 806.466836][T11939] EXT4-fs (loop6): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 806.557039][T11939] EXT4-fs (loop6): revision level too high, forcing read-only mode [ 806.569849][T11939] EXT4-fs (loop6): orphan cleanup on readonly fs [ 806.576572][T11939] EXT4-fs error (device loop6): ext4_free_blocks:6676: comm syz.6.1522: Freeing blocks not in datazone - block = 0, count = 4096 [ 806.602432][T11939] EXT4-fs (loop6): 1 orphan inode deleted [ 806.613877][T11939] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 806.635042][T11941] loop4: detected capacity change from 0 to 1024 [ 806.726740][T11941] __quota_error: 15 callbacks suppressed [ 806.726761][T11941] Quota error (device loop4): do_check_range: Getting block 64 out of range 1-5 [ 806.743227][T11941] Quota error (device loop4): qtree_read_dquot: Can't read quota structure for id 0 [ 806.752770][T11941] EXT4-fs error (device loop4): ext4_acquire_dquot:6940: comm syz.4.1520: Failed to acquire dquot type 0 [ 806.806074][ T9360] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 806.967737][T11941] EXT4-fs error (device loop4): mb_free_blocks:1938: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt. [ 807.358660][T11941] EXT4-fs error (device loop4): ext4_do_update_inode:5230: inode #13: comm syz.4.1520: corrupted inode contents [ 807.420801][T11941] EXT4-fs error (device loop4): ext4_dirty_inode:6106: inode #13: comm syz.4.1520: mark_inode_dirty error [ 807.475112][T11941] EXT4-fs error (device loop4): ext4_do_update_inode:5230: inode #13: comm syz.4.1520: corrupted inode contents [ 807.519288][T11941] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #13: comm syz.4.1520: mark_inode_dirty error [ 807.580151][T11941] EXT4-fs error (device loop4): ext4_do_update_inode:5230: inode #13: comm syz.4.1520: corrupted inode contents [ 807.595251][T11941] EXT4-fs error (device loop4) in ext4_orphan_del:305: Corrupt filesystem [ 807.608226][T11941] EXT4-fs error (device loop4): ext4_do_update_inode:5230: inode #13: comm syz.4.1520: corrupted inode contents [ 807.647097][T11941] EXT4-fs error (device loop4): ext4_truncate:4288: inode #13: comm syz.4.1520: mark_inode_dirty error [ 807.673925][T11941] EXT4-fs error (device loop4) in ext4_process_orphan:347: Corrupt filesystem [ 807.684623][T11941] EXT4-fs (loop4): 1 truncate cleaned up [ 807.691877][T11941] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 809.108418][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 809.114835][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 809.375345][T11955] syz.5.1525[11955] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 809.375501][T11955] syz.5.1525[11955] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 810.740206][T11979] netem: change failed [ 811.349959][ T5917] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 811.483426][T11981] loop4: detected capacity change from 0 to 1024 [ 811.569611][T11986] erspan0: entered promiscuous mode [ 811.580665][T11981] Quota error (device loop4): do_check_range: Getting block 64 out of range 1-5 [ 811.659754][T11981] Quota error (device loop4): qtree_read_dquot: Can't read quota structure for id 0 [ 811.679302][ T28] audit: type=1326 audit(1756596164.578:636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11988 comm="syz.6.1537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb7a38ebe9 code=0x7ffc0000 [ 811.731704][T11981] EXT4-fs error (device loop4): ext4_acquire_dquot:6940: comm syz.4.1534: Failed to acquire dquot type 0 [ 811.753772][ T28] audit: type=1326 audit(1756596164.578:637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11988 comm="syz.6.1537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb7a38ebe9 code=0x7ffc0000 [ 811.826891][T11981] EXT4-fs error (device loop4): mb_free_blocks:1938: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt. [ 811.871538][ T28] audit: type=1326 audit(1756596164.578:638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11988 comm="syz.6.1537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7feb7a38ebe9 code=0x7ffc0000 [ 811.891416][T11981] EXT4-fs error (device loop4): ext4_do_update_inode:5230: inode #13: comm syz.4.1534: corrupted inode contents [ 811.938331][ T28] audit: type=1326 audit(1756596164.578:639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11988 comm="syz.6.1537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb7a38ebe9 code=0x7ffc0000 [ 811.974678][T11981] EXT4-fs error (device loop4): ext4_dirty_inode:6106: inode #13: comm syz.4.1534: mark_inode_dirty error [ 812.006715][ T28] audit: type=1326 audit(1756596164.578:640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11988 comm="syz.6.1537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7feb7a38ebe9 code=0x7ffc0000 [ 812.033638][T11981] EXT4-fs error (device loop4): ext4_do_update_inode:5230: inode #13: comm syz.4.1534: corrupted inode contents [ 812.066340][T11981] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #13: comm syz.4.1534: mark_inode_dirty error [ 812.090629][ T28] audit: type=1326 audit(1756596164.578:641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11988 comm="syz.6.1537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb7a38ebe9 code=0x7ffc0000 [ 812.102926][T11981] EXT4-fs error (device loop4): ext4_do_update_inode:5230: inode #13: comm syz.4.1534: corrupted inode contents [ 812.128858][T11981] EXT4-fs error (device loop4) in ext4_orphan_del:305: Corrupt filesystem [ 812.141152][ T28] audit: type=1326 audit(1756596164.578:642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11988 comm="syz.6.1537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7feb7a38ebe9 code=0x7ffc0000 [ 812.175213][T11981] EXT4-fs error (device loop4): ext4_do_update_inode:5230: inode #13: comm syz.4.1534: corrupted inode contents [ 812.188741][ T28] audit: type=1326 audit(1756596164.578:643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11988 comm="syz.6.1537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb7a38ebe9 code=0x7ffc0000 [ 812.212420][T11981] EXT4-fs error (device loop4): ext4_truncate:4288: inode #13: comm syz.4.1534: mark_inode_dirty error [ 812.235511][ T28] audit: type=1326 audit(1756596164.578:644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11988 comm="syz.6.1537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb7a38ebe9 code=0x7ffc0000 [ 812.274286][T11981] EXT4-fs error (device loop4) in ext4_process_orphan:347: Corrupt filesystem [ 812.314890][T11981] EXT4-fs (loop4): 1 truncate cleaned up [ 812.322367][T11981] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 812.339808][ T28] audit: type=1326 audit(1756596164.578:645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11988 comm="syz.6.1537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7feb7a38ebe9 code=0x7ffc0000 [ 812.396275][ T28] audit: type=1326 audit(1756596164.578:646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11988 comm="syz.6.1537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb7a38ebe9 code=0x7ffc0000 [ 813.385273][ T5917] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 813.859910][T12013] tipc: Started in network mode [ 813.880413][T12013] tipc: Node identity ac14140f, cluster identity 4711 [ 813.912220][T12013] tipc: New replicast peer: 255.255.255.83 [ 813.930786][T12013] tipc: Enabled bearer , priority 10 [ 814.938406][ T5878] tipc: Node number set to 2886997007 [ 818.082887][ T28] kauditd_printk_skb: 7 callbacks suppressed [ 818.082903][ T28] audit: type=1326 audit(1756596170.988:654): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12054 comm="syz.6.1562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb7a38ebe9 code=0x7ffc0000 [ 818.119264][ T28] audit: type=1326 audit(1756596170.988:655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12054 comm="syz.6.1562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=88 compat=0 ip=0x7feb7a38ebe9 code=0x7ffc0000 [ 818.166658][ T28] audit: type=1326 audit(1756596170.988:656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12054 comm="syz.6.1562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb7a38ebe9 code=0x7ffc0000 [ 818.195985][ T28] audit: type=1326 audit(1756596170.988:657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12054 comm="syz.6.1562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb7a38ebe9 code=0x7ffc0000 [ 818.246241][ T28] audit: type=1326 audit(1756596170.988:658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12054 comm="syz.6.1562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=89 compat=0 ip=0x7feb7a38ebe9 code=0x7ffc0000 [ 818.294088][ T28] audit: type=1326 audit(1756596170.988:659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12054 comm="syz.6.1562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb7a38ebe9 code=0x7ffc0000 [ 818.371535][T12059] loop6: detected capacity change from 0 to 1024 [ 818.419257][T12059] EXT4-fs (loop6): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 818.440739][ T28] audit: type=1326 audit(1756596170.998:660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12054 comm="syz.6.1562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb7a38ebe9 code=0x7ffc0000 [ 818.460344][T12059] EXT4-fs (loop6): revision level too high, forcing read-only mode [ 818.481294][T12059] EXT4-fs (loop6): orphan cleanup on readonly fs [ 818.492807][T12059] EXT4-fs error (device loop6): ext4_free_blocks:6676: comm syz.6.1564: Freeing blocks not in datazone - block = 0, count = 4096 [ 818.509524][T12059] EXT4-fs (loop6): 1 orphan inode deleted [ 818.516650][T12059] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 819.302751][ T9360] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 819.607349][T12072] loop6: detected capacity change from 0 to 1024 [ 819.621278][T12074] loop4: detected capacity change from 0 to 512 [ 819.647175][T12072] Quota error (device loop6): do_check_range: Getting block 64 out of range 1-5 [ 819.702321][T12072] Quota error (device loop6): qtree_read_dquot: Can't read quota structure for id 0 [ 819.713414][T12074] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 819.730673][T12074] ext4 filesystem being mounted at /373/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 819.742281][T12072] EXT4-fs error (device loop6): ext4_acquire_dquot:6940: comm syz.6.1567: Failed to acquire dquot type 0 [ 819.801065][T12072] EXT4-fs error (device loop6): mb_free_blocks:1938: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt. [ 819.827335][T12072] EXT4-fs error (device loop6): ext4_do_update_inode:5230: inode #13: comm syz.6.1567: corrupted inode contents [ 819.888615][T12072] EXT4-fs error (device loop6): ext4_dirty_inode:6106: inode #13: comm syz.6.1567: mark_inode_dirty error [ 819.937113][T12072] EXT4-fs error (device loop6): ext4_do_update_inode:5230: inode #13: comm syz.6.1567: corrupted inode contents [ 819.969708][T12072] EXT4-fs error (device loop6): __ext4_ext_dirty:202: inode #13: comm syz.6.1567: mark_inode_dirty error [ 819.988649][T12072] EXT4-fs error (device loop6): ext4_do_update_inode:5230: inode #13: comm syz.6.1567: corrupted inode contents [ 819.994720][ T5917] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 820.023968][T12072] EXT4-fs error (device loop6) in ext4_orphan_del:305: Corrupt filesystem [ 820.068470][T12072] EXT4-fs error (device loop6): ext4_do_update_inode:5230: inode #13: comm syz.6.1567: corrupted inode contents [ 820.125092][T12072] EXT4-fs error (device loop6): ext4_truncate:4288: inode #13: comm syz.6.1567: mark_inode_dirty error [ 820.186392][T12072] EXT4-fs error (device loop6) in ext4_process_orphan:347: Corrupt filesystem [ 820.210958][T12072] EXT4-fs (loop6): 1 truncate cleaned up [ 820.217948][T12072] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 822.331000][ T9360] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 822.958355][ T27] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 823.148385][ T27] usb 7-1: Using ep0 maxpacket: 32 [ 823.186517][ T27] usb 7-1: unable to get BOS descriptor or descriptor too short [ 823.216557][ T27] usb 7-1: no configurations [ 823.225372][ T27] usb 7-1: can't read configurations, error -22 [ 824.175120][T12112] loop4: detected capacity change from 0 to 512 [ 824.252255][T12112] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349) [ 824.547470][T12112] EXT4-fs (loop4): orphan cleanup on readonly fs [ 824.769165][T12112] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:512: comm syz.4.1581: Block bitmap for bg 0 marked uninitialized [ 824.963296][T12112] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6637: Corrupt filesystem [ 825.116674][T12112] EXT4-fs (loop4): 1 orphan inode deleted [ 825.161373][T12112] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 830.185050][ T5917] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 830.539640][ T5829] usb 7-1: new full-speed USB device number 9 using dummy_hcd [ 830.858864][ T5829] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 830.880366][ T5829] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 832.931055][ T5829] usb 7-1: string descriptor 0 read error: -71 [ 832.937351][ T5829] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 832.968225][ T5829] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 833.873239][ T5829] usb 7-1: can't set config #1, error -71 [ 833.891276][ T5829] usb 7-1: USB disconnect, device number 9 [ 833.918949][T12164] tipc: Can't bind to reserved service type 2 [ 834.703706][T12182] loop6: detected capacity change from 0 to 512 [ 834.756402][T12182] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 834.769366][T12182] ext4 filesystem being mounted at /157/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 834.918458][ T9360] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 835.854009][T12196] loop6: detected capacity change from 0 to 256 [ 835.930940][T12196] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 836.012007][T12198] loop4: detected capacity change from 0 to 1024 [ 836.114663][T12198] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 836.166991][T12198] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 836.185939][T12198] EXT4-fs (loop4): orphan cleanup on readonly fs [ 836.206279][T12198] EXT4-fs error (device loop4): ext4_free_blocks:6676: comm syz.4.1604: Freeing blocks not in datazone - block = 0, count = 4096 [ 836.238083][T12198] EXT4-fs (loop4): 1 orphan inode deleted [ 836.278001][T12198] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 836.794353][ T5917] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 837.255840][T12214] loop6: detected capacity change from 0 to 512 [ 837.275071][T12214] EXT4-fs: Ignoring removed i_version option [ 837.312102][T12214] EXT4-fs: Ignoring removed nobh option [ 837.329920][T12214] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 837.483775][T12214] EXT4-fs (loop6): 1 truncate cleaned up [ 837.511335][T12214] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 838.778736][T12230] EXT4-fs (loop6): re-mounted 00000000-0000-0000-0000-000000000000. [ 839.967005][T12235] bridge0: port 3(syz_tun) entered blocking state [ 839.992016][T12235] bridge0: port 3(syz_tun) entered disabled state [ 840.016659][T12235] syz_tun: entered allmulticast mode [ 840.040985][T12235] syz_tun: entered promiscuous mode [ 840.056112][T12235] bridge0: port 3(syz_tun) entered blocking state [ 840.063323][T12235] bridge0: port 3(syz_tun) entered forwarding state [ 841.504257][T12244] loop4: detected capacity change from 0 to 256 [ 841.570493][T12244] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 841.967229][ T9360] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 844.798272][ T5829] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 845.762719][ T5829] usb 7-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 845.788715][ T5829] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 845.833019][ T5829] usb 7-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 845.886581][ T5829] usb 7-1: config 1 has no interface number 1 [ 845.929203][ T5829] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 845.973928][ T5829] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 845.996796][ T5829] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 846.002470][T12283] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1637'. [ 846.010383][ T5829] usb 7-1: Product: syz [ 846.018011][ T5829] usb 7-1: Manufacturer: syz [ 846.027881][ T5829] usb 7-1: SerialNumber: syz [ 846.354469][T12289] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 846.378727][T12289] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 847.242712][T12292] loop4: detected capacity change from 0 to 1024 [ 847.283761][T12292] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 847.391321][T12292] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 847.426758][T12292] EXT4-fs (loop4): orphan cleanup on readonly fs [ 847.457890][T12292] EXT4-fs error (device loop4): ext4_free_blocks:6676: comm syz.4.1631: Freeing blocks not in datazone - block = 0, count = 4096 [ 847.517196][T12292] EXT4-fs (loop4): 1 orphan inode deleted [ 847.531876][T12292] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 849.096227][ T5829] usb 7-1: USB disconnect, device number 10 [ 849.141629][ T5917] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 849.207674][T12294] udevd[12294]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 851.687294][T12319] loop4: detected capacity change from 0 to 256 [ 851.841191][T12319] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 852.174879][T12327] netlink: 32 bytes leftover after parsing attributes in process `syz.6.1643'. [ 852.643095][ T28] audit: type=1326 audit(1756596205.612:661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12335 comm="syz.6.1645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb7a38ebe9 code=0x7ffc0000 [ 852.668878][ T28] audit: type=1326 audit(1756596205.612:662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12335 comm="syz.6.1645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb7a38ebe9 code=0x7ffc0000 [ 852.695324][ T28] audit: type=1326 audit(1756596205.642:663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12335 comm="syz.6.1645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7feb7a38ebe9 code=0x7ffc0000 [ 852.766451][ T28] audit: type=1326 audit(1756596205.642:664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12335 comm="syz.6.1645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb7a38ebe9 code=0x7ffc0000 [ 853.253255][ T28] audit: type=1326 audit(1756596205.642:665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12335 comm="syz.6.1645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb7a38ebe9 code=0x7ffc0000 [ 853.517235][ T28] audit: type=1326 audit(1756596205.642:666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12335 comm="syz.6.1645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7feb7a38ebe9 code=0x7ffc0000 [ 853.890539][ T28] audit: type=1326 audit(1756596205.642:667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12335 comm="syz.6.1645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb7a38ebe9 code=0x7ffc0000 [ 854.868213][ T28] audit: type=1326 audit(1756596205.642:668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12335 comm="syz.6.1645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb7a38ebe9 code=0x7ffc0000 [ 854.927283][ T28] audit: type=1326 audit(1756596205.662:669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12335 comm="syz.6.1645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7feb7a38ebe9 code=0x7ffc0000 [ 854.950978][ T28] audit: type=1326 audit(1756596205.662:670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12335 comm="syz.6.1645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb7a38ebe9 code=0x7ffc0000 [ 858.337346][T12374] netlink: 'syz.5.1656': attribute type 2 has an invalid length. [ 861.357700][T12393] loop4: detected capacity change from 0 to 1024 [ 861.367605][T12393] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 861.387055][T12393] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 861.396312][T12393] EXT4-fs (loop4): orphan cleanup on readonly fs [ 861.407542][T12393] EXT4-fs error (device loop4): ext4_free_blocks:6676: comm syz.4.1662: Freeing blocks not in datazone - block = 0, count = 4096 [ 861.423311][T12393] EXT4-fs (loop4): 1 orphan inode deleted [ 861.430999][T12393] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 861.475771][ T5917] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 862.447553][T12398] loop4: detected capacity change from 0 to 40427 [ 862.475201][T12398] F2FS-fs (loop4): Unrecognized mount option "whint_mode=off" or missing value [ 863.931327][T12427] loop4: detected capacity change from 0 to 512 [ 864.683926][T12427] EXT4-fs (loop4): Test dummy encryption mode enabled [ 864.691628][T12427] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 864.728791][T12427] EXT4-fs error (device loop4): ext4_orphan_get:1425: comm syz.4.1671: bad orphan inode 131083 [ 864.750690][T12427] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 865.208727][T12438] netlink: 'syz.4.1671': attribute type 2 has an invalid length. [ 866.410305][T12449] loop6: detected capacity change from 0 to 1024 [ 866.445030][T12449] EXT4-fs (loop6): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 866.529463][T12449] EXT4-fs (loop6): revision level too high, forcing read-only mode [ 866.568753][T12449] EXT4-fs (loop6): orphan cleanup on readonly fs [ 866.596362][T12449] EXT4-fs error (device loop6): ext4_free_blocks:6676: comm syz.6.1674: Freeing blocks not in datazone - block = 0, count = 4096 [ 866.646083][T12449] EXT4-fs (loop6): 1 orphan inode deleted [ 866.660963][T12449] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 866.835089][ T9360] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 867.317816][ T5917] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 867.540441][T12463] loop4: detected capacity change from 0 to 256 [ 867.596269][T12463] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 869.792976][T12487] loop6: detected capacity change from 0 to 512 [ 870.759233][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.765629][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 870.831792][T12487] EXT4-fs (loop6): Test dummy encryption mode enabled [ 870.889473][T12487] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 870.914079][T12490] loop4: detected capacity change from 0 to 256 [ 870.983328][T12487] EXT4-fs error (device loop6): ext4_orphan_get:1425: comm syz.6.1686: bad orphan inode 131083 [ 871.063471][T12490] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 871.088057][T12487] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 871.646553][T12495] netlink: 'syz.6.1686': attribute type 2 has an invalid length. [ 873.704481][ T9360] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 874.317683][T12502] loop6: detected capacity change from 0 to 512 [ 874.473605][T12502] EXT4-fs (loop6): Test dummy encryption mode enabled [ 874.597480][T12502] EXT4-fs error (device loop6): ext4_xattr_ibody_find:2244: inode #15: comm syz.6.1688: corrupted in-inode xattr: invalid ea_ino [ 874.618477][T12502] EXT4-fs error (device loop6): ext4_orphan_get:1404: comm syz.6.1688: couldn't read orphan inode 15 (err -117) [ 874.649467][T12502] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 876.334058][ T9360] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 876.588922][T12514] loop6: detected capacity change from 0 to 512 [ 876.618568][T12514] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 876.674708][T12514] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec019, mo2=0002] [ 876.715946][T12514] System zones: 1-12 [ 876.723717][T12514] EXT4-fs (loop6): 1 truncate cleaned up [ 876.745629][T12514] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 877.785767][ T9360] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 880.570689][T12543] loop6: detected capacity change from 0 to 256 [ 880.655493][T12543] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 881.443517][T12557] loop4: detected capacity change from 0 to 512 [ 881.479811][T12557] ext4: Unknown parameter 'noacl' [ 881.737888][ T28] kauditd_printk_skb: 7 callbacks suppressed [ 881.737905][ T28] audit: type=1326 audit(1756596234.702:678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12559 comm="syz.4.1708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77b198ebe9 code=0x7ffc0000 [ 881.907903][ T28] audit: type=1326 audit(1756596234.702:679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12559 comm="syz.4.1708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77b198ebe9 code=0x7ffc0000 [ 881.963268][ T28] audit: type=1326 audit(1756596234.702:680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12559 comm="syz.4.1708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f77b198ebe9 code=0x7ffc0000 [ 882.035081][ T28] audit: type=1326 audit(1756596234.702:681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12559 comm="syz.4.1708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77b198ebe9 code=0x7ffc0000 [ 882.373683][ T28] audit: type=1326 audit(1756596234.702:682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12559 comm="syz.4.1708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f77b198d69f code=0x7ffc0000 [ 882.732113][ T28] audit: type=1326 audit(1756596234.702:683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12559 comm="syz.4.1708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77b198ebe9 code=0x7ffc0000 [ 882.826353][ T28] audit: type=1326 audit(1756596234.732:684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12559 comm="syz.4.1708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f77b198ebe9 code=0x7ffc0000 [ 882.909044][ T28] audit: type=1326 audit(1756596234.732:685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12559 comm="syz.4.1708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77b198ebe9 code=0x7ffc0000 [ 882.998200][ T28] audit: type=1326 audit(1756596234.732:686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12559 comm="syz.4.1708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77b198ebe9 code=0x7ffc0000 [ 883.088515][ T28] audit: type=1326 audit(1756596234.742:687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12559 comm="syz.4.1708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f77b198ebe9 code=0x7ffc0000 [ 885.756815][T12587] loop4: detected capacity change from 0 to 512 [ 885.797900][T12587] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 885.847140][T12587] ext4 filesystem being mounted at /407/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 886.202053][ T5917] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 886.461426][T12597] loop4: detected capacity change from 0 to 1024 [ 886.496476][T12597] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 886.696921][T12597] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 886.724329][T12597] EXT4-fs (loop4): orphan cleanup on readonly fs [ 886.768640][T12597] EXT4-fs error (device loop4): ext4_free_blocks:6676: comm syz.4.1719: Freeing blocks not in datazone - block = 0, count = 4096 [ 886.893976][T12597] EXT4-fs (loop4): 1 orphan inode deleted [ 887.046770][T12597] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 887.674376][ T5917] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 887.879856][T12616] loop4: detected capacity change from 0 to 256 [ 888.952383][T12627] loop4: detected capacity change from 0 to 256 [ 889.082694][T12632] loop6: detected capacity change from 0 to 256 [ 889.688059][T12632] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 891.728642][ T5829] usb 7-1: new full-speed USB device number 11 using dummy_hcd [ 891.950383][ T5829] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 891.963343][T12653] fuse: Bad value for 'fd' [ 891.973887][ T5829] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 892.000129][ T5829] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 892.014196][ T5829] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 892.024648][ T5829] usb 7-1: SerialNumber: syz [ 892.043732][ T5829] usb 7-1: 0:2 : does not exist [ 892.451508][ T5829] usb 7-1: USB disconnect, device number 11 [ 896.216230][T12701] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1753'. [ 897.990666][T12714] loop6: detected capacity change from 0 to 512 [ 898.009159][T12714] EXT4-fs (loop6): Test dummy encryption mode enabled [ 898.297470][T12714] EXT4-fs error (device loop6): ext4_xattr_ibody_find:2244: inode #15: comm syz.6.1757: corrupted in-inode xattr: invalid ea_ino [ 898.316151][T12714] EXT4-fs error (device loop6): ext4_orphan_get:1404: comm syz.6.1757: couldn't read orphan inode 15 (err -117) [ 898.363197][T12714] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 898.880577][ T9360] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 900.311324][T12742] loop6: detected capacity change from 0 to 256 [ 900.396436][T12742] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 904.910669][T12770] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1772'. [ 904.979144][T12770] ip6gre1: entered allmulticast mode [ 906.914727][T12788] loop6: detected capacity change from 0 to 256 [ 906.939991][T12788] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 908.466417][ T28] kauditd_printk_skb: 26 callbacks suppressed [ 908.466433][ T28] audit: type=1326 audit(1756596261.432:714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12800 comm="syz.5.1780" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81fb18ebe9 code=0x7ffc0000 [ 908.541512][ T28] audit: type=1326 audit(1756596261.432:715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12800 comm="syz.5.1780" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81fb18ebe9 code=0x7ffc0000 [ 908.609369][T12802] tipc: Enabling of bearer rejected, failed to enable media [ 908.635611][ T28] audit: type=1326 audit(1756596261.432:716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12800 comm="syz.5.1780" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f81fb18ebe9 code=0x7ffc0000 [ 908.726847][ T28] audit: type=1326 audit(1756596261.432:717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12800 comm="syz.5.1780" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81fb18ebe9 code=0x7ffc0000 [ 908.831256][ T28] audit: type=1326 audit(1756596261.432:718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12800 comm="syz.5.1780" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f81fb18d69f code=0x7ffc0000 [ 909.123716][ T28] audit: type=1326 audit(1756596261.432:719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12800 comm="syz.5.1780" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81fb18ebe9 code=0x7ffc0000 [ 909.716435][ T28] audit: type=1326 audit(1756596261.432:720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12800 comm="syz.5.1780" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f81fb18ebe9 code=0x7ffc0000 [ 910.196031][ T28] audit: type=1326 audit(1756596261.432:721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12800 comm="syz.5.1780" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81fb18ebe9 code=0x7ffc0000 [ 910.968380][ T28] audit: type=1326 audit(1756596261.432:722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12800 comm="syz.5.1780" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81fb18ebe9 code=0x7ffc0000 [ 911.117610][ T28] audit: type=1326 audit(1756596261.432:723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12800 comm="syz.5.1780" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f81fb18ebe9 code=0x7ffc0000 [ 911.871421][T12825] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1787'. [ 915.299890][ T28] kauditd_printk_skb: 35 callbacks suppressed [ 915.299910][ T28] audit: type=1326 audit(1756596268.122:759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12849 comm="syz.0.1796" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 915.380995][ T28] audit: type=1326 audit(1756596268.122:760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12849 comm="syz.0.1796" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 915.403909][ T28] audit: type=1326 audit(1756596268.122:761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12849 comm="syz.0.1796" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 915.443859][ T28] audit: type=1326 audit(1756596268.122:762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12849 comm="syz.0.1796" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 915.937492][ T28] audit: type=1326 audit(1756596268.122:763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12849 comm="syz.0.1796" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f14b978d69f code=0x7ffc0000 [ 916.495569][T12856] loop6: detected capacity change from 0 to 256 [ 916.564515][ T28] audit: type=1326 audit(1756596268.122:764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12849 comm="syz.0.1796" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 916.639721][T12856] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 916.712325][ T28] audit: type=1326 audit(1756596268.122:765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12849 comm="syz.0.1796" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 917.068943][ T28] audit: type=1326 audit(1756596268.122:766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12849 comm="syz.0.1796" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 917.188422][ T28] audit: type=1326 audit(1756596268.122:767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12849 comm="syz.0.1796" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 917.808960][ T28] audit: type=1326 audit(1756596268.122:768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12849 comm="syz.0.1796" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 918.088442][T12865] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1799'. [ 918.217692][T12863] overlay: ./file0 is not a directory [ 919.374490][T12883] loop6: detected capacity change from 0 to 512 [ 919.386357][T12883] ext3: Unknown parameter 'rootcontext' [ 921.419137][T12821] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 927.957913][T12947] loop6: detected capacity change from 0 to 256 [ 928.033109][T12947] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 931.973936][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 932.003454][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 932.224892][T12985] loop6: detected capacity change from 0 to 256 [ 932.287414][T12985] FAT-fs (loop6): Unrecognized mount option "ÿÿÿÿÿÿÿÿ0x0000000000000000" or missing value [ 933.185765][T12956] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 933.486455][T12989] vlan2: entered allmulticast mode [ 933.492139][T12989] bridge0: port 3(vlan2) entered blocking state [ 933.499318][T12989] bridge0: port 3(vlan2) entered disabled state [ 933.507831][T12989] vlan2: entered promiscuous mode [ 934.127256][T13006] overlayfs: failed to clone upperpath [ 934.215451][T13008] overlayfs: failed to clone upperpath [ 934.313346][T13011] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1848'. [ 934.323243][ T55] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 934.336623][T13011] bridge0: port 2(bridge_slave_1) entered disabled state [ 934.541244][ T55] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 934.557957][ T55] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 934.570347][ T55] usb 7-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 934.584677][ T55] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 934.619714][ T55] usb 7-1: config 0 descriptor?? [ 935.051466][ T55] hid-steam 0003:28DE:1142.0003: : USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.6-1/input0 [ 935.138380][ T55] hid-steam 0003:28DE:1142.0003: Steam wireless receiver connected [ 935.185825][ T55] hid-steam 0003:28DE:1142.0004: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.6-1/input0 [ 935.201151][ T28] kauditd_printk_skb: 27 callbacks suppressed [ 935.201167][ T28] audit: type=1326 audit(1756596288.172:796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13025 comm="syz.0.1855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 935.234908][ T28] audit: type=1326 audit(1756596288.202:797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13025 comm="syz.0.1855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 935.296705][ T28] audit: type=1326 audit(1756596288.202:798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13025 comm="syz.0.1855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=123 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 935.319004][T11466] usb 7-1: USB disconnect, device number 12 [ 935.329138][ T28] audit: type=1326 audit(1756596288.202:799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13025 comm="syz.0.1855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 935.359698][ T28] audit: type=1326 audit(1756596288.202:800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13025 comm="syz.0.1855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 935.370438][T11466] hid-steam 0003:28DE:1142.0003: Steam wireless receiver disconnected [ 935.395468][T13027] fido_id[13027]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/7-1/report_descriptor': No such file or directory [ 935.462828][T13029] overlayfs: failed to clone upperpath [ 937.090146][ T6670] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 937.321137][ T6670] usb 7-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 937.373173][ T6670] usb 7-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 937.434759][ T6670] usb 7-1: config 0 interface 0 has no altsetting 0 [ 937.478203][ T6670] usb 7-1: New USB device found, idVendor=06cb, idProduct=73f6, bcdDevice= 0.00 [ 937.507810][ T6670] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 937.573589][ T6670] usb 7-1: config 0 descriptor?? [ 938.024758][ T6670] itetech 0003:06CB:73F6.0005: item fetching failed at offset 1/3 [ 938.054487][ T6670] itetech: probe of 0003:06CB:73F6.0005 failed with error -22 [ 938.298477][ T6670] usb 7-1: USB disconnect, device number 13 [ 939.260768][T13061] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 940.047995][ T9136] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 940.198759][ T9136] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 940.388720][ T9136] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 940.580989][ T9136] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 941.670325][T13077] syzkaller0: entered promiscuous mode [ 941.692331][T13077] syzkaller0: entered allmulticast mode [ 941.889308][T10375] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 941.971665][T10375] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 941.980791][T10375] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 941.990648][T10375] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 941.999172][T10375] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 942.008698][T10375] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 944.478308][T10375] Bluetooth: hci1: command tx timeout [ 946.528595][T10375] Bluetooth: hci1: command tx timeout [ 946.895112][ T28] audit: type=1326 audit(1756596299.862:801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13117 comm="syz.0.1883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 946.933696][ T28] audit: type=1326 audit(1756596299.862:802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13117 comm="syz.0.1883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 946.971171][ T28] audit: type=1326 audit(1756596299.862:803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13117 comm="syz.0.1883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=235 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 946.999453][ T28] audit: type=1326 audit(1756596299.862:804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13117 comm="syz.0.1883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 947.023174][ T28] audit: type=1326 audit(1756596299.862:805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13117 comm="syz.0.1883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 948.608327][T10375] Bluetooth: hci1: command tx timeout [ 950.688533][T10375] Bluetooth: hci1: command tx timeout [ 951.590828][T13089] chnl_net:caif_netlink_parms(): no params data found [ 952.303609][T13089] bridge0: port 1(bridge_slave_0) entered blocking state [ 952.330078][T13089] bridge0: port 1(bridge_slave_0) entered disabled state [ 952.347898][T13089] bridge_slave_0: entered allmulticast mode [ 952.390804][T13089] bridge_slave_0: entered promiscuous mode [ 952.466050][ T9136] hsr_slave_0: left promiscuous mode [ 952.637591][ T9136] hsr_slave_1: left promiscuous mode [ 952.775449][ T9136] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 952.912468][ T9136] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 953.139189][ T9136] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 953.169908][ T9136] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 953.227369][ T9136] vlan2: left promiscuous mode [ 953.250908][ T9136] bridge0: port 3(vlan2) entered disabled state [ 953.317241][ T9136] bridge_slave_1: left allmulticast mode [ 953.340357][ T9136] bridge_slave_1: left promiscuous mode [ 953.358455][ T9136] bridge0: port 2(bridge_slave_1) entered disabled state [ 953.377621][ T9136] bridge_slave_0: left promiscuous mode [ 953.393963][ T9136] bridge0: port 1(bridge_slave_0) entered disabled state [ 953.464851][ T9136] veth1_macvtap: left promiscuous mode [ 953.503055][ T9136] veth0_macvtap: left promiscuous mode [ 953.509008][ T9136] veth1_vlan: left promiscuous mode [ 953.514501][ T9136] veth0_vlan: left promiscuous mode [ 955.185308][ T9136] team0 (unregistering): Port device team_slave_1 removed [ 955.245662][ T9136] team0 (unregistering): Port device team_slave_0 removed [ 955.316974][ T9136] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 955.381682][ T9136] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 956.046293][ T9136] bond0 (unregistering): Released all slaves [ 956.139081][T13089] bridge0: port 2(bridge_slave_1) entered blocking state [ 956.146399][T13089] bridge0: port 2(bridge_slave_1) entered disabled state [ 956.154536][T13089] bridge_slave_1: entered allmulticast mode [ 956.163344][T13089] bridge_slave_1: entered promiscuous mode [ 956.386207][T13194] syz.4.1899[13194] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 956.386352][T13194] syz.4.1899[13194] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 956.434835][T13089] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 956.465305][T13194] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1899'. [ 956.707883][T13089] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 957.640456][T13089] team0: Port device team_slave_0 added [ 957.665194][T13089] team0: Port device team_slave_1 added [ 957.956686][T13089] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 958.216548][T13089] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 958.248699][T13089] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 960.187788][T13089] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 960.208490][T13089] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 960.461856][T13089] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 961.263556][T13089] hsr_slave_0: entered promiscuous mode [ 963.630411][T13089] hsr_slave_1: entered promiscuous mode [ 963.723745][T13089] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 963.768109][ T28] audit: type=1326 audit(1756596316.712:806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13248 comm="syz.0.1910" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 963.798878][T13089] Cannot create hsr debugfs directory [ 963.856141][T13243] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 963.865937][T13243] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 963.875596][T13243] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 963.962940][ T28] audit: type=1326 audit(1756596316.782:807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13248 comm="syz.0.1910" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 964.374376][ T28] audit: type=1326 audit(1756596316.782:808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13248 comm="syz.0.1910" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 964.401435][ T28] audit: type=1326 audit(1756596316.782:809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13248 comm="syz.0.1910" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 964.476559][ T28] audit: type=1326 audit(1756596316.782:810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13248 comm="syz.0.1910" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 964.575704][ T28] audit: type=1326 audit(1756596316.782:811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13248 comm="syz.0.1910" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 964.805820][ T28] audit: type=1326 audit(1756596316.782:812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13248 comm="syz.0.1910" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 964.867256][ T28] audit: type=1326 audit(1756596316.782:813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13248 comm="syz.0.1910" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 964.904872][ T28] audit: type=1326 audit(1756596316.782:814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13248 comm="syz.0.1910" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 964.952758][ T28] audit: type=1326 audit(1756596316.782:815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13248 comm="syz.0.1910" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 968.584623][T13089] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 968.787963][T13089] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 968.853969][T13089] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 968.886819][T13089] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 969.292749][T13303] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1921'. [ 969.362672][T13302] bridge: RTM_NEWNEIGH with invalid ether address [ 970.123011][T13089] 8021q: adding VLAN 0 to HW filter on device bond0 [ 970.258549][T13089] 8021q: adding VLAN 0 to HW filter on device team0 [ 970.325402][ T9136] bridge0: port 1(bridge_slave_0) entered blocking state [ 970.332697][ T9136] bridge0: port 1(bridge_slave_0) entered forwarding state [ 970.394960][ T9136] bridge0: port 2(bridge_slave_1) entered blocking state [ 970.402415][ T9136] bridge0: port 2(bridge_slave_1) entered forwarding state [ 970.599617][T13089] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 971.822121][T13089] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 972.905169][T13346] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 973.452550][T13089] veth0_vlan: entered promiscuous mode [ 973.510155][T13089] veth1_vlan: entered promiscuous mode [ 973.747190][T13089] veth0_macvtap: entered promiscuous mode [ 973.819118][T13089] veth1_macvtap: entered promiscuous mode [ 973.861280][T13089] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 973.886238][T13089] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 973.901497][T13089] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 973.914822][T13089] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 973.925240][T13089] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 973.936306][T13089] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 973.969014][T13089] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 974.012780][T13089] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 974.033922][T13089] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 974.060765][T13089] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 974.082238][T13089] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 974.105932][T13089] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 974.130560][T13089] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 974.159470][T13089] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 974.192053][T13089] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 974.209439][T13089] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 974.243738][T13089] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 974.262700][T13089] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 974.611879][ T9142] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 974.761892][ T9142] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 974.889559][ T9136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 974.897457][ T9136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 975.688573][T13384] ip6erspan0: entered promiscuous mode [ 980.978493][T13456] syz.4.1959[13456] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 980.979250][T13456] syz.4.1959[13456] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 981.000465][T13456] xt_CT: You must specify a L4 protocol and not use inversions on it [ 981.662020][ T28] kauditd_printk_skb: 13 callbacks suppressed [ 981.662036][ T28] audit: type=1326 audit(1756596334.622:829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13427 comm="syz.5.1953" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81fb18ebe9 code=0x7ffc0000 [ 981.868015][ T28] audit: type=1326 audit(1756596334.622:830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13427 comm="syz.5.1953" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81fb18ebe9 code=0x7ffc0000 [ 982.009760][ T28] audit: type=1326 audit(1756596334.622:831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13427 comm="syz.5.1953" exe="/root/syz-executor" sig=0 arch=c000003e syscall=109 compat=0 ip=0x7f81fb18ebe9 code=0x7ffc0000 [ 982.142524][T13436] loop7: detected capacity change from 0 to 40427 [ 982.158120][ T28] audit: type=1326 audit(1756596334.622:832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13427 comm="syz.5.1953" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81fb18ebe9 code=0x7ffc0000 [ 982.260745][T13436] F2FS-fs (loop7): invalid crc value [ 982.308335][T13436] F2FS-fs (loop7): Failed to start F2FS issue_checkpoint_thread (-4) [ 982.354108][ T28] audit: type=1326 audit(1756596334.622:833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13427 comm="syz.5.1953" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81fb18ebe9 code=0x7ffc0000 [ 982.538134][ T28] audit: type=1326 audit(1756596334.622:834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13427 comm="syz.5.1953" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f81fb18ebe9 code=0x7ffc0000 [ 982.612272][ T28] audit: type=1326 audit(1756596334.622:835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13427 comm="syz.5.1953" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81fb18ebe9 code=0x7ffc0000 [ 982.802121][ T28] audit: type=1326 audit(1756596334.622:836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13427 comm="syz.5.1953" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81fb18ebe9 code=0x7ffc0000 [ 982.926750][T13466] loop7: detected capacity change from 0 to 1024 [ 982.994828][ T28] audit: type=1326 audit(1756596334.622:837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13427 comm="syz.5.1953" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f81fb18ebe9 code=0x7ffc0000 [ 983.090898][T13466] Quota error (device loop7): do_check_range: Getting block 64 out of range 1-5 [ 983.126566][T13466] EXT4-fs error (device loop7): ext4_acquire_dquot:6940: comm syz.7.1960: Failed to acquire dquot type 0 [ 983.186922][T13466] EXT4-fs error (device loop7): mb_free_blocks:1938: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt. [ 983.239653][T13466] EXT4-fs error (device loop7): ext4_do_update_inode:5230: inode #13: comm syz.7.1960: corrupted inode contents [ 983.283747][T13466] EXT4-fs error (device loop7): ext4_dirty_inode:6106: inode #13: comm syz.7.1960: mark_inode_dirty error [ 983.329573][T13466] EXT4-fs error (device loop7): ext4_do_update_inode:5230: inode #13: comm syz.7.1960: corrupted inode contents [ 983.381532][T13466] EXT4-fs error (device loop7): __ext4_ext_dirty:202: inode #13: comm syz.7.1960: mark_inode_dirty error [ 983.432518][T13466] EXT4-fs error (device loop7): ext4_do_update_inode:5230: inode #13: comm syz.7.1960: corrupted inode contents [ 983.482462][T13466] EXT4-fs error (device loop7) in ext4_orphan_del:305: Corrupt filesystem [ 983.524722][T13466] EXT4-fs error (device loop7): ext4_do_update_inode:5230: inode #13: comm syz.7.1960: corrupted inode contents [ 983.574413][T13466] EXT4-fs error (device loop7): ext4_truncate:4288: inode #13: comm syz.7.1960: mark_inode_dirty error [ 983.610223][T13466] EXT4-fs error (device loop7) in ext4_process_orphan:347: Corrupt filesystem [ 983.716167][T13466] EXT4-fs (loop7): 1 truncate cleaned up [ 983.739551][T13466] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 986.782537][T13515] bridge: RTM_NEWNEIGH with invalid ether address [ 986.888816][T13515] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1968'. [ 988.447352][T13089] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 989.127612][T13527] syzkaller0: entered promiscuous mode [ 989.141875][T13527] syzkaller0: entered allmulticast mode [ 993.414200][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.428131][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 1000.987344][ T28] kauditd_printk_skb: 38 callbacks suppressed [ 1000.987358][ T28] audit: type=1326 audit(1756596353.952:875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13649 comm="syz.0.2002" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 1001.056982][ T28] audit: type=1326 audit(1756596353.992:876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13649 comm="syz.0.2002" exe="/root/syz-executor" sig=0 arch=c000003e syscall=6 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 1001.098382][ T28] audit: type=1326 audit(1756596353.992:877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13649 comm="syz.0.2002" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 1001.121253][ T28] audit: type=1326 audit(1756596353.992:878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13649 comm="syz.0.2002" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 1001.222031][ T28] audit: type=1326 audit(1756596354.192:879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13657 comm="syz.0.2003" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 1001.317847][ T28] audit: type=1326 audit(1756596354.222:880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13657 comm="syz.0.2003" exe="/root/syz-executor" sig=0 arch=c000003e syscall=251 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 1001.408537][ T28] audit: type=1326 audit(1756596354.222:881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13657 comm="syz.0.2003" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 1001.466550][ T28] audit: type=1326 audit(1756596354.222:882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13657 comm="syz.0.2003" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b978ebe9 code=0x7ffc0000 [ 1002.773219][ T28] audit: type=1326 audit(1756596355.682:883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13674 comm="syz.5.2008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81fb18ebe9 code=0x7ffc0000 [ 1003.946592][ T28] audit: type=1326 audit(1756596355.682:884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13674 comm="syz.5.2008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81fb18ebe9 code=0x7ffc0000 [ 1007.175970][T13712] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2019'. [ 1007.186483][T13712] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1008.029344][T13712] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1009.147581][ T28] kauditd_printk_skb: 25 callbacks suppressed [ 1009.147597][ T28] audit: type=1326 audit(1756596362.112:910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13723 comm="syz.5.2021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81fb18ebe9 code=0x7ffc0000 [ 1009.251227][ T28] audit: type=1326 audit(1756596362.152:911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13723 comm="syz.5.2021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81fb18ebe9 code=0x7ffc0000 [ 1009.489088][ T28] audit: type=1326 audit(1756596362.152:912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13723 comm="syz.5.2021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f81fb18ebe9 code=0x7ffc0000 [ 1009.512379][ T28] audit: type=1326 audit(1756596362.162:913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13723 comm="syz.5.2021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81fb18ebe9 code=0x7ffc0000 [ 1009.582020][ T28] audit: type=1326 audit(1756596362.162:914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13723 comm="syz.5.2021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f81fb18ebe9 code=0x7ffc0000 [ 1009.666940][T13738] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2023'. [ 1009.730631][ T28] audit: type=1326 audit(1756596362.162:915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13723 comm="syz.5.2021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81fb18ebe9 code=0x7ffc0000 [ 1010.179806][ T28] audit: type=1326 audit(1756596362.162:916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13723 comm="syz.5.2021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81fb18ebe9 code=0x7ffc0000 [ 1010.423477][ T28] audit: type=1326 audit(1756596362.172:917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13723 comm="syz.5.2021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=61 compat=0 ip=0x7f81fb18ebe9 code=0x7ffc0000 [ 1010.514802][ T28] audit: type=1326 audit(1756596362.172:918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13723 comm="syz.5.2021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81fb18ebe9 code=0x7ffc0000 [ 1010.585563][ T28] audit: type=1326 audit(1756596362.172:919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13723 comm="syz.5.2021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81fb18ebe9 code=0x7ffc0000 [ 1012.987987][T13781] syz_tun: entered promiscuous mode [ 1013.018605][T13781] vlan2: entered promiscuous mode [ 1013.382343][T13787] overlayfs: failed to clone upperpath [ 1014.852726][T13808] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1022.841797][T13898] ================================================================== [ 1022.849935][T13898] BUG: KASAN: slab-use-after-free in __xfrm_state_lookup+0x6b2/0x8d0 [ 1022.858060][T13898] Read of size 2 at addr ffff8880600f3522 by task syz.0.2062/13898 [ 1022.865989][T13898] [ 1022.868361][T13898] CPU: 0 PID: 13898 Comm: syz.0.2062 Not tainted syzkaller #0 [ 1022.875854][T13898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1022.885961][T13898] Call Trace: [ 1022.889273][T13898] [ 1022.892241][T13898] dump_stack_lvl+0x16c/0x230 [ 1022.896964][T13898] ? __lock_acquire+0x7c80/0x7c80 [ 1022.902120][T13898] ? show_regs_print_info+0x20/0x20 [ 1022.907369][T13898] ? load_image+0x3b0/0x3b0 [ 1022.911928][T13898] ? __virt_addr_valid+0x469/0x540 [ 1022.917094][T13898] print_report+0xac/0x220 [ 1022.921544][T13898] ? __xfrm_state_lookup+0x6b2/0x8d0 [ 1022.927415][T13898] kasan_report+0x117/0x150 [ 1022.932525][T13898] ? __xfrm_state_lookup+0x6b2/0x8d0 [ 1022.937874][T13898] __xfrm_state_lookup+0x6b2/0x8d0 [ 1022.943041][T13898] ? slab_post_alloc_hook+0x8a/0x4d0 [ 1022.948384][T13898] ? xfrm_state_lookup+0x1a0/0x1a0 [ 1022.953558][T13898] xfrm_state_lookup+0xef/0x1a0 [ 1022.958464][T13898] ? xfrm_state_lookup+0x36/0x1a0 [ 1022.963559][T13898] xfrm_input+0x3d62/0x6a20 [ 1022.968125][T13898] ? xfrm_policy_check+0x490/0x870 [ 1022.973294][T13898] xfrm4_rcv_encap+0x38f/0x600 [ 1022.978099][T13898] udp_queue_rcv_one_skb+0x1603/0x1820 [ 1022.983616][T13898] ? xfrm6_transport_finish2+0x60/0x60 [ 1022.989143][T13898] __udp4_lib_mcast_deliver+0xc47/0xd30 [ 1022.994754][T13898] __udp4_lib_rcv+0x10bf/0x2430 [ 1022.999656][T13898] ? __nf_conntrack_confirm+0xd0b/0xf70 [ 1023.005348][T13898] ? udp_sk_rx_dst_set+0xa0/0xa0 [ 1023.010335][T13898] ip_protocol_deliver_rcu+0x20e/0x3f0 [ 1023.015843][T13898] ? ip_local_deliver_finish+0x1cb/0x510 [ 1023.021519][T13898] ip_local_deliver_finish+0x2ca/0x510 [ 1023.027039][T13898] NF_HOOK+0x303/0x390 [ 1023.031156][T13898] ? NF_HOOK+0x390/0x390 [ 1023.035440][T13898] ? NF_HOOK+0x9b/0x390 [ 1023.039637][T13898] ? ip_local_deliver+0x1b0/0x1b0 [ 1023.045035][T13898] ? ip_rcv_finish_core+0xccc/0x1bc0 [ 1023.050370][T13898] ? NF_HOOK+0x390/0x390 [ 1023.054658][T13898] ? ip_local_deliver+0x122/0x1b0 [ 1023.059716][T13898] NF_HOOK+0x303/0x390 [ 1023.063819][T13898] ? ip_rcv_core+0xdb0/0xdb0 [ 1023.068424][T13898] ? NF_HOOK+0x9b/0x390 [ 1023.072593][T13898] ? ip_local_deliver+0x1b0/0x1b0 [ 1023.077630][T13898] ? ip_rcv_core+0xdb0/0xdb0 [ 1023.082235][T13898] ? ip_local_deliver_finish+0x510/0x510 [ 1023.088001][T13898] ? ip_local_deliver_finish+0x510/0x510 [ 1023.093662][T13898] __netif_receive_skb+0xcc/0x290 [ 1023.098713][T13898] ? netif_receive_skb+0x106/0x6f0 [ 1023.103880][T13898] netif_receive_skb+0x1bc/0x6f0 [ 1023.108838][T13898] ? enqueue_to_backlog+0xe30/0xe30 [ 1023.114059][T13898] ? tun_rx_batched+0x161/0x730 [ 1023.119012][T13898] tun_rx_batched+0x1ba/0x730 [ 1023.123710][T13898] ? pskb_may_pull+0xf0/0xf0 [ 1023.128316][T13898] ? __local_bh_enable_ip+0x12e/0x1c0 [ 1023.133698][T13898] ? lockdep_hardirqs_on+0x98/0x150 [ 1023.138920][T13898] ? read_lock_is_recursive+0x20/0x20 [ 1023.144308][T13898] ? __local_bh_enable_ip+0x12e/0x1c0 [ 1023.149694][T13898] ? _local_bh_enable+0xa0/0xa0 [ 1023.154654][T13898] tun_get_user+0x283f/0x3bf0 [ 1023.159350][T13898] ? tun_get_user+0x2475/0x3bf0 [ 1023.164232][T13898] ? tun_get_user+0x637/0x3bf0 [ 1023.169013][T13898] ? aa_file_perm+0x3e8/0xec0 [ 1023.173732][T13898] ? rcu_read_unlock+0xa0/0xa0 [ 1023.178522][T13898] ? tun_get+0x1c/0x2e0 [ 1023.182690][T13898] ? __lock_acquire+0x7c80/0x7c80 [ 1023.187728][T13898] ? tun_get+0x1c/0x2e0 [ 1023.191905][T13898] tun_chr_write_iter+0x119/0x200 [ 1023.196950][T13898] vfs_write+0x43b/0x940 [ 1023.201218][T13898] ? file_end_write+0x250/0x250 [ 1023.206088][T13898] ? __fget_files+0x44a/0x4d0 [ 1023.210799][T13898] ? __fdget_pos+0x1d8/0x330 [ 1023.215414][T13898] ? ksys_write+0x75/0x250 [ 1023.219933][T13898] ksys_write+0x147/0x250 [ 1023.224286][T13898] ? __ia32_sys_read+0x90/0x90 [ 1023.229067][T13898] ? lockdep_hardirqs_on+0x98/0x150 [ 1023.234287][T13898] do_syscall_64+0x55/0xb0 [ 1023.238773][T13898] ? clear_bhb_loop+0x40/0x90 [ 1023.243557][T13898] ? clear_bhb_loop+0x40/0x90 [ 1023.248255][T13898] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1023.254266][T13898] RIP: 0033:0x7f14b978d69f [ 1023.258729][T13898] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 1023.278356][T13898] RSP: 002b:00007f14ba5cf000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 1023.286782][T13898] RAX: ffffffffffffffda RBX: 00007f14b99c5fa0 RCX: 00007f14b978d69f [ 1023.294767][T13898] RDX: 00000000000000be RSI: 00002000000014c0 RDI: 00000000000000c8 [ 1023.302755][T13898] RBP: 00007f14b9811e19 R08: 0000000000000000 R09: 0000000000000000 [ 1023.310747][T13898] R10: 00000000000000be R11: 0000000000000293 R12: 0000000000000000 [ 1023.318741][T13898] R13: 00007f14b99c6038 R14: 00007f14b99c5fa0 R15: 00007ffd5aa5f4c8 [ 1023.326733][T13898] [ 1023.329768][T13898] [ 1023.332111][T13898] Allocated by task 12897: [ 1023.336542][T13898] kasan_set_track+0x4e/0x70 [ 1023.341145][T13898] __kasan_slab_alloc+0x6c/0x80 [ 1023.346034][T13898] slab_post_alloc_hook+0x6e/0x4d0 [ 1023.351342][T13898] kmem_cache_alloc+0x11e/0x2e0 [ 1023.356212][T13898] xfrm_state_alloc+0x22/0x2a0 [ 1023.360986][T13898] __find_acq_core+0x7d8/0x19d0 [ 1023.365846][T13898] xfrm_find_acq+0x6a/0x90 [ 1023.370273][T13898] pfkey_getspi+0x64f/0xed0 [ 1023.374789][T13898] pfkey_sendmsg+0xbed/0x1050 [ 1023.379479][T13898] ____sys_sendmsg+0x5bf/0x950 [ 1023.384273][T13898] ___sys_sendmsg+0x220/0x290 [ 1023.388965][T13898] __se_sys_sendmsg+0x1a5/0x270 [ 1023.393833][T13898] do_syscall_64+0x55/0xb0 [ 1023.398261][T13898] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1023.404171][T13898] [ 1023.406498][T13898] The buggy address belongs to the object at ffff8880600f3400 [ 1023.406498][T13898] which belongs to the cache xfrm_state of size 848 [ 1023.420485][T13898] The buggy address is located 290 bytes inside of [ 1023.420485][T13898] freed 848-byte region [ffff8880600f3400, ffff8880600f3750) [ 1023.434311][T13898] [ 1023.436645][T13898] The buggy address belongs to the physical page: [ 1023.443083][T13898] page:ffffea0001803c00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880600f3000 pfn:0x600f0 [ 1023.454558][T13898] head:ffffea0001803c00 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1023.463507][T13898] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 1023.471531][T13898] page_type: 0xffffffff() [ 1023.475878][T13898] raw: 00fff00000000840 ffff88801a6e3500 dead000000000122 0000000000000000 [ 1023.484489][T13898] raw: ffff8880600f3000 0000000080100007 00000001ffffffff 0000000000000000 [ 1023.493078][T13898] page dumped because: kasan: bad access detected [ 1023.499546][T13898] page_owner tracks the page as allocated [ 1023.505268][T13898] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 9173, tgid 9169 (syz.4.812), ts 490479461108, free_ts 490013629813 [ 1023.525867][T13898] post_alloc_hook+0x1cd/0x210 [ 1023.530663][T13898] get_page_from_freelist+0x195c/0x19f0 [ 1023.536231][T13898] __alloc_pages+0x1e3/0x460 [ 1023.540844][T13898] alloc_slab_page+0x5d/0x170 [ 1023.545538][T13898] new_slab+0x87/0x2e0 [ 1023.549630][T13898] ___slab_alloc+0xc6d/0x12f0 [ 1023.554325][T13898] kmem_cache_alloc+0x1b7/0x2e0 [ 1023.559191][T13898] xfrm_state_alloc+0x22/0x2a0 [ 1023.563968][T13898] xfrm_state_find+0x2944/0x4510 [ 1023.568914][T13898] xfrm_resolve_and_create_bundle+0x727/0x2c20 [ 1023.575086][T13898] xfrm_lookup_with_ifid+0x261/0x19c0 [ 1023.580464][T13898] xfrm_lookup_route+0x3c/0x1b0 [ 1023.585423][T13898] udp_sendmsg+0x15cf/0x2380 [ 1023.590032][T13898] ____sys_sendmsg+0x5bf/0x950 [ 1023.594830][T13898] ___sys_sendmsg+0x220/0x290 [ 1023.599521][T13898] __sys_sendmmsg+0x275/0x4a0 [ 1023.604209][T13898] page last free stack trace: [ 1023.608913][T13898] free_unref_page_prepare+0x7ce/0x8e0 [ 1023.614476][T13898] free_unref_page+0x32/0x2e0 [ 1023.619172][T13898] __unfreeze_partials+0x1cf/0x210 [ 1023.624306][T13898] put_cpu_partial+0x17c/0x250 [ 1023.629098][T13898] __slab_free+0x31d/0x410 [ 1023.633528][T13898] qlist_free_all+0x75/0xe0 [ 1023.639159][T13898] kasan_quarantine_reduce+0x143/0x160 [ 1023.644718][T13898] __kasan_slab_alloc+0x22/0x80 [ 1023.649676][T13898] slab_post_alloc_hook+0x6e/0x4d0 [ 1023.654813][T13898] kmem_cache_alloc+0x11e/0x2e0 [ 1023.659703][T13898] ptlock_alloc+0x20/0x70 [ 1023.664058][T13898] pte_alloc_one+0xce/0x540 [ 1023.668578][T13898] handle_mm_fault+0x2e8e/0x4920 [ 1023.673539][T13898] do_user_addr_fault+0xad0/0x12e0 [ 1023.678664][T13898] exc_page_fault+0x67/0x110 [ 1023.683270][T13898] asm_exc_page_fault+0x26/0x30 [ 1023.688148][T13898] [ 1023.690484][T13898] Memory state around the buggy address: [ 1023.696150][T13898] ffff8880600f3400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1023.704221][T13898] ffff8880600f3480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1023.712293][T13898] >ffff8880600f3500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1023.720365][T13898] ^ [ 1023.725486][T13898] ffff8880600f3580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1023.733558][T13898] ffff8880600f3600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1023.741627][T13898] ================================================================== [ 1023.749911][T13898] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1023.757136][T13898] CPU: 0 PID: 13898 Comm: syz.0.2062 Not tainted syzkaller #0 [ 1023.764677][T13898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1023.774777][T13898] Call Trace: [ 1023.778090][T13898] [ 1023.781040][T13898] dump_stack_lvl+0x16c/0x230 [ 1023.785744][T13898] ? show_regs_print_info+0x20/0x20 [ 1023.790979][T13898] ? load_image+0x3b0/0x3b0 [ 1023.795498][T13898] panic+0x2c0/0x710 [ 1023.799414][T13898] ? bpf_jit_dump+0xd0/0xd0 [ 1023.803933][T13898] ? _raw_spin_unlock_irqrestore+0xa9/0x110 [ 1023.809853][T13898] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 1023.815762][T13898] ? _raw_spin_unlock+0x40/0x40 [ 1023.820633][T13898] ? print_memory_metadata+0x314/0x400 [ 1023.826155][T13898] ? __xfrm_state_lookup+0x6b2/0x8d0 [ 1023.831456][T13898] check_panic_on_warn+0x84/0xa0 [ 1023.836406][T13898] ? __xfrm_state_lookup+0x6b2/0x8d0 [ 1023.841706][T13898] end_report+0x6f/0x140 [ 1023.845983][T13898] kasan_report+0x128/0x150 [ 1023.850503][T13898] ? __xfrm_state_lookup+0x6b2/0x8d0 [ 1023.855809][T13898] __xfrm_state_lookup+0x6b2/0x8d0 [ 1023.860937][T13898] ? slab_post_alloc_hook+0x8a/0x4d0 [ 1023.866254][T13898] ? xfrm_state_lookup+0x1a0/0x1a0 [ 1023.871385][T13898] xfrm_state_lookup+0xef/0x1a0 [ 1023.876269][T13898] ? xfrm_state_lookup+0x36/0x1a0 [ 1023.881335][T13898] xfrm_input+0x3d62/0x6a20 [ 1023.885882][T13898] ? xfrm_policy_check+0x490/0x870 [ 1023.891105][T13898] xfrm4_rcv_encap+0x38f/0x600 [ 1023.895883][T13898] udp_queue_rcv_one_skb+0x1603/0x1820 [ 1023.901364][T13898] ? xfrm6_transport_finish2+0x60/0x60 [ 1023.906852][T13898] __udp4_lib_mcast_deliver+0xc47/0xd30 [ 1023.912422][T13898] __udp4_lib_rcv+0x10bf/0x2430 [ 1023.917302][T13898] ? __nf_conntrack_confirm+0xd0b/0xf70 [ 1023.922872][T13898] ? udp_sk_rx_dst_set+0xa0/0xa0 [ 1023.927831][T13898] ip_protocol_deliver_rcu+0x20e/0x3f0 [ 1023.933309][T13898] ? ip_local_deliver_finish+0x1cb/0x510 [ 1023.938967][T13898] ip_local_deliver_finish+0x2ca/0x510 [ 1023.944442][T13898] NF_HOOK+0x303/0x390 [ 1023.948532][T13898] ? NF_HOOK+0x390/0x390 [ 1023.952787][T13898] ? NF_HOOK+0x9b/0x390 [ 1023.956971][T13898] ? ip_local_deliver+0x1b0/0x1b0 [ 1023.962009][T13898] ? ip_rcv_finish_core+0xccc/0x1bc0 [ 1023.967395][T13898] ? NF_HOOK+0x390/0x390 [ 1023.971655][T13898] ? ip_local_deliver+0x122/0x1b0 [ 1023.976697][T13898] NF_HOOK+0x303/0x390 [ 1023.980804][T13898] ? ip_rcv_core+0xdb0/0xdb0 [ 1023.985531][T13898] ? NF_HOOK+0x9b/0x390 [ 1023.989712][T13898] ? ip_local_deliver+0x1b0/0x1b0 [ 1023.994752][T13898] ? ip_rcv_core+0xdb0/0xdb0 [ 1023.999357][T13898] ? ip_local_deliver_finish+0x510/0x510 [ 1024.005007][T13898] ? ip_local_deliver_finish+0x510/0x510 [ 1024.010653][T13898] __netif_receive_skb+0xcc/0x290 [ 1024.015704][T13898] ? netif_receive_skb+0x106/0x6f0 [ 1024.020832][T13898] netif_receive_skb+0x1bc/0x6f0 [ 1024.025788][T13898] ? enqueue_to_backlog+0xe30/0xe30 [ 1024.031095][T13898] ? tun_rx_batched+0x161/0x730 [ 1024.035966][T13898] tun_rx_batched+0x1ba/0x730 [ 1024.040691][T13898] ? pskb_may_pull+0xf0/0xf0 [ 1024.045300][T13898] ? __local_bh_enable_ip+0x12e/0x1c0 [ 1024.050708][T13898] ? lockdep_hardirqs_on+0x98/0x150 [ 1024.055936][T13898] ? read_lock_is_recursive+0x20/0x20 [ 1024.061327][T13898] ? __local_bh_enable_ip+0x12e/0x1c0 [ 1024.066714][T13898] ? _local_bh_enable+0xa0/0xa0 [ 1024.071600][T13898] tun_get_user+0x283f/0x3bf0 [ 1024.076381][T13898] ? tun_get_user+0x2475/0x3bf0 [ 1024.081252][T13898] ? tun_get_user+0x637/0x3bf0 [ 1024.086025][T13898] ? aa_file_perm+0x3e8/0xec0 [ 1024.090721][T13898] ? rcu_read_unlock+0xa0/0xa0 [ 1024.095512][T13898] ? tun_get+0x1c/0x2e0 [ 1024.099683][T13898] ? __lock_acquire+0x7c80/0x7c80 [ 1024.104728][T13898] ? tun_get+0x1c/0x2e0 [ 1024.108909][T13898] tun_chr_write_iter+0x119/0x200 [ 1024.113982][T13898] vfs_write+0x43b/0x940 [ 1024.118258][T13898] ? file_end_write+0x250/0x250 [ 1024.123127][T13898] ? __fget_files+0x44a/0x4d0 [ 1024.127822][T13898] ? __fdget_pos+0x1d8/0x330 [ 1024.132541][T13898] ? ksys_write+0x75/0x250 [ 1024.136982][T13898] ksys_write+0x147/0x250 [ 1024.141364][T13898] ? __ia32_sys_read+0x90/0x90 [ 1024.146146][T13898] ? lockdep_hardirqs_on+0x98/0x150 [ 1024.151374][T13898] do_syscall_64+0x55/0xb0 [ 1024.155803][T13898] ? clear_bhb_loop+0x40/0x90 [ 1024.160490][T13898] ? clear_bhb_loop+0x40/0x90 [ 1024.165184][T13898] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1024.171106][T13898] RIP: 0033:0x7f14b978d69f [ 1024.175528][T13898] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 1024.195151][T13898] RSP: 002b:00007f14ba5cf000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 1024.203576][T13898] RAX: ffffffffffffffda RBX: 00007f14b99c5fa0 RCX: 00007f14b978d69f [ 1024.211557][T13898] RDX: 00000000000000be RSI: 00002000000014c0 RDI: 00000000000000c8 [ 1024.219541][T13898] RBP: 00007f14b9811e19 R08: 0000000000000000 R09: 0000000000000000 [ 1024.227522][T13898] R10: 00000000000000be R11: 0000000000000293 R12: 0000000000000000 [ 1024.235516][T13898] R13: 00007f14b99c6038 R14: 00007f14b99c5fa0 R15: 00007ffd5aa5f4c8 [ 1024.243509][T13898] [ 1024.246865][T13898] Kernel Offset: disabled [ 1024.251642][T13898] Rebooting in 86400 seconds..