last executing test programs: 9m26.520861354s ago: executing program 32 (id=194): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r0, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10) write$tun(0xffffffffffffffff, 0x0, 0x1043) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000cc0)={0x11, 0x13, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) connect$unix(0xffffffffffffffff, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xa, 0x4, 0x7fe2, 0x1}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r3}, 0x10) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) fcntl$lock(r4, 0x26, &(0x7f0000000000)={0x1}) 8m29.605248s ago: executing program 1 (id=298): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x18) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000940)={{}, &(0x7f00000008c0), 0x0}, 0x20) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000300)='ns/mnt\x00') 8m29.439909754s ago: executing program 1 (id=300): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0xd, 0x4, &(0x7f0000000500)=ANY=[@ANYBLOB="180000000000000000000000000000007110af000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd}, 0x94) 8m28.614009782s ago: executing program 1 (id=301): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6) io_setup(0x2, 0x0) io_submit(0x0, 0x1, &(0x7f0000000340)=[&(0x7f0000000a00)={0x2000000000, 0x4, 0x0, 0x1, 0x0, r0, &(0x7f0000000040)="40ac000000f0", 0x6, 0x0, 0x0, 0x2}]) 8m28.448908565s ago: executing program 1 (id=302): syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x1400c, &(0x7f0000000680)={[{@test_dummy_encryption}, {@init_itable}, {@noload}]}, 0x3, 0x470, &(0x7f0000001240)="$eJzs3MtvG1UXAPAzkzj98qUloZRXyyNQEBWPpGkLdMECEEgsioQEC1haSVqVpi1qjESrSKQsygohJPaIJf8CK9ggxAqJLexRpQp1Q8vKaOyZxHZsp2nsuMW/n+T23Hn43uOZa9+ZayeAoTWd/ZNE7I6I3yNisl5s3mC6/t+N6yvzN6+vzCdRrb77V1Lb7u/rK/PFpsV+E42FSOJAm3qXL146U15aWryQl2crZz+aXb546YXTZ8unFk8tnjty/Pixo3Mvv3TkxZ7kORFpHr31wVdvn/iiKf+WPHpkutvKp6vVHlc3WHsa4tEBtoOtGcmPV6nW/ydjpOHoTcabn60VPh1QA4G+qVar1YnOq1erwH9YEs1lXR6GRfFBX1z/trsOfrVvo4/Bu/Za/QIoy/tG/qivGV27Y1Bqub7tpemIeH/1n2+yR/TnPgQAQJMfsvHP89loZ2U+G3usjz/SeKBhu3vyuaGpiLg3IvZGxH1xLvZFxP0RtW0fjIiHtlh/6yTJxvFPevW2ErtF2fjvlXxuq3n8V4z+YmokL+2p5V9KTp5eWjycvyaHorQrK891qePHN377stO6xvFf9sjqL8aCeTuuju5q3mehXClvJ+dG1y5H7B9tl3+yNhOQRMTDEbG/3ROkm9dx+tnvHum0bvP8u+jBRFP124hn6sd/NVryLyTd5ydn/xdLi4dni7Nio19+vfJOp/q3lX8PZMf//23P/7X8p5LG+drlrddx5Y/PO17TTJfyYAvn/2q5Uh5L3qvFY/myT8qVyoW5iLHkRL3RjcuPrO9blIvts/wPHWzf//fG+itxICKyk/jRiHgsIh7Pj90TEfFkRBzskv/Prz/1Yeuy8SL/O+D4L2zp+K8HY9G6pH0wcuan75sqnVoP8/xvdn//O1aLDuVLbuX971badXtnMwAAANx90ojYHUk6sxan6cxM/Tv8+yLSpfPLledOnv/43EL9NwJTUUqLO12TDfdD5/LL+nr5ckTUv1pQrD8aae2+8dcj47XyzPz5pYVBJw9DbqJD/8/8OTLo1gF95wdbMLz0fxheXft/aefaAey8Df2/a5/f1de2ADurzef/+CDaAey8duN/f+8HhkNL/zftB0PE/X8YXvo/DC/9H4bS8nhs/iP5rkHxTLe5+2bBZMR2WziYIEp3RDP6FkTa9yrG+ntq9S1I7sI2bwgG954EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQS/8GAAD//3hZ0MA=") syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x2081413, 0x0, 0x1, 0x0, &(0x7f0000000080)) chdir(&(0x7f00000000c0)='./bus\x00') syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000040)='./bus\x00', 0x3010009, 0x0, 0x1, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) mount$overlay(0x0, &(0x7f0000000400)='./bus\x00', &(0x7f0000000b80), 0x200008, &(0x7f0000000380)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) 8m27.766048751s ago: executing program 33 (id=303): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x9, 0x4, 0xdd, 0xa}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa10000000000000701"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x54, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180200009b1aecb60000000000000000850000007500000095"], 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r2}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000a00)={{r0}, &(0x7f0000000980), &(0x7f00000009c0)=r1}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000140)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000002d0301000000000095000000000000006926000000000000bf67000000000000150600000fff070067060000200000006a0200000ee60000bf050000000000004e350000000000006507000002000000070700004a0000000f75000000000000bf54000000000000070400000400f9ff3d53010000000000840400000000000073720000000000009500000000000000db13d5d8b741f2cdaabc8383caf56b8c2b84a8d09535a157f9005bd38addaa65b925f1ffed25b8b9e2a095d2c51ef45c5588ec78c7f32946b17cecfe54c53ab530c58b67851b7e0e82452a083b98a6aa766401047d150203b0417edef332233b081df18961d6822d133bf72a4de1c2ea17f04537fc211576846ac629d1d93265ba4580047a9dc88de358ce795731891a2031de4e09740c64e5506f991ed4785a9773a433e0db9c1a7d4ab9d658ce9cfdb4db3bed62bcb2bc91ddcdfadfe6d4421c49fb6641cbf56914e76702f673b586c767562a90a3967093b000e3806f825f1d0da2a304e06543b56d35235d78b7a7fe912971aab876022e96f5143b6234f5a6b701690b07fb664a44e22b72e843e7cf55f394cf75d1cd3ee79a25fb98cc45b3fde43e42e150d4a2fddd9a97677400ef0bd697d135324ce480c2960344de346bd511dea4ff7a07400b2d12dd1a8c4c300aee5f948777085ca142b79dfc3aca5fadaa0532ab0572169f68584ff2ee063bc7e75ecd5cc8973464629ba236e3ff97f6033d0800000000000000cef54a60aff12590a50ef147e3e640193d00263003a4ef412420a070dd0327e47c8c7abb77b4b53874788d7e2e5d554de4713db957afb56d4673f1b904c5a317d3670003000000183fb7d36e173044f4ab34"], &(0x7f0000000100)='GPL\x00'}, 0x48) 8m27.331693706s ago: executing program 1 (id=305): socket$inet_udp(0x2, 0x2, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000006c0), 0x48200, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x69dfb000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) r3 = socket$pppl2tp(0x18, 0x1, 0x1) r4 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r3, &(0x7f00000002c0)=@pppol2tpin6={0x18, 0x1, {0x0, r4, 0x8, 0x0, 0x3, 0x0, {0xa, 0x0, 0x6, @rand_addr=' \x01\x00', 0x200000}}}, 0x32) 8m27.187807328s ago: executing program 0 (id=310): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0) socket$kcm(0x10, 0x2, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) openat$cgroup_ro(r0, &(0x7f0000000440)='memory.stat\x00', 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000026c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34665c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbccbddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e712a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd13f4cec49669e443dcb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ef8dba2f23b01a9ae44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af40000000000000005f58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef07000000000000006da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405a07feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09c0e5a3bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea10d3cfb41b92ecbb422a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f74562adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b4412331d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd100fcffff007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711c6529ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a22c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29008000000000000005ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc030ea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efd936b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800001f00000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351b9332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d9890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b0783883ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a138d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fce43d8c53a8031e64026e0d36b6401064c49a729f11ab377f7132c5232bb80195dd5d43d29646a9378eea0761b7ed9d2172e33ed87c7413c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828b07f1dc7df9c8e5da22dfb9dacbf5529e4e994128d835f85465173ea7bbcc519a0c9798ce8b1b07567e3e07169c8c3e4da8bf725c050000000000000000000000000000000000000000004775abdf0c62728eb55a9e2849a1ce05bed60dfe4cc9fa43f9684297c02382c0a35829be7a86305792a9d2e80ca9e8fc50f31f6e0fa810303da03d8b74b42c1ebaf16bb343256405a3a07229a54de09a97b269cd29e8b2f0b0d46c51a6a93eec37f4bc6e29a8e19120ae050ab682662e9b2cc3263a4aba62b63ca9123a53c0f4bf3c4463b8144c89bf058a0af0ae9fc2b7cdfc4817703e267cddc193637d7fd97646090da37093657643daae3840c7f5c10f93524f7ae4791ec6e9d9722e5f670ccb358e051a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffd93}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000026c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34665c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbccbddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e712a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd13f4cec49669e443dcb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ef8dba2f23b01a9ae44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af40000000000000005f58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef07000000000000006da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405a07feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09c0e5a3bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea10d3cfb41b92ecbb422a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f74562adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b4412331d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd100fcffff007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711c6529ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a22c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29008000000000000005ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc030ea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efd936b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800001f00000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351b9332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d9890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b0783883ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a138d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fce43d8c53a8031e64026e0d36b6401064c49a729f11ab377f7132c5232bb80195dd5d43d29646a9378eea0761b7ed9d2172e33ed87c7413c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828b07f1dc7df9c8e5da22dfb9dacbf5529e4e994128d835f85465173ea7bbcc519a0c9798ce8b1b07567e3e07169c8c3e4da8bf725c050000000000000000000000000000000000000000004775abdf0c62728eb55a9e2849a1ce05bed60dfe4cc9fa43f9684297c02382c0a35829be7a86305792a9d2e80ca9e8fc50f31f6e0fa810303da03d8b74b42c1ebaf16bb343256405a3a07229a54de09a97b269cd29e8b2f0b0d46c51a6a93eec37f4bc6e29a8e19120ae050ab682662e9b2cc3263a4aba62b63ca9123a53c0f4bf3c4463b8144c89bf058a0af0ae9fc2b7cdfc4817703e267cddc193637d7fd97646090da37093657643daae3840c7f5c10f93524f7ae4791ec6e9d9722e5f670ccb358e051a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x5a}, 0x48) bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000a40)={@fallback=r2, r1, 0x2f}, 0x20) bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f00000001c0)={0x0, 0x0}, 0x8) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000004c0)={@cgroup=r0, r1, 0x2f, 0x2020, 0x4, @void, @void, @value=r3}, 0x20) 8m27.04883344s ago: executing program 0 (id=312): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6) io_setup(0x2, 0x0) io_submit(0x0, 0x1, &(0x7f0000000340)=[&(0x7f0000000a00)={0x2000000000, 0x4, 0x0, 0x1, 0x0, r0, &(0x7f0000000040)="40ac000000f0", 0x6, 0x0, 0x0, 0x2}]) 8m26.936861739s ago: executing program 0 (id=315): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000980)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000000)={'bond0\x00', @random="01008b201000"}) 8m23.263045029s ago: executing program 0 (id=317): syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x1400c, &(0x7f0000000680)={[{@test_dummy_encryption}, {@init_itable}, {@noload}]}, 0x3, 0x470, &(0x7f0000001240)="$eJzs3MtvG1UXAPAzkzj98qUloZRXyyNQEBWPpGkLdMECEEgsioQEC1haSVqVpi1qjESrSKQsygohJPaIJf8CK9ggxAqJLexRpQp1Q8vKaOyZxHZsp2nsuMW/n+T23Hn43uOZa9+ZayeAoTWd/ZNE7I6I3yNisl5s3mC6/t+N6yvzN6+vzCdRrb77V1Lb7u/rK/PFpsV+E42FSOJAm3qXL146U15aWryQl2crZz+aXb546YXTZ8unFk8tnjty/Pixo3Mvv3TkxZ7kORFpHr31wVdvn/iiKf+WPHpkutvKp6vVHlc3WHsa4tEBtoOtGcmPV6nW/ydjpOHoTcabn60VPh1QA4G+qVar1YnOq1erwH9YEs1lXR6GRfFBX1z/trsOfrVvo4/Bu/Za/QIoy/tG/qivGV27Y1Bqub7tpemIeH/1n2+yR/TnPgQAQJMfsvHP89loZ2U+G3usjz/SeKBhu3vyuaGpiLg3IvZGxH1xLvZFxP0RtW0fjIiHtlh/6yTJxvFPevW2ErtF2fjvlXxuq3n8V4z+YmokL+2p5V9KTp5eWjycvyaHorQrK891qePHN377stO6xvFf9sjqL8aCeTuuju5q3mehXClvJ+dG1y5H7B9tl3+yNhOQRMTDEbG/3ROkm9dx+tnvHum0bvP8u+jBRFP124hn6sd/NVryLyTd5ydn/xdLi4dni7Nio19+vfJOp/q3lX8PZMf//23P/7X8p5LG+drlrddx5Y/PO17TTJfyYAvn/2q5Uh5L3qvFY/myT8qVyoW5iLHkRL3RjcuPrO9blIvts/wPHWzf//fG+itxICKyk/jRiHgsIh7Pj90TEfFkRBzskv/Prz/1Yeuy8SL/O+D4L2zp+K8HY9G6pH0wcuan75sqnVoP8/xvdn//O1aLDuVLbuX971badXtnMwAAANx90ojYHUk6sxan6cxM/Tv8+yLSpfPLledOnv/43EL9NwJTUUqLO12TDfdD5/LL+nr5ckTUv1pQrD8aae2+8dcj47XyzPz5pYVBJw9DbqJD/8/8OTLo1gF95wdbMLz0fxheXft/aefaAey8Df2/a5/f1de2ADurzef/+CDaAey8duN/f+8HhkNL/zftB0PE/X8YXvo/DC/9H4bS8nhs/iP5rkHxTLe5+2bBZMR2WziYIEp3RDP6FkTa9yrG+ntq9S1I7sI2bwgG954EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQS/8GAAD//3hZ0MA=") syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x2081413, 0x0, 0x1, 0x0, &(0x7f0000000080)) chdir(&(0x7f00000000c0)='./bus\x00') syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000040)='./bus\x00', 0x3010009, 0x0, 0x1, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) mount$overlay(0x0, &(0x7f0000000400)='./bus\x00', &(0x7f0000000b80), 0x200008, &(0x7f0000000380)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) 8m23.074930264s ago: executing program 1 (id=319): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x2e2c43, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0x6, &(0x7f00000009c0)=ANY=[@ANYRESOCT=r1], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x4b, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x10) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000640), 0x125c40, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) close(r0) pipe2$9p(&(0x7f0000000240), 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x0, 0x6, @mcast2, 0x6}, 0x1c) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x4c, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000003c0)='sched_switch\x00', r4}, 0x18) syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f00000007c0)='./mnt\x00', 0x840, &(0x7f0000000080)={[{@test_dummy_encryption_v1}, {@test_dummy_encryption_v1}]}, 0x1, 0x241, &(0x7f0000000540)="$eJzs3U9oFFccB/DfzO42TbKUtL0UCm2hlNIGQnor9JJeWgiUEEoptIUUES9KIsQEb4knLx70rJKTlyDejB4ll+BFETxFzSFeBA0eDB70sDI7iUSz/oGJO+J8PjC7M7vvze8Ns983exkmgMoaiIiRiKhFxGBENCIi2dngm3wZ2Npc6F2ZiGi1/nyYtNvl27ntfv0RMR8RP0fEcprEwXrE7NK/649Xf//+xEzju3NL//R29SC3bKyv/bF5duz4xdGfZq/fvD+WxEg0XziuvZd0+KyeRHz2Loq9J5J62SPgbYwfvXAry/3nEfFtO/+NSCM/eSenP1puxI9nXtX31IMbX3ZzrMDea7Ua2TVwvgVUThoRzUjSoYjI19N0aCj/D3+71pcempo+MnhgamZyf9kzFbBXmhFrv13uudT/Uv7v1fL8Ax+uLP9/jS/eydY3a2WPBuimLP+D/8/9EPIPlSP/UF3yD9Ul/1Bdr8t/WtKYgO5w/Yfqkn+oLvmH6pJ/qC75h+ramX8AoFpaPWXfgQyUpez5BwAAAAAAAAAAAAAAAAAA2G2hd2Vie+lWzaunIzZ+jYh6p/q1recQfNx+7XuUZM2eS/Juhfz3dcEdFHS+5LuvP7lbbv1rX5Vbf24yYv5YRAzX67t/f0nh52B8+obvG/sKFijol7/Lrf90sdz6o6sRV7L5Z7jT/JPGF+33zvNPMzt/BesfflJwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTNswAAAP//ceptKw==") ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, 0x0) sched_setaffinity(0x0, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000580)='./file0\x00', 0x3956400, 0x0, 0x0, 0x0, 0x0) sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="5c007db8", @ANYRES16=0x0, @ANYBLOB="01000000000000000000030000004800018044000400200001000a004e22000001fffe80000000000000000000000000001bff000000200002000a00000000000000ff010000000000000000000000000001000000"], 0x5c}}, 0x0) 8m22.897992299s ago: executing program 34 (id=319): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x2e2c43, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0x6, &(0x7f00000009c0)=ANY=[@ANYRESOCT=r1], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x4b, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x10) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000640), 0x125c40, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) close(r0) pipe2$9p(&(0x7f0000000240), 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x0, 0x6, @mcast2, 0x6}, 0x1c) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x4c, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000003c0)='sched_switch\x00', r4}, 0x18) syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f00000007c0)='./mnt\x00', 0x840, &(0x7f0000000080)={[{@test_dummy_encryption_v1}, {@test_dummy_encryption_v1}]}, 0x1, 0x241, &(0x7f0000000540)="$eJzs3U9oFFccB/DfzO42TbKUtL0UCm2hlNIGQnor9JJeWgiUEEoptIUUES9KIsQEb4knLx70rJKTlyDejB4ll+BFETxFzSFeBA0eDB70sDI7iUSz/oGJO+J8PjC7M7vvze8Ns983exkmgMoaiIiRiKhFxGBENCIi2dngm3wZ2Npc6F2ZiGi1/nyYtNvl27ntfv0RMR8RP0fEcprEwXrE7NK/649Xf//+xEzju3NL//R29SC3bKyv/bF5duz4xdGfZq/fvD+WxEg0XziuvZd0+KyeRHz2Loq9J5J62SPgbYwfvXAry/3nEfFtO/+NSCM/eSenP1puxI9nXtX31IMbX3ZzrMDea7Ua2TVwvgVUThoRzUjSoYjI19N0aCj/D3+71pcempo+MnhgamZyf9kzFbBXmhFrv13uudT/Uv7v1fL8Ax+uLP9/jS/eydY3a2WPBuimLP+D/8/9EPIPlSP/UF3yD9Ul/1Bdr8t/WtKYgO5w/Yfqkn+oLvmH6pJ/qC75h+ramX8AoFpaPWXfgQyUpez5BwAAAAAAAAAAAAAAAAAA2G2hd2Vie+lWzaunIzZ+jYh6p/q1recQfNx+7XuUZM2eS/Juhfz3dcEdFHS+5LuvP7lbbv1rX5Vbf24yYv5YRAzX67t/f0nh52B8+obvG/sKFijol7/Lrf90sdz6o6sRV7L5Z7jT/JPGF+33zvNPMzt/BesfflJwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTNswAAAP//ceptKw==") ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, 0x0) sched_setaffinity(0x0, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000580)='./file0\x00', 0x3956400, 0x0, 0x0, 0x0, 0x0) sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="5c007db8", @ANYRES16=0x0, @ANYBLOB="01000000000000000000030000004800018044000400200001000a004e22000001fffe80000000000000000000000000001bff000000200002000a00000000000000ff010000000000000000000000000001000000"], 0x5c}}, 0x0) 8m22.877229111s ago: executing program 0 (id=322): sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8001c00180081064e81f782db44b9b545c7910006", 0x15}], 0x1}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="d8000000210081044e81f782db44b904020000", 0x13}], 0x1}, 0x0) r0 = socket$kcm(0x2, 0x5, 0x84) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x10001, 0x0, 0xfffffffc, 0x5}, {0x2}]}, 0x94) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(r2) recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r0, 0x84, 0x6e, &(0x7f0000000000)=r3, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0}, 0x94) r4 = socket$kcm(0x2, 0x1000000000000005, 0x0) sendmsg$inet(r4, &(0x7f0000007940)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="20000000000000008400000002000000948404"], 0x20}, 0x0) 8m22.340842335s ago: executing program 0 (id=323): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x16, 0x18, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000100000000000000010000180100002020702500000000002020207b1af8ff00000000bfa10000000000000701000078ffffffb702000008000000b7030000000800008500000006000000b7080000000000007b8af8ff00000000b7080000001000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r1, 0x0, 0x10, 0x10, &(0x7f00000006c0)="0000000005000000", &(0x7f0000000700)=""/8, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 8m22.042061259s ago: executing program 35 (id=323): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x16, 0x18, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000100000000000000010000180100002020702500000000002020207b1af8ff00000000bfa10000000000000701000078ffffffb702000008000000b7030000000800008500000006000000b7080000000000007b8af8ff00000000b7080000001000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r1, 0x0, 0x10, 0x10, &(0x7f00000006c0)="0000000005000000", &(0x7f0000000700)=""/8, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 8m12.220632733s ago: executing program 4 (id=353): r0 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x2, 0x4001, @loopback}, 0x10, 0x0}, 0x34004800) ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x541b, 0x0) 8m11.3986359s ago: executing program 4 (id=354): syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000080)='./file1\x00', 0x0, &(0x7f00000069c0)=ANY=[@ANYBLOB="6c617a7974696d652c6e6f696e6c696e655f78617474722c6c617a7974696d652c6e6f626172726965722c6163746976655f6c6f67733d342c757365725f78617474722c6d6f64653d6c66732c616c6c6f635f6d6f64653d64656661756c742c00be9ee044c45511e65887f6fac9eba6d787c3684a836f23dbf8ad3dd5931c08b4d8bde7e8acbbf3bf3326f2faa5952a332ad2ced40c98a2affa2dad4d623f9ff3ffa81e45095548ab6200f069d0f63d20fd71d3043b0dd5c4cf9785f3f531abc19bc1678f5e0b33006bd1049ca45fd8500d67a5aa6e1c23d900000000007867738729e703bb122283fb2fae9813a0cfefcdf3dc968af1cf80e96649d943198a96d9b1af9c91506b30922be8537f54e65cf60c6b6a5798955796aea325770d6ccc93a95fad93b2c7bad114fcbc55036a301c23b07073c71555791db8919235022bb0ee4294211ab9b43f3fbedecd223722d937aa22b31e2e9c97e5ea94e4ab83d4e5811c7556813c334aec856af0a0c12b3c93ba5aa906c6e2268a0c6cbbb13f496d87c608604eb02b2c031d5ae40c75"], 0x1, 0x5531, &(0x7f0000000b00)="$eJzs3EtvG1UUAODrpOmbEiEW7DpShZRItVWnSQW7AK14iFQRjwUr6tiO5db2RLHjhKxYsEQs+CcIJFYs+Q0sWLNDLEDskIo89wY1PCpQHJsk3ydNz8yd6zPnjqpEZyZyAM6s+ezXn0vhWrgUQpgNIVwNodgvpa2wGsMLIYTrIYSZJ7ZSGv9j4HwI4XII4dooecxZSqc+vzm8sfLTW798892Fc1e++Pr76a0amLYXQwjdrbi/240xb8X4MI3Xhu0idpeHKcYT3UfpOI9xt7lRZNitHcyrFfF2K87Pt3b6o7jZqdVHsdXeLMa3evGC/WHrIE/xgYe17eK40dwoYrufF7G1H+va248/2/b7g5inkfJ9VKQPg8FBjOPNvWZcz9ajItZ7gzQe8+aN5t4oDlNMlwv1vNMo6tg4yp3+f3u73dvZy4bN7X4772UrlepLleqdcnU7bzQHzeVyrdu4s5wttDqjaeVBs9ZdbeV5q9Os1PPuYrbQqtfL1Wq2cLe50a71smq1crtyq7yymPZuZq/ffz/rNLKFUXy13dsZtDv9bDPfzuInFrOlyu2XF7Mb1ezdtfVs/Z1799bW3/vw7gf3X1l787U06S9lZQtLt5aWytVb5aXq4sld/+h3/X9a/yep6DGuH46k9LSTDyZXB8AJov8HpmGi/f9cGHv/H/T/Y6H/P7Prf5wc7QZytj21/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4DT7Ye7LN4qd+Xh8JY0/k4aeS8elEMJMCOHx35gN5w/lnE155v5h/tyfavi2FIoMo2tcSNvlEMJq2n579rjvAgAAAJxeX318/bPYrcd/5qddEJMUH9rMXH0wpnylEMLc/I9jyBLSw6bw/NGrikb/v8+FvTFlKx5gXRxTsvjI7dy4sv0rs4fCxSdCKYaZg5nnJ1oXAABwnA53ApPtQgAAAJikT6ddANNRvGlNf4ufXvNdiCG9ELx06AgAAAA4gUrTLgAAAAA4dkX/7/v/AAAA4HSL3/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL+zcze5aQNRAICfDS609AdV3fcq3cExeoQuu4y4CkcgV8gFOAPZZZtdBBH2JAoRhBAbE6Lvk+xhbOvxjPDijUcDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABzTdTEbX1787teNs1zV08zdAAAAANssitm4/DCs+oN0/Fs69DP1s4jII2Jb7d6JTxsxOylOseP64lkOVxFlhPV39NL2JSL+pO3ux7F/BQAAAPi45pPpqKrWq93w1AnRpmrQJv/6t6F4WUQUw5uGouXr3a9XXbraPz60/n934/+Os9lhqZUDW1F7ysyDcsit21S0/TrpcX9s+k+arGry9tIBAADaslkJtFiFAAAA0LJ/p06A0yjfeqa5+GkCf69q0gvBzxs9AAAA4AwdOusZAAAAeI8GL54t6/8zWP/v+631/wAAAODNqvX/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOKZFMRvPJ9NR3TjLVT3N3A0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAPfvzjsIwDAZhcJMor07oAr7/Lc2C3bp1MwOCj38rAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABceRwvzzNejZlso9eZ5N3zSvLp1Ph2avw6N/5Jxrr7NwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7+/OSAiEQBFEwZ/zvpO9/WEnQM4gQAQ2PKmrRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAF/3ul/8TU+NMMnfaWDoeSdauGltXjb0HjaMH4+3fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXO/fvGzcVBwD8e+fzlRYQIaAMQYhKDLDQ9FpaujKAIgb+BKQovZbAlR9tBlpVoCxsKHMXBCNCSKCw9X/o3EpdytbhhiIxMYDss5PXo4iDKvaRfD7S8/vacvy+z4mifP2cAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA2fnMvzorNwiTuVsduP7i+XvR3pvrCze27y0Ur4s7fXP+L/Up8/r2Y7nSW2ksEAACAwyOr6/uIfuQ7q0XQXSjr/7w+p6j5v3l6Etf1/HTdX/d17V+0n3+6//zuQAuTcYqLXtgYDU/+NZVeto/znGfP/OMZvfLOl89esvIb0n1n67lxXt7Pzle3br3VL8MjTWQLAPwXJ+q+Cuq/h4p+0GZiABwavaoV7lX1f7bQbk4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATehvxZN13ImI5d5eXLjz4Pp62U/t39y+u1y3szdubKfXLC6RR8SFjdHwZFMT+R+4cvXah2uj0fBy88FLEdHe6FXw3gznRLSZoeBxg271sz7bVx2PiPZzbj9o+RcTAAAHTl61oq6/l++sFsc6ixF/fPtw/f9KEkda/0/1af1///2zt9Ox0vp/0NgM59/K5qVPVq5cvfbaxqW1i8OLw49ePzV4Y3D63Jkz51bKZyUrnpgAAADwePpVS+v/7mLEeGr9/1gSx4z1/6dfDz5Px8rU/4+0t+jXdiYAAACH27PHf/u184jjnX4/Plvb3Lw8mGx3909Nti2k+q8dqVpa/2eLbWcFAAAANGG81Xlo/f98EseM6/9PfffCD+k1s4g4Wq3/n1j/eHS+uem05PeZzmri34n3faoAAADMtaNVS9f/8/L9/+7uKw/diHj15UlcfQzgTPV/9vaX36djpe//n25uinOpuzS5H2W/FNFbajsjAAAADrInqlYU+7/kO6sf/Hjs3b73/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACa9mcAAAD//6vIRLE=") syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x404, &(0x7f00000005c0)={[{@discard}, {@bh}, {@nomblk_io_submit}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0}, 0x94) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x2000c16, &(0x7f0000000040)={[{@nobh}, {@usrjquota}]}, 0xff, 0x240, &(0x7f00000002c0)="$eJzs3T1oO2UcB/DvXRL/tg1SdRHEFxARLZS6CS51UShIKSKCChURF6UVaotb6+TioLNKJ5ciblZH6VJcFMGpaoe6CFocLA46RJJrpbYRX1Jz4n0+cLm75J77Pcfd97kQOBKgsaaTzCdpJZlJ0klSnN/gzmqaPl3dnthfTnq9x34oBttV65WzdlNJtpI8kGSvLPJCO9nYferop4NH7nl9vXP3u7tPToz1IE8dHx0+evLO4msfLNy/8dkX3y0WmU/3d8d19Yoh77WL5KZ/o9h/RNGuuwf8FUuvvP9lP/c3J7lrkP9OylQn74216/Y6ue/tP2r75vef3zrOvgJXr9fr9O+BWz2gccok3RTlbJJquSxnZ6vv8F+1JssXV9dennl+dX3lubpHKuCqdJPDhz+69uHUhfx/26ryD/xPVT9KHT6+tPN1f+GkVXeHgLG4rZr17/8zz2zeG/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmH5pJ/aC75h+aSf2iu8/kHAJqld63uJ5CButQ9/gAAAAAAAAAAAAAAAAAAAJdtT+wvn03jqvnJW8nxQ0naw+q3Bv9HnFw/eJ38sehv9puiajaSp+8YcQcjeq/mp69v+Kbe+p/eXm/9zZVk69Ukc+325euvOL3+/rkb/+TzzrMjFvibigvrDz4x3voX/bJTb/2Fg+Tj/vgzN2z8KXPLYD58/On2z9+I9V/6ecQdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDa/BgAA//8YZW08") openat(0xffffffffffffff9c, 0x0, 0x101042, 0x30) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='sched_switch\x00', r3}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r4, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events.local\x00', 0x275a, 0x0) 8m9.349766607s ago: executing program 4 (id=359): syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x1400c, &(0x7f0000000680)={[{@test_dummy_encryption}, {@init_itable}, {@noload}]}, 0x3, 0x470, &(0x7f0000001240)="$eJzs3MtvG1UXAPAzkzj98qUloZRXyyNQEBWPpGkLdMECEEgsioQEC1haSVqVpi1qjESrSKQsygohJPaIJf8CK9ggxAqJLexRpQp1Q8vKaOyZxHZsp2nsuMW/n+T23Hn43uOZa9+ZayeAoTWd/ZNE7I6I3yNisl5s3mC6/t+N6yvzN6+vzCdRrb77V1Lb7u/rK/PFpsV+E42FSOJAm3qXL146U15aWryQl2crZz+aXb546YXTZ8unFk8tnjty/Pixo3Mvv3TkxZ7kORFpHr31wVdvn/iiKf+WPHpkutvKp6vVHlc3WHsa4tEBtoOtGcmPV6nW/ydjpOHoTcabn60VPh1QA4G+qVar1YnOq1erwH9YEs1lXR6GRfFBX1z/trsOfrVvo4/Bu/Za/QIoy/tG/qivGV27Y1Bqub7tpemIeH/1n2+yR/TnPgQAQJMfsvHP89loZ2U+G3usjz/SeKBhu3vyuaGpiLg3IvZGxH1xLvZFxP0RtW0fjIiHtlh/6yTJxvFPevW2ErtF2fjvlXxuq3n8V4z+YmokL+2p5V9KTp5eWjycvyaHorQrK891qePHN377stO6xvFf9sjqL8aCeTuuju5q3mehXClvJ+dG1y5H7B9tl3+yNhOQRMTDEbG/3ROkm9dx+tnvHum0bvP8u+jBRFP124hn6sd/NVryLyTd5ydn/xdLi4dni7Nio19+vfJOp/q3lX8PZMf//23P/7X8p5LG+drlrddx5Y/PO17TTJfyYAvn/2q5Uh5L3qvFY/myT8qVyoW5iLHkRL3RjcuPrO9blIvts/wPHWzf//fG+itxICKyk/jRiHgsIh7Pj90TEfFkRBzskv/Prz/1Yeuy8SL/O+D4L2zp+K8HY9G6pH0wcuan75sqnVoP8/xvdn//O1aLDuVLbuX971badXtnMwAAANx90ojYHUk6sxan6cxM/Tv8+yLSpfPLledOnv/43EL9NwJTUUqLO12TDfdD5/LL+nr5ckTUv1pQrD8aae2+8dcj47XyzPz5pYVBJw9DbqJD/8/8OTLo1gF95wdbMLz0fxheXft/aefaAey8Df2/a5/f1de2ADurzef/+CDaAey8duN/f+8HhkNL/zftB0PE/X8YXvo/DC/9H4bS8nhs/iP5rkHxTLe5+2bBZMR2WziYIEp3RDP6FkTa9yrG+ntq9S1I7sI2bwgG954EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQS/8GAAD//3hZ0MA=") syz_emit_ethernet(0x4e, &(0x7f0000000840)={@random="7f93b6f6d0d1", @local, @void, {@ipv4={0x800, @tipc={{0x6, 0x4, 0x2, 0x7, 0x40, 0x64, 0x0, 0x1, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x2b}, {[@noop, @generic={0x83, 0x2}]}}, @payload_named={{{{{0x28, 0x0, 0x0, 0x1, 0x1, 0xa, 0x1, 0x2, 0x5, 0x0, 0x0, 0x0, 0x1, 0x2, 0x4, 0xf31a, 0x1, 0x4e21, 0x4004e24}, 0x4}, 0x3, 0x2}}}}}}}, 0x0) syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x2081413, 0x0, 0x1, 0x0, &(0x7f0000000080)) chdir(&(0x7f00000000c0)='./bus\x00') syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x4, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000440)={0x3, &(0x7f00000003c0)=[{0x8d, 0x7, 0x0, 0x2}, {0x8, 0x4f, 0x6, 0x9}, {0x1, 0xc2, 0x8, 0x120f}]}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e20}, 0x9) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) 8m8.107021479s ago: executing program 4 (id=363): sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000030c0)}, 0x0) r0 = socket$kcm(0xa, 0x2, 0x73) sendmsg$inet(r0, &(0x7f0000001180)={&(0x7f0000000000)={0xa, 0x0, @empty=0xf5ff}, 0x1b, &(0x7f0000001080)=[{&(0x7f0000000040)="a72d11a15c048c0a7d63aebc5cea1f81510ff6091475aeec600831aa9d3944e60bc2ad06a619c560aa0118b28f68f1eb14549d633b4b23f179fb680716faa43414787559be90843c35ab30acad8a6740140e00721abc2eb362f7bde53b3c992d3e28ccc20ec84fdc569947047f6c09a647ee8c0a747b951e66c068ccf1af93ee9e6f9528ff79e2f989383b05a690a6bec4634b867c9446c1c644b3010e8a3514c6328323b4bbdd602b8f0dace6aea70902c4ddd2a2f2810f1348b0d0df3c1e6a5938fcfdc87e7580c6be0c6a06eca62d6f787dd16add086a21391c4c707d8b61929d1252681b84c245e0efafe2e6e73ad86a3cf59235ab0eacbb414af92ec3cdac420a064a98e8cc18bdf63f8997f96436e0fe6f06fdbf47fff353b01a861babd4a38d126bfe3e29049e6cc883e6efae6e70ef9ed124b1b09887a58c991e223b6420dca5ae238027e91b17b1707dc5c0d5f59f0ca95614f1ea1d263c1ee54dfe31ae35eb3c8e3b931dff7920c57fbba89adf2e392c1ad719b90c7ade0d38ff9792934ef1fb12f51d8e2fad12486d5883d5b1a46696fad128c6805cfb25bc6487e1e407d6b266971b09d0d864a7a550284e24b6cdc9f4ae1081a638175dffef002c76ac5558d23e41edbe68f4b4950a13aa000326dae5a857603dc5a40d6c6618a98c7b6e1eebd325ea2c14601a25658965f40864fd015d9b2fff83ee5ed3212ebd9fa429f0140f633556ac07c0c08e67a1848c9942ecc47dd4ffede9a429e9e0472be7cdbcd117e621ddf745c00a814ffff0224634472577dc0b35a9c153409f1a2bddc193b20b4d244d9cbbd59816c46000c596865f58b4e640ed4a9ab6086cede697fb113560925498da83273e679e0e28b84961eb7b9c9b4fa916590965c76b48e5d453f27a821bd2bf0946ff2413ec30f7893d1f046e18f736c40ceda26dfc4a0a62f71a3606d3f72c0a858dfd7895e2572292e11af913c6b513a141d28e501ae7c49618d104aac9abb78466a636efb88120d0eef0a501558a5aa34784a9823f2802a0bcdf318f9b436b34b42a2a7cf513f80364ad9a699d2e23eb4f3a2bbce818bd20da61882b3dac699d05dc24f29b72471b712423ace6278c43df2be7a09e815517b86d8b3ce16af3d64a575958c5fd52aac53b391f3d2a67c24c6c13ec11428b61b80a6a58cbba1790a98d190a572070f63fc0b809669895ea9865c3066b06102f6f2c7171dc7f76e1931b3e4deb569ef9d07d5f86a848f50942e93c419c3a23489f14803b08182dfd48b8d4375be6b7f805a21209c05e5927693a8834c8d5a5acbd47ed8a30a8a741d1ad77639b56b3b90c0b2023fa334befd28b2e27cbcd94b0ce7437f88ce67a925cea6d6d7e5313de6d328b1124a8b9ef83fe39ca3da97d33c60b7fd4af67d3c8fccb595a27a5bffc71e5a5b2ec966828993b0c0f83cbc55f9a7fb66a4101d5c83b77885072b6e2b2ceebe32f635509698c05089b9ff1cb1959b211e114dadb224ef2d5e7a3c55b3ac00fcdc9018577603c6301e5d4341b3d7eeb2665349d448d28d5d108f576408cbe533a6adbba18ebb2d84bb9af81108506a2f50fb56d595579000747930449fdf4ed01715ec624a0cb73636a35b9136f10b79e3d7ded09008b92e92c64e26e6b6d17f18b70b1d9813de8d2ff151c7a6a0452c660a57c33f13e2d9b88fa5f5c0505722d2e787a425e4a3e9b5efa9668e9199f5fb9fe7d5b8a57719a57df152e7f2c6a1087a2a24084f82455b65353a70559f04d5ed12defb81497ea69c1c7e69c373524770b7473c16a69c7a3648a9dd93377b89cdff61cf62512d1ee67a55ea67993937c1f55a2179bc9c8a337364cfb84d295adda1ad9700fc2f5c11cbfc1b90affb4666c6e7e23a6f7751410a5651819f29f690c6dba2b8a67e0f7f8cc377feb1854c393578994c85391ba21b3961aed477f771645571dc7d6cae72bf79c82a92a4edc3742b1398060a0a5c9e81c016b7f2ae3db529c6ff824cc28678764d8ab49d7dc68e5b0556c9e7ffb6fef442776d86fbd458741830e57f22a1f8513b92abd5b2df93a67cc560134078f0b8ecc3276e40aadef5cd579888b86b4988f396679250701f3869e7493b33692035ecd94aca5189fd0a0893ccc5bb19c0b4caca86cf90ebc2a5558f39cccb33f6773a4e425bf551fb3b6456ee1cc62fa1843a9e5539bb2d02ae6ef82533a9dbcfb562c1ab18c1f639ae7ff02083746f74a15ba2d10e4b955940a5d6f488d326a99f287c48ad463ce40367aeeff519cbad0a2d7fdbfa48bff75955467977764c2be2bd2ffa18396c46920c40c50a4037003666406d177e2cd20aee423d07169d8f611f635ba0b62b61265ff2c5548446a2423dd1038482b6852b2d9d2f90aa05d82c5e2c3d1af0c7aad72d82b3da67471af7b037bb0424a785e73f35b5a10a2ab300a195c20cd119a5390e0cd5d49c70bd80883b933e843d0d2902749dcf3c140c708a0f004b7a2f50bf311305dc01719016fcce5863815ca7951de710fcb71cd177551ff6fcd9f8bf01b93868f24c6129b6d7917125338cf62110083093fc7f862015d48450d992f2bb43e601cab19b2ea7b83962a382fc2a31fdf2358bf8a9a9e506eaa7b6eb5e7444d1ef459b24ffa51362abce902dfd84201a0e4b5a3b62757aad54fb65b83821c6bba663886de092065a565921ea3eb6781bb8ed4f4db3abcfeeb379b7e52fca790bea719918e299ab01bf5e92177d134360bf7a16a59e9d03d3dcfb0a25599237e3d41b3f0026c9402b1fb1894426303413a2cbcf7c72807ca694afa285990d07c3bca26413c9947b3b344aafc04544b8c11416e0312b028da7302e316c3966d41884b15055a49a4a0b3eac8e11f88a5615fb0af582f065d28e5a454447e9d0cfc60356439ebf7e1d0a00f5b9cc6daf2bd7195ba96b4d1a0679ff0fb1c01282c378a880f90f460889b67d76d4d0e8db6c928d113533d1d10b810303c43d8ff622c5bab7f095b96e64bf9daa48a2bdf3d9d40bac00cf1b66df61a4f7c3e21938e876f81b1179dce6a008f28eb682cae690ced0ea0d542da604d8056f2b1813ed36683c4c51aeb2650772cfb1c55d4e60604ff06344cfc271b2175a6c94defb807af240b483e24298ca73bfc743ca2ca2e77e6d5b817b3c1986601537faf59ac84c74d8bd0c068cb8e6bd03ac2dcf5793fb4a00b3c901a33aa3ee86e4f0db317b94bb8678ab26e36d305ebac4b0f7f164947148255b562dd0f87648499d45bccfb7d8c9d5624cadf8160a396e79fbcdc100058ba4606e41c02fb2cc0dc6c36196bd28acfde82a18cda2321d2d83fecd3b85380667cd1d0bc68298c6c8f10421a80c8fa86912b6c3e8ddd9d9668520d5151409e6b77f0d7730b374a68a744151bfbd123cfdf871e8c24e70d2ca3b50e84a48e0b78c1781000cfc848d43584985763a76c0ab9ba882c55e3e4aa8f2174255db38adb8350b48a77be22a869d13d183325f859b883464e5e46de5ea8a92532b9a794daaeff657cd361f7f158f8bebe36e9de1f5b9721d4263dcc9472229bc02d3f552180abfb25ca7aa36cb914d99c09fd5bb99dcab9b4e3c634d18fc7dfe84dc4425ad1e39c3e7410d49b4ea0a8a2958688c7725822f6dfc0827d19dc385e0e35a949941e4dd1aaeaab9ebe402f8c584bca7efc829f2ccfb63fd7bde1c182a67c14f9d3f033ca674e2604e89cd55a15419f956cd61a755c1b13554dae98e77be078aadfc131c9677381f1dbe6ef194eb17603a463e8b844ab46a6046e1f07d96d66de669359bff4c3d80948a4de3abb2f171a09b5d8999c379fb62244114e218c79805df7d899e5661320ee6721d652b95f09e4dfe69bd67099c73294b17ab574e0b966aa3ab44478965b9dca3cb3b9282945f24ccdd07c638ae25a84a728ca24f87ff49d718121a694be46f3616e27b1041b3c6cd24b9cf775bfc28dfbe0a009048f0599f2d5d6586cfd1e7f7fe69872d08b98f60d28e6af0d49d7f06ad71a7b5c41df261aba5de114022c7288bc265cc17909fdeadc3d7b256d7ab3b96e40f857060f16b54a6bb7248ee571f87ace5ee39eab412706cf52fa711468b21ea129c3f44bceb429fcc1a0ac2aa87b9365077dcfcfa9a1b32a0a09699197c20019a66cbd0a897feab3706c23123b888ada643d4560082033e31596b0483578968e3c9593ebd97141c228a42fc7645f92171c120aabca36657683fd7c72fcb87217f124d6fabc52f1d221d8410b47b0ad4bd944bf4085365e9b52a53911ab4ee142c5a1ebbe034c9d98c538c066f2dc0acf372eb2397dcac765055123e0ba19be22b18c886bf0f7490abe9fde91ffa62e059962bd134be8501cb5b715a744b1398e2c4c7e8afe72e189dda0654296afa1c1f99ab7d800fa40f72a758625c833b6fc7b7d42250522b456e1e7de815350c36c9cb2f4d1c9cb99109f89b456c559463f11b8b58247809b17a4ed4912bd0a47a529f1364d6dc593ea7f3eb98962078ac90e5012ee1c7b4b9ed5a8c7a9c0231b4ce425693faab64fa0f3482a04d4be2e06ee5d103694d288810a1a7f4d1e908dd82dd2016a064ece5cd67ef1dd5f4cda728fc6f1ccdd949dd8f775d862621507248ef4c83ae274969d19c7ddb02a4e8a1ab2b7aa539a442b22735ceedeefe60a1059dfaaa0979ce8d5387b5a047841fd9749b88ca91216b02d7926408a01916b7781bb7167528ccdb9a486d173437a5ba3e552c8674dff2cc9b21054e0e4f86b61b8723fca58ceef4413bffae9e9be79c5b9788f5449811ce78be9bc7a86375a670197baaef751beabcba0aa6c7c33f1cd702cb78ec39fa1f17d9da733d6abf2b80f9c51ac8f6f664b24edc53a7c9525c3016bd05c67272375fe816b2b121f2de68b885a0fd8f8b8c6c342237b632f6414a3eb3480f5f42106c5812e9bfd4e8c8dea8d08525d9aa1da7c7c2ee7ff3d31b79b211dd01e304a8ffc83a89a59f3b1e2ef5e969b6d90bea7e161066f25622fad914bff52bacd2807093dda1838b529ee57f718b374ce2841b924a42457867547a6edcb8412d85f11796742bf640b5819a9546357df778c332af5983c4373a95d9c58b52dba445eee92e6911824f0c534e7a5934d9eac9b7f6fec22002fc53a3003a3304217f567b47cd326edc5f48eb1f46bb20d1e10e72239afc9769344590cf48902aba5405b7d4baa31a912ab398a2f2d3f037614bb56a89244ece50f3a1e058d274f1e70f944eb8a305be91e561e5eb843d057a81f4deb84a6335ec81ca964cdae5f318d4e9aaea2c477cc279c00c698bcfe4b8e04c09079d8f3f5438d9d45a00f50d2f9b245c8c68eebf247e25ba8d26f8b95b21ac9ceb50c0aa2e4bdc032024db216b92f9350a90ac79341af14d3fa8ba908096e1b503341aed667bb184c672dac85fc4f335b3871c3b4e55ea219a857d2d2e135358f6b45a20b3e7de8e09b2041eb7c5084a80258fb524a983752659298a251e178b56f96bc67ae0a78ec92f92d92c9cf0edb5dcb11e739d69410ad44c8df00caa030d7d89f2ec38bd7698115c423cf3e6048793aca08ffbcdac766f1553773fa00031c1d75246e4e1eddf8948d02a3de6d67fd7329e45070f29044587f1e0db50d04e673191a63e30f96ee0d8d52738fab36a7fe2c6ab9301d401e7ca5b1f039193a580e40abbdf40c2d7e27809dec80815d37adae9fe7fb9d3a974c9fc03944d7338d000b81170be4c6792ed6b3b827194b3ae11e2acfca48498d1126aacf80f3d574256ef7f75552ff087a819e", 0x1000}, {&(0x7f00000011c0)="9d7fcf3efc6316a6a555ba8b4726d7ccaf8a060000009cfac4377876021d7131b838059f96bd206d4776368ed2a92432e5af71ad21b965f615b31105d60a4b16fa2fa1371850a1be85ffcad45b49422b2121d709014f49cf6bd1d18acc4c19e4356669a2ac3e05d5cdc6f0f485c1eb52ea8faf7e83a1468b6a491e71ae3d03cd9677e72413954feae71b5775a6e3e9fa9db9e1ed56e56bff66a7a86214d8145d878e26fa35bd55db98ecdef374d26a5d9cd0e89f3ae45be2d8e1d98ee0865fb64d6dd1e8c89608733370f12be1495d81b36dd72cc28e9c9b2c45f925b38b21818d93ce604772c21824e45793c4073eb44773f8e42c9ebb297dd5e76e856a22253c0e8a80f33b4d015c3f9c0c26bcdd6b440322a23b10d507eecead59faa166bdac1bd840211336dc0c", 0x33}], 0x2, &(0x7f00000010c0)=[@ip_tos_int={{0x14, 0x29, 0x3e}}, @ip_tos_u8={{0x38, 0x29, 0x2}}, @ip_tos_u8={{0x100000000000000}}], 0x50}, 0xff00) 8m7.208847953s ago: executing program 4 (id=365): socket$inet_udp(0x2, 0x2, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000006c0), 0x48200, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x69dfb000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) r3 = socket$pppl2tp(0x18, 0x1, 0x1) r4 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r3, &(0x7f00000002c0)=@pppol2tpin6={0x18, 0x1, {0x0, r4, 0x8, 0x0, 0x3, 0x0, {0xa, 0x0, 0x6, @rand_addr=' \x01\x00', 0x200000}}}, 0x32) 8m6.316498896s ago: executing program 4 (id=366): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0) write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="7bedcb5d07081196f37538e486dd6372ce22667f2b00dbf6e97158cf474fec87891f6d76745b686158bbcfe8875afdef00010000000029", @ANYRES16=r2], 0x66) 7m51.283149575s ago: executing program 36 (id=366): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0) write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="7bedcb5d07081196f37538e486dd6372ce22667f2b00dbf6e97158cf474fec87891f6d76745b686158bbcfe8875afdef00010000000029", @ANYRES16=r2], 0x66) 6m36.709389366s ago: executing program 6 (id=674): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000200)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x28}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x40, 0x0, 0x0, 0x3, 0x6, 0x0, @private=0xa010100, @dev}, {{0x4e22, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x3, {[@exp_fastopen={0x1d, 0x4}, @md5sig={0x13, 0x12, "0cd80e00"}]}}}}}}}, 0x0) 6m36.54362951s ago: executing program 6 (id=675): r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x1000001, 0x12, r0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x18, 0xf, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000009000000000000000000000118110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014001800b703007fffffff008500000083002000bca900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000200)='GPL\x00', 0x6, 0xffd, &(0x7f0000001e40)=""/4093, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xa}, 0x94) 6m36.53830816s ago: executing program 9 (id=676): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400), 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fc00101}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r4, 0xc0502100, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x10000000000) ppoll(&(0x7f0000000a80)=[{r1, 0xd222}], 0x1, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000004a40)={0x44, 0x0, &(0x7f00000049c0)=[@transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 6m35.596880527s ago: executing program 6 (id=679): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x8, @private0, 0x8b}], 0x1c) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000200), 0x4) listen(r0, 0xfff) getpeername(r0, 0x0, &(0x7f0000000000)) 6m35.231504807s ago: executing program 9 (id=683): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000440)={0x30, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0x5, 0x34, @random='n'}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x4800) 6m35.102313838s ago: executing program 9 (id=685): socket$inet_udp(0x2, 0x2, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000006c0), 0x48200, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x69dfb000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$pppl2tp(0x18, 0x1, 0x1) r3 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r2, &(0x7f00000002c0)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x8, 0x0, 0x3, 0x0, {0xa, 0x0, 0x6, @rand_addr=' \x01\x00', 0x200000}}}, 0x32) 6m34.598638209s ago: executing program 6 (id=689): r0 = socket$inet(0x2, 0x2, 0x1) sendmsg$inet(r0, &(0x7f0000000600)={&(0x7f0000000040)={0x2, 0xffff, @multicast2}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000400)='\b\x00', 0x2}, {&(0x7f00000004c0)="1ed8b7f9d457", 0x6}], 0x2, &(0x7f0000000100)=ANY=[], 0x1}, 0x20004000) 6m34.21539765s ago: executing program 6 (id=692): socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)) socket$inet6_sctp(0xa, 0x5, 0x84) socket$igmp6(0xa, 0x3, 0x2) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet(0x2b, 0x801, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffed850000006d000000a50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10) socket$nl_audit(0x10, 0x3, 0x9) socket$unix(0x1, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) socket$netlink(0x10, 0x3, 0x10) socket$key(0xf, 0x3, 0x2) socket$inet_smc(0x2b, 0x1, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$packet_int(r2, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r3, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmmsg(r2, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x4000, r4}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0) 6m34.060695123s ago: executing program 9 (id=694): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000040)={'wg2\x00'}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000004}, 0x0) 6m33.996985968s ago: executing program 9 (id=695): close(0x4) socket$nl_generic(0x10, 0x3, 0x10) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000740)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='syzkaller\x00', 0x1, 0x0, 0x0, 0x40f00}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x560b0007, &(0x7f0000000000)="259a53f260006d2688a84c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x20, 0x0, 0x0, 0xfffff00c}, {0x6, 0x0, 0x5}]}, 0x10) 6m33.876805738s ago: executing program 6 (id=697): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) socket$nl_generic(0x10, 0x3, 0x10) syz_emit_ethernet(0xbe, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001700)={&(0x7f0000000080)='kmem_cache_free\x00', r2}, 0x10) syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000000)="89e7ee2c7cdad9b4b47380c988ca", 0x140}], 0x1) 6m33.870952648s ago: executing program 9 (id=699): r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r0, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYRES32=r1, @ANYBLOB="01980000000000002000128008000100677265001400028008000100", @ANYRES32=r1], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x0) r3 = socket(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route_sched(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x5820a61ca228659, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x9}, {0xffff, 0xffff}, {0x0, 0x7}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0xffffffffffffffdb, 0x3, {0x6, 0x2}}}}]}, 0x44}}, 0x800) sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000013c0)=@newtfilter={0x64, 0x28, 0xd27, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x9}, {}, {0xe, 0xb}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x34, 0x2, [@TCA_CGROUP_ACT={0x30, 0x1, [@m_ct={0x2c, 0x11, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x2}}}}]}]}}]}, 0x64}, 0x1, 0x0, 0x0, 0x810}, 0x40040c4) 6m18.818896659s ago: executing program 37 (id=697): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) socket$nl_generic(0x10, 0x3, 0x10) syz_emit_ethernet(0xbe, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001700)={&(0x7f0000000080)='kmem_cache_free\x00', r2}, 0x10) syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000000)="89e7ee2c7cdad9b4b47380c988ca", 0x140}], 0x1) 6m18.603464367s ago: executing program 38 (id=699): r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r0, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYRES32=r1, @ANYBLOB="01980000000000002000128008000100677265001400028008000100", @ANYRES32=r1], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x0) r3 = socket(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route_sched(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x5820a61ca228659, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x9}, {0xffff, 0xffff}, {0x0, 0x7}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0xffffffffffffffdb, 0x3, {0x6, 0x2}}}}]}, 0x44}}, 0x800) sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000013c0)=@newtfilter={0x64, 0x28, 0xd27, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x9}, {}, {0xe, 0xb}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x34, 0x2, [@TCA_CGROUP_ACT={0x30, 0x1, [@m_ct={0x2c, 0x11, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x2}}}}]}]}}]}, 0x64}, 0x1, 0x0, 0x0, 0x810}, 0x40040c4) 5.173934506s ago: executing program 5 (id=3045): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='tmpfs\x00', 0x16, 0x0) mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x84022, 0x0) 5.061596025s ago: executing program 5 (id=3049): r0 = socket$kcm(0x11, 0x2, 0x300) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001700)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab000e271f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab0300817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1ff032aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f757036303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa407e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d50200a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987595ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db08407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4092140faed0c329be610c3082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b4c8787361f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e0800000092e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9be7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa5200002fe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb0972d39e4b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e501ddddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981179186e4000000000000646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db41474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1bdfc64b9121bbf07099def5c0ce3c861ae4b5cad8bba5a0b605908000000f96a59320309e25df89484522bb1d6eaa92164f9e4042cb689a45a898354c17b08705205a9189772bcbcb6414e44b33a2470d3bc16f761c332c34812382e57c0e0d83f3f565b9da5e7991ad8482579cc1b16c1fcec815a5482ae8b1779c5e339971a6ec1217b6478c2434a9a18dcc6c7c791e444a79d7ce37f9cf2a434b9048ca6a2fa254aa02cd098026798a6d336348af0fc11fa2809a5ebbe17ca4d0f889d518f64ee50f562b5fdb1f76d4a7fe14701f8ed0c6a55d66a6efea3e449e6b4783d66661a92f174f2b88cd544b2a8e1b05ea7cf51578169fff7765f9978883b4b5983b42a35a05dabfc325ec2a2ec2f9b0882fdcf5d6f72272d2ff0d8eea60f5494ba42b4d40f144f0ab680a6f40f9094d3afb58a1efd6109894b8605c6b3b3f020c222f6446195b2274f634fbb737948a1f36ea729467e132385e9da614e4625175f4443b97a675934db90010e4b884200c3546c4d86d712c3939e11be3343f693846f509ad4c445ade5cd6d126d5694462ac5d3b527c3bd51c0a715a28d65fe94b255d02cdc1fab99b5b9c352f1b284115e4046285a824d22b6f0afbed8d6096a72fef72ebd6aae78b02fa1993e8fe2020ae93aae2bcfffa40b98549f1fb9fcefa74329909a207336d07f6f59da423ac5fa47852055d5ce6d2c56bdbbcdbf3458ba478c669f39d5272e65c90908ea2cb86d38f8ebf80a8cb85d8399b42403c94b8662af5cf1411526f177b4d476169a5d5a8c37d0d8893a77d0bd47b8a0bba60b3e26094209c889585f997ff556bcd2cc223f9c0c44de9d0fe1b5a8a815f652e79747d3e1f413fa0575d51f652d22883e143065c5ad74bdc864754ba3dad5a8fc8fc2c807d1a51dfb29884adee415c13f2ce14d307bd6165ec6ba68a766adfcbe444ea72d586bb47dd98a225467aab538a77667d19bae2e51727ba6d190e6d7"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000100), 0x0, 0x4, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) setsockopt$sock_attach_bpf(r0, 0x1, 0x28, &(0x7f0000000000), 0x4) recvmsg(r0, &(0x7f00000017c0)={0x0, 0x0, 0x0}, 0x20) 4.839117264s ago: executing program 5 (id=3056): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000440)=ANY=[@ANYBLOB], 0xb0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000280)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) 4.653841769s ago: executing program 5 (id=3062): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_GET_EXTENDED_ERROR(r0, 0xc00c6211, &(0x7f0000000040)) 4.572835646s ago: executing program 5 (id=3064): socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_generic(0x10, 0x3, 0x10) socket$inet_udp(0x2, 0x2, 0x0) socket$kcm(0x10, 0x2, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x0, 0x4000000000000175, &(0x7f0000000340)=[0x0], &(0x7f0000000280), &(0x7f0000000200), &(0x7f00000000c0), 0x0, 0x7f}) 4.485042263s ago: executing program 5 (id=3067): r0 = socket$kcm(0x11, 0x2, 0x300) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001700)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab000e271f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab0300817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1ff032aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f757036303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa407e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d50200a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987595ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db08407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4092140faed0c329be610c3082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b4c8787361f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e0800000092e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9be7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa5200002fe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb0972d39e4b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e501ddddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981179186e4000000000000646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db41474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1bdfc64b9121bbf07099def5c0ce3c861ae4b5cad8bba5a0b605908000000f96a59320309e25df89484522bb1d6eaa92164f9e4042cb689a45a898354c17b08705205a9189772bcbcb6414e44b33a2470d3bc16f761c332c34812382e57c0e0d83f3f565b9da5e7991ad8482579cc1b16c1fcec815a5482ae8b1779c5e339971a6ec1217b6478c2434a9a18dcc6c7c791e444a79d7ce37f9cf2a434b9048ca6a2fa254aa02cd098026798a6d336348af0fc11fa2809a5ebbe17ca4d0f889d518f64ee50f562b5fdb1f76d4a7fe14701f8ed0c6a55d66a6efea3e449e6b4783d66661a92f174f2b88cd544b2a8e1b05ea7cf51578169fff7765f9978883b4b5983b42a35a05dabfc325ec2a2ec2f9b0882fdcf5d6f72272d2ff0d8eea60f5494ba42b4d40f144f0ab680a6f40f9094d3afb58a1efd6109894b8605c6b3b3f020c222f6446195b2274f634fbb737948a1f36ea729467e132385e9da614e4625175f4443b97a675934db90010e4b884200c3546c4d86d712c3939e11be3343f693846f509ad4c445ade5cd6d126d5694462ac5d3b527c3bd51c0a715a28d65fe94b255d02cdc1fab99b5b9c352f1b284115e4046285a824d22b6f0afbed8d6096a72fef72ebd6aae78b02fa1993e8fe2020ae93aae2bcfffa40b98549f1fb9fcefa74329909a207336d07f6f59da423ac5fa47852055d5ce6d2c56bdbbcdbf3458ba478c669f39d5272e65c90908ea2cb86d38f8ebf80a8cb85d8399b42403c94b8662af5cf1411526f177b4d476169a5d5a8c37d0d8893a77d0bd47b8a0bba60b3e26094209c889585f997ff556bcd2cc223f9c0c44de9d0fe1b5a8a815f652e79747d3e1f413fa0575d51f652d22883e143065c5ad74bdc864754ba3dad5a8fc8fc2c807d1a51dfb29884adee415c13f2ce14d307bd6165ec6ba68a766adfcbe444ea72d586bb47dd98a225467aab538a77667d19bae2e51727ba6d190e6d7"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x18000000000002a0, 0x10, 0x0, &(0x7f0000000100)="b9ff0b078059268cb89e14f088a82de0", 0x0, 0x4, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) setsockopt$sock_attach_bpf(r0, 0x1, 0x28, &(0x7f0000000000), 0x4) recvmsg(r0, &(0x7f00000017c0)={0x0, 0x0, 0x0}, 0x20) 1.604178048s ago: executing program 2 (id=3119): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000440)=ANY=[@ANYBLOB="b0000000"], 0xb0) mount$9p_fd(0x0, 0x0, &(0x7f0000000b80), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000280)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) 1.533531564s ago: executing program 8 (id=3121): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000280)={'#! ', './file0'}, 0xb) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) socketpair(0x1f, 0xa, 0x100, &(0x7f0000000000)) 1.400154435s ago: executing program 2 (id=3124): r0 = socket$kcm(0x10, 0x2, 0x4) close(r0) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000380)={0x0, 0x0}) close(r1) socket$kcm(0x10, 0x400000002, 0x0) setsockopt$sock_attach_bpf(r1, 0x10e, 0xb, &(0x7f0000000180), 0x4) sendmsg$inet(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000000c0)}, {&(0x7f0000000640)="68cabf2dfb58fc021d6b729866f0dd480004fbffffffff0200258f2e4409b8f9e6aa0500bea1231cc9d1bd78a39e5c3da47fdc2c6726e81b1ae24f89a565ee52dcd729cd39093c510293bca0b646a3ce904f6e6b788b32", 0x57}], 0x2}, 0x0) 1.34491904s ago: executing program 8 (id=3125): ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) 1.323629171s ago: executing program 3 (id=3126): add_key$keyring(&(0x7f0000000300), &(0x7f0000000340)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd) 1.261431567s ago: executing program 2 (id=3128): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r1) sendmsg$TIPC_CMD_ENABLE_BEARER(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r3) r4 = socket$unix(0x1, 0x1, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000440)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x4, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0xf}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x7, 0x6361, 0x5, 0xffffffff, 0x6}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8085}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000006c0)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r6, {0x0, 0xc}, {0x2, 0xb}, {0xd, 0xb}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x4, 0x0, 0x6, 0x9, 0x5, 0xfff, 0x9, 0x7, 0x5}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000) ioctl$SIOCSIFHWADDR(r3, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 1.140695046s ago: executing program 3 (id=3130): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='tmpfs\x00', 0x16, 0x0) mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x84022, &(0x7f0000000100)={[{@nr_inodes}]}) 993.761908ms ago: executing program 3 (id=3132): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in={0x2, 0x4e21, @loopback}], 0x10) r1 = dup(r0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x106, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000440)={0x0, 0x18, 0xfa00, {0x4, 0x0, 0x106}}, 0x20) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r1, &(0x7f0000000180)={0x4, 0x8, 0xfa00, {0xffffffffffffffff, 0x4}}, 0x29fdf) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r1, &(0x7f00000000c0)={0x4, 0x8, 0xfa00, {0xffffffffffffffff, 0x5}}, 0x34000) 825.468362ms ago: executing program 3 (id=3135): socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_generic(0x10, 0x3, 0x10) socket$inet_udp(0x2, 0x2, 0x0) socket$kcm(0x10, 0x2, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x0, 0x4000000000000175, &(0x7f0000000340)=[0x0], &(0x7f0000000280), &(0x7f0000000200), &(0x7f00000000c0), 0x0, 0x7f}) 746.095579ms ago: executing program 7 (id=3136): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000440)="97713b46fbaa2b1044f2d408ffca802db4d770eb9874f493e0ef367e4bde497c403b450c72ff2417d079bb892435a1e107fa5c0ecd207d9e6f2a209bf148e6bc56955cb53347d1499097488fcad724a1"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000580)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0xa26b1a4fb20b8820, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40}], 0x0, 0x0, 0x0}) 724.20216ms ago: executing program 2 (id=3137): r0 = socket$kcm(0x10, 0x2, 0x4) close(r0) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000380)={0x0, 0x0}) close(r1) socket$kcm(0x10, 0x400000002, 0x0) setsockopt$sock_attach_bpf(r1, 0x10e, 0xb, &(0x7f0000000180), 0x4) sendmsg$inet(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000000c0)}, {&(0x7f0000000640)="68cabf2dfb58fc021d6b729866f0dd480004fbffffffff0200258f2e4409b8f9e6aa0500bea1231cc9d1bd78a39e5c3da47fdc2c6726e81b1ae24f89a565ee52dcd729cd39093c510293bca0b646a3ce904f6e6b788b32", 0x57}], 0x2}, 0x0) 654.846736ms ago: executing program 3 (id=3138): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='smaps\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events.local\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040), 0x208e24b) lseek(r0, 0x2000, 0x0) 625.455698ms ago: executing program 7 (id=3139): syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r0, 0x7, &(0x7f0000000200)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r1, 0x7, &(0x7f0000000000)={0x1, 0x0, 0x200000000}) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001100)='fdinfo/4\x00') pread64(r2, &(0x7f0000002140)=""/17, 0x11, 0x0) 605.81131ms ago: executing program 2 (id=3140): socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_generic(0x10, 0x3, 0x10) openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x40082, 0x0) socket$inet_udp(0x2, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) socket$inet6_udp(0xa, 0x2, 0x0) socket$l2tp6(0xa, 0x2, 0x73) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x40000012}) socketpair$unix(0x1, 0x2, 0x0, 0x0) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f0000000340)=[r1], &(0x7f0000000280), &(0x7f0000000200), &(0x7f0000000040)=[0x5], 0x0, 0x7f}) 468.884632ms ago: executing program 7 (id=3141): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='tmpfs\x00', 0x16, 0x0) mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x84022, &(0x7f0000000100)={[{@nr_inodes}]}) 449.330133ms ago: executing program 2 (id=3142): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x3b, 0x6b, 0xc0, 0x40, 0xb95, 0x772b, 0xa24c, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x81, 0x38, 0x7f}}]}}]}}, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000580)={0x24, &(0x7f0000000280)={0x20, 0x0, 0x2, "f6c2"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000500)={0x34, &(0x7f0000000440)={0x20, 0x15, 0x1f, "004abce407b347e719d8b52900cb3d2c0f392e2fcd7a512b0c014e620ef931"}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000001280)={0x10, &(0x7f00000011c0)=ANY=[@ANYBLOB=' \t\t'], 0x0, 0x0}) 394.180907ms ago: executing program 8 (id=3143): r0 = socket$packet(0x11, 0x2, 0x300) bind$packet(r0, &(0x7f00000000c0)={0x11, 0x18, 0x0, 0x1, 0x81}, 0x14) 386.568648ms ago: executing program 7 (id=3144): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in={0x2, 0x4e21, @loopback}], 0x10) r1 = dup(r0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x106, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000440)={0x0, 0x18, 0xfa00, {0x4, 0x0, 0x106}}, 0x20) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r1, &(0x7f0000000180)={0x4, 0x8, 0xfa00, {0xffffffffffffffff, 0x4}}, 0x29fdf) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r1, &(0x7f00000000c0)={0x4, 0x8, 0xfa00, {0xffffffffffffffff, 0x5}}, 0x34000) 300.359845ms ago: executing program 7 (id=3145): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000440)=ANY=[@ANYBLOB="b0000000"], 0xb0) mount$9p_fd(0x0, 0x0, &(0x7f0000000b80), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(&(0x7f0000000280)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) 187.834904ms ago: executing program 8 (id=3146): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) sendmmsg(r0, &(0x7f0000002180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=ANY=[@ANYBLOB="d800000000000000010100000000000034ba9c99d16690822ae933e9fa95e0910c7b9ab0be0097ae7dab5bc99e0855c6894ae6dfddb21942009a774a7f97172d4eda23d28ac6ebe0fe2acefaa8d0ff3ec29d682d38358abafefc8406fb9df12eb4b4f1ca8bce1a721029117feb6ab2cd3c212b50bb89994aaed16ddd7b2b94dabcd2b6a7a5fdc804c1a86817380d37abca7cbb798af37e745ac4fa9d69d9f5ba67ae9c54474002f293d38cbe6e5329beb11482f892a3653ebe67d9ffe1d78813ee3def0a83297723c3272a014f15a6d3efa18e8bbeb40000180000000000000010010000f0ffffff9b52874b15ffb55ef80000000000000002010000070000003eec5407c3cfc7485ca1e96cd738374010391c000029fdaa53c10bd58bb50a8ea90e31ec6608a44969e80fbcd324f7da1bf3196971043cb2f233535dce927d8100991609012df7ad954588e85dd970312616bc74ff0d8b3a332e9f59f9dded063bba24cf05a6e83515c9d8f0fa886217db0715b1196580e2676975c922db7b9c6ea14a8bccd53ceff01110eafc6ff32aa0fcda53468ae15d1cd1c7bacf3ede0bc68f50b00fd0571a40661cf8c5effe48e80289215c2878cfe96c3ba7175a6db2c06c637f997993b68840648fa561297ef6e82833679b246a0115482cb3a540611f1c00000000008800000000000000ff00"], 0x340}}], 0x1, 0x40448d0) 186.591884ms ago: executing program 7 (id=3147): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r1) sendmsg$TIPC_CMD_ENABLE_BEARER(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r3) r4 = socket$unix(0x1, 0x1, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000440)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x4, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0xf}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x7, 0x6361, 0x5, 0xffffffff, 0x6}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8085}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000006c0)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r6, {0x0, 0xc}, {0x2, 0xb}, {0xd, 0xb}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x4, 0x0, 0x6, 0x9, 0x5, 0xfff, 0x9, 0x7, 0x5}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000) ioctl$SIOCSIFHWADDR(r3, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 64.694595ms ago: executing program 8 (id=3148): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000440)="97713b46fbaa2b1044f2d408ffca802db4d770eb9874f493e0ef367e4bde497c403b450c72ff2417d079bb892435a1e107fa5c0ecd207d9e6f2a209bf148e6bc56955cb53347d1499097488fcad724a1"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000580)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0xa26b1a4fb20b8820, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40}], 0x0, 0x0, 0x0}) 47.195476ms ago: executing program 3 (id=3149): r0 = socket$kcm(0x10, 0x2, 0x4) close(r0) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000380)={0x0, 0x0}) close(r1) socket$kcm(0x10, 0x400000002, 0x0) setsockopt$sock_attach_bpf(r1, 0x10e, 0xb, &(0x7f0000000180), 0x4) sendmsg$inet(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000000c0)}, {&(0x7f0000000640)="68cabf2dfb58fc021d6b729866f0dd480004fbffffffff0200258f2e4409b8f9e6aa0500bea1231cc9d1bd78a39e5c3da47fdc2c6726e81b1ae24f89a565ee52dcd729cd39093c510293bca0b646a3ce904f6e6b788b32", 0x57}], 0x2}, 0x0) 0s ago: executing program 8 (id=3150): openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0) socket$unix(0x1, 0x1, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) syz_usb_connect$uac1(0x3, 0xdc, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902ca0003010070000904000000010100000a24010800000201020d24060000030800000000000000240803960c03112d9cd2ce0c240208000103000000ff000924060506020100000924030003030005490c240206", @ANYRES8=0x0, @ANYRES16=r0], 0x0) kernel console output (not intermixed with test programs): 1) entered disabled state [ 397.130118][ T9454] device bridge_slave_0 left promiscuous mode [ 397.132242][ T9454] bridge0: port 1(bridge_slave_0) entered disabled state [ 397.217330][ T5860] syz-executor: attempt to access beyond end of device [ 397.217330][ T5860] loop8: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 397.538075][ T9470] loop8: detected capacity change from 0 to 1024 [ 397.555404][ T4354] binder: release 9443:9444 transaction 193 out, still active [ 397.654187][ T4354] binder: undelivered TRANSACTION_COMPLETE [ 397.655935][ T4354] binder: send failed reply for transaction 200 to 9443:9447 [ 397.658023][ T4354] binder: undelivered TRANSACTION_COMPLETE [ 397.668894][ T4354] binder: undelivered TRANSACTION_ERROR: 29189 [ 397.670666][ T4354] binder: send failed reply for transaction 193, target dead [ 398.826714][ T9516] binder: 9515:9516 tried to acquire reference to desc 0, got 1 instead [ 398.977971][ T9493] loop5: detected capacity change from 0 to 40427 [ 398.998429][ T9493] F2FS-fs (loop5): Invalid SB checksum offset: 0 [ 399.000389][ T9493] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock [ 399.020253][ T9493] F2FS-fs (loop5): invalid crc value [ 399.055357][ T9493] F2FS-fs (loop5): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 399.136347][ T9493] F2FS-fs (loop5): Try to recover 2th superblock, ret: 0 [ 399.138449][ T9493] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 399.686888][ T4354] binder: release 9515:9516 transaction 205 out, still active [ 399.729015][ T4354] binder: undelivered TRANSACTION_COMPLETE [ 399.730820][ T4354] binder: send failed reply for transaction 212 to 9515:9518 [ 399.732932][ T4354] binder: undelivered TRANSACTION_COMPLETE [ 400.026345][ T9529] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1139'. [ 400.756956][ T9571] input: syz0 as /devices/virtual/input/input16 [ 401.714077][ T9576] binder: 9575:9576 tried to acquire reference to desc 0, got 1 instead [ 402.365573][ T9589] loop2: detected capacity change from 0 to 1024 [ 402.618919][ T6937] binder_debug: 2 callbacks suppressed [ 402.618934][ T6937] binder: release 9575:9576 transaction 217 out, still active [ 402.762072][ T6937] binder: undelivered TRANSACTION_COMPLETE [ 402.763882][ T6937] binder: send failed reply for transaction 224 to 9575:9581 [ 402.765970][ T6937] binder: undelivered TRANSACTION_COMPLETE [ 402.767566][ T6937] binder: undelivered TRANSACTION_ERROR: 29189 [ 402.786668][ T6937] binder: send failed reply for transaction 217, target dead [ 402.936345][ T5192] syz-executor: attempt to access beyond end of device [ 402.936345][ T5192] loop5: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 403.038327][ T9605] loop8: detected capacity change from 0 to 512 [ 403.097459][ T9605] EXT4-fs (loop8): Test dummy encryption mode enabled [ 403.103713][ T9605] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode [ 403.194411][ T9605] EXT4-fs error (device loop8): ext4_orphan_get:1426: comm syz.8.1157: bad orphan inode 131083 [ 403.197635][ T9605] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none. [ 403.917339][ T5860] EXT4-fs (loop8): unmounting filesystem. [ 403.946421][ T9645] binder: BINDER_SET_CONTEXT_MGR already set [ 403.960280][ T9645] binder: 9644:9645 ioctl 4018620d 20004a80 returned -16 [ 403.966105][ T9645] binder: tried to use weak ref as strong ref [ 403.974797][ T9645] binder: 9644:9645 Acquire 1 refcount change on invalid ref 0 ret -22 [ 403.984209][ T9645] binder: 9644:9645 got transaction to invalid handle, 1 [ 403.998463][ T9645] binder: 9645:9644 cannot find target node [ 404.007168][ T9645] binder: 9644:9645 transaction call to 0:0 failed 227/29201/-22, size 72-24 line 3054 [ 404.080170][ T9651] binder: 9644:9651 got transaction to invalid handle, 3 [ 404.082379][ T9651] binder: 9651:9644 cannot find target node [ 404.086330][ T9651] binder: 9644:9651 transaction call to 0:0 failed 228/29201/-22, size 0-0 line 3054 [ 404.391638][ T9656] input: syz0 as /devices/virtual/input/input17 [ 407.243117][ T9687] loop8: detected capacity change from 0 to 512 [ 407.269657][ T9687] EXT4-fs (loop8): Test dummy encryption mode enabled [ 407.271579][ T9687] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode [ 407.327021][ T9693] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1176'. [ 407.331538][ T9687] EXT4-fs error (device loop8): ext4_orphan_get:1426: comm syz.8.1175: bad orphan inode 131083 [ 407.334605][ T9687] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none. [ 407.335578][ T9693] netlink: zone id is out of range [ 407.471390][ T39] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 408.075456][ T9717] loop3: detected capacity change from 0 to 1024 [ 408.203616][ T5860] EXT4-fs (loop8): unmounting filesystem. [ 408.725299][ T9742] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1188'. [ 408.817581][ T9745] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1190'. [ 408.839414][ T9745] netlink: 4608 bytes leftover after parsing attributes in process `syz.8.1190'. [ 408.932727][ T9755] netlink: 28 bytes leftover after parsing attributes in process `syz.8.1190'. [ 408.935558][ T9755] netlink: 28 bytes leftover after parsing attributes in process `syz.8.1190'. [ 408.982737][ T9755] device team0 entered promiscuous mode [ 408.984509][ T9755] device team_slave_0 entered promiscuous mode [ 408.988636][ T9755] device team_slave_1 entered promiscuous mode [ 409.077706][ T9755] device bond0 entered promiscuous mode [ 409.079987][ T9755] device bond_slave_0 entered promiscuous mode [ 409.081871][ T9755] device bond_slave_1 entered promiscuous mode [ 409.097654][ T9766] loop5: detected capacity change from 0 to 512 [ 409.122721][ T9766] EXT4-fs (loop5): Test dummy encryption mode enabled [ 409.127395][ T9766] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 409.181048][ T9766] EXT4-fs error (device loop5): ext4_orphan_get:1426: comm syz.5.1192: bad orphan inode 131083 [ 409.249140][ T4548] IPv6: ADDRCONF(NETDEV_CHANGE): hsr1: link becomes ready [ 409.287865][ T9766] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 410.102525][ T5192] EXT4-fs (loop5): unmounting filesystem. [ 411.016286][ T9827] netlink: 48 bytes leftover after parsing attributes in process `syz.7.1208'. [ 411.137163][ T9838] loop5: detected capacity change from 0 to 512 [ 411.144542][ T9838] EXT4-fs (loop5): Test dummy encryption mode enabled [ 411.146490][ T9838] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 411.165784][ T9838] EXT4-fs error (device loop5): ext4_orphan_get:1426: comm syz.5.1211: bad orphan inode 131083 [ 411.174128][ T9838] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 411.339680][ C1] vcan0: j1939_tp_rxtimer: 0x00000000100a360d: rx timeout, send abort [ 411.575247][ T9861] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1217'. [ 411.842973][ C1] vcan0: j1939_tp_rxtimer: 0x00000000100a360d: abort rx timeout. Force session deactivation [ 411.847680][ C1] vcan0: j1939_tp_rxtimer: 0x0000000043b68fe2: rx timeout, send abort [ 412.018694][ T5192] EXT4-fs (loop5): unmounting filesystem. [ 412.224980][ T9878] loop3: detected capacity change from 0 to 1024 [ 412.321536][ T8270] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 412.350053][ C1] vcan0: j1939_tp_rxtimer: 0x0000000043b68fe2: abort rx timeout. Force session deactivation [ 412.538058][ T9897] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1228'. [ 412.565920][ T9900] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1226'. [ 412.817123][ T9904] loop7: detected capacity change from 0 to 512 [ 412.833004][ T9904] EXT4-fs (loop7): Test dummy encryption mode enabled [ 412.844566][ T9904] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 412.879767][ T9904] EXT4-fs error (device loop7): ext4_orphan_get:1426: comm syz.7.1231: bad orphan inode 131083 [ 412.894664][ T9904] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 413.682958][ T5842] EXT4-fs (loop7): unmounting filesystem. [ 413.852284][ T9931] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1237'. [ 413.854734][ T9931] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 414.041614][ T9944] x_tables: duplicate underflow at hook 1 [ 414.196959][ T9950] netlink: 92 bytes leftover after parsing attributes in process `syz.8.1241'. [ 414.273562][ T9931] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 414.411400][ T9942] IPv6: Can't replace route, no match found [ 414.481604][ T9945] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1240'. [ 414.812315][ T9980] loop8: detected capacity change from 0 to 512 [ 414.821716][ T9985] loop2: detected capacity change from 0 to 1024 [ 414.824719][ T9980] EXT4-fs (loop8): Test dummy encryption mode enabled [ 414.830135][ T9980] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode [ 414.855420][ T9980] EXT4-fs error (device loop8): ext4_orphan_get:1426: comm syz.8.1248: bad orphan inode 131083 [ 414.888971][ T9980] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none. [ 415.557720][ T5860] EXT4-fs (loop8): unmounting filesystem. [ 415.651885][T10006] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1255'. [ 415.733649][T10017] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1257'. [ 415.966196][T10025] netlink: 164 bytes leftover after parsing attributes in process `syz.7.1261'. [ 416.907648][T10050] loop3: detected capacity change from 0 to 512 [ 416.952293][T10050] EXT4-fs (loop3): Test dummy encryption mode enabled [ 416.954324][T10050] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 416.999081][T10050] EXT4-fs error (device loop3): ext4_orphan_get:1426: comm syz.3.1269: bad orphan inode 131083 [ 417.012882][T10050] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 417.419372][T10058] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1271'. [ 417.856710][T10070] loop8: detected capacity change from 0 to 1024 [ 417.941581][T10075] netlink: 164 bytes leftover after parsing attributes in process `syz.7.1276'. [ 418.165338][ T8511] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 419.104813][ T7651] EXT4-fs (loop3): unmounting filesystem. [ 419.357380][T10099] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1284'. [ 419.691279][T10116] netlink: 164 bytes leftover after parsing attributes in process `syz.5.1288'. [ 420.710829][T10153] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1299'. [ 420.800933][T10159] loop2: detected capacity change from 0 to 512 [ 420.809071][T10159] EXT4-fs (loop2): Test dummy encryption mode enabled [ 420.825508][T10159] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 420.877008][T10159] EXT4-fs error (device loop2): ext4_orphan_get:1426: comm syz.2.1301: bad orphan inode 131083 [ 420.885094][T10159] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 421.118581][T10173] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1305'. [ 421.132553][T10173] netlink: zone id is out of range [ 421.367560][T10179] device syzkaller0 entered promiscuous mode [ 421.645038][ T7644] EXT4-fs (loop2): unmounting filesystem. [ 421.678284][T10182] netlink: 'syz.5.1307': attribute type 10 has an invalid length. [ 421.725600][T10182] device wlan1 entered promiscuous mode [ 421.739686][T10182] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 422.107102][T10220] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1316'. [ 422.121433][T10220] netlink: zone id is out of range [ 422.455955][T10229] input: syz0 as /devices/virtual/input/input18 [ 425.278402][T10238] netlink: 164 bytes leftover after parsing attributes in process `syz.7.1319'. [ 425.570391][T10255] loop7: detected capacity change from 0 to 1024 [ 425.853392][T10268] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1328'. [ 425.866121][T10268] device bridge_slave_1 left promiscuous mode [ 425.875503][T10268] bridge0: port 2(bridge_slave_1) entered disabled state [ 425.906156][T10268] device bridge_slave_0 left promiscuous mode [ 425.908147][T10268] bridge0: port 1(bridge_slave_0) entered disabled state [ 426.433660][T10301] loop8: detected capacity change from 0 to 1024 [ 426.458354][T10301] EXT4-fs: Ignoring removed bh option [ 426.467998][T10301] EXT4-fs: Ignoring removed nomblk_io_submit option [ 426.495623][T10301] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback. [ 427.457253][ T5860] EXT4-fs (loop8): unmounting filesystem. [ 428.536553][T10362] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1347'. [ 428.577415][T10364] loop3: detected capacity change from 0 to 1024 [ 428.596384][T10364] EXT4-fs: Ignoring removed bh option [ 428.597874][T10364] EXT4-fs: Ignoring removed nomblk_io_submit option [ 428.696388][T10364] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 429.658454][ T7651] EXT4-fs (loop3): unmounting filesystem. [ 429.913115][T10395] loop5: detected capacity change from 0 to 1024 [ 429.962906][ T8270] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 430.235769][T10412] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1361'. [ 431.368004][T10455] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1374'. [ 431.502445][T10429] loop8: detected capacity change from 0 to 40427 [ 431.527262][T10429] F2FS-fs (loop8): Invalid SB checksum offset: 0 [ 431.529286][T10429] F2FS-fs (loop8): Can't find valid F2FS filesystem in 2th superblock [ 431.546528][T10429] F2FS-fs (loop8): invalid crc value [ 431.604003][T10429] F2FS-fs (loop8): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 431.715840][T10429] F2FS-fs (loop8): Try to recover 2th superblock, ret: 0 [ 431.717818][T10429] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5 [ 431.878354][T10484] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1378'. [ 432.946422][T10517] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1385'. [ 433.130365][ T2059] ieee802154 phy0 wpan0: encryption failed: -22 [ 433.132092][ T2059] ieee802154 phy1 wpan1: encryption failed: -22 [ 433.400544][T10533] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1390'. [ 433.588567][T10540] loop5: detected capacity change from 0 to 1024 [ 434.694862][ T5860] syz-executor: attempt to access beyond end of device [ 434.694862][ T5860] loop8: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 434.798043][T10562] loop7: detected capacity change from 0 to 1024 [ 434.817299][T10562] EXT4-fs: Ignoring removed bh option [ 434.819305][T10562] EXT4-fs: Ignoring removed nomblk_io_submit option [ 434.874877][T10562] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback. [ 435.747182][T10579] netlink: 248 bytes leftover after parsing attributes in process `syz.2.1401'. [ 435.775726][T10579] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1401'. [ 435.847695][ T5842] EXT4-fs (loop7): unmounting filesystem. [ 435.854397][T10579] netlink: 22 bytes leftover after parsing attributes in process `syz.2.1401'. [ 435.914116][T10579] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 435.916352][T10579] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 435.918475][T10579] device bond0 left promiscuous mode [ 435.947902][T10579] device bond_slave_0 left promiscuous mode [ 435.965892][T10579] device bond_slave_1 left promiscuous mode [ 435.976338][T10579] 8021q: adding VLAN 0 to HW filter on device bond0 [ 436.018540][T10592] loop8: detected capacity change from 0 to 512 [ 436.046914][T10592] EXT4-fs (loop8): Test dummy encryption mode enabled [ 436.049115][T10592] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode [ 436.068655][T10594] loop5: detected capacity change from 0 to 1024 [ 436.073558][T10592] EXT4-fs error (device loop8): ext4_orphan_get:1426: comm syz.8.1406: bad orphan inode 131083 [ 436.079576][T10579] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 436.086727][T10592] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none. [ 436.303589][ T8511] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 436.403823][ T5860] EXT4-fs (loop8): unmounting filesystem. [ 436.423432][T10606] netlink: 'syz.2.1410': attribute type 21 has an invalid length. [ 436.437742][T10606] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1410'. [ 437.218672][T10624] bridge0: port 2(bridge_slave_1) entered disabled state [ 437.230168][T10624] bridge0: port 2(bridge_slave_1) entered blocking state [ 437.232184][T10624] bridge0: port 2(bridge_slave_1) entered forwarding state [ 437.423331][T10632] loop3: detected capacity change from 0 to 512 [ 437.460115][T10632] EXT4-fs (loop3): Test dummy encryption mode enabled [ 437.461964][T10632] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 437.537963][T10632] EXT4-fs error (device loop3): ext4_orphan_get:1426: comm syz.3.1417: bad orphan inode 131083 [ 437.581060][T10632] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 437.655085][T10642] loop7: detected capacity change from 0 to 512 [ 437.658139][T10642] EXT4-fs (loop7): Test dummy encryption mode enabled [ 437.668192][T10642] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 437.716678][T10642] EXT4-fs error (device loop7): ext4_orphan_get:1426: comm syz.7.1421: bad orphan inode 131083 [ 437.721987][T10642] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 437.848601][ T7651] EXT4-fs (loop3): unmounting filesystem. [ 438.147932][ T5842] EXT4-fs (loop7): unmounting filesystem. [ 438.827045][T10686] loop5: detected capacity change from 0 to 512 [ 438.857297][T10686] EXT4-fs (loop5): Test dummy encryption mode enabled [ 438.859258][T10686] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 438.878070][T10686] EXT4-fs error (device loop5): ext4_orphan_get:1426: comm syz.5.1434: bad orphan inode 131083 [ 438.891864][T10686] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 441.234051][ T5192] EXT4-fs (loop5): unmounting filesystem. [ 441.391068][T10733] tipc: Started in network mode [ 441.392493][T10733] tipc: Node identity 6648391ade32, cluster identity 4711 [ 441.422478][T10733] tipc: Enabled bearer , priority 0 [ 441.429780][T10733] device syzkaller0 entered promiscuous mode [ 441.567833][T10745] tipc: Resetting bearer [ 441.628133][T10728] tipc: Resetting bearer [ 441.979943][T10728] tipc: Disabling bearer [ 442.277113][T10775] loop7: detected capacity change from 0 to 512 [ 442.312452][T10775] EXT4-fs (loop7): Test dummy encryption mode enabled [ 442.314578][T10775] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 442.495222][T10775] EXT4-fs error (device loop7): ext4_orphan_get:1426: comm syz.7.1461: bad orphan inode 131083 [ 442.501243][T10775] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 442.674565][T10787] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1464'. [ 443.447527][T10799] netlink: 'syz.8.1466': attribute type 10 has an invalid length. [ 443.736318][T10810] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready [ 444.749443][ T5842] EXT4-fs (loop7): unmounting filesystem. [ 445.463084][T10872] loop8: detected capacity change from 0 to 512 [ 445.477263][T10872] EXT4-fs (loop8): Test dummy encryption mode enabled [ 445.485963][T10872] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode [ 445.517179][T10872] EXT4-fs error (device loop8): ext4_orphan_get:1426: comm syz.8.1487: bad orphan inode 131083 [ 445.528111][T10872] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none. [ 446.089068][ T4318] Bluetooth: hci5: command 0x0406 tx timeout [ 446.091239][ T4318] Bluetooth: hci6: command 0x0406 tx timeout [ 447.864939][ T5860] EXT4-fs (loop8): unmounting filesystem. [ 447.968092][T10942] device lo entered promiscuous mode [ 448.013733][T10942] device tunl0 entered promiscuous mode [ 448.055210][T10942] device gre0 entered promiscuous mode [ 448.204026][T10950] loop5: detected capacity change from 0 to 1024 [ 448.388090][T10942] device gretap0 entered promiscuous mode [ 449.145907][T10942] device erspan0 entered promiscuous mode [ 449.199599][T10942] device ip_vti0 entered promiscuous mode [ 449.279351][T10942] device ip6_vti0 entered promiscuous mode [ 449.310700][T10942] device sit0 entered promiscuous mode [ 449.355686][T10942] device ip6tnl0 entered promiscuous mode [ 449.424766][T10942] device ip6gre0 entered promiscuous mode [ 449.447663][T10942] device ip6gretap0 entered promiscuous mode [ 449.489347][T10942] bridge0: port 2(bridge_slave_1) entered disabled state [ 449.491616][T10942] bridge0: port 1(bridge_slave_0) entered disabled state [ 449.493942][T10942] device bridge0 entered promiscuous mode [ 449.515476][T10942] device vcan0 entered promiscuous mode [ 449.525373][T10942] device bond0 entered promiscuous mode [ 449.526861][T10942] device bond_slave_0 entered promiscuous mode [ 449.528643][T10942] device bond_slave_1 entered promiscuous mode [ 449.555083][T10942] device team0 entered promiscuous mode [ 449.557780][T10942] device team_slave_0 entered promiscuous mode [ 449.561205][T10942] device team_slave_1 entered promiscuous mode [ 449.585913][T10942] device dummy0 entered promiscuous mode [ 449.608428][T10942] device nlmon0 entered promiscuous mode [ 449.612053][T10942] device caif0 entered promiscuous mode [ 449.636321][T10942] device batadv0 entered promiscuous mode [ 449.662487][T10942] device vxcan0 entered promiscuous mode [ 449.671222][T10942] device vxcan1 entered promiscuous mode [ 449.678701][T10942] device veth0 entered promiscuous mode [ 449.696734][T10942] device veth1 entered promiscuous mode [ 449.779261][T10942] device wg0 entered promiscuous mode [ 449.879136][T10942] device wg1 entered promiscuous mode [ 449.979097][T10942] device wg2 entered promiscuous mode [ 449.994463][T10942] device veth0_to_bridge entered promiscuous mode [ 450.023488][T10942] device veth1_to_bridge entered promiscuous mode [ 450.051804][T10942] device veth0_to_bond entered promiscuous mode [ 450.075266][T10942] device veth1_to_bond entered promiscuous mode [ 450.099703][T10942] device veth0_to_team entered promiscuous mode [ 450.127520][T10942] device veth1_to_team entered promiscuous mode [ 450.155136][T10942] device veth0_to_batadv entered promiscuous mode [ 450.159138][T10942] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 450.175431][T10942] device batadv_slave_0 entered promiscuous mode [ 450.193884][T10942] device veth1_to_batadv entered promiscuous mode [ 450.197863][T10942] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 450.202319][T10942] device batadv_slave_1 entered promiscuous mode [ 450.217614][T10942] device xfrm0 entered promiscuous mode [ 450.229695][T10942] device veth0_to_hsr entered promiscuous mode [ 450.239585][T10942] device veth1_to_hsr entered promiscuous mode [ 450.260210][T10942] device hsr0 entered promiscuous mode [ 450.273315][T10942] device veth1_virt_wifi entered promiscuous mode [ 450.280958][T10942] device veth0_virt_wifi entered promiscuous mode [ 450.288208][T10942] device virt_wifi0 entered promiscuous mode [ 450.337480][T10942] device vlan0 entered promiscuous mode [ 450.349169][T10942] device vlan1 entered promiscuous mode [ 450.401585][T10942] device macvlan0 entered promiscuous mode [ 450.469056][T10942] device macvlan1 entered promiscuous mode [ 450.472973][T10942] device ipvlan0 entered promiscuous mode [ 450.474629][T10942] device ipvlan1 entered promiscuous mode [ 450.548877][T10942] device macvtap0 entered promiscuous mode [ 450.565725][T10942] device macsec0 entered promiscuous mode [ 450.583511][T10942] device geneve0 entered promiscuous mode [ 450.629097][T10942] device geneve1 entered promiscuous mode [ 450.646590][T10942] device netdevsim0 entered promiscuous mode [ 450.659151][T10942] device netdevsim1 entered promiscuous mode [ 450.671607][T10942] device netdevsim2 entered promiscuous mode [ 450.684260][T10942] device netdevsim3 entered promiscuous mode [ 450.789335][T10942] device wlan0 entered promiscuous mode [ 450.890052][T10942] device wlan1 entered promiscuous mode [ 450.901196][T10942] device bridge1 entered promiscuous mode [ 450.913882][T10942] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 450.916356][T10942] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 450.919782][T10942] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 450.922189][T10942] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 450.964197][T10955] netlink: 'syz.8.1505': attribute type 6 has an invalid length. [ 451.055374][T11008] loop2: detected capacity change from 0 to 512 [ 451.085206][T11008] EXT4-fs (loop2): Test dummy encryption mode enabled [ 451.086993][T11008] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 451.148288][T11008] EXT4-fs error (device loop2): ext4_orphan_get:1426: comm syz.2.1514: bad orphan inode 131083 [ 451.151947][T11008] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 451.224354][T11024] loop8: detected capacity change from 0 to 1024 [ 451.312406][T11029] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1520'. [ 451.322841][ T7644] EXT4-fs (loop2): unmounting filesystem. [ 452.208518][T11037] netlink: 'syz.3.1522': attribute type 13 has an invalid length. [ 452.211120][T11037] netlink: 'syz.3.1522': attribute type 17 has an invalid length. [ 452.213440][T11037] device lo left promiscuous mode [ 452.233010][T11037] device tunl0 left promiscuous mode [ 452.291196][T11037] device gre0 left promiscuous mode [ 452.325215][T11037] device gretap0 left promiscuous mode [ 452.375535][T11037] device erspan0 left promiscuous mode [ 452.392634][T11037] device ip_vti0 left promiscuous mode [ 452.403371][T11037] device ip6_vti0 left promiscuous mode [ 452.409929][T11037] device sit0 left promiscuous mode [ 452.426345][T11037] device ip6tnl0 left promiscuous mode [ 452.453102][T11037] device ip6gre0 left promiscuous mode [ 452.466995][T11037] device ip6gretap0 left promiscuous mode [ 452.477598][T11037] device bridge0 left promiscuous mode [ 452.486971][T11037] device vcan0 left promiscuous mode [ 452.488773][T11037] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 452.494583][T11037] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 452.496948][T11037] device bond0 left promiscuous mode [ 452.500451][T11037] 8021q: adding VLAN 0 to HW filter on device bond0 [ 452.503357][T11037] device team0 left promiscuous mode [ 452.505295][T11037] 8021q: adding VLAN 0 to HW filter on device team0 [ 452.511233][T11037] device dummy0 left promiscuous mode [ 452.536554][T11037] device nlmon0 left promiscuous mode [ 452.560674][T11061] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1522'. [ 452.595981][T11037] device caif0 left promiscuous mode [ 452.597505][T11037] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 452.608465][T11042] device wlan1 left promiscuous mode [ 452.620037][T11058] netlink: 'syz.3.1522': attribute type 10 has an invalid length. [ 452.655580][T11058] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 452.674821][T11061] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 452.696439][T11061] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 452.766328][T11071] loop7: detected capacity change from 0 to 512 [ 452.783073][T11071] EXT4-fs (loop7): Test dummy encryption mode enabled [ 452.803290][T11071] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 452.807319][T11074] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1532'. [ 452.822209][T11071] EXT4-fs error (device loop7): ext4_orphan_get:1426: comm syz.7.1531: bad orphan inode 131083 [ 452.827868][T11071] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 452.916451][ T5842] EXT4-fs (loop7): unmounting filesystem. [ 453.161556][T11093] loop2: detected capacity change from 0 to 1024 [ 454.122183][T11105] netlink: 'syz.8.1542': attribute type 13 has an invalid length. [ 454.124418][T11105] netlink: 24859 bytes leftover after parsing attributes in process `syz.8.1542'. [ 454.271486][T11111] netlink: 32 bytes leftover after parsing attributes in process `syz.7.1544'. [ 454.288097][T11115] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1546'. [ 454.295992][T11116] loop8: detected capacity change from 0 to 512 [ 454.333577][T11116] EXT4-fs (loop8): Test dummy encryption mode enabled [ 454.335493][T11116] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode [ 454.358353][T11116] EXT4-fs error (device loop8): ext4_orphan_get:1426: comm syz.8.1545: bad orphan inode 131083 [ 454.368524][T11116] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none. [ 454.513590][ T5860] EXT4-fs (loop8): unmounting filesystem. [ 454.907391][T11148] loop8: detected capacity change from 0 to 1024 [ 454.922739][T11152] loop7: detected capacity change from 0 to 512 [ 454.950848][T11152] EXT4-fs (loop7): Test dummy encryption mode enabled [ 454.957609][T11152] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 455.007631][T11152] EXT4-fs error (device loop7): ext4_orphan_get:1426: comm syz.7.1557: bad orphan inode 131083 [ 455.031365][T11152] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 455.078106][T11159] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1558'. [ 456.036890][T11171] loop2: detected capacity change from 0 to 512 [ 456.044619][ T5842] EXT4-fs (loop7): unmounting filesystem. [ 456.077129][T11172] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1561'. [ 456.122726][T11171] EXT4-fs (loop2): Test dummy encryption mode enabled [ 456.124628][T11171] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 456.216211][T11171] EXT4-fs error (device loop2): ext4_orphan_get:1426: comm syz.2.1560: bad orphan inode 131083 [ 456.220334][T11171] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 456.964424][T11174] loop3: detected capacity change from 0 to 40427 [ 457.004860][T11174] F2FS-fs (loop3): Invalid SB checksum offset: 0 [ 457.006757][T11174] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock [ 457.020030][T11174] F2FS-fs (loop3): invalid crc value [ 457.047474][T11210] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1571'. [ 457.055537][T11174] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 457.119413][T11174] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0 [ 457.121619][T11174] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 457.197425][T11217] loop5: detected capacity change from 0 to 512 [ 457.227926][T11217] EXT4-fs (loop5): Test dummy encryption mode enabled [ 457.244156][T11217] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 457.367872][T11217] EXT4-fs error (device loop5): ext4_orphan_get:1426: comm syz.5.1572: bad orphan inode 131083 [ 457.371825][T11217] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 458.251970][ T5192] EXT4-fs (loop5): unmounting filesystem. [ 458.328316][ T7651] syz-executor: attempt to access beyond end of device [ 458.328316][ T7651] loop3: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 458.388059][T11234] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1575'. [ 459.608454][T11258] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1582'. [ 459.754774][T11265] loop5: detected capacity change from 0 to 512 [ 459.866453][T11265] EXT4-fs (loop5): Test dummy encryption mode enabled [ 459.868422][T11265] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 459.905503][T11265] EXT4-fs error (device loop5): ext4_orphan_get:1426: comm syz.5.1584: bad orphan inode 131083 [ 459.914191][T11265] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 460.578302][T11296] netlink: 'syz.3.1590': attribute type 10 has an invalid length. [ 460.632572][ T5192] EXT4-fs (loop5): unmounting filesystem. [ 460.735227][T11274] loop7: detected capacity change from 0 to 40427 [ 460.749380][T11274] F2FS-fs (loop7): Invalid SB checksum offset: 0 [ 460.755406][T11274] F2FS-fs (loop7): Can't find valid F2FS filesystem in 2th superblock [ 460.769974][T11274] F2FS-fs (loop7): invalid crc value [ 460.822611][T11274] F2FS-fs (loop7): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 460.886499][T11274] F2FS-fs (loop7): Try to recover 2th superblock, ret: 0 [ 460.888623][T11274] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5 [ 461.295289][ T4617] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 461.630382][T11323] netlink: 32 bytes leftover after parsing attributes in process `syz.8.1594'. [ 461.764932][ T5842] syz-executor: attempt to access beyond end of device [ 461.764932][ T5842] loop7: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 462.103457][T11342] binder: 11339:11342 tried to acquire reference to desc 0, got 1 instead [ 462.874026][T11380] netlink: 32 bytes leftover after parsing attributes in process `syz.8.1609'. [ 462.888960][ T27] kauditd_printk_skb: 56 callbacks suppressed [ 462.888973][ T27] audit: type=1326 audit(462.860:969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11339 comm="syz.5.1601" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9dd5af28 code=0x7fc00000 [ 462.896660][ T27] audit: type=1326 audit(462.860:970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11339 comm="syz.5.1601" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=29 compat=0 ip=0xffff9dd5af28 code=0x7fc00000 [ 462.923897][ T27] audit: type=1326 audit(462.860:971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11339 comm="syz.5.1601" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9dd5af28 code=0x7fc00000 [ 462.941332][ T27] audit: type=1326 audit(462.860:972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11339 comm="syz.5.1601" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9dd5af28 code=0x7fc00000 [ 462.967085][ T27] audit: type=1326 audit(462.860:973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11339 comm="syz.5.1601" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9dd5af28 code=0x7fc00000 [ 462.981470][ T27] audit: type=1326 audit(462.860:974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11339 comm="syz.5.1601" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9dd5af28 code=0x7fc00000 [ 462.994051][ T27] audit: type=1326 audit(462.860:975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11339 comm="syz.5.1601" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9dd5af28 code=0x7fc00000 [ 463.006747][ T27] audit: type=1326 audit(462.860:976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11339 comm="syz.5.1601" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9dd5af28 code=0x7fc00000 [ 463.024335][ T27] audit: type=1326 audit(462.860:977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11339 comm="syz.5.1601" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9dd5af28 code=0x7fc00000 [ 463.041517][ T27] audit: type=1326 audit(462.860:978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11339 comm="syz.5.1601" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9dd5af28 code=0x7fc00000 [ 463.083633][ T22] binder_debug: 2 callbacks suppressed [ 463.083646][ T22] binder: release 11339:11351 transaction 233 out, still active [ 463.087256][ T22] binder: undelivered TRANSACTION_COMPLETE [ 463.089578][ T22] binder: send failed reply for transaction 240 to 11339:11352 [ 463.097374][ T22] binder: undelivered TRANSACTION_COMPLETE [ 463.104865][ T22] binder: undelivered TRANSACTION_ERROR: 29189 [ 463.111143][ T22] binder: send failed reply for transaction 233, target dead [ 463.496381][T11373] loop7: detected capacity change from 0 to 40427 [ 463.507074][T11373] F2FS-fs (loop7): Invalid SB checksum offset: 0 [ 463.513176][T11373] F2FS-fs (loop7): Can't find valid F2FS filesystem in 2th superblock [ 463.522652][T11373] F2FS-fs (loop7): invalid crc value [ 463.534366][T11373] F2FS-fs (loop7): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 463.633286][T11373] F2FS-fs (loop7): Try to recover 2th superblock, ret: 0 [ 463.635395][T11373] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5 [ 463.927892][T11425] binder: 11424:11425 tried to acquire reference to desc 0, got 1 instead [ 464.298284][T11428] loop3: detected capacity change from 0 to 1024 [ 464.525136][T11041] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 464.674082][ T5842] syz-executor: attempt to access beyond end of device [ 464.674082][ T5842] loop7: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 465.261638][ T24] binder: release 11424:11430 transaction 245 out, still active [ 465.263882][ T24] binder: undelivered TRANSACTION_COMPLETE [ 465.265547][ T24] binder: send failed reply for transaction 252 to 11424:11432 [ 465.267791][ T24] binder: undelivered TRANSACTION_COMPLETE [ 465.950157][T11486] binder: BINDER_SET_CONTEXT_MGR already set [ 465.951893][T11486] binder: 11483:11486 ioctl 4018620d 20004a80 returned -16 [ 465.960387][T11486] binder: tried to use weak ref as strong ref [ 465.962102][T11486] binder: 11483:11486 Acquire 1 refcount change on invalid ref 0 ret -22 [ 466.058447][ T7644] EXT4-fs (loop2): unmounting filesystem. [ 466.081992][T11493] binder: 11483:11493 got transaction to invalid handle, 1 [ 466.132449][T11491] loop7: detected capacity change from 0 to 1024 [ 466.142028][T11494] binder: 11483:11494 got transaction to invalid handle, 3 [ 466.194522][T11041] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 467.107181][T11481] loop5: detected capacity change from 0 to 40427 [ 467.137863][T11481] F2FS-fs (loop5): Invalid SB checksum offset: 0 [ 467.146889][T11481] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock [ 467.163803][T11481] F2FS-fs (loop5): invalid crc value [ 467.286061][T11481] F2FS-fs (loop5): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 467.407742][T11481] F2FS-fs (loop5): Try to recover 2th superblock, ret: 0 [ 467.409878][T11481] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 467.537679][T11541] netlink: 176 bytes leftover after parsing attributes in process `syz.8.1650'. [ 468.308462][T11551] loop3: detected capacity change from 0 to 512 [ 468.313612][T11553] binder: 11552:11553 tried to acquire reference to desc 0, got 1 instead [ 468.327133][T11551] EXT4-fs (loop3): Test dummy encryption mode enabled [ 468.329422][T11551] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 468.348561][T11551] EXT4-fs error (device loop3): ext4_orphan_get:1426: comm syz.3.1651: bad orphan inode 131083 [ 468.352651][T11551] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 468.367305][ T5192] syz-executor: attempt to access beyond end of device [ 468.367305][ T5192] loop5: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 468.797549][T11570] netlink: 16402 bytes leftover after parsing attributes in process `syz.5.1657'. [ 468.817109][T11567] loop2: detected capacity change from 0 to 1024 [ 469.679018][ T27] kauditd_printk_skb: 197 callbacks suppressed [ 469.679033][ T27] audit: type=1326 audit(469.530:1176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11552 comm="syz.7.1654" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8935af28 code=0x7fc00000 [ 469.763498][ T24] binder_debug: 8 callbacks suppressed [ 469.763512][ T24] binder: release 11552:11557 transaction 261 out, still active [ 469.767219][ T24] binder: undelivered TRANSACTION_COMPLETE [ 469.789542][ T24] binder: send failed reply for transaction 268 to 11552:11558 [ 469.799757][ T24] binder: undelivered TRANSACTION_COMPLETE [ 469.801343][ T24] binder: undelivered TRANSACTION_ERROR: 29189 [ 469.803038][ T24] binder: send failed reply for transaction 261, target dead [ 470.475493][T11618] binder: 11617:11618 tried to acquire reference to desc 0, got 1 instead [ 470.693228][T11630] loop2: detected capacity change from 0 to 1024 [ 470.893740][T11598] loop5: detected capacity change from 0 to 40427 [ 470.912222][T11598] F2FS-fs (loop5): Invalid SB checksum offset: 0 [ 470.914036][T11598] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock [ 471.605722][ T27] audit: type=1326 audit(471.580:1177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11617 comm="syz.8.1670" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9db5af28 code=0x7fc00000 [ 471.616227][ T27] audit: type=1326 audit(471.590:1178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11617 comm="syz.8.1670" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=29 compat=0 ip=0xffff9db5af28 code=0x7fc00000 [ 471.623801][T11598] F2FS-fs (loop5): invalid crc value [ 471.658225][ T27] audit: type=1326 audit(471.590:1179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11617 comm="syz.8.1670" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9db5af28 code=0x7fc00000 [ 471.678288][T11598] F2FS-fs (loop5): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 471.688416][ T4453] binder: release 11617:11628 transaction 280 out, still active [ 471.749197][ T4453] binder: undelivered TRANSACTION_COMPLETE [ 471.769873][ T4453] binder: send failed reply for transaction 273 to 11617:11625 [ 471.772054][ T4453] binder: undelivered TRANSACTION_COMPLETE [ 471.772842][ T27] audit: type=1326 audit(471.590:1180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11617 comm="syz.8.1670" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9db5af28 code=0x7fc00000 [ 471.806898][T11598] F2FS-fs (loop5): Try to recover 2th superblock, ret: 0 [ 471.809121][T11598] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 471.828906][ T27] audit: type=1326 audit(471.590:1181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11617 comm="syz.8.1670" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9db5af28 code=0x7fc00000 [ 471.845212][ T27] audit: type=1326 audit(471.590:1182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11617 comm="syz.8.1670" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9db5af28 code=0x7fc00000 [ 471.879142][ T27] audit: type=1326 audit(471.590:1183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11617 comm="syz.8.1670" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9db5af28 code=0x7fc00000 [ 471.886438][ T27] audit: type=1326 audit(471.590:1184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11617 comm="syz.8.1670" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9db5af28 code=0x7fc00000 [ 471.929303][ T27] audit: type=1326 audit(471.590:1185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11617 comm="syz.8.1670" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9db5af28 code=0x7fc00000 [ 472.685967][ T5192] syz-executor: attempt to access beyond end of device [ 472.685967][ T5192] loop5: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 473.058032][T11687] loop2: detected capacity change from 0 to 1024 [ 473.180615][T11692] binder: 11691:11692 tried to acquire reference to desc 0, got 1 instead [ 474.033283][T11700] binder: 11691:11700 ioctl c0306201 0 returned -14 [ 474.064918][T11703] netlink: 'syz.8.1689': attribute type 16 has an invalid length. [ 474.067197][T11703] netlink: 132 bytes leftover after parsing attributes in process `syz.8.1689'. [ 474.630906][T11731] netlink: 10 bytes leftover after parsing attributes in process `syz.7.1697'. [ 474.885276][T11742] binder: 11740:11742 tried to acquire reference to desc 0, got 1 instead [ 474.919727][T11743] loop7: detected capacity change from 0 to 1024 [ 474.996604][T11710] loop5: detected capacity change from 0 to 40427 [ 475.044083][T11710] F2FS-fs (loop5): Invalid SB checksum offset: 0 [ 475.046006][T11710] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock [ 475.051015][T11710] F2FS-fs (loop5): invalid crc value [ 475.070178][T11747] binder: 11740:11747 ioctl c0306201 0 returned -14 [ 475.109759][T11710] F2FS-fs (loop5): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 475.815095][ T27] kauditd_printk_skb: 21 callbacks suppressed [ 475.815109][ T27] audit: type=1326 audit(475.790:1207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11740 comm="syz.2.1702" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa5d5af28 code=0x7fc00000 [ 475.851127][ T27] audit: type=1326 audit(475.800:1208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11740 comm="syz.2.1702" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=29 compat=0 ip=0xffffa5d5af28 code=0x7fc00000 [ 475.857306][ T27] audit: type=1326 audit(475.800:1209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11740 comm="syz.2.1702" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa5d5af28 code=0x7fc00000 [ 475.864197][ T27] audit: type=1326 audit(475.800:1210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11740 comm="syz.2.1702" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa5d5af28 code=0x7fc00000 [ 475.870423][T11710] F2FS-fs (loop5): Try to recover 2th superblock, ret: 0 [ 475.872687][T11710] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 475.889552][ T27] audit: type=1326 audit(475.800:1211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11740 comm="syz.2.1702" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa5d5af28 code=0x7fc00000 [ 475.895375][ T27] audit: type=1326 audit(475.800:1212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11740 comm="syz.2.1702" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa5d5af28 code=0x7fc00000 [ 475.912230][ T27] audit: type=1326 audit(475.800:1213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11740 comm="syz.2.1702" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa5d5af28 code=0x7fc00000 [ 475.927252][ T27] audit: type=1326 audit(475.800:1214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11740 comm="syz.2.1702" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa5d5af28 code=0x7fc00000 [ 475.943793][ T27] audit: type=1326 audit(475.800:1215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11740 comm="syz.2.1702" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa5d5af28 code=0x7fc00000 [ 475.957277][ T27] audit: type=1326 audit(475.800:1216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11740 comm="syz.2.1702" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa5d5af28 code=0x7fc00000 [ 476.297997][ T24] binder_debug: 5 callbacks suppressed [ 476.298009][ T24] binder: release 11740:11745 transaction 296 out, still active [ 476.370035][ T24] binder: undelivered TRANSACTION_COMPLETE [ 476.371844][ T24] binder: send failed reply for transaction 296, target dead [ 476.659815][ T5192] syz-executor: attempt to access beyond end of device [ 476.659815][ T5192] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 476.877956][T11777] netlink: 10 bytes leftover after parsing attributes in process `syz.5.1707'. [ 477.158583][T11794] binder: 11792:11794 tried to acquire reference to desc 0, got 1 instead [ 477.335980][T11806] binder: 11792:11806 ioctl c0306201 0 returned -14 [ 477.854059][T11821] device syzkaller1 entered promiscuous mode [ 477.978404][ T4354] binder: release 11792:11802 transaction 307 out, still active [ 478.039152][ T4354] binder: undelivered TRANSACTION_COMPLETE [ 478.040969][ T4354] binder: send failed reply for transaction 307, target dead [ 478.107698][T11828] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 478.122197][T11828] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 478.133574][T11831] netlink: 576 bytes leftover after parsing attributes in process `syz.7.1727'. [ 478.173197][T11805] loop8: detected capacity change from 0 to 40427 [ 478.185502][T11805] F2FS-fs (loop8): Invalid SB checksum offset: 0 [ 478.187401][T11805] F2FS-fs (loop8): Can't find valid F2FS filesystem in 2th superblock [ 478.217951][T11805] F2FS-fs (loop8): invalid crc value [ 478.252548][T11805] F2FS-fs (loop8): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 478.313037][T11805] F2FS-fs (loop8): Try to recover 2th superblock, ret: 0 [ 478.322751][T11805] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5 [ 479.073987][T11856] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 479.076538][T11856] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 479.343116][ T5860] syz-executor: attempt to access beyond end of device [ 479.343116][ T5860] loop8: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 479.353991][ T7651] EXT4-fs (loop3): unmounting filesystem. [ 479.575700][T11872] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1737'. [ 480.003664][T11898] loop5: detected capacity change from 0 to 1024 [ 480.880681][T11911] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1749'. [ 481.418650][T11941] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1758'. [ 481.526363][T11950] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1761'. [ 481.612024][T11954] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 481.637476][T11954] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 481.764464][T11959] loop5: detected capacity change from 0 to 1024 [ 482.786866][T11973] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 482.799344][T11973] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 483.278447][T11998] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1774'. [ 483.847924][T12018] loop3: detected capacity change from 0 to 1024 [ 483.922224][T11041] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 484.111199][T11990] loop8: detected capacity change from 0 to 40427 [ 484.324726][T11990] F2FS-fs (loop8): Invalid SB checksum offset: 0 [ 484.330881][T11990] F2FS-fs (loop8): Can't find valid F2FS filesystem in 2th superblock [ 484.896523][T11990] F2FS-fs (loop8): invalid crc value [ 484.951050][T11990] F2FS-fs (loop8): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 485.064396][T11990] F2FS-fs (loop8): Try to recover 2th superblock, ret: 0 [ 485.066429][T11990] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5 [ 485.210273][T12040] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1785'. [ 485.914200][ T5860] syz-executor: attempt to access beyond end of device [ 485.914200][ T5860] loop8: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 485.983493][T12059] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 485.985901][T12059] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 486.044077][T12053] binder: 12052:12053 ioctl 4018620d 0 returned -22 [ 486.046546][T12053] binder: 12052:12053 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 486.070902][T12053] binder: 12053 RLIMIT_NICE not set [ 486.388138][T12083] binder: 12082:12083 tried to acquire reference to desc 0, got 1 instead [ 486.397612][T12083] binder_alloc: 12082: binder_alloc_buf size 8216 failed, no address space [ 486.413222][T12083] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192) [ 486.415835][T12083] binder: cannot allocate buffer: no space left [ 486.415875][T12083] binder: 12082:12083 transaction call to 12082:0 failed 318/29201/-28, size 104-4016 line 3239 [ 486.442321][ T24] binder: undelivered TRANSACTION_ERROR: 29201 [ 486.454678][ T4307] Bluetooth: hci3: unexpected event 0x2f length: 1017 > 260 [ 486.577218][T12086] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1798'. [ 487.164668][T12130] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 487.167483][T12131] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1815'. [ 487.174239][T12130] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 487.463896][T12097] loop7: detected capacity change from 0 to 40427 [ 487.474814][T12097] F2FS-fs (loop7): Invalid SB checksum offset: 0 [ 487.476756][T12097] F2FS-fs (loop7): Can't find valid F2FS filesystem in 2th superblock [ 487.489332][T12097] F2FS-fs (loop7): invalid crc value [ 487.512495][T12097] F2FS-fs (loop7): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 487.560146][T12097] F2FS-fs (loop7): Try to recover 2th superblock, ret: 0 [ 487.562202][T12097] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5 [ 487.686710][T12166] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 487.739352][T12166] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 487.814528][T12172] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 487.817133][T12172] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 488.352196][T12181] netlink: 12 bytes leftover after parsing attributes in process `syz.8.1830'. [ 488.442108][ T5842] syz-executor: attempt to access beyond end of device [ 488.442108][ T5842] loop7: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 488.850781][T12208] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1837'. [ 488.876718][T12207] loop3: detected capacity change from 0 to 1024 [ 488.943324][T11041] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 493.288988][ T4452] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 494.582511][ T2059] ieee802154 phy0 wpan0: encryption failed: -22 [ 494.584302][ T2059] ieee802154 phy1 wpan1: encryption failed: -22 [ 500.796714][T12239] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 500.833933][T12239] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 500.860843][T12241] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1843'. [ 500.965220][T12252] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1847'. [ 500.995313][T12254] loop5: detected capacity change from 0 to 512 [ 501.016521][T12254] EXT4-fs (loop5): Test dummy encryption mode enabled [ 501.018384][T12254] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 501.063689][T12254] EXT4-fs error (device loop5): ext4_orphan_get:1426: comm syz.5.1849: bad orphan inode 131083 [ 501.078989][T12254] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 501.218375][T12264] loop3: detected capacity change from 0 to 1024 [ 501.263641][T12270] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 501.267607][T12270] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 503.272322][T12299] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 503.281863][T12299] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 503.300614][T12299] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 503.304647][T12299] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 504.023847][T12329] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 504.032522][T12329] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 504.054469][T12329] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 504.065954][T12329] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 504.160758][ T5192] EXT4-fs (loop5): unmounting filesystem. [ 504.197110][T12346] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 504.204440][T12346] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 504.239452][T12345] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 504.241895][T12345] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 504.342604][T12353] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 504.356259][T12353] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 504.364118][T12353] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 504.369317][T12353] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 504.377168][T12353] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 504.380019][T12353] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 504.614066][T12363] loop2: detected capacity change from 0 to 1024 [ 504.764690][T12368] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 504.767840][T12368] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 504.813950][T12371] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 504.816469][T12371] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 505.368769][T12368] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 505.531095][T12368] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 505.535025][T12368] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 505.537455][T12368] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 505.544621][T12368] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 505.547105][T12368] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 505.616951][T12380] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 505.629404][T12380] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 505.642032][T12380] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 505.648734][T12380] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 505.675715][T12380] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 505.686073][T12380] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 505.723771][T12385] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 505.726374][T12385] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 505.755569][T12368] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 505.758038][T12368] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 506.098742][T12388] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 506.101425][T12388] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 506.284508][T12393] loop2: detected capacity change from 0 to 512 [ 506.302780][T12393] EXT4-fs (loop2): Test dummy encryption mode enabled [ 506.314403][T12393] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 506.345267][T12393] EXT4-fs error (device loop2): ext4_orphan_get:1426: comm syz.2.1873: bad orphan inode 131083 [ 506.348476][T12393] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 506.510099][T12380] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 506.512595][T12380] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 506.570039][T12402] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 506.664397][T12402] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 507.355972][T12410] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 507.358548][T12410] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 507.608355][T12410] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 507.614906][T12410] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 507.643663][T12415] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 507.646089][T12415] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 507.683131][T12415] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 507.692298][T12415] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 507.704118][T12415] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 507.713843][T12415] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 507.724420][T12417] loop5: detected capacity change from 0 to 1024 [ 507.972572][T12420] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 508.114171][T12420] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 508.922216][T12424] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 508.926092][T12424] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 509.150522][ T7644] EXT4-fs (loop2): unmounting filesystem. [ 509.208345][T12428] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 509.213509][T12428] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 509.225119][T12428] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 509.234412][T12428] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 509.395037][T12440] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 509.397743][T12440] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 509.412279][T12440] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 509.414737][T12440] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 509.428752][T12440] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 509.434283][T12440] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 509.824208][T12463] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 509.826727][T12463] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 509.848438][T12464] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1892'. [ 509.857366][T12468] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 509.879184][T12468] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 509.903597][T12468] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 509.905998][T12468] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 509.914865][T12468] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 509.923681][T12468] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 509.930464][T12468] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 509.935525][T12468] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 510.022249][T12477] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 510.033302][T12477] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 510.044597][T12474] loop5: detected capacity change from 0 to 1024 [ 510.205951][T12468] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 510.208492][T12468] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 510.245796][T12440] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 510.248335][T12440] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 511.133849][T12496] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 511.141744][T12496] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 511.148371][T12497] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 511.151490][T12498] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 511.153202][T12497] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 511.157940][T12498] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 511.493803][T12517] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 511.496342][T12517] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 511.767284][T12533] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 511.781411][T12533] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 511.802708][T12533] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 511.808704][T12533] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 511.825902][T12533] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 511.834289][T12533] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 512.049330][T12533] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 512.054318][T12533] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 512.065800][T12533] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 512.085210][T12533] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 512.092705][T12554] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 512.096182][T12554] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 512.222534][T12560] loop8: detected capacity change from 0 to 1024 [ 512.427132][T12567] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 512.435056][T12567] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 513.152997][T12568] netlink: 248 bytes leftover after parsing attributes in process `syz.5.1912'. [ 513.173916][T12568] netlink: 48 bytes leftover after parsing attributes in process `syz.5.1912'. [ 513.185749][T12568] netlink: 22 bytes leftover after parsing attributes in process `syz.5.1912'. [ 513.238178][T12568] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 513.240748][T12568] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 513.243508][T12568] device bond0 left promiscuous mode [ 513.245058][T12568] device bond_slave_0 left promiscuous mode [ 513.246785][T12568] device bond_slave_1 left promiscuous mode [ 513.248681][T12568] device wlan1 left promiscuous mode [ 513.252867][T12568] 8021q: adding VLAN 0 to HW filter on device bond0 [ 513.309067][T12568] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 513.566619][T12588] tipc: Started in network mode [ 513.568076][T12588] tipc: Node identity a24cd552069, cluster identity 4711 [ 513.577240][T12588] tipc: Enabled bearer , priority 0 [ 513.586623][T12595] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 513.590398][T12588] device syzkaller0 entered promiscuous mode [ 513.600348][T12595] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 513.683140][T12588] tipc: Resetting bearer [ 513.703719][T12587] tipc: Resetting bearer [ 513.722404][T12597] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 513.726372][T12597] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 513.829737][T12587] tipc: Disabling bearer [ 513.858598][T12600] loop7: detected capacity change from 0 to 1024 [ 514.042781][T12597] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 514.045293][T12597] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 514.842372][T12612] netlink: 248 bytes leftover after parsing attributes in process `syz.3.1931'. [ 514.844826][T12612] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1931'. [ 514.864246][T12612] netlink: 22 bytes leftover after parsing attributes in process `syz.3.1931'. [ 514.987549][T12612] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 515.011923][T12612] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 515.089281][T12612] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 515.530179][T12645] loop7: detected capacity change from 0 to 1024 [ 515.807054][T12658] loop8: detected capacity change from 0 to 512 [ 515.814313][T12658] EXT4-fs (loop8): Test dummy encryption mode enabled [ 515.821637][T12658] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode [ 515.879144][T12658] EXT4-fs error (device loop8): ext4_orphan_get:1426: comm syz.8.1953: bad orphan inode 131083 [ 515.882632][T12658] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none. [ 516.011773][T12665] netlink: 248 bytes leftover after parsing attributes in process `syz.3.1955'. [ 516.022455][T12665] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1955'. [ 516.036296][T12665] netlink: 22 bytes leftover after parsing attributes in process `syz.3.1955'. [ 517.876077][T12738] loop3: detected capacity change from 0 to 1024 [ 517.878390][T12738] EXT4-fs: Ignoring removed bh option [ 517.966234][T12738] EXT4-fs: Ignoring removed nomblk_io_submit option [ 518.068422][T12738] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 518.865248][T12765] tipc: Enabled bearer , priority 0 [ 518.880034][T12765] device syzkaller0 entered promiscuous mode [ 519.006532][ T7651] EXT4-fs (loop3): unmounting filesystem. [ 519.036262][T12768] tipc: Resetting bearer [ 519.103702][T12762] tipc: Resetting bearer [ 519.199645][T12762] tipc: Disabling bearer [ 519.653387][T12789] loop2: detected capacity change from 0 to 1024 [ 519.708983][T12266] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 519.814307][T12801] loop5: detected capacity change from 0 to 1024 [ 519.816548][T12801] EXT4-fs: Ignoring removed bh option [ 519.818011][T12801] EXT4-fs: Ignoring removed nomblk_io_submit option [ 519.857041][T12801] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 520.155541][T12814] tipc: Started in network mode [ 520.164668][T12814] tipc: Node identity aa9438725aeb, cluster identity 4711 [ 520.174514][T12814] tipc: Enabled bearer , priority 0 [ 520.182180][T12814] device syzkaller0 entered promiscuous mode [ 520.652503][T12816] tipc: Resetting bearer [ 520.674696][T12812] tipc: Resetting bearer [ 520.769917][T12812] tipc: Disabling bearer [ 520.808076][ T5192] EXT4-fs (loop5): unmounting filesystem. [ 521.052979][T12833] netlink: 'syz.5.2002': attribute type 6 has an invalid length. [ 521.652281][T12859] loop3: detected capacity change from 0 to 1024 [ 521.689828][T12859] EXT4-fs: Ignoring removed bh option [ 521.691349][T12859] EXT4-fs: Ignoring removed nomblk_io_submit option [ 521.714146][T12859] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 522.693247][ T7651] EXT4-fs (loop3): unmounting filesystem. [ 522.858323][T12881] tipc: Enabled bearer , priority 0 [ 522.861532][T12881] device syzkaller0 entered promiscuous mode [ 523.001701][T12886] tipc: Resetting bearer [ 523.067434][T12880] tipc: Resetting bearer [ 523.139653][T12880] tipc: Disabling bearer [ 523.457128][T12917] loop7: detected capacity change from 0 to 1024 [ 523.459595][T12917] EXT4-fs: Ignoring removed bh option [ 523.461157][T12917] EXT4-fs: Ignoring removed nomblk_io_submit option [ 523.485191][T12917] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback. [ 524.506482][ T5842] EXT4-fs (loop7): unmounting filesystem. [ 524.661606][ T4548] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 524.669301][ T5860] EXT4-fs (loop8): unmounting filesystem. [ 524.841002][T12947] loop8: detected capacity change from 0 to 1024 [ 524.951999][T12957] tipc: Enabled bearer , priority 0 [ 524.954469][T12957] device syzkaller0 entered promiscuous mode [ 524.992340][T12957] tipc: Resetting bearer [ 525.005034][T12956] tipc: Resetting bearer [ 525.064885][T12962] loop3: detected capacity change from 0 to 1024 [ 525.077756][T12962] EXT4-fs: Ignoring removed bh option [ 525.079714][T12956] tipc: Disabling bearer [ 525.091123][T12961] netlink: 'syz.2.2036': attribute type 13 has an invalid length. [ 525.091824][T12962] EXT4-fs: Ignoring removed nomblk_io_submit option [ 525.093297][T12961] netlink: 'syz.2.2036': attribute type 17 has an invalid length. [ 525.118656][T12962] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 525.994734][T12961] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 526.025465][T12968] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2036'. [ 526.033197][T12961] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 526.075282][T12977] loop5: detected capacity change from 0 to 512 [ 526.115710][ T7651] EXT4-fs (loop3): unmounting filesystem. [ 526.163220][T12977] EXT4-fs (loop5): Test dummy encryption mode enabled [ 526.172466][T12977] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 526.234366][T12977] EXT4-fs error (device loop5): ext4_orphan_get:1426: comm syz.5.2039: bad orphan inode 131083 [ 526.237752][T12977] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 526.259497][T12961] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 526.481690][T12973] netlink: 'syz.2.2036': attribute type 10 has an invalid length. [ 526.486337][T12973] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 526.559166][T12968] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 526.561817][T12968] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 527.397772][T13027] loop3: detected capacity change from 0 to 1024 [ 527.406047][T13027] EXT4-fs: Ignoring removed bh option [ 527.413179][T13027] EXT4-fs: Ignoring removed nomblk_io_submit option [ 527.427172][T13027] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 528.437710][ T7651] EXT4-fs (loop3): unmounting filesystem. [ 529.170454][T13074] loop8: detected capacity change from 0 to 1024 [ 529.177082][T13077] loop3: detected capacity change from 0 to 1024 [ 529.189455][T13074] EXT4-fs: Ignoring removed bh option [ 529.190966][T13074] EXT4-fs: Ignoring removed nomblk_io_submit option [ 529.236513][T13074] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback. [ 530.234103][ T5860] EXT4-fs (loop8): unmounting filesystem. [ 531.344808][T13132] loop3: detected capacity change from 0 to 1024 [ 531.365080][T13132] EXT4-fs: Ignoring removed bh option [ 531.372348][T13132] EXT4-fs: Ignoring removed nomblk_io_submit option [ 531.405607][T13132] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 532.403787][ T7651] EXT4-fs (loop3): unmounting filesystem. [ 532.507171][T13158] tipc: Enabled bearer , priority 0 [ 532.516804][T13158] device syzkaller0 entered promiscuous mode [ 532.559753][T13158] tipc: Resetting bearer [ 532.599191][T13156] tipc: Resetting bearer [ 532.640395][T13166] loop2: detected capacity change from 0 to 1024 [ 532.739711][T13156] tipc: Disabling bearer [ 533.094752][T13179] loop8: detected capacity change from 0 to 128 [ 533.111923][T13179] EXT4-fs: Ignoring removed nobh option [ 533.160379][T13179] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none. [ 534.153456][ T5860] EXT4-fs (loop8): unmounting filesystem. [ 534.608415][ T5192] EXT4-fs (loop5): unmounting filesystem. [ 534.773674][T13211] tipc: Enabled bearer , priority 0 [ 534.776340][T13211] device syzkaller0 entered promiscuous mode [ 534.788150][T13211] tipc: Resetting bearer [ 534.801725][T13210] tipc: Resetting bearer [ 534.859970][T13210] tipc: Disabling bearer [ 534.974098][T13217] loop7: detected capacity change from 0 to 128 [ 534.983725][T13217] EXT4-fs: Ignoring removed nobh option [ 534.997302][T13217] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 535.956019][ T5842] EXT4-fs (loop7): unmounting filesystem. [ 535.982790][T13233] loop8: detected capacity change from 0 to 512 [ 535.987264][T13233] EXT4-fs (loop8): Test dummy encryption mode enabled [ 536.014249][T13233] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode [ 536.034410][T13233] EXT4-fs error (device loop8): ext4_orphan_get:1426: comm syz.8.2112: bad orphan inode 131083 [ 536.038162][T13233] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none. [ 536.344211][T13242] binder: 13241:13242 ioctl 4018620d 0 returned -22 [ 536.346757][T13242] binder: 13241:13242 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 536.360930][T13242] binder: 13242 RLIMIT_NICE not set [ 536.426003][T13251] loop2: detected capacity change from 0 to 1024 [ 536.978886][T13263] loop7: detected capacity change from 0 to 128 [ 536.996634][T13263] EXT4-fs: Ignoring removed nobh option [ 537.044652][T13263] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 538.013612][ T5842] EXT4-fs (loop7): unmounting filesystem. [ 538.901707][ T5860] EXT4-fs (loop8): unmounting filesystem. [ 539.130519][T13300] loop7: detected capacity change from 0 to 1024 [ 539.132843][T13300] EXT4-fs: Ignoring removed bh option [ 539.134343][T13300] EXT4-fs: Ignoring removed nomblk_io_submit option [ 539.165499][T13300] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback. [ 540.142584][ T5842] EXT4-fs (loop7): unmounting filesystem. [ 540.252742][T13315] netlink: 'syz.8.2137': attribute type 10 has an invalid length. [ 540.292450][T13319] loop3: detected capacity change from 0 to 512 [ 540.301193][T13319] EXT4-fs (loop3): Test dummy encryption mode enabled [ 540.302954][T13319] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 540.328748][T13319] EXT4-fs error (device loop3): ext4_orphan_get:1426: comm syz.3.2139: bad orphan inode 131083 [ 540.332492][T13319] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 541.370049][T13315] bond1: (slave vlan2): Releasing active interface [ 542.107470][T13349] loop5: detected capacity change from 0 to 1024 [ 542.143418][T13349] EXT4-fs: Ignoring removed bh option [ 542.157907][T13349] EXT4-fs: Ignoring removed nomblk_io_submit option [ 542.223078][T13349] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 543.230083][ T5192] EXT4-fs (loop5): unmounting filesystem. [ 544.391089][ T7651] EXT4-fs (loop3): unmounting filesystem. [ 544.555733][T13379] tipc: Enabled bearer , priority 0 [ 544.557971][T13380] device syzkaller0 entered promiscuous mode [ 544.653613][T13372] tipc: Resetting bearer [ 544.657474][T13371] tipc: Resetting bearer [ 544.769963][T13371] tipc: Disabling bearer [ 544.826766][T13396] loop5: detected capacity change from 0 to 1024 [ 544.844910][T13396] EXT4-fs: Ignoring removed bh option [ 544.846471][T13396] EXT4-fs: Ignoring removed nomblk_io_submit option [ 544.993116][T13396] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 546.072120][T13411] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 546.105249][T13411] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 546.315338][ T5192] EXT4-fs (loop5): unmounting filesystem. [ 547.911935][T13480] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 547.921569][T13480] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 548.129049][T13480] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 548.131508][T13480] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 554.017789][T13641] loop7: detected capacity change from 0 to 40427 [ 554.023047][T13641] F2FS-fs (loop7): Invalid SB checksum offset: 0 [ 554.026276][T13641] F2FS-fs (loop7): Can't find valid F2FS filesystem in 2th superblock [ 554.032857][T13641] F2FS-fs (loop7): invalid crc value [ 554.037038][T13641] F2FS-fs (loop7): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 554.073746][T13641] F2FS-fs (loop7): Try to recover 2th superblock, ret: 0 [ 554.075707][T13641] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5 [ 554.295583][ T5842] syz-executor: attempt to access beyond end of device [ 554.295583][ T5842] loop7: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 556.020526][ T2059] ieee802154 phy0 wpan0: encryption failed: -22 [ 556.022356][ T2059] ieee802154 phy1 wpan1: encryption failed: -22 [ 556.650998][ T4394] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 564.898467][T13654] device wg2 entered promiscuous mode [ 565.067581][T13697] loop2: detected capacity change from 0 to 1024 [ 565.093417][T13697] EXT4-fs: Ignoring removed bh option [ 565.094880][T13697] EXT4-fs: Ignoring removed nomblk_io_submit option [ 565.146066][T13697] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 565.622700][T13693] loop5: detected capacity change from 0 to 40427 [ 565.632929][T13693] F2FS-fs (loop5): Invalid SB checksum offset: 0 [ 565.634612][T13693] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock [ 565.644500][T13693] F2FS-fs (loop5): invalid crc value [ 565.675126][T13693] F2FS-fs (loop5): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 565.738763][T13693] F2FS-fs (loop5): Try to recover 2th superblock, ret: 0 [ 565.740965][T13693] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 565.978902][ T5192] syz-executor: attempt to access beyond end of device [ 565.978902][ T5192] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 566.217087][T13741] loop7: detected capacity change from 0 to 1024 [ 567.388695][ T7644] EXT4-fs (loop2): unmounting filesystem. [ 567.523830][T13767] loop5: detected capacity change from 0 to 40427 [ 567.531523][T13767] F2FS-fs (loop5): Invalid SB checksum offset: 0 [ 567.534603][T13767] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock [ 567.566710][T13767] F2FS-fs (loop5): invalid crc value [ 567.595188][T13767] F2FS-fs (loop5): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 567.639029][T13767] F2FS-fs (loop5): Try to recover 2th superblock, ret: 0 [ 567.643829][T13767] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 568.327057][ T5192] syz-executor: attempt to access beyond end of device [ 568.327057][ T5192] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 569.119752][T13844] loop3: detected capacity change from 0 to 40427 [ 569.128613][T13844] F2FS-fs (loop3): Invalid SB checksum offset: 0 [ 569.130918][T13844] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock [ 569.134593][T13844] F2FS-fs (loop3): invalid crc value [ 569.140937][T13844] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 569.172528][T13844] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0 [ 569.174593][T13844] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 569.871600][ T7651] syz-executor: attempt to access beyond end of device [ 569.871600][ T7651] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 570.828639][T13889] loop3: detected capacity change from 0 to 40427 [ 570.845545][T13889] F2FS-fs (loop3): Invalid SB checksum offset: 0 [ 570.847465][T13889] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock [ 570.859879][T13889] F2FS-fs (loop3): invalid crc value [ 570.868681][T13889] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 570.911838][T13889] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0 [ 570.913741][T13889] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 571.600443][ T7651] syz-executor: attempt to access beyond end of device [ 571.600443][ T7651] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 573.722495][T13933] loop8: detected capacity change from 0 to 512 [ 573.727297][T13933] EXT4-fs (loop8): Test dummy encryption mode enabled [ 573.729707][T13933] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode [ 573.735947][T13933] EXT4-fs error (device loop8): ext4_orphan_get:1426: comm syz.8.2354: bad orphan inode 131083 [ 573.746689][T13933] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none. [ 575.977770][ T5860] EXT4-fs (loop8): unmounting filesystem. [ 576.280721][T13942] loop8: detected capacity change from 0 to 40427 [ 576.292779][T13942] F2FS-fs (loop8): Invalid SB checksum offset: 0 [ 576.294590][T13942] F2FS-fs (loop8): Can't find valid F2FS filesystem in 2th superblock [ 576.298003][T13942] F2FS-fs (loop8): invalid crc value [ 576.303762][T13942] F2FS-fs (loop8): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 576.340176][T13942] F2FS-fs (loop8): Try to recover 2th superblock, ret: 0 [ 576.342218][T13942] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5 [ 576.943767][ T5860] syz-executor: attempt to access beyond end of device [ 576.943767][ T5860] loop8: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 580.488901][T13972] netlink: 'syz.8.2365': attribute type 10 has an invalid length. [ 580.578662][T13980] loop5: detected capacity change from 0 to 512 [ 580.600355][T13979] device wg2 left promiscuous mode [ 580.604023][T13979] device wg2 entered promiscuous mode [ 580.616349][T13980] EXT4-fs (loop5): Test dummy encryption mode enabled [ 580.618253][T13980] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 580.654244][T13980] EXT4-fs error (device loop5): ext4_orphan_get:1426: comm syz.5.2366: bad orphan inode 131083 [ 580.657682][T13980] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 581.857114][T14014] netlink: 'syz.3.2378': attribute type 10 has an invalid length. [ 582.853767][T14047] netlink: 'syz.2.2391': attribute type 10 has an invalid length. [ 582.941981][ T5192] EXT4-fs (loop5): unmounting filesystem. [ 583.562437][T14078] loop2: detected capacity change from 0 to 512 [ 583.569563][T14078] EXT4-fs (loop2): Test dummy encryption mode enabled [ 583.573808][T14078] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 583.584833][T14078] EXT4-fs error (device loop2): ext4_orphan_get:1426: comm syz.2.2405: bad orphan inode 131083 [ 583.598039][T14078] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 584.517679][T14092] netlink: 'syz.7.2409': attribute type 10 has an invalid length. [ 585.880861][ T7644] EXT4-fs (loop2): unmounting filesystem. [ 586.874948][T14141] netlink: 'syz.2.2429': attribute type 10 has an invalid length. [ 587.006334][T14151] loop3: detected capacity change from 0 to 512 [ 587.045390][T14151] EXT4-fs (loop3): Test dummy encryption mode enabled [ 587.047238][T14151] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 587.181860][T14151] EXT4-fs error (device loop3): ext4_orphan_get:1426: comm syz.3.2434: bad orphan inode 131083 [ 587.185245][T14151] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 588.736008][ T39] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 589.133356][T14182] netlink: 'syz.5.2446': attribute type 10 has an invalid length. [ 591.006940][ T7651] EXT4-fs (loop3): unmounting filesystem. [ 592.245520][T14232] binder: BINDER_SET_CONTEXT_MGR already set [ 592.247387][T14232] binder: 14231:14232 ioctl 4018620d 20000040 returned -16 [ 592.259499][T14232] binder: 14231:14232 got transaction to invalid handle, 1 [ 592.261501][T14232] binder: 14232:14231 cannot find target node [ 592.263076][T14232] binder: 14231:14232 transaction call to 0:0 failed 320/29201/-22, size 104-4016 line 3054 [ 592.273084][ T4389] binder: undelivered TRANSACTION_ERROR: 29201 [ 592.595014][T14218] loop8: detected capacity change from 0 to 40427 [ 592.598340][T14218] F2FS-fs (loop8): Invalid SB checksum offset: 0 [ 592.600343][T14218] F2FS-fs (loop8): Can't find valid F2FS filesystem in 2th superblock [ 592.603587][T14218] F2FS-fs (loop8): invalid crc value [ 592.621761][T14218] F2FS-fs (loop8): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 592.682815][T14218] F2FS-fs (loop8): Try to recover 2th superblock, ret: 0 [ 592.684796][T14218] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5 [ 593.792752][ T5860] syz-executor: attempt to access beyond end of device [ 593.792752][ T5860] loop8: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 594.069738][T14271] binder: BINDER_SET_CONTEXT_MGR already set [ 594.071364][T14271] binder: 14270:14271 ioctl 4018620d 20000040 returned -16 [ 594.073811][T14271] binder: 14270:14271 got transaction to invalid handle, 1 [ 594.080232][T14271] binder: 14271:14270 cannot find target node [ 594.081877][T14271] binder: 14270:14271 transaction call to 0:0 failed 322/29201/-22, size 104-4016 line 3054 [ 594.087144][ T4296] binder: undelivered TRANSACTION_ERROR: 29201 [ 594.592471][T14288] loop2: detected capacity change from 0 to 40427 [ 594.598905][T14288] F2FS-fs (loop2): Invalid SB checksum offset: 0 [ 594.603741][T14288] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock [ 594.607425][T14288] F2FS-fs (loop2): invalid crc value [ 594.614322][T14288] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 594.647713][T14288] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0 [ 594.649882][T14288] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 595.286603][ T7644] syz-executor: attempt to access beyond end of device [ 595.286603][ T7644] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 596.090246][T14304] binder: BINDER_SET_CONTEXT_MGR already set [ 596.094163][T14304] binder: 14303:14304 ioctl 4018620d 20000040 returned -16 [ 596.096646][T14304] binder: 14303:14304 got transaction to invalid handle, 1 [ 596.103315][T14304] binder: 14304:14303 cannot find target node [ 596.104931][T14304] binder: 14303:14304 transaction call to 0:0 failed 324/29201/-22, size 104-4016 line 3054 [ 596.119085][ T4389] binder: undelivered TRANSACTION_ERROR: 29201 [ 596.231059][T14309] loop8: detected capacity change from 0 to 512 [ 596.256306][T14309] EXT4-fs (loop8): Test dummy encryption mode enabled [ 596.258267][T14309] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode [ 596.298084][T14309] EXT4-fs error (device loop8): ext4_orphan_get:1426: comm syz.8.2495: bad orphan inode 131083 [ 596.320214][T14309] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none. [ 598.552685][ T5860] EXT4-fs (loop8): unmounting filesystem. [ 606.585733][T14348] binder: 14347:14348 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 606.634020][T14348] binder: 14347:14348 got transaction to invalid handle, 1 [ 606.636018][T14348] binder: 14348:14347 cannot find target node [ 606.657471][T14348] binder: 14347:14348 transaction call to 0:0 failed 327/29201/-22, size 104-4016 line 3054 [ 606.682104][ T4389] binder: undelivered TRANSACTION_ERROR: 29201 [ 607.911020][T14389] netlink: 'syz.2.2520': attribute type 10 has an invalid length. [ 607.937622][T14393] binder: 14392:14393 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 607.943086][T14393] binder: 14392:14393 got transaction to invalid handle, 1 [ 607.945190][T14393] binder: 14393:14392 cannot find target node [ 607.946889][T14393] binder: 14392:14393 transaction call to 0:0 failed 330/29201/-22, size 104-4016 line 3054 [ 607.958206][ T4389] binder: undelivered TRANSACTION_ERROR: 29201 [ 609.313723][T14431] binder: 14426:14431 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 609.320345][T14431] binder: 14426:14431 got transaction to invalid handle, 1 [ 609.322316][T14431] binder: 14431:14426 cannot find target node [ 609.324170][T14431] binder: 14426:14431 transaction call to 0:0 failed 333/29201/-22, size 104-4016 line 3054 [ 609.329721][ T22] binder: undelivered TRANSACTION_ERROR: 29201 [ 609.334273][T14432] netlink: 'syz.5.2535': attribute type 10 has an invalid length. [ 609.337601][T14427] tipc: Enabled bearer , priority 0 [ 609.345042][T14427] device syzkaller0 entered promiscuous mode [ 609.463937][T14425] tipc: Resetting bearer [ 610.376607][ T4296] tipc: Node number set to 3095017754 [ 610.402268][T14425] tipc: Disabling bearer [ 610.578159][T14459] netlink: 'syz.2.2549': attribute type 10 has an invalid length. [ 610.651940][T14463] binder: 14462:14463 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 617.459960][ T2059] ieee802154 phy0 wpan0: encryption failed: -22 [ 617.461637][ T2059] ieee802154 phy1 wpan1: encryption failed: -22 [ 621.289149][ T5684] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 622.884279][T14491] netlink: 'syz.2.2563': attribute type 10 has an invalid length. [ 624.247432][T14550] netlink: 'syz.3.2585': attribute type 10 has an invalid length. [ 624.273250][T14552] binder: 14551:14552 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 625.655515][T14584] netlink: 'syz.8.2599': attribute type 10 has an invalid length. [ 625.718085][T14586] binder: 14585:14586 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 626.144249][T14608] netlink: 'syz.2.2610': attribute type 10 has an invalid length. [ 627.042840][T14618] binder: 14617:14618 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 627.084513][T14620] loop7: detected capacity change from 0 to 1024 [ 627.086875][T14620] EXT4-fs: Ignoring removed bh option [ 627.088357][T14620] EXT4-fs: Ignoring removed nomblk_io_submit option [ 627.159390][T14620] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback. [ 627.199882][T14583] loop5: detected capacity change from 0 to 40427 [ 627.226629][T14583] F2FS-fs (loop5): Invalid SB checksum offset: 0 [ 627.228349][T14583] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock [ 627.277694][T14583] F2FS-fs (loop5): invalid crc value [ 627.425434][T14583] F2FS-fs (loop5): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 627.490538][T14583] F2FS-fs (loop5): Try to recover 2th superblock, ret: 0 [ 627.492661][T14583] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 628.305915][ T5192] syz-executor: attempt to access beyond end of device [ 628.305915][ T5192] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 628.541728][T14658] binder: 14657:14658 ioctl 4018620d 0 returned -22 [ 628.544674][T14658] binder: 14657:14658 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 628.562246][T14658] binder: 14657:14658 got transaction to invalid handle, 1 [ 628.564224][T14658] binder: 14658:14657 cannot find target node [ 628.565844][T14658] binder: 14657:14658 transaction call to 0:0 failed 340/29201/-22, size 104-4016 line 3054 [ 628.609183][ T4453] binder: undelivered TRANSACTION_ERROR: 29201 [ 629.750309][ T5842] EXT4-fs (loop7): unmounting filesystem. [ 640.099066][T14702] binder: 14701:14702 ioctl 4018620d 0 returned -22 [ 640.119593][T14702] binder: 14701:14702 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 640.135179][T14702] binder: 14701:14702 got transaction to invalid handle, 1 [ 640.139135][T14702] binder: 14702:14701 cannot find target node [ 640.140782][T14702] binder: 14701:14702 transaction call to 0:0 failed 343/29201/-22, size 104-4016 line 3054 [ 640.165532][ T4354] binder: undelivered TRANSACTION_ERROR: 29201 [ 641.466275][T14746] binder: 14745:14746 ioctl 4018620d 0 returned -22 [ 641.474453][T14746] binder: 14745:14746 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 641.485593][T14746] binder: 14745:14746 got transaction to invalid handle, 1 [ 641.506451][T14746] binder: 14746:14745 cannot find target node [ 641.509451][T14746] binder: 14745:14746 transaction call to 0:0 failed 346/29201/-22, size 104-4016 line 3054 [ 641.520290][ T4354] binder: undelivered TRANSACTION_ERROR: 29201 [ 641.598169][T14750] loop5: detected capacity change from 0 to 1024 [ 641.640303][T14731] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 652.649574][ T4403] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 653.859221][T14786] 9pnet_fd: Insufficient options for proto=fd [ 653.872905][T14788] binder: BINDER_SET_CONTEXT_MGR already set [ 653.874564][T14788] binder: 14787:14788 ioctl 4018620d 20000040 returned -16 [ 653.898755][T14788] binder: 14787:14788 got transaction to invalid handle, 1 [ 653.910050][T14788] binder: 14788:14787 cannot find target node [ 653.917065][T14788] binder: 14787:14788 transaction call to 0:0 failed 348/29201/-22, size 104-4016 line 3054 [ 653.925237][ T4389] binder: undelivered TRANSACTION_ERROR: 29201 [ 654.024581][T14796] loop2: detected capacity change from 0 to 1024 [ 654.041781][T14806] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 654.044372][T14806] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 654.094767][T14784] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 655.299516][T14831] binder: BINDER_SET_CONTEXT_MGR already set [ 655.301293][T14831] binder: 14830:14831 ioctl 4018620d 20000040 returned -16 [ 655.319526][T14831] binder: 14830:14831 got transaction to invalid handle, 1 [ 655.321544][T14831] binder: 14831:14830 cannot find target node [ 655.323221][T14831] binder: 14830:14831 transaction call to 0:0 failed 350/29201/-22, size 104-4016 line 3054 [ 655.332976][ T4296] binder: undelivered TRANSACTION_ERROR: 29201 [ 655.357640][T14834] 9pnet_fd: Insufficient options for proto=fd [ 655.635587][T14846] loop7: detected capacity change from 0 to 1024 [ 655.716638][T14852] netlink: 'syz.2.2688': attribute type 10 has an invalid length. [ 656.811298][T14867] binder: BINDER_SET_CONTEXT_MGR already set [ 656.815331][T14867] binder: 14866:14867 ioctl 4018620d 20000040 returned -16 [ 656.824218][T14867] binder: 14866:14867 got transaction to invalid handle, 1 [ 656.833127][T14867] binder: 14867:14866 cannot find target node [ 656.838194][T14867] binder: 14866:14867 transaction call to 0:0 failed 352/29201/-22, size 104-4016 line 3054 [ 656.879154][ T4296] binder: undelivered TRANSACTION_ERROR: 29201 [ 656.984612][T14873] 9pnet_fd: Insufficient options for proto=fd [ 657.118417][T14880] netlink: 'syz.2.2699': attribute type 10 has an invalid length. [ 657.296159][T14891] loop2: detected capacity change from 0 to 1024 [ 658.347558][T14897] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2705'. [ 658.367748][T14907] binder: 14906:14907 ioctl c0306201 0 returned -14 [ 658.373148][T14907] binder: 14906:14907 got transaction to invalid handle, 1 [ 658.375158][T14907] binder: 14907:14906 cannot find target node [ 658.489091][T14904] netlink: 'syz.8.2706': attribute type 1 has an invalid length. [ 658.515586][T14905] bond4: (slave ip6gretap2): Enslaving as a backup interface with an up link [ 658.522818][T14908] 8021q: adding VLAN 0 to HW filter on device bond4 [ 658.525078][ T4403] bond4: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 658.592077][T14913] device veth7 entered promiscuous mode [ 658.616586][T14913] bond4: (slave veth7): Enslaving as a backup interface with a down link [ 658.628617][ T4548] IPv6: ADDRCONF(NETDEV_CHANGE): bond4: link becomes ready [ 658.669548][ T4548] bond4: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 658.857343][T14941] loop3: detected capacity change from 0 to 512 [ 658.877272][T14941] EXT4-fs (loop3): Test dummy encryption mode enabled [ 658.877291][T14941] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 658.891120][T14941] EXT4-fs error (device loop3): ext4_orphan_get:1426: comm syz.3.2718: bad orphan inode 131083 [ 658.891485][T14941] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 659.090004][T14952] netlink: 'syz.8.2721': attribute type 1 has an invalid length. [ 659.090028][T14952] netlink: 224 bytes leftover after parsing attributes in process `syz.8.2721'. [ 661.050079][ T4307] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 661.195278][ T7651] EXT4-fs (loop3): unmounting filesystem. [ 661.648084][T15014] loop5: detected capacity change from 0 to 512 [ 661.684263][T15014] EXT4-fs (loop5): Test dummy encryption mode enabled [ 661.686342][T15014] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 661.720649][T15014] EXT4-fs error (device loop5): ext4_orphan_get:1426: comm syz.5.2744: bad orphan inode 131083 [ 661.734897][T15014] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 662.420690][ T4307] Bluetooth: hci6: Controller not accepting commands anymore: ncmd = 0 [ 662.424085][ T4307] Bluetooth: hci6: Injecting HCI hardware error event [ 662.433193][T14949] Bluetooth: hci6: hardware error 0x00 [ 662.790377][ T4318] Bluetooth: hci6: unexpected event for opcode 0x200f [ 663.372940][T15053] IPVS: Error connecting to the multicast addr [ 663.484504][T15057] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2760'. [ 663.505795][T15057] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2760'. [ 663.539308][T15057] netdevsim netdevsim7 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 663.541836][T15057] netdevsim netdevsim7 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 663.544266][T15057] netdevsim netdevsim7 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 663.546658][T15057] netdevsim netdevsim7 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 663.820602][T15072] binder: 15071:15072 tried to acquire reference to desc 0, got 1 instead [ 663.833838][T15072] binder: 15071:15072 ioctl c0306201 20001440 returned -11 [ 663.849533][ T4296] binder_debug: 2 callbacks suppressed [ 663.849545][ T4296] binder: release 15071:15072 transaction 361 out, still active [ 663.853251][ T4296] binder: undelivered TRANSACTION_COMPLETE [ 663.964585][ T22] binder: send failed reply for transaction 361, target dead [ 664.018571][ T5192] EXT4-fs (loop5): unmounting filesystem. [ 664.207692][T15088] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 664.243523][T15088] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 664.597154][T15115] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2784'. [ 664.729015][T14949] Bluetooth: hci6: Opcode 0x0c03 failed: -110 [ 664.742036][T15120] loop8: detected capacity change from 0 to 1024 [ 664.770025][T15120] EXT4-fs: Ignoring removed bh option [ 664.771594][T15120] EXT4-fs: Ignoring removed nomblk_io_submit option [ 664.778645][T15120] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback. [ 664.806762][T15127] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 664.817812][T15127] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 665.222034][T15142] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4) [ 665.224151][T15142] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 665.229807][T15142] vhci_hcd vhci_hcd.0: Device attached [ 665.246454][T15142] vhci_hcd vhci_hcd.0: pdev(3) rhport(1) sockfd(6) [ 665.248226][T15142] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 665.250762][T15142] vhci_hcd vhci_hcd.0: Device attached [ 665.258557][T15142] vhci_hcd vhci_hcd.0: pdev(3) rhport(2) sockfd(8) [ 665.260357][T15142] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 665.263128][T15142] vhci_hcd vhci_hcd.0: Device attached [ 665.265305][T15148] vhci_hcd: connection closed [ 665.266610][T15143] vhci_hcd: connection closed [ 665.272307][ T4553] vhci_hcd: stop threads [ 665.275510][ T4553] vhci_hcd: release socket [ 665.287201][ T4553] vhci_hcd: disconnect device [ 665.293880][T15152] vhci_hcd: connection closed [ 665.294600][ T4553] vhci_hcd: stop threads [ 665.297080][ T4553] vhci_hcd: release socket [ 665.298270][ T4553] vhci_hcd: disconnect device [ 665.300238][ T4553] vhci_hcd: stop threads [ 665.301373][ T4553] vhci_hcd: release socket [ 665.302527][ T4553] vhci_hcd: disconnect device [ 665.611553][ T5860] EXT4-fs (loop8): unmounting filesystem. [ 666.026453][T15173] loop2: detected capacity change from 0 to 40427 [ 666.041119][T15173] F2FS-fs (loop2): Invalid SB checksum offset: 0 [ 666.042996][T15173] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock [ 666.046663][T15173] F2FS-fs (loop2): invalid crc value [ 666.094248][T15173] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 666.154374][T15173] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0 [ 666.156535][T15173] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 666.902535][T15204] loop8: detected capacity change from 0 to 1024 [ 666.904888][T15204] EXT4-fs: Ignoring removed bh option [ 666.933392][T15204] EXT4-fs: Ignoring removed nomblk_io_submit option [ 666.950143][ T7644] syz-executor: attempt to access beyond end of device [ 666.950143][ T7644] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 667.007849][T15204] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback. [ 667.723191][ T5860] EXT4-fs (loop8): unmounting filesystem. [ 668.259487][T14949] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0 [ 668.262270][T14949] Bluetooth: hci5: Injecting HCI hardware error event [ 668.265930][ T4318] Bluetooth: hci5: hardware error 0x00 [ 668.393964][T15243] loop3: detected capacity change from 0 to 40427 [ 668.401550][T15243] F2FS-fs (loop3): Invalid SB checksum offset: 0 [ 668.403472][T15243] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock [ 668.423683][T15243] F2FS-fs (loop3): invalid crc value [ 668.447528][T15243] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 668.498168][T15243] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0 [ 668.500384][T15243] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 668.987691][T15271] loop2: detected capacity change from 0 to 1024 [ 669.019595][T15271] EXT4-fs: Ignoring removed bh option [ 669.021183][T15271] EXT4-fs: Ignoring removed nomblk_io_submit option [ 669.088161][T15276] binder: 15275:15276 tried to acquire reference to desc 0, got 1 instead [ 669.098452][T15271] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 669.127519][T15276] binder: 15275:15276 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 669.169004][T15276] binder: 15276 RLIMIT_NICE not set [ 669.308388][ T4453] binder: release 15275:15276 transaction 366 out, still active [ 669.318981][ T4453] binder: undelivered TRANSACTION_COMPLETE [ 669.331559][ T4453] binder: send failed reply for transaction 366, target dead [ 669.334321][ T7651] syz-executor: attempt to access beyond end of device [ 669.334321][ T7651] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 669.603926][ T7644] EXT4-fs (loop2): unmounting filesystem. [ 669.663191][T15299] 9pnet_virtio: no channels available for device syz [ 669.869653][T15311] netlink: 256 bytes leftover after parsing attributes in process `syz.3.2850'. [ 670.046248][T15321] loop5: detected capacity change from 0 to 1024 [ 670.048555][T15321] EXT4-fs: Ignoring removed bh option [ 670.050637][T15321] EXT4-fs: Ignoring removed nomblk_io_submit option [ 670.074878][T15321] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 670.335002][T15336] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 670.337206][T15336] tipc: Enabled bearer , priority 10 [ 670.409174][ T4318] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 670.419718][T15338] device syzkaller0 entered promiscuous mode [ 670.469236][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 670.510195][T15340] netlink: 'syz.2.2863': attribute type 1 has an invalid length. [ 670.556655][T15347] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 670.574645][T15347] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 670.608949][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 670.674201][T15340] device gretap1 entered promiscuous mode [ 670.688131][T15340] bond1: (slave gretap1): making interface the new active one [ 670.691980][T15340] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 670.694762][T15358] netlink: 16402 bytes leftover after parsing attributes in process `syz.8.2867'. [ 670.698479][T15357] netlink: 16402 bytes leftover after parsing attributes in process `syz.8.2867'. [ 670.749095][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 670.850522][T15368] netlink: 'syz.2.2873': attribute type 10 has an invalid length. [ 670.888923][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 670.924889][ T5192] EXT4-fs (loop5): unmounting filesystem. [ 671.029364][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 671.168930][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 671.205332][T15389] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 671.209789][T15389] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 671.308931][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 671.341886][T15397] netlink: 'syz.8.2884': attribute type 10 has an invalid length. [ 671.450449][T11003] tipc: Node number set to 3466869950 [ 671.588984][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 671.680737][T15406] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 671.683251][T15406] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 671.868908][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 671.872190][T15414] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 672.099820][T15426] netlink: 'syz.2.2895': attribute type 10 has an invalid length. [ 672.721409][T15455] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 672.729087][T15455] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 672.750755][T15453] netlink: 'syz.3.2907': attribute type 10 has an invalid length. [ 672.929588][T15467] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 672.932213][T15467] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 672.965682][T15468] loop3: detected capacity change from 0 to 1024 [ 673.188678][T15477] loop7: detected capacity change from 0 to 1024 [ 673.194304][T15477] EXT4-fs: Ignoring removed bh option [ 673.195809][T15477] EXT4-fs: Ignoring removed nomblk_io_submit option [ 673.929634][T15477] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback. [ 674.098697][T15485] netlink: 'syz.3.2921': attribute type 10 has an invalid length. [ 674.815903][ T5842] EXT4-fs (loop7): unmounting filesystem. [ 675.035087][T15510] loop3: detected capacity change from 0 to 1024 [ 675.176600][T15517] tipc: Enabled bearer , priority 0 [ 675.180596][T15515] tipc: Resetting bearer [ 675.608970][ C1] net_ratelimit: 3 callbacks suppressed [ 675.608985][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 676.200867][ T4433] tipc: Node number set to 4034869362 [ 676.211512][T15550] loop5: detected capacity change from 0 to 1024 [ 676.218094][T15550] EXT4-fs: Ignoring removed bh option [ 676.226751][T15550] EXT4-fs: Ignoring removed nomblk_io_submit option [ 676.232725][T15550] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 676.802727][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 677.208692][ T5192] EXT4-fs (loop5): unmounting filesystem. [ 677.320650][T15559] 0: reclassify loop, rule prio 0, protocol 800 [ 677.849049][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 678.889742][ T2059] ieee802154 phy0 wpan0: encryption failed: -22 [ 678.890396][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 678.891502][ T2059] ieee802154 phy1 wpan1: encryption failed: -22 [ 679.929018][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 680.169467][ T4433] 0: reclassify loop, rule prio 0, protocol 800 [ 680.969003][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 682.008970][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 683.049012][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 683.641670][ T39] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 684.009367][ C1] 0: reclassify loop, rule prio 0, protocol 800 [ 684.088929][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 684.666000][ T5007] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 685.129003][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 686.168956][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 687.209043][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 687.732035][T15515] tipc: Disabling bearer [ 687.746673][T15549] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2940'. [ 687.858023][T15576] loop5: detected capacity change from 0 to 1024 [ 688.026748][T15574] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 688.062964][T15588] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 688.076910][T15588] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 688.258952][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 688.852349][T15601] netlink: 104 bytes leftover after parsing attributes in process `syz.8.2956'. [ 689.102258][T15617] binder: 15614:15617 tried to acquire reference to desc 0, got 1 instead [ 689.108586][ T24] binder: release 15614:15617 transaction 371 out, still active [ 689.113168][ T24] binder: undelivered TRANSACTION_COMPLETE [ 689.114779][ T24] binder: undelivered TRANSACTION_COMPLETE [ 689.153448][ T22] binder: send failed reply for transaction 371, target dead [ 689.155518][ T22] binder: undelivered transaction 372, process died. [ 689.214850][T15627] 0: reclassify loop, rule prio 0, protocol 800 [ 689.298933][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 689.376259][T15639] 9pnet_virtio: no channels available for device syz [ 689.678064][T15649] binder: 15648:15649 got transaction to invalid handle, 1 [ 689.685931][T15649] binder: 15649:15648 cannot find target node [ 689.687743][T15649] binder: 15648:15649 transaction call to 0:0 failed 376/29201/-22, size 104-4016 line 3054 [ 689.694509][ T4389] binder: undelivered TRANSACTION_ERROR: 29201 [ 689.744478][T15651] binder: 15650:15651 unknown command 1074553620 [ 689.746431][T15651] binder: 15650:15651 ioctl c0306201 200001c0 returned -22 [ 689.776802][ T4389] 0: reclassify loop, rule prio 0, protocol 800 [ 689.778988][ T4389] 0: reclassify loop, rule prio 0, protocol 800 [ 689.782396][ T5007] 0: reclassify loop, rule prio 0, protocol 800 [ 689.941806][T15662] netlink: 'syz.8.2979': attribute type 1 has an invalid length. [ 689.960301][T15662] bond5: (slave vxcan3): The slave device specified does not support setting the MAC address [ 689.964173][T15662] bond5: (slave vxcan3): Error -95 calling set_mac_address [ 690.005321][T15662] device gretap1 entered promiscuous mode [ 690.090656][T15668] 0: reclassify loop, rule prio 0, protocol 800 [ 690.306941][T15680] binder: 15679:15680 got transaction to invalid handle, 1 [ 690.309774][T15680] binder: 15680:15679 cannot find target node [ 690.311584][T15680] binder: 15679:15680 transaction call to 0:0 failed 382/29201/-22, size 104-4016 line 3054 [ 690.328957][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 690.773696][T15707] binder: 15706:15707 tried to acquire reference to desc 0, got 1 instead [ 690.777018][T15707] binder: 15706:15707 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 690.784825][T15707] binder: 15707 RLIMIT_NICE not set [ 690.788967][T15707] binder: 15707 RLIMIT_NICE not set [ 690.790832][T15707] binder: 15707 RLIMIT_NICE not set [ 690.792394][T15707] binder_alloc: 15706: binder_alloc_buf, no vma [ 690.960956][T15713] binder: 15712:15713 got transaction to invalid handle, 1 [ 691.146658][T15724] binder: tried to use weak ref as strong ref [ 691.368964][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 691.743324][T15758] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 691.746600][T15758] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 691.925683][T15764] binder: 15763:15764 ioctl c018620c 20000180 returned -22 [ 692.212281][T15781] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3030'. [ 692.389749][T15792] netlink: 44 bytes leftover after parsing attributes in process `syz.7.3034'. [ 692.408942][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 692.483671][T15799] binder: 15798:15799 ioctl c0306201 0 returned -14 [ 692.520354][T15802] binder: 15797:15802 ioctl c0306201 0 returned -14 [ 692.645678][T15807] 9pnet: p9_errstr2errno: server reported unknown error 184467440737 [ 693.013442][T15835] binder: 15834:15835 ioctl c0306201 0 returned -14 [ 693.035739][T15838] binder: 15836:15838 ioctl c0306201 20000240 returned -11 [ 693.046988][T15841] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 693.068776][T15841] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 693.129305][T15848] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 693.131835][T15848] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 693.448947][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 693.537020][T14949] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 693.550251][T14949] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 693.553988][T14949] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 693.556764][T14949] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 693.560388][T14949] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 693.562592][T14949] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 693.767564][T15881] binder: 15877:15881 ioctl c0306201 20000240 returned -11 [ 694.166058][T15867] chnl_net:caif_netlink_parms(): no params data found [ 694.292479][T15867] bridge0: port 1(bridge_slave_0) entered blocking state [ 694.294626][T15867] bridge0: port 1(bridge_slave_0) entered disabled state [ 694.297226][T15867] device bridge_slave_0 entered promiscuous mode [ 694.307457][T15867] bridge0: port 2(bridge_slave_1) entered blocking state [ 694.311723][T15867] bridge0: port 2(bridge_slave_1) entered disabled state [ 694.315278][T15867] device bridge_slave_1 entered promiscuous mode [ 694.349206][T15914] binder_user_error: 24 callbacks suppressed [ 694.349219][T15914] binder: 15913:15914 tried to acquire reference to desc 0, got 1 instead [ 694.353774][T15914] binder: 15913:15914 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 694.359298][T15914] binder: 15914 RLIMIT_NICE not set [ 694.360983][T15914] binder: 15913:15914 ioctl c0306201 20000240 returned -11 [ 694.367787][T15914] binder: 15913:15914 got reply transaction with no transaction stack [ 694.373601][T15867] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 694.377954][T15914] binder_debug: 44 callbacks suppressed [ 694.377966][T15914] binder: 15913:15914 transaction reply to 0:0 failed 449/29201/-71, size 0-0 line 2955 [ 694.383561][T15867] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 694.384861][ T1962] binder: undelivered TRANSACTION_ERROR: 29201 [ 694.409709][T15867] team0: Port device team_slave_0 added [ 694.415940][T15867] team0: Port device team_slave_1 added [ 694.490212][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 694.562583][T15867] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 694.564751][T15867] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 694.572297][T15867] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 694.576822][T15867] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 694.579117][T15867] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 694.586694][T15867] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 694.661185][T15867] device hsr_slave_0 entered promiscuous mode [ 694.700217][T15867] device hsr_slave_1 entered promiscuous mode [ 694.738998][T15867] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 694.741280][T15867] Cannot create hsr debugfs directory [ 694.911394][T15932] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 694.916298][T15932] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 695.062990][ T4828] netdevsim netdevsim5 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 695.067502][ T4828] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 695.073599][T15938] binder: 15937:15938 got transaction to invalid handle, 1 [ 695.079968][T15938] binder: 15938:15937 cannot find target node [ 695.083507][T15938] binder: 15937:15938 transaction call to 0:0 failed 453/29201/-22, size 0-0 line 3054 [ 695.088295][T15938] binder: 15937:15938 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 695.094535][T15938] binder: 15938 RLIMIT_NICE not set [ 695.096100][T15938] binder: 15937:15938 ioctl c0306201 20000240 returned -11 [ 695.101310][ T4453] binder: undelivered TRANSACTION_ERROR: 29201 [ 695.162219][ T4828] netdevsim netdevsim5 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 695.165124][ T4828] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 695.251961][ T4828] netdevsim netdevsim5 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 695.254742][ T4828] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 695.355867][ T4828] netdevsim netdevsim5 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 695.358694][ T4828] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 695.528985][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 695.591292][T15959] binder: 15957:15959 got transaction to invalid handle, 1 [ 695.598485][T15959] binder: 15959:15957 cannot find target node [ 695.608930][ T4318] Bluetooth: hci0: command 0x0409 tx timeout [ 695.615727][T15959] binder: 15957:15959 transaction call to 0:0 failed 457/29201/-22, size 0-0 line 3054 [ 695.622745][T15959] binder: 15957:15959 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 695.626622][T15959] binder: 15959 RLIMIT_NICE not set [ 695.628018][T15959] binder: 15957:15959 ioctl c0306201 20000240 returned -11 [ 695.631161][ T4433] binder: undelivered TRANSACTION_ERROR: 29201 [ 695.695123][T15962] tipc: Enabling of bearer rejected, failed to enable media [ 695.713300][T15966] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 695.719668][ T4828] tipc: Left network mode [ 695.736707][T15966] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 696.153638][T15990] random: crng reseeded on system resumption [ 696.209128][T15992] tmpfs: Bad value for 'nr_inodes' [ 696.466870][T16007] binder: 16007:16006 cannot find target node [ 696.468477][T16007] binder: 16006:16007 transaction call to 0:0 failed 461/29201/-22, size 0-0 line 3054 [ 696.487222][T16007] binder: 16006:16007 ioctl c0306201 20000240 returned -11 [ 696.578949][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 696.677125][T16021] tipc: Enabling of bearer rejected, failed to enable media [ 696.754469][T16025] tmpfs: Bad value for 'nr_inodes' [ 697.320102][T16061] tmpfs: Bad value for 'nr_inodes' [ 697.417537][T16063] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 697.429175][T16063] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 697.608938][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 697.689031][ T4318] Bluetooth: hci0: command 0x041b tx timeout [ 697.867349][T16089] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 697.870219][T16089] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 697.875638][ T4828] bond0: (slave wlan1): Releasing backup interface [ 697.894890][ T4828] ------------[ cut here ]------------ [ 697.896817][ T4828] WARNING: CPU: 0 PID: 4828 at net/mac80211/chan.c:2016 ieee80211_link_release_channel+0x16c/0x19c [ 697.899776][ T4828] Modules linked in: [ 697.901056][ T4828] CPU: 0 PID: 4828 Comm: kworker/u4:15 Not tainted 6.1.147-syzkaller #0 [ 697.903377][ T4828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 697.906129][ T4828] Workqueue: netns cleanup_net [ 697.907504][ T4828] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 697.909636][ T4828] pc : ieee80211_link_release_channel+0x16c/0x19c [ 697.911403][ T4828] lr : ieee80211_link_release_channel+0x16c/0x19c [ 697.913103][ T4828] sp : ffff800021247540 [ 697.914246][ T4828] x29: ffff800021247540 x28: ffff800021247640 x27: ffff0000da07c060 [ 697.916538][ T4828] x26: ffff8000212477c0 x25: ffff0000da07c010 x24: 1fffe0001b40f983 [ 697.918760][ T4828] x23: 1fffe0001b40fab5 x22: dfff800000000000 x21: 0000000000000000 [ 697.921026][ T4828] x20: ffff0000da07e258 x19: ffff0000da07d5a8 x18: ffff800011aabce0 [ 697.923247][ T4828] x17: 1fffe00033ed9d7e x16: ffff8000082d0ec4 x15: ffff80000d3b9378 [ 697.925537][ T4828] x14: ffff80001115bc04 x13: 1ffff00002a160b1 x12: 0000000000ff0100 [ 697.927715][ T4828] x11: ff00800011281c10 x10: 0000000000000000 x9 : ffff800011281c10 [ 697.929953][ T4828] x8 : ffff0000d1fa3780 x7 : ffff800011281b10 x6 : 0000000000000000 [ 697.932085][ T4828] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff8000082c9668 [ 697.934392][ T4828] x2 : ffff0000d1fa3780 x1 : 0000000000000000 x0 : 0000000000000000 [ 697.936616][ T4828] Call trace: [ 697.937489][ T4828] ieee80211_link_release_channel+0x16c/0x19c [ 697.939130][ T4828] ieee80211_link_stop+0x9c/0xc4 [ 697.940490][ T4828] ieee80211_uninit+0x98/0xd0 [ 697.941830][ T4828] unregister_netdevice_many+0x10a4/0x1740 [ 697.943427][ T4828] ieee80211_remove_interfaces+0x38c/0x5ec [ 697.945019][ T4828] ieee80211_unregister_hw+0x60/0x278 [ 697.946531][ T4828] mac80211_hwsim_del_radio+0x210/0x3a8 [ 697.948081][ T4828] hwsim_exit_net+0x49c/0x558 [ 697.949356][ T4828] cleanup_net+0x5c4/0xa74 [ 697.950586][ T4828] process_one_work+0x7f4/0x13a8 [ 697.951996][ T4828] worker_thread+0x8c8/0xfbc [ 697.953238][ T4828] kthread+0x250/0x2d8 [ 697.954349][ T4828] ret_from_fork+0x10/0x20 [ 697.955586][ T4828] irq event stamp: 7084956 [ 697.956813][ T4828] hardirqs last enabled at (7084955): [] __cancel_work_timer+0x2b0/0x448 [ 697.959586][ T4828] hardirqs last disabled at (7084956): [] el1_dbg+0x24/0x80 [ 697.961978][ T4828] softirqs last enabled at (7083570): [] dev_mc_flush+0x1b0/0x1f4 [ 697.964689][ T4828] softirqs last disabled at (7083568): [] local_bh_disable+0x10/0x34 [ 697.967367][ T4828] ---[ end trace 0000000000000000 ]--- [ 697.969005][ C0] vkms_vblank_simulate: vblank timer overrun [ 697.983660][ T4828] ------------[ cut here ]------------ [ 697.985145][ T4828] wlan1: Failed check-sdata-in-driver check, flags: 0x0 [ 697.987579][ T4828] WARNING: CPU: 0 PID: 4828 at net/mac80211/driver-ops.c:315 drv_unassign_vif_chanctx+0x358/0x63c [ 697.990558][ T4828] Modules linked in: [ 697.991671][ T4828] CPU: 0 PID: 4828 Comm: kworker/u4:15 Tainted: G W 6.1.147-syzkaller #0 [ 697.994309][ T4828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 697.997129][ T4828] Workqueue: netns cleanup_net [ 697.998420][ T4828] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 698.000563][ T4828] pc : drv_unassign_vif_chanctx+0x358/0x63c [ 698.002162][ T4828] lr : drv_unassign_vif_chanctx+0x358/0x63c [ 698.003835][ T4828] sp : ffff8000212473f0 [ 698.004983][ T4828] x29: ffff8000212473f0 x28: 0000000000000000 x27: ffff0000da07cc80 [ 698.007188][ T4828] x26: ffff0000da07e698 x25: dfff800000000000 x24: ffff0000da07e7e8 [ 698.009362][ T4828] x23: 0000000000000000 x22: ffff0000d5fcda00 x21: ffff0000da07e7e8 [ 698.011529][ T4828] x20: ffff800017a78000 x19: ffff0000da07cc80 x18: ffff800011aabce0 [ 698.013763][ T4828] x17: 0000000000000000 x16: ffff8000082d2374 x15: 0000000000000000 [ 698.016002][ T4828] x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000ff0100 [ 698.018231][ T4828] x11: ff00800008191c9c x10: 0000000000000000 x9 : 7da7f1bbafaaae00 [ 698.020581][ T4828] x8 : 7da7f1bbafaaae00 x7 : 0000000000000001 x6 : 0000000000000001 [ 698.022966][ T4828] x5 : ffff800021246e78 x4 : ffff800015194800 x3 : ffff80000852e34c [ 698.025326][ T4828] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 [ 698.027548][ T4828] Call trace: [ 698.028466][ T4828] drv_unassign_vif_chanctx+0x358/0x63c [ 698.030013][ T4828] ieee80211_assign_link_chanctx+0x140/0x82c [ 698.031673][ T4828] __ieee80211_link_release_channel+0x29c/0x55c [ 698.033382][ T4828] ieee80211_link_release_channel+0x130/0x19c [ 698.035078][ T4828] ieee80211_link_stop+0x9c/0xc4 [ 698.036436][ T4828] ieee80211_uninit+0x98/0xd0 [ 698.037768][ T4828] unregister_netdevice_many+0x10a4/0x1740 [ 698.039369][ T4828] ieee80211_remove_interfaces+0x38c/0x5ec [ 698.040956][ T4828] ieee80211_unregister_hw+0x60/0x278 [ 698.042463][ T4828] mac80211_hwsim_del_radio+0x210/0x3a8 [ 698.044017][ T4828] hwsim_exit_net+0x49c/0x558 [ 698.045351][ T4828] cleanup_net+0x5c4/0xa74 [ 698.046544][ T4828] process_one_work+0x7f4/0x13a8 [ 698.047904][ T4828] worker_thread+0x8c8/0xfbc [ 698.049173][ T4828] kthread+0x250/0x2d8 [ 698.050286][ T4828] ret_from_fork+0x10/0x20 [ 698.051523][ T4828] irq event stamp: 7085080 [ 698.052716][ T4828] hardirqs last enabled at (7085079): [] __up_console_sem+0xb4/0x100 [ 698.055366][ T4828] hardirqs last disabled at (7085080): [] el1_dbg+0x24/0x80 [ 698.057766][ T4828] softirqs last enabled at (7085054): [] handle_softirqs+0xaf8/0xc6c [ 698.060461][ T4828] softirqs last disabled at (7084959): [] __do_softirq+0x14/0x20 [ 698.063027][ T4828] ---[ end trace 0000000000000000 ]--- [ 698.064717][ C0] vkms_vblank_simulate: vblank timer overrun [ 698.068455][ T4828] ------------[ cut here ]------------ [ 698.070138][ T4828] wlan1: Failed check-sdata-in-driver check, flags: 0x0 [ 698.072694][ T4828] WARNING: CPU: 1 PID: 4828 at net/mac80211/driver-ops.h:156 ieee80211_vif_cfg_change_notify+0x21c/0x25c [ 698.075795][ T4828] Modules linked in: [ 698.076887][ T4828] CPU: 1 PID: 4828 Comm: kworker/u4:15 Tainted: G W 6.1.147-syzkaller #0 [ 698.079656][ T4828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 698.082465][ T4828] Workqueue: netns cleanup_net [ 698.083812][ T4828] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 698.085969][ T4828] pc : ieee80211_vif_cfg_change_notify+0x21c/0x25c [ 698.087804][ T4828] lr : ieee80211_vif_cfg_change_notify+0x21c/0x25c [ 698.089616][ T4828] sp : ffff8000212473f0 [ 698.090744][ T4828] x29: ffff8000212473f0 x28: ffff8000150b0000 x27: ffff8000150b0584 [ 698.092971][ T4828] x26: ffff0000d5fcda20 x25: 0000000000000000 x24: dfff800000000000 [ 698.095230][ T4828] x23: 0000000000000000 x22: ffff0000da07e790 x21: ffff0000c4f00ea0 [ 698.097459][ T4828] x20: ffff800017a78000 x19: ffff0000da07cc80 x18: ffff800011aabce0 [ 698.099614][ T4828] x17: 1fffe00033eddf7e x16: ffff8000082d2374 x15: ffff8000150ad000 [ 698.101850][ T4828] x14: 0000000000000100 x13: 1ffff00002a160b1 x12: 0000000000ff0100 [ 698.104059][ T4828] x11: ff0080000a88c734 x10: 0000000000000003 x9 : 7da7f1bbafaaae00 [ 698.106239][ T4828] x8 : 7da7f1bbafaaae00 x7 : ffff800008251ec8 x6 : 0000000000000000 [ 698.108536][ T4828] x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000 [ 698.110778][ T4828] x2 : 0000000000000006 x1 : ffff800011aad7e0 x0 : ffff80018a6ea000 [ 698.113025][ T4828] Call trace: [ 698.113987][ T4828] ieee80211_vif_cfg_change_notify+0x21c/0x25c [ 698.115719][ T4828] ieee80211_assign_link_chanctx+0x6e8/0x82c [ 698.117479][ T4828] __ieee80211_link_release_channel+0x29c/0x55c [ 698.119298][ T4828] ieee80211_link_release_channel+0x130/0x19c [ 698.120930][ T4828] ieee80211_link_stop+0x9c/0xc4 [ 698.122322][ T4828] ieee80211_uninit+0x98/0xd0 [ 698.123571][ T4828] unregister_netdevice_many+0x10a4/0x1740 [ 698.125220][ T4828] ieee80211_remove_interfaces+0x38c/0x5ec [ 698.126831][ T4828] ieee80211_unregister_hw+0x60/0x278 [ 698.128313][ T4828] mac80211_hwsim_del_radio+0x210/0x3a8 [ 698.129909][ T4828] hwsim_exit_net+0x49c/0x558 [ 698.131199][ T4828] cleanup_net+0x5c4/0xa74 [ 698.132418][ T4828] process_one_work+0x7f4/0x13a8 [ 698.133813][ T4828] worker_thread+0x8c8/0xfbc [ 698.135080][ T4828] kthread+0x250/0x2d8 [ 698.136233][ T4828] ret_from_fork+0x10/0x20 [ 698.137427][ T4828] irq event stamp: 7085370 [ 698.138660][ T4828] hardirqs last enabled at (7085369): [] finish_lock_switch+0xb0/0x1c4 [ 698.141417][ T4828] hardirqs last disabled at (7085370): [] el1_dbg+0x24/0x80 [ 698.143853][ T4828] softirqs last enabled at (7085352): [] handle_softirqs+0xaf8/0xc6c [ 698.146737][ T4828] softirqs last disabled at (7085331): [] __do_softirq+0x14/0x20 [ 698.149392][ T4828] ---[ end trace 0000000000000000 ]--- [ 698.154689][ T4828] ------------[ cut here ]------------ [ 698.156313][ T4828] WARNING: CPU: 1 PID: 4828 at net/mac80211/iface.c:113 ieee80211_recalc_idle+0x298/0x338 [ 698.159082][ T4828] Modules linked in: [ 698.160160][ T4828] CPU: 1 PID: 4828 Comm: kworker/u4:15 Tainted: G W 6.1.147-syzkaller #0 [ 698.162859][ T4828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 698.165779][ T4828] Workqueue: netns cleanup_net [ 698.167185][ T4828] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 698.169375][ T4828] pc : ieee80211_recalc_idle+0x298/0x338 [ 698.170996][ T4828] lr : ieee80211_recalc_idle+0x298/0x338 [ 698.172559][ T4828] sp : ffff8000212473e0 [ 698.173699][ T4828] x29: ffff8000212473e0 x28: 0000000000000000 x27: ffff8000150b0000 [ 698.175929][ T4828] x26: ffff0000d5fcda20 x25: 0000000000000000 x24: dfff800000000000 [ 698.178255][ T4828] x23: 000000000000096c x22: 1fffe000189e01db x21: dfff800000000000 [ 698.180538][ T4828] x20: 0000000000000000 x19: ffff0000c4f00ea0 x18: ffff800011aabce0 [ 698.182886][ T4828] x17: 1fffe00033eddf7e x16: ffff8000082d0ec4 x15: 0000000000000000 [ 698.185216][ T4828] x14: 0000000000000007 x13: 1ffff00002a160b1 x12: 0000000000ff0100 [ 698.187526][ T4828] x11: ff008000111bc040 x10: 0000000000000000 x9 : ffff8000111bc040 [ 698.189836][ T4828] x8 : ffff0000d1fa3780 x7 : ffff80001115c2a4 x6 : 0000000000000000 [ 698.192082][ T4828] x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000002 [ 698.194321][ T4828] x2 : 0000000000000008 x1 : 0000000000000000 x0 : 0000000000000000 [ 698.196616][ T4828] Call trace: [ 698.197562][ T4828] ieee80211_recalc_idle+0x298/0x338 [ 698.199051][ T4828] ieee80211_del_chanctx+0x35c/0x710 [ 698.200614][ T4828] ieee80211_free_chanctx+0x250/0x334 [ 698.202129][ T4828] __ieee80211_link_release_channel+0x3d4/0x55c [ 698.203924][ T4828] ieee80211_link_release_channel+0x130/0x19c [ 698.205591][ T4828] ieee80211_link_stop+0x9c/0xc4 [ 698.206990][ T4828] ieee80211_uninit+0x98/0xd0 [ 698.208312][ T4828] unregister_netdevice_many+0x10a4/0x1740 [ 698.209930][ T4828] ieee80211_remove_interfaces+0x38c/0x5ec [ 698.211596][ T4828] ieee80211_unregister_hw+0x60/0x278 [ 698.213062][ T4828] mac80211_hwsim_del_radio+0x210/0x3a8 [ 698.214592][ T4828] hwsim_exit_net+0x49c/0x558 [ 698.215912][ T4828] cleanup_net+0x5c4/0xa74 [ 698.217163][ T4828] process_one_work+0x7f4/0x13a8 [ 698.218638][ T4828] worker_thread+0x8c8/0xfbc [ 698.219891][ T4828] kthread+0x250/0x2d8 [ 698.221036][ T4828] ret_from_fork+0x10/0x20 [ 698.222297][ T4828] irq event stamp: 7085602 [ 698.223500][ T4828] hardirqs last enabled at (7085601): [] exit_to_kernel_mode+0xcc/0xfc [ 698.226360][ T4828] hardirqs last disabled at (7085602): [] el1_dbg+0x24/0x80 [ 698.228883][ T4828] softirqs last enabled at (7085596): [] handle_softirqs+0xaf8/0xc6c [ 698.231533][ T4828] softirqs last disabled at (7085373): [] __do_softirq+0x14/0x20 [ 698.234127][ T4828] ---[ end trace 0000000000000000 ]--- [ 698.241100][T16082] tipc: Enabling of bearer rejected, failed to enable media [ 698.279370][ T4828] ------------[ cut here ]------------ [ 698.280837][ T4828] ODEBUG: free active (active state 0) object type: timer_list hint: ieee80211_mesh_housekeeping_timer+0x0/0xa0 [ 698.298482][ T4828] WARNING: CPU: 0 PID: 4828 at lib/debugobjects.c:518 debug_check_no_obj_freed+0x38c/0x46c [ 698.301329][ T4828] Modules linked in: [ 698.302412][ T4828] CPU: 0 PID: 4828 Comm: kworker/u4:15 Tainted: G W 6.1.147-syzkaller #0 [ 698.305119][ T4828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 698.307932][ T4828] Workqueue: netns cleanup_net [ 698.309267][ T4828] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 698.311525][ T4828] pc : debug_check_no_obj_freed+0x38c/0x46c [ 698.313137][ T4828] lr : debug_check_no_obj_freed+0x38c/0x46c [ 698.314842][ T4828] sp : ffff8000212473f0 [ 698.315944][ T4828] x29: ffff800021247430 x28: ffff0000da080000 x27: 0000000000000000 [ 698.318196][ T4828] x26: ffff800011acad00 x25: ffff0000da07da28 x24: ffff80001132d008 [ 698.320427][ T4828] x23: ffff0000cf97f508 x22: 1fffe0001e37a10b x21: dfff800000000000 [ 698.322595][ T4828] x20: 0000000000000006 x19: ffff0000da07c000 x18: ffff800011aabce0 [ 698.324937][ T4828] x17: 1fffe00033ed9d7e x16: ffff8000082d2374 x15: ffff8000150ad000 [ 698.327226][ T4828] x14: 0000000000000100 x13: 1ffff00002a160b1 x12: 0000000000ff0100 [ 698.329510][ T4828] x11: ff0080000a88c734 x10: 0000000000000003 x9 : 7da7f1bbafaaae00 [ 698.331816][ T4828] x8 : 7da7f1bbafaaae00 x7 : ffff800008251ec8 x6 : 0000000000000000 [ 698.334206][ T4828] x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000 [ 698.336452][ T4828] x2 : 0000000000000007 x1 : ffff800011aad7e0 x0 : ffff80018a6c9000 [ 698.338701][ T4828] Call trace: [ 698.339585][ T4828] debug_check_no_obj_freed+0x38c/0x46c [ 698.341127][ T4828] free_unref_page_prepare+0x71c/0xb18 [ 698.342697][ T4828] free_unref_page+0x7c/0x3a0 [ 698.344044][ T4828] __free_pages+0x1a4/0x1d0 [ 698.345368][ T4828] free_large_kmalloc+0xc8/0x15c [ 698.346790][ T4828] kfree+0xf4/0x1ac [ 698.347931][ T4828] kvfree+0x40/0x50 [ 698.348985][ T4828] netdev_freemem+0x4c/0x64 [ 698.350217][ T4828] netdev_release+0x88/0xb0 [ 698.351448][ T4828] device_release+0x8c/0x1ac [ 698.352766][ T4828] kobject_put+0x2b0/0x438 [ 698.354003][ T4828] netdev_run_todo+0xbe4/0xd08 [ 698.355383][ T4828] rtnl_unlock+0x14/0x20 [ 698.356654][ T4828] ieee80211_unregister_hw+0xfc/0x278 [ 698.358168][ T4828] mac80211_hwsim_del_radio+0x210/0x3a8 [ 698.359728][ T4828] hwsim_exit_net+0x49c/0x558 [ 698.361055][ T4828] cleanup_net+0x5c4/0xa74 [ 698.362310][ T4828] process_one_work+0x7f4/0x13a8 [ 698.363686][ T4828] worker_thread+0x8c8/0xfbc [ 698.364969][ T4828] kthread+0x250/0x2d8 [ 698.366122][ T4828] ret_from_fork+0x10/0x20 [ 698.367340][ T4828] irq event stamp: 7086500 [ 698.368574][ T4828] hardirqs last enabled at (7086499): [] finish_lock_switch+0xb0/0x1c4 [ 698.371208][ T4828] hardirqs last disabled at (7086500): [] el1_dbg+0x24/0x80 [ 698.373566][ T4828] softirqs last enabled at (7085802): [] handle_softirqs+0xaf8/0xc6c [ 698.376178][ T4828] softirqs last disabled at (7085791): [] __do_softirq+0x14/0x20 [ 698.378697][ T4828] ---[ end trace 0000000000000000 ]--- [ 698.379708][T15867] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 698.380262][ C0] vkms_vblank_simulate: vblank timer overrun [ 698.431834][T15867] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 698.501841][T15867] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 698.649016][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 698.833385][T15867] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 698.930641][ T4828] device hsr_slave_0 left promiscuous mode [ 698.988980][ T4828] device hsr_slave_1 left promiscuous mode [ 699.069210][ T4828] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 699.071535][ T4828] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 699.075116][ T4828] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 699.077306][ T4828] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 699.229106][ T4828] device veth1_vlan left promiscuous mode [ 699.318771][ T4828] bond2 (unregistering): Released all slaves [ 699.325623][ T4828] bond1 (unregistering): Released all slaves [ 699.688986][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 699.770233][ T4318] Bluetooth: hci0: command 0x040f tx timeout [ 700.674192][ T4828] team0 (unregistering): Port device macvlan1 removed [ 700.729034][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 701.768972][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 701.849633][T14949] Bluetooth: hci0: command 0x0419 tx timeout [ 702.230653][ T4828] team0 (unregistering): Port device team_slave_1 removed [ 702.430157][ T4828] team0 (unregistering): Port device team_slave_0 removed [ 702.610611][ T4828] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 702.818935][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 702.861017][ T4828] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 703.849018][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 704.898958][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 705.392184][ T4828] bond0 (unregistering): Released all slaves [ 705.509815][T15867] 8021q: adding VLAN 0 to HW filter on device bond0 [ 705.533493][ T4394] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 705.536645][ T4394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 705.551713][T15867] 8021q: adding VLAN 0 to HW filter on device team0 [ 705.557901][ T5716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 705.562695][ T5716] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 705.565493][ T5716] bridge0: port 1(bridge_slave_0) entered blocking state [ 705.567630][ T5716] bridge0: port 1(bridge_slave_0) entered forwarding state [ 705.572934][ T5716] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 705.578268][ T5716] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 705.581919][ T5716] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 705.584532][ T5716] bridge0: port 2(bridge_slave_1) entered blocking state [ 705.586540][ T5716] bridge0: port 2(bridge_slave_1) entered forwarding state [ 705.591998][ T4394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 705.597554][ T5716] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 705.619078][ T5716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 705.622515][ T5716] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 705.626111][ T5716] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 705.630968][ T5716] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 705.633900][ T5716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 705.636715][ T5716] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 705.642473][ T5716] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 705.645105][ T5716] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 705.647956][ T5716] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 705.653844][T15867] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 705.757671][ T5716] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 705.761538][ T5716] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 705.768540][T15867] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 705.928956][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 705.958765][ T5982] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 705.961823][ T5982] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 705.983490][ T5982] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 705.986283][ T5982] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 705.990203][ T4617] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 705.993249][ T4617] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 705.997479][T15867] device veth0_vlan entered promiscuous mode [ 706.005020][T15867] device veth1_vlan entered promiscuous mode [ 706.018479][ T4394] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 706.035404][ T4394] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 706.038560][ T4394] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 706.041499][ T4394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 706.046086][T15867] device veth0_macvtap entered promiscuous mode [ 706.052590][T15867] device veth1_macvtap entered promiscuous mode [ 706.062287][T15867] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 706.065270][T15867] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 706.068148][T15867] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 706.071685][T15867] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 706.075741][T15867] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 706.078299][ T4617] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 706.081491][ T4617] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 706.084006][ T4617] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 706.086971][ T4617] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 706.092414][T15867] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 706.095414][T15867] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 706.098046][T15867] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 706.101399][T15867] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 706.104092][T15867] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 706.106937][T15867] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 706.117927][T15867] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 706.122137][ T5684] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 706.124973][ T5684] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 706.130582][T15867] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 706.132996][T15867] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 706.135412][T15867] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 706.137800][T15867] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 706.251683][ T5684] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 706.254239][ T5684] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 706.261005][ T5982] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 706.272243][ T5684] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 706.274641][ T5684] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 706.279612][ T5982] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 706.969052][ C1] IPVS: nq: UDP 224.0.0.2:0 - no destination available