last executing test programs: 36.696110695s ago: executing program 1 (id=2): bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0xd, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x94) socketpair(0x1, 0x1, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000001c0)='cgroup.clone_children\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000180), 0x12) mkdirat$cgroup(r0, &(0x7f0000000440)='syz0\x00', 0x1ff) 36.445980149s ago: executing program 1 (id=5): syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000001540)='./file0\x00', 0x2000004c, &(0x7f00000003c0)=ANY=[@ANYBLOB='iocharset=ascii,discard,dmask=00000000000000000000007,uid=', @ANYRESHEX=0x0, @ANYRES64=0x0, @ANYRESHEX=0x0, @ANYBLOB="2c616c6c6f775f7574696d653d30303030303030303030303030303030303030303030372c646973636172642c00214b3cf244ea5fb7437f2c69f67a093e240a6e978fa4cd2d"], 0x1, 0x14f5, &(0x7f0000001580)="$eJzs3AuYjlXXOPC99t43Y5r0NMlh2GuvmycNtkmSHBJySJIkSXJKSJokSUgMOSUNSchxkhyGkBymMWmcz4eckyavNEkSklPY/0vv+33e9+v9vr7v//b/u65v1u+69jV7zf2s9ax71lzz3PdzXfP80HNUvRb1azcjIvEvgb9+SRFCxAghhgkhbhBCBEKISvGV4q8cL6Ag5V97EvbnejT9WnfAriWef97G88/beP55G88/b+P55208/7yN55+38fwZy8u2zyl2I6+8u/j9/7yMX///F8ktP/mbjeVv7vU/SOH55208/7yN55+38fzzNp5/3sbz/9+v1n9xjOeft/H8GcvLrvX7z7yu7brWv3+MMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxvKGc/4qLYT4t/217osxxhhjjDHGGGN/Hp//WnfAGGOMMcYYY4yx//dASKGEFoHIJ/KLGFFAxIrrRJy4XhQUN4iIuFHEi5tEIXGzKCyKiKKimEgQxUUJYQQKK0iEoqQoJaLiFlFa3CoSRRlRVpQTTpQXSeI2UUHcLiqKO0QlcaeoLO4SVURVUU1UF3eLGuIeUVPUErXFvaKOqCvqifriPtFA3C8aigdEI/GgaCweEk3Ew6KpeEQ0E4+K5uIx0UI8LlqKJ0Qr0Vq0EW1Fu/+r/FdEX/Gq6Cf6ixQxQAwUr4lBYrAYIoaKYeJ1MVy8IUaIN0WqGClGibfEaPG2GCPeEWPFODFevCsmiIlikpgspoipIk28J6aJ98V08YGYIWaKWWK2SBdzxFzxoZgn5osF4iOxUHwsFonFYolYKjLEJyJTLBNZ4lOxXHwmssUKsVKsEqvFGrFWrBPrxQaxUWwSm8UWsVVsE9vF52KH2Cl2id1ij9gr9okvxH7xpTggvhI54uv/Yf7Z/5DfCwQIkCBBg4Z8kA9iIAZiIRbiIA4KQkGIQATiIR4KQSEoDIWhKBSFBEiAElACEBAICEpCSYhCFEpDaUiERCgLZcGBgyRIggpwO1SEilAJKkFlqAxVoCpUhepQHWpADagJNaE21IY6UAfqQT24D+6D+6EhNIRG0AgaQ2NoAk2gKTSFZtAMmkNzaAEtoCW0hFbQCtpAG2gH7aA9tIcO0AE6QSfoDJ2hC3SBZEiGrtAVukE36A7doQf0gJ7QE3pBb+gNr8Ar8Cq8Cv2hjhwAA2EgDIJBMASGwlB4HYbDG/AGvAmpMBJGwVvwFrwNY+AMjIVxMB7GQw05ESbBZCA5FdIgDabBNJgO02EGzISZMBvSYQ7MhbkwD+bDfPgIFsLH8DEshsWwFDIgAzJhGWRBFiyHs5ANK2AlrILVsAZWwzpYD+tgI2yCjbAFtsA22Aafw+ewE3bCbtgNe2EvfAFfwJfwJaRCDuTAQTgIh+AQHIbDkAu5cASOwFE4CsfgGByH43ACTsIpOAmn4TScgbNwDs7BBbgAF+GlhO+a7y2zIVXIK7TUMp/MJ2NkjIyVsTJOxsmCsqCMyIiMl/GykCwkC8vCsqgsKhNkgiwhS0iUKEmGsqQsKaMyKkvL0jJRJsqysqx00skkmSQryAqyoqwoK8k7ZWV5l6wiq8qOrrqsLmvITq6mrCVry9qyjqwr68n6sr5sIBvIhrKhbCQbycaysWwiH5ZN5QAYAo/KK5NpIUdCSzkKWsnWso1sK9+GJ2V7OQY6yI6yk3xajoOx0EW2d8nyOdlVToJu8gU5GV6UPeRU6Clflr1kb9lHviL7yg6un+wvZ8AAOVDOhkFysBwih8p5UFdemVg9+aZMlSPlKPmWXApvyzHyHTlWjpPj5btygpwoJ8nJcoqcKtPke3KafF9Olx/IGXKmnCVny3Q5R86VH8p5cr5cID+SC+XHcpFcLJfIpTJDfiIz5TKZJT+Vy+VnMluukCvlKrlarpFr5Tq5Xm6QG+UmuVlukVvlNrldfi53yJ1yl9wt98i9cp/8Qu6XX8oD8iuZI7+WB+Vf5CH5jTwsv5W58jt5RH4vj8of5DH5ozwuf5In5El5Sv4sT8tf5Bl5Vp6T5+UF+au8KC/Jy9JLoUBJpZRWgcqn8qsYVUDFqutUnLpeFVQ3qIi6UcWrm1QhdbMqrIqooqqYSlDFVQllFCqrSIWqpCqlouoWVVrdqhJVGVVWlVNOlVdJ6jZVQd2uKqo7VCV1p6qs7lJVVFVVTVVXd6sa6h5VU9VStdW9qo6qq+qp+uo+1UDdrxqqB1Qj9aBqrB5STdTDqql6RDVTj6rm6jHVQj2uWqonVCvVWrVRbVU79aRqr55SHVRH1Uk9rTqrZ1QX9axKVs+prup51U29oLqrF1UP9ZLqqV5WvVRv1UddUpeVV/1Uf5WiBqiB6jU1SA1WQ9RQNUy9roarN9QI9aZKVSPVKPWWGq3eVmPUO2qsGqfGq3fVBDVRTVKT1RQ1VaWp99Q09b6arj5QM9RMNUvNVulqjhryt0oL/hv57/+T/BG/Pfs2tV19rnaonWqX2q32qL1qn9qn9qv96oA6oHJUjjqoDqpD6pA6rA6rXJWrjqgj6qg6qo6pY+q4Oq5OqJPqvPpZnVa/qDPqrDqrzqsL6oK6+LefgdCgpVZa60Dn0/l1jC6gY/V1Ok5frwvqG3RE36jj9U26kL5ZF9ZFdFFdTCfo4rqENhq11aRDXVKX0lF9iy6tb9WJuowuq8tpp8vrJH3bv5z/R/210+10e91ed9AddCfdSXfWnXUX3UUn62TdVXfV3XQ33V131z10D91T99S9dC/dR/fRfXVf3U/30yk6RQ/Ur+lBerAeoofqYfp1PVwP1yP0CJ2qU/UoPUqP1qP1GD1Gj9Vj9Xg9Xk/QE/QkPUlP0VN0mk7T0/Q0PV1P1zP0DD1Lz9LpOl3P1XP1PD1PL9AL9EK9UC/Si/QSvURn6AydqTN1ls7Sy/Vyna1X6BV6lV6l1+g1ep1epzfoDXqT3qS36C06W2/X2/UOvUPv0rv0Hr1H79P79H69Xx/QB3SOztEH9UF9SB/Sh/Vhnatz9RF9RB/VR/UxfUwf18f1CX1Cn9Kn9Gl9Wp/RZ/Q5fU5f0Bf0RX1RX9aXr1z2BTKQgQ50kC/IF8QEMUFsEBvEBXFBwaBgEAkiQXwQHxQKbg4KB0WCokGxICEoHpQITICBDSgIg5JBqSAa3BKUDm4NEoMyQdmgXOCC8kFScFtQIbg9qBjcEVQK7gwqB3cFVYKqQbWgenB3UCO4J6gZ1ApqB/cGdYK6Qb2gfnBf0CC4P2gYPBA0Ch4MGgcPBU2Ch4OmwSNBs+DRoHnwWNAieDxoGTwRtApaB22CtkG7P7W+92eKPOX6mf4mxQwwA81rZpAZbIaYoWaYed0MN2+YEeZNk2pGmlHmLTPavG3GmHfMWDPOjDfvmglmoplkJpspZqpJM++ZaeZ9M918YGaYmWaWmW3SzRwz13xo5pn5ZoH5yCw0H5tFZrFZYpaaDPOJyTTLTJb51Cw3n5lss8KsNKvMarPGrDXrzHqzwWw0m8xms8VsNdvMdvO52WF2ml1mt9lj9pp95guz33xpDpivTI752hw0fzGHzDfmsPnW5JrvzBHzvTlqfjDHzI/muPnJnDAnzSnzszltfjFnzFlzzpw3F8yv5qK5ZC4bf+Xi/srLO2rUmA/zYQzGYCzGYhzGYUEsiBGMYDzGYyEshIWxMBbFopiACVgCS+AVhIQlsSRGMYqlsTQmYiKWxbLo0GESJmEFrIAVsSJWwkpYGStjFayC1bAa3o134z14D9bCWngv3ot1sS7Wx/rYABtgQ2yIjbARNsbG2ASbYFNsis2wGTbH5tgCW2BLbImtsBW2wTbYDtthe2yPHbADdsJO2Bk7YxfsgsmYjF2xK3bDbtgdu2MP7IE9sSf2wl7YB/tgX+yL/bAfpmAKDsSBOAgH4RAcgsNwGA7H4TgCR2AqpuIoHIWjcTSOwTE4FsfheHwXJ+BEnISTcQpOxTRMw2k4DafjdJyBM3AWzsJ0TMe5OBfn4TxcgAtwIS7ERbgIl+ASzMAMzMRMzMIsXI7LMRuzcSWuxNW4GtfiWlyP63EjbsTNuBm34lbcjttxB+7AXbgL9+Ae3If7cD/uxwN4AHMwBw/iQTyEh/AwHsZczMUjeASP4lE8hsfwOB7HE3gCT+EpPI2n8QyewXN4Di/gr3gRL+Fl9BhjpYi119k4e70taG+wMbaA/fu4qC1mE2xxW8IaW9gW+YcYrbWJtowta8tZZ8vbJHvb7+IqtqqtZqvbu20Ne4+t+bu4gb3fNrQP2Eb2QVvf3vcPcWP7kG1iH7dN7RO2mW1tm9u2toV93La0T9hWtrVtY9vazvYZ28U+a5Ptc7arff53caZdZtfbDXaj3WT32y/tOXveHrU/2Av2V9vP9rfD7Ot2uH3DjrBv2lQ78nfxePuunWAn2kl2sp1ip/4unmVn23Q7x861H9p5dv7v4gz7iV1os+wiu9gusUt/i6/0lGU/tcvtZzbbrrAr7Sq72q6xa+26f+91ld1it9ptdp/9wu6wO+0uu9vusXt/i6+cxwH7lc2xX9sj9nt7yH5jD9tjNtd+91t85fyO2R/tcfuTPWFP2lP2Z3va/mLP2LO/nf+Vc//ZXrKXrbeCgCQp0hRQPspPMVSAYuk6iqPrqSDdQBG6keLpJipEN1NhKkJFqRglUHEqQYaQLBGFVJJKUZRuodJ0KyVSGSpL5chReUqi26gC3U4V6Q6qRHdSZbqLqlBVqkbV6W6qQfdQTapFteleqkN1qR7Vp/uoAd1PDekBakQPUmN6iJrQw9SUHqFm9Cg1p8eoBT1OLekJakWtqQ21pXb0JLWnp6gDdaRO9DR1pmeoCz1LyfQcdaXnqRu9QN3pRepBL1FPepl6UW/qQ69QX3qV+lF/SqEBNJBeo0E0mIbQUBpGr9NweoNG0JuUSiNpFL1Fo+ltGkPv0FgaR+PpXZpAE2kSTaYpNJXS6D2aRu/TdPqAZtBMmkWzKZ3m0Fz6kObRfFpAH9FC+pgW0WJaQkspgz6hTFpGWfQpLafPKJtW0EpaRatpDa2ldbSeNtBG2kSbaQttpW20nT6nHbSTdtFu2kN7aR99QfvpSzpAX1EOfU0H6S90iL6hw/Qt5dJ3dIS+p6P0Ax2jH+k4/UQn6CSdop/pNP1CZ+gsnaPzdIF+pYt0iS6TJxFCKEMV6jAI84X5w5iwQBgbXhfGhdeHBcMbwkh4Yxgf3hQWCm8OC4dFwqJhsTAhLB6WCE2IoQ0pDMOSYakwGt4Slg5vDRPDMmHZsFzowvJhUnhbWCG8PawY3hFWCu8MK4d3hVXCquHjD1YP7w5rhPeENcNaYe3w3rBOWDesF9YP7wsbhPeHDcMHwkbhg2HF8KGwSfhw2DR8JGwWPho2Dx8LW4SPhy3DJ8JWYeuwTdg2bBc+GbYPnwo7hB3DTuHTYefwmbBL+GyYHD4Xdg2f/8PjKeGAcGD4Wvha6P0Dakl0aTQj+kk0M7osmhX9NLo8+lk0O7oiujK6Kro6uia6Nrouuj66Iboxuim6ObolujW6Lep9/fzCgZNOOe0Cl8/ldzGugIt117k4d70r6G5wEXeji3c3uULuZlfYFXFFXTGX4Iq7Es44dNaRC11JV8pF3S2utLvVJboyrqwr55wr75JcW9fOtXPt3VOug+voOrmn3dPuGfeMe9Y9655zXd3zrpt7wXV3L7oe7iX3knvZ9XK9XR/3iuvrXnX9XH+X4lLcQDfQDXKD3BA3xA1zw9xwN9yNcCNcqkt1o9woN9qNdmPcGDfWjXXj3Xg3wU1wk9wkN8VNcWkuzU1z09x0N93NcDPcLDfLpbt0N9fNdfPcPLfALXALExe6RW6RW+KWuAyX4TJdpstyWW65W+6yXbZb6Va61W61W+vWuvVuvdvoNrrNbrPb6ra67W672+F2uF1ul9vj9rh9bp/b7/a7A+6Ay3E57qA76A65Q+6w+9bluu/cEfe9O+p+cMfcj+64+8mdcCfdKfezO+1+cWfcWXfOnXcX3K/uorvkLjvv0iLvRaZF3o9Mj3wQmRGZGZkVmR1Jj8yJzI18GJkXmR9ZEPkosjDycWRRZHFkSWRpJCPySSQzsiySFfk0sjzyWSQ7siKyMrIqsjqyJuJ98R2hL+lL+ai/xZf2t/pEX8aX9eW88+V9kr/NV/C3+4r+Dl/J3+kr+7t8FV/VV/NP+Fa+tW/j2/p2/knf3j/lO/iOvpN/2nf2z/gu/lmf7J/zXf3zvpt/wXf3L/oe/iXf07/se/nevo9/xff1r/p+vr9P8QP8QP+aH+QH+yF+qB/mX/fD/Rt+hH/Tp/qRfpR/y4/2b/sx/h0/1o/z4/27foKf6Cf5yX6Kn+rT/Ht+mn/fT/cf+Bl+pp/lZ/t0P8fP9R/6eX6+X+A/8gv9x36RX+yX+KU+w3/iM/0yn+U/9cv9Zz7br/Ar/Sq/2q/xa/06v95v8Bv9Jr/Zb/Fb/Ta/3X/ud/idfpff7ff4vX6f/8Lv91/6A/4rn+O/9gf9X/wh/40/7L/1uf47f8R/74/6H/wx/6M/7n/yJ/xJf8r/7E/7X/wZf9af8+f9Bf+rv+gv+cv8P2uMMcYYY/8t6g+OD/gn35N/W1cMFEJcv7NY7n+subnwX/eDZULniBDiuf49H/23VadOSkrK3x6brURQarEQInI1P5+4Gq8QncQzIll0FBX+aX+DZe8L9Af1o3cKEft3OTHiany1/u3/Sf0nnx6fWTk8F/9f1F8sRGKpqzkFxNX4av2K/0n9Iu3/oP8C36QJ0eHvcuLE1fhq/STxlHheJP/DIxljjDHGGGOMsb8aLKt1/6P75yv35wn6ak5+cTX+o/tzxhhjjDHGGGOMXXsv9u7z7JPJyR2784Y3vOHNv2+u9V8mxhhjjDHG2J/t6kX/te6EMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhjLu/5/fJzYtT5HxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhj7Fr7PwEAAP//SOc8Mw==") open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1c0000000, 0x5, 0x0, 0x0, 0x15, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x202]}) open(&(0x7f0000000080)='./file1\x00', 0x103000, 0x2) mount(0x0, &(0x7f0000000080)='./file1\x00', 0x0, 0x10001, 0x0) 35.692697331s ago: executing program 1 (id=8): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000440)={0x1, 0x1, 0x1000, 0x1000, &(0x7f0000fe6000/0x1000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe3000/0x18000)=nil, &(0x7f0000000340)=[@text64={0x40, 0x0}], 0x1, 0x38, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, 0x0}], 0x1, 0x52, 0x0, 0x0) 33.197960549s ago: executing program 1 (id=17): syz_mount_image$hfs(&(0x7f0000002c80), &(0x7f0000000080)='./file1\x00', 0x4490, &(0x7f0000002cc0)=ANY=[], 0x1, 0x27f, &(0x7f0000000480)="$eJzs3T9v00AYx/HfOWkbaFXcPwgJMRUqMaG2LIilCGVgZ2FCQBOkiqhIUMSfKTAj2Nl5C7wARibEjMTGxAvIFnTnC3HSOA5W00vS70dKlNT32M/F5949rqoIwKl1u/rr8/Xf9mGkkkqSbkqRpIpUlnReFyovDg73Dxv12rAdlVyEfRglkeZIm72D+qBQG+civNi+K2sp/TOMR+Wnmh9v3XkZOg+E5a7+ASJpwV+dbnvlxDMbj2boBAIzLbX0Ssuh8wAAhOXn/8jP80t+/R5F0qaf9nvn/ymfQFuhExizrznbU/O/q7Laxp7fc25Tt95zJZzdHnWqxCK5zCsZWT0LTJNXVbpcojOP9xv1a3tPG7VI77TrzXWbrbvnWjJ0O9LZvj26640BtekQxfu+6PowZ/uwk84/1WTteI+Yz3wz3819E+uTav/Wf+W2safJnam470wl+W9l79H1cl6uVUYvV9xBLvojeEN7WVJGRaLOiFpR7w2COC9PF7XaF5X0bjsnam1g1E5O1Hp/VHc0Z0eOm/lg7pkN/dEXVVPr/8h+2psa5cq0bVxLPzKG9qfsWsZuPvFXXfPSwJZR0R6hgPd6pBtafv76zZOHjUb92cy+sFfiBKQxUS86g2BS8pnZF/ZDDnL0zrxTfD/BfjPhBHVP+n8G8reZWWHXXSap/1L1ypZbrNmnuHedvpCObeftPLXH7YzaYNU9n82u4HoYd+thMbuCG7XmunxVujLKEROxz3Py7BYJMlX90APu/wMAAAAAAAAAAAAAAAAAAEyb4/uXg4qyNoXuIwAAAAAAAAAAAAAAAAAAAAAA027ivv/3rpJ3fP8vMHZ/AwAA////DnhI") r0 = syz_open_dev$loop(&(0x7f0000000040), 0x7, 0xc0041) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, "fee8a2a478fc179fd2f8dda1af1ea89de2b7fb0a0100000000000000000300000000000004000000000000000000000000000500", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00000014000800000000000000007f"}}) ioctl$LOOP_SET_DIRECT_IO(r0, 0x4c08, 0x591) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, 0x0, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x2043, 0x0, 0x0) 32.666239997s ago: executing program 32 (id=17): syz_mount_image$hfs(&(0x7f0000002c80), &(0x7f0000000080)='./file1\x00', 0x4490, &(0x7f0000002cc0)=ANY=[], 0x1, 0x27f, &(0x7f0000000480)="$eJzs3T9v00AYx/HfOWkbaFXcPwgJMRUqMaG2LIilCGVgZ2FCQBOkiqhIUMSfKTAj2Nl5C7wARibEjMTGxAvIFnTnC3HSOA5W00vS70dKlNT32M/F5949rqoIwKl1u/rr8/Xf9mGkkkqSbkqRpIpUlnReFyovDg73Dxv12rAdlVyEfRglkeZIm72D+qBQG+civNi+K2sp/TOMR+Wnmh9v3XkZOg+E5a7+ASJpwV+dbnvlxDMbj2boBAIzLbX0Ssuh8wAAhOXn/8jP80t+/R5F0qaf9nvn/ymfQFuhExizrznbU/O/q7Laxp7fc25Tt95zJZzdHnWqxCK5zCsZWT0LTJNXVbpcojOP9xv1a3tPG7VI77TrzXWbrbvnWjJ0O9LZvj26640BtekQxfu+6PowZ/uwk84/1WTteI+Yz3wz3819E+uTav/Wf+W2safJnam470wl+W9l79H1cl6uVUYvV9xBLvojeEN7WVJGRaLOiFpR7w2COC9PF7XaF5X0bjsnam1g1E5O1Hp/VHc0Z0eOm/lg7pkN/dEXVVPr/8h+2psa5cq0bVxLPzKG9qfsWsZuPvFXXfPSwJZR0R6hgPd6pBtafv76zZOHjUb92cy+sFfiBKQxUS86g2BS8pnZF/ZDDnL0zrxTfD/BfjPhBHVP+n8G8reZWWHXXSap/1L1ypZbrNmnuHedvpCObeftPLXH7YzaYNU9n82u4HoYd+thMbuCG7XmunxVujLKEROxz3Py7BYJMlX90APu/wMAAAAAAAAAAAAAAAAAAEyb4/uXg4qyNoXuIwAAAAAAAAAAAAAAAAAAAAAA027ivv/3rpJ3fP8vMHZ/AwAA////DnhI") r0 = syz_open_dev$loop(&(0x7f0000000040), 0x7, 0xc0041) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, "fee8a2a478fc179fd2f8dda1af1ea89de2b7fb0a0100000000000000000300000000000004000000000000000000000000000500", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00000014000800000000000000007f"}}) ioctl$LOOP_SET_DIRECT_IO(r0, 0x4c08, 0x591) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, 0x0, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x2043, 0x0, 0x0) 20.444289045s ago: executing program 3 (id=76): syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='mnt\x00', 0x1000000, &(0x7f0000000040)={[{@usrjquota}, {}]}, 0x0, 0x248, &(0x7f0000000940)="$eJzs3T9oFFkcB/DfzO5eLsly5O6ag4O7g+M47gIh1x3YxEYhICGICCpERGyURIgJdomVjYXWKqlsgtgZrdMEG0Ww8k+K2AgaLAwWWqzsTiLRbDBxN7uS+Xxg2JnZee/3hp3v221mNoDc6omIgYgoRERvRJQiIll/wB/Z0rO6OdO5MBJRqRx8ndSOy7Yza+26I2I6Iv6PiPk0idPFiMm5o0tvH+//+9JE6a8bc0c6W3qSq5aXFg+sXB+6eHvwv8kHj14OJTEQ5U/Oq/mSOvuKScRPO1HsG5EU2z0CtmL4/K0n1dz/HBF/1vJfijSyD+/y+Hfzpfj32mZtr7x6+Gsrxwo0X6VSqn4HTleA3EkjohxJ2hcR2Xqa9vVlv+GfFrrSM2Pj53pPjU2Mnmz3TAU0Szlicd/djjvdn+X/RSHLP7B7VfN/aHj2WXV9pdDu0QCtVM1/7/Gpf0L+IXfkH/JL/iG/5B/yS/4hv+Qf8kv+Ydf4frsN5B/yS/4hv+Qf8mt9/gGAfKl0tPsOZKBd2j3/AAAAAAAAAAAAAAAAAAAAG810LoysLa2qee9qxPLeiCjWq1+o/R/x2qNNu94k1cM+SrJmDTn2e4MdNOjmDt59vZVHuv3wfOfqb8X935rZW3nbLaZGI6YvRER/sbjx+ktWr7+v9+MX3i+daLBAg/Ycbm/997Otq1Wqs2+wkmQr/fXmnzR+qb3Wn3/Km/S5HWffNdgBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALfMhAAD//+M2bGo=") mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='mnt/encrypted_dir\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000680)='mnt/encrypted_dir\x00', 0x800, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f00000000c0)=@v2={0x2, @adiantum, 0x4, '\x00', @a}) chdir(&(0x7f00000002c0)='mnt/encrypted_dir\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x121c80, 0x47) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000280)=0x40000000) 20.224821319s ago: executing program 3 (id=77): r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000140), 0x82084, 0x0) r1 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0x8c36, 0x3c00, 0x2, 0xbfdffffc}, &(0x7f0000000000)=0x0, &(0x7f00000000c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0) ioctl$TCSETSF2(r0, 0x402c542d, &(0x7f0000000100)={0xfffffffc, 0xe7, 0x2, 0x4, 0x7, "ea7174ddb80fc70000020000000000d3a2d975", 0x2, 0x4}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000000c0)) 19.870025764s ago: executing program 3 (id=78): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x4c02}) readv(r1, &(0x7f00000001c0)=[{&(0x7f0000001400)=""/222, 0xde}], 0x1) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r0, 0x8983, &(0x7f0000000080)={0x0, 'syzkaller1\x00', {0x4}, 0x1}) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', @link_local}) 19.135249475s ago: executing program 3 (id=81): syz_mount_image$vfat(&(0x7f00000001c0), &(0x7f0000000080)='./file0\x00', 0x48cf, &(0x7f0000000600)={[{@shortname_winnt}, {@shortname_winnt}, {@shortname_winnt}, {@fat=@showexec}, {@uni_xlateno}, {@shortname_winnt}, {@uni_xlateno}, {@fat=@discard}, {@shortname_mixed}, {@numtail}, {@shortname_lower}, {@shortname_winnt}]}, 0x0, 0x274, &(0x7f0000000a00)="$eJzs3MGLG1UYAPDPbNvdbmmzBxEUxIde9BLa9S8I0oK4oKyNqAdh6mY17JgsmbgSEdubV/+O4tGboP4De/HmXbwsguClBzHSJONm10BbaZzV/H4Q5su8+fLeTGbCNwN5R29/+dHebtHYzQZRW0tRi7gT9yI27kdTT0yXtXF8IWbdiZcu/fbjs2++8+5rza2t69sp3WjefHkzpXTluW8/+eyr578fXHrr6yvfrMbhxntHv27+dPjU4dNHf9wsP703SFm61esNslt5O+10ir1GSm/k7axop063aPdPtO/mvf39Ycq6O5fX9/vtokhZd5j22sM06KVBf5iyD7JONzUajXR5PZbNyiNntO5ub2fNhQyGKlyct7Lfb2Yrcxtbd/+NQQEAZ0tV9f+HnSJ1itR9UP1fC/X/4qj/l8H9+n99ev2epP4HAAAAAAAAAAAAAID/gnujUX00GtXLZflajYi1iCjfVz1OFsP3v9xm/ri3FpF/cdA6aE2Wk/bmbnQij3ZcPR/x+/h8mJrEN17dun41jW3Ed/ntaf7tg9ZKrJb5pY35+dcm+elk/vlYn+1/M+rx5Pz8zbn5F+LFF2byG1GPH96PXuSxMz6vj/M/v5bSK69vncq/ON4OAAAA/g8a6S9/u38ftzdSOW3IqfbJyuPnA1F/wPOBU/fX5+KZc9XtNwAAACyTYvjpXpbn7b7g0QKHbuFBLSIq6v2XiDgbB+GxBj9/PLnqH2bjqn+ZAACAx+246K96JAAAAAAAAAAAAAAAAAAAALC8HnbysHL7fzL32Ex3K9XsJQAAAAAAAAAAAAAAAAAAAAAAAJwNfwYAAP//xsMhSw==") r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='mounts\x00') mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000500)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1333404, 0x0) mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x11080, 0x0) mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0) read$FUSE(r0, &(0x7f0000002140)={0x2020}, 0x2100) 18.800224191s ago: executing program 3 (id=83): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f0000000300)=@newtfilter={0x44, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0xffe0, 0xf}, {}, {0x7, 0x9}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8035}, @TCA_FLOWER_KEY_ARP_TIP={0x8, 0x3b, @multicast2}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x10}, 0x20084084) 18.097925581s ago: executing program 3 (id=86): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi1\x00', 0x2180, 0x0) ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, &(0x7f0000000080)={'pcl816\x00', [0x0, 0x80008000, 0x1, 0xa, 0x0, 0x0, 0x1, 0x13, 0xffe, 0x1, 0x8, 0x1, 0x1006, 0x4, 0xffff, 0xfffffff8, 0xffffffa7, 0x40000009, 0x9, 0x5, 0x3ff, 0x10000, 0x6, 0xe2df, 0x9, 0x1, 0x1, 0x3, 0x4, 0x5, 0x5]}) 17.650932438s ago: executing program 33 (id=86): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi1\x00', 0x2180, 0x0) ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, &(0x7f0000000080)={'pcl816\x00', [0x0, 0x80008000, 0x1, 0xa, 0x0, 0x0, 0x1, 0x13, 0xffe, 0x1, 0x8, 0x1, 0x1006, 0x4, 0xffff, 0xfffffff8, 0xffffffa7, 0x40000009, 0x9, 0x5, 0x3ff, 0x10000, 0x6, 0xe2df, 0x9, 0x1, 0x1, 0x3, 0x4, 0x5, 0x5]}) 3.585214634s ago: executing program 0 (id=148): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r0, &(0x7f0000000240)=':', 0x1, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x2, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='veno\x00', 0x5) syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b14201040000010902"], 0x0) shutdown(r0, 0x1) 2.183933246s ago: executing program 2 (id=158): r0 = socket(0x10, 0x803, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=@getchain={0x24, 0x66, 0x0, 0x0, 0x2000, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x4}}}, 0x24}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=@newlink={0x60, 0x10, 0x401, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, r2, 0x0, 0x3114}, [@IFLA_LINKINFO={0x40, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x30, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_LIMIT={0x5, 0x6, 0xee}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @private2={0xfc, 0x2, '\x00', 0x1}}, @IFLA_IPTUN_ENCAP_TYPE={0x6}, @IFLA_IPTUN_TTL={0x5, 0x4, 0x3}]}}}]}, 0x60}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB="9c0000001000010400"/20, @ANYRES32=r2, @ANYBLOB="8750a754ac0000007c0012800b000100697036746e6c00106c000280140002000000000000000000000000000000000114000200fe8000000000000000000000000000aa14000300fe8000000000000000000000000000bb08bc550973263549f22c1ac3a5d5", @ANYRES32=r2, @ANYBLOB], 0x9c}, 0x1, 0x0, 0x0, 0x40001}, 0x20004090) 2.129068317s ago: executing program 0 (id=159): syz_mount_image$hfs(&(0x7f0000000040), &(0x7f0000000080)='./file1\x00', 0x84, &(0x7f0000000100)=ANY=[@ANYRES32=0x0, @ANYRES16, @ANYRESHEX], 0x8b, 0x2bb, &(0x7f00000009c0)="$eJzs3U9rE0EYx/Hf7KZJamtdbUUQD1ItepK2XsRLQIqvwYuiNhGKocVaQb0YPIsvwLsXX4AvwpMInvXkyRfQ28pMJs1ss5s0Lc22+P1Ams3u/Hlms8nOs5CuAPy37q39+nz7j30YKVYs6a4U2U1XVZF0UZfqrzZ3NnbareawhmKpLvcwkqtpBsqsb7byqtp6roaX2FcVzYbrcDzSNE1/lx0EylT3z3Hexkiq+U9nHBY+Tab2ve7EUqekWE4Ks6tdvdZc2XEAAMpluuf3yJ/nZ/38PYqkJX/aD8//P8+WHO/R3NBu2SGULDj/uywrNfb9Pec29fM9l8LZ7VEvSxy3Hzt5rKp7ZGUmmCabVQ4miy6WaPrZRrt1a32r3Yz0Xg3HhHnhgqSGmj5n9TLRDja9mLMuq6qi1sYy48YwZcew2o+/0QiKzOd1evgeRzPfzHfzyCT6pObe/K+SmnDM/p26P9WPf7moua0XD+1z0i1VMMrzrpPL2R07dJRxUUYiv6fSWNkLBEk2zmpurar21eqObqWoJ9/OfG6t1RG1FmytL0Gt/tFcXPO4mY/mgVnUX33VWjD/j+zeXtLgJzO/EVfSHxlDx1NxJZNwVedKbslo/LFgTP19/EFPdUdzL9+8ff6k3W5tT3rBxjDxTlnoLvQOgpMSz+EW7HdsuEZJa7symd6rR951dY0qUwsLZ0e6f6H3sT5A770LeCMjnPA3E0rRf9OLy7ybZECYNPvlYbr5X5CvLLsUyf5JhszT01HTtqDFlZzcoLZX8EzQkvHX54szoJncDK6jMXKuazel68HKETlXogvS9NCxniZmTT/0mOv/AAAAAAAAAAAAAAAAAAAAp80kfq0RdMd/9AEAAAAAAAAAAAAAAAAAAAAA4BCK7/9b1zHe/zfzO4AD3/+3doSBAhjwLwAA///073LE") unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0) syz_mount_image$exfat(0x0, &(0x7f0000000000)='./file1\x00', 0x4800, 0x0, 0x0, 0x0, &(0x7f0000000000)) munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x194) getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8) getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8) 1.90482799s ago: executing program 2 (id=160): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x2}) r1 = socket$igmp6(0xa, 0x3, 0x2) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00', {0x4}, 0x6}) write$tun(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="000000000000aaaaaaaaaabb88a8400081"], 0x6e) 1.845489911s ago: executing program 5 (id=162): r0 = socket$netlink(0x10, 0x3, 0x10) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000080)=0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f00000001c0)={r2, 0x9}, &(0x7f00000002c0)=0x8) r3 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)=ANY=[@ANYRES32=r0, @ANYRES32, @ANYRES64=r3, @ANYRES64=0x0, @ANYBLOB="ed"], 0x20) 1.837368741s ago: executing program 0 (id=163): r0 = syz_io_uring_setup(0x10b, &(0x7f00000000c0)={0x0, 0x46ad, 0x400, 0x1, 0x105}, &(0x7f0000000040)=0x0, &(0x7f0000000240)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r3 = socket$inet6(0x10, 0x3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000004c0)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x4c, 0x0, r3, 0x0, 0x0, 0x0, 0x40010020}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) io_uring_enter(r0, 0x8aa, 0x0, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_SYNC_CANCEL(r0, 0x18, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x11, {0x27fffffffffffff, 0x8}, 0x54}, 0x1) 1.652178604s ago: executing program 5 (id=164): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000001c0)={'ip6gretap0\x00', 0x400}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) ioctl$SIOCSIFHWADDR(r1, 0x8943, &(0x7f0000002280)={'syzkaller0\x00'}) 1.600336595s ago: executing program 4 (id=165): connect$packet(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x4, 0x0, 0x1, 0x22, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x41}}, 0x14) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r0, &(0x7f0000000000), 0xd) 1.461311777s ago: executing program 0 (id=166): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x103102, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) socket$vsock_stream(0x28, 0x1, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, &(0x7f00000000c0)="66b8a7000f00d066bad004b801000000ef0f20c035000000400f22c066b80d010f00d8b9940800000f32660f38818d00f0fffff30fc731c4e2490a0ff40f38014703", 0x42}], 0x1, 0x2, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.410695398s ago: executing program 2 (id=167): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x14e22, 0x0, @ipv4}, 0x1c) listen(r0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x8000000004) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000580)={@in6={{0xa, 0x0, 0x0, @remote}}, 0x0, 0x0, 0x2e, 0x0, "6248bc9c8095fdfb8d639d954a0649542709e9baf27860bd22292b501f2c28d45a71ec3fa8539e7223c278d70126314aca030d71da9dcb99d1d087f250685685db59cf6de9c2a0496da59a4fcf3d9ceb"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000440)={@in6={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}}, 0x0, 0x0, 0x27, 0x0, "a58fc096f80633b333145c32b45013f5547000229e90bfdd2cbb775085438751fa41b217c492169b0cb51256adc3e5baedfa65fd3c4429b247e9dc51c16f89c5a42145bb09f23ab88b0bd564fd44893a"}, 0xd8) writev(r1, &(0x7f0000000080)=[{&(0x7f0000000200)="a10100001400add427323b470c45b45602067fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x1a1}], 0x1) 1.347640659s ago: executing program 5 (id=168): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x8c66) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000240)={0x27800000000, 0x0, 0x1, r2, 0x1}) r3 = eventfd(0x80000001) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000080)={0x3, 0xeeef0000, 0x2, r3, 0x1}) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000040)={0xfffffffffffff001, 0x0, 0x1, r2, 0x4}) 1.30083876s ago: executing program 4 (id=169): r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) r2 = syz_open_dev$cec(&(0x7f00000002c0), 0x0, 0x181800) ioctl$CEC_ADAP_S_LOG_ADDRS(r2, 0xc05c6104, &(0x7f00000001c0)={"000100", 0x0, 0x5, 0x4a, 0x0, 0x1ff, "2179d46fd08e3c0ced34c7d0c7e6d7", "7ca24a13", "0400", "a2d1d4a2", ["1af0b1ba1cb8fd54c9c9b587", "bed0edd67f0400", "33af343c60abc64f2fdc9ddf", "f6380000000000000000a93c"]}) ioctl$CEC_TRANSMIT(r2, 0xc0386105, &(0x7f0000000d40)={0x10000000000000, 0x1, 0x6, 0xfffffffc, 0x0, 0x4063, "57c1169b6664ea61326ac71ae7213059", 0x0, 0x0, 0x0, 0x0, 0x5, 0x1}) getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, 0x0, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 1.204176301s ago: executing program 2 (id=170): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000140)={0x1, &(0x7f0000000040)=[{0x4, 0xf, 0x5}]}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x21) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000014f000/0x18000)=nil, &(0x7f0000005700)=[@text16={0x10, 0x0}], 0x1, 0x4, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.097845133s ago: executing program 0 (id=171): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="e4000000", @ANYRES16=r2, @ANYBLOB="07002abd5248ffdbdf2507ff000008000300", @ANYRES32=r3, @ANYBLOB="0c00990001000c0069000000140004002f6163766c616e3100000000000000000400cc00080005000a"], 0xe4}}, 0x0) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x8, 0x0, 0x7fff0000}]}) close_range(r4, 0xffffffffffffffff, 0x0) 1.077232873s ago: executing program 4 (id=172): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000300)=@x86={0x0, 0x7, 0x9, 0x0, 0x10000, 0x5, 0x41, 0x4, 0x2, 0x10, 0x3, 0x8, 0x0, 0x9, 0x7, 0x40, 0x80, 0x2, 0x3, '\x00', 0xd, 0x7}) ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000000)={0xb0003, 0x0, [0x3, 0x2, 0x385a, 0x0, 0xc0, 0x3ff, 0x5, 0x8000000000000000]}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, 0x0}], 0x1, 0x60, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.012537604s ago: executing program 5 (id=173): r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80) r1 = bpf$ITER_CREATE(0xb, &(0x7f00000004c0)={r0}, 0x8) r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[], &(0x7f0000000140)='GPL\x00'}, 0x94) r3 = bpf$ITER_CREATE(0xb, &(0x7f00000004c0)={r2}, 0x8) close(r3) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r2, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f00000005c0)={r1, r0, 0x4, r2}, 0x10) 880.702396ms ago: executing program 0 (id=174): syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f0000000680)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6e6f757365725f78617474722c636f686572656e63793d66756c6c2c646174613d77726974656261636b2c6c6f63616c616c6c6f633d30303030303030303030303030303030303030312c61636c2c6e6f61636c2c6c6f63616c616c6c6f633d30303030303030303030303030303030303030302c00a89f6b8d5800aa954e6c8735dcd52921ce08462fb4ce7c1600883251443ac332f4d17b77d29867e4321610936dbc5963e9fb59a032c92e32ebffc3b739951e866d52bff6bd63136a656222062a8eea0cf97480bc8ac6c0e8a2aa38ffa8fa758cd54b9ef39a7f536d7b85173a83c34d78e210ecf4d040817bbe989e9eb015acb84bb90577b8b405a48292eeca69f5275cb7b7027d4bf643bd69b034c0221a30"], 0x1, 0x442d, &(0x7f0000004480)="$eJzs3c9PHGUfAPBnBvoW+rZ9oW8PfZM3cRObaNQQ6EmliZTSUmixptrGeNkusG3RhW1gMR56wFsTTyYejIdGE2+cGg5e65/gxWM9N9GDFxOTRszuzgIz7IaVsGDr53NgmOc3fGeefeYw+8SJyp25pdzcUq6wkCvP3Fo6k/u4XFqeL4Z4nzTt/9D+9U97OnGdHPS190929fzFd2+cCeH72R+frK+vr4eq7tDU0Jbff/v13szWY0OcqVNtt3lre+WDEMLJbeOq6gohvP9dCFEI4VySNpoce0MIx0I978a9z27m9mg0Dx8Xz+afTt1fGz49ufpgrfXfHoXwVel/r92e//nFruGfXtmj7gEAAAAAAAAAAAAAAAAAeMaNX7t6/Z3BofAoCt2r0fb3dceTY6v3Y9f3zAsh9HX+7wUAAAAAAAAAAAAAAAAAAIC/o833/3PRiSbv/48lx5EW9dff6vwY6ZyJt6+OXRgcSvZ/j7blv54k/XKuK/Q32fc9u//7uUz95vu/b+9ntxrja/TbF6J4IHUexwMDIXyTbPx+KjoSl8pLlVdvlZcXZvdsGM+sdPzru/enopNs6N9u/Ecz7Xd+////bruaquc39+4Se66l49/Vsty3n0Ztxf98pt5+xJ/dS8e/u5bWu7XASH0CqMb/8+6d4z+Wab9T8T8eQshF1bHmUjNAdQ1TTW+1XiEtHf9DtbTU1Jn8I1vd/79n4n8h0/5Bzf8r2Q8imkrH/1+1tJ5Uic37vz/e+f6/mGn/IOJfHf+Kz/+2pON/uJ7YnSpS+0+2O/+PZ9rvVPyvx8k4j0epK2A1qqe3+r460tLx79mWv/n8F7e1/ruUqb9fz3+NfhvPf43p/+Wo/vxHc+n497Ys1+79P5Gp1+n5f6S2/mO30vE/UktLr53rX8rZbvwnM+13Kv61VUlPI/6b88kfh+vpX1v/tSUd/3/XE+OtJVZqP2vrv2jn9f/lTPsHsf6rjn8l7myvz4t0/I+2LFeN/w9tfP5fydTrfPxDGLTW37V0/I+1LFe7/3t2jv9Upl6n4/9SJxsHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeAaMJse+EMUDqfM4HhgI4XxyfiociaYLs/npUnnmo6UQxpL0XDgR3S6Vpwul/NxCebaYL5RK5ZkQLiT5J0NPtFQqV/LzhbsXN9rqje4UC4uV6WKhEkIYT9L/H4412pqeq8wX7oYQLm3k/ScuL969U1jIz84tvjk4ODgYJjbG0B8VP6kUFyr13uu5IUxu1O2Ltgyuln15YyxHow/Ly4sLhVIt/cqWOqXyTKG0pc5UkvdF6I8qi8sLM4VKMV8q3270d5BGkuPYxLX3rl0Z2pZ/M6ofR/d3WAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8RY+G3/gyhNBdP4tDCCONX6Jm5R8+Lp7NP526vzZ8enL1wdqTVuUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgT3bgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwS8coDQRRGIDfjIXaeQyrZbezXVFEC1cET6DH8DB6FC/hHVKkSJsiBJJZCJtd2Capvq95MD8z78E8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYJ6n9+7jrW4iUlxtLiP+vv4Xh/lLqT/34/cvzjAjp/P82j081k3593SU35WjZZt36Xr1/Rkjtfc72JPhPu31fa4n55rat6n5+r43kXIVEW3Jb1POVTXvLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAtO3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdiBYwEAAAAAYf7WUfRtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPwKAAD//+UFHyA=") r0 = open(&(0x7f0000000180)='./bus\x00', 0x14d27e, 0x0) r1 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0xa0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r0, 0x1000) fallocate(r1, 0x0, 0x0, 0x1000f4) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) 773.180308ms ago: executing program 2 (id=175): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000b00)=@newtfilter={0x3c, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x0, 0xf}, {}, {0x7, 0xfff3}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_CT_ZONE={0x6, 0x5d, 0x7}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x90}, 0x20084084) 685.681999ms ago: executing program 5 (id=176): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@newtfilter={0x30, 0x2c, 0xd27, 0x70bd2b, 0x4, {0x0, 0x0, 0x0, r3, {0xd, 0xfff1}, {0x1, 0xfff1}, {0x7}}, [@filter_kind_options=@f_u32={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x20}, 0x20000800) 491.228992ms ago: executing program 2 (id=177): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f0000000a80)={0x14}, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000020000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000740)=@newlink={0x4c, 0x10, 0xffffff1f, 0x0, 0x80, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_FILTERING={0x5, 0x7, 0x6}, @IFLA_BR_VLAN_STATS_ENABLED={0x5, 0x29, 0x1}]}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x4c}, 0x1, 0x0, 0x0, 0x2000c0c1}, 0x40000) 380.263894ms ago: executing program 5 (id=178): bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)=[{0x0}], 0x1}, 0xc800) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4140aecd, &(0x7f00000000c0)) 372.817554ms ago: executing program 4 (id=179): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='mounts\x00') read$FUSE(r0, &(0x7f00000029c0)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) prctl$PR_SET_SECUREBITS(0x1c, 0x2c) setuid(0xee00) r2 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0) fsetxattr$system_posix_acl(r2, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f0000000140)={{}, {0x1, 0x1}, [], {}, [{0x8, 0x1, r1}], {0x10, 0x6}}, 0x2c, 0x1) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) 123.229088ms ago: executing program 4 (id=180): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)=@newneigh={0x28, 0x1c, 0x401, 0x0, 0x0, {0x2, 0x0, 0x0, r2, 0x2, 0x14}, [@NDA_DST_MAC={0xa, 0x1, @local}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000}, 0x0) 0s ago: executing program 4 (id=181): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@gettaction={0x50, 0x32, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x20, 0x1, [{0x10, 0xe, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0xc, 0x17, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x40}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x4048840) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c0000001000010400b500000000040000000000", @ANYRES32=0x0, @ANYBLOB="00000000001400001c00128009000100626f6e64000000000c000280080014"], 0x3c}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x44}, 0x1, 0x0, 0x0, 0x8000010}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.149' (ED25519) to the list of known hosts. [ 59.231116][ T5776] cgroup: Unknown subsys name 'net' [ 59.360556][ T5776] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 60.741340][ T5776] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 62.191853][ T5798] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 62.201107][ T5798] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 62.209037][ T5798] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 62.211796][ T5795] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 62.217105][ T5798] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 62.229438][ T5797] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 62.231123][ T5798] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 62.238631][ T5795] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 62.244708][ T5798] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 62.254366][ T5795] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 62.261467][ T5798] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 62.266354][ T5795] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 62.281928][ T5797] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 62.290286][ T5795] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 62.296824][ T50] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 62.300395][ T5795] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 62.304848][ T50] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 62.312287][ T5795] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 62.334639][ T5792] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 62.345873][ T5792] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 62.354604][ T5795] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 62.362789][ T5795] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 62.372903][ T5795] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 62.381964][ T5795] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 62.799070][ T5788] chnl_net:caif_netlink_parms(): no params data found [ 62.879688][ T5787] chnl_net:caif_netlink_parms(): no params data found [ 62.894769][ T5785] chnl_net:caif_netlink_parms(): no params data found [ 62.926593][ T5786] chnl_net:caif_netlink_parms(): no params data found [ 63.037809][ T5788] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.045179][ T5788] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.052527][ T5788] bridge_slave_0: entered allmulticast mode [ 63.059756][ T5788] bridge_slave_0: entered promiscuous mode [ 63.103587][ T5788] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.110927][ T5788] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.118102][ T5788] bridge_slave_1: entered allmulticast mode [ 63.125305][ T5788] bridge_slave_1: entered promiscuous mode [ 63.157629][ T5785] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.165043][ T5785] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.172232][ T5785] bridge_slave_0: entered allmulticast mode [ 63.179614][ T5785] bridge_slave_0: entered promiscuous mode [ 63.219467][ T5786] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.226596][ T5786] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.233767][ T5786] bridge_slave_0: entered allmulticast mode [ 63.240413][ T5786] bridge_slave_0: entered promiscuous mode [ 63.248593][ T5785] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.256467][ T5785] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.263826][ T5785] bridge_slave_1: entered allmulticast mode [ 63.270513][ T5785] bridge_slave_1: entered promiscuous mode [ 63.288935][ T5787] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.296124][ T5787] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.303298][ T5787] bridge_slave_0: entered allmulticast mode [ 63.310546][ T5787] bridge_slave_0: entered promiscuous mode [ 63.318380][ T5786] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.325600][ T5786] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.332884][ T5786] bridge_slave_1: entered allmulticast mode [ 63.339859][ T5786] bridge_slave_1: entered promiscuous mode [ 63.361784][ T5788] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.371120][ T5787] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.378362][ T5787] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.386675][ T5787] bridge_slave_1: entered allmulticast mode [ 63.393355][ T5787] bridge_slave_1: entered promiscuous mode [ 63.423497][ T5788] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.459365][ T5786] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.470884][ T5785] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.482947][ T5785] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.511185][ T5786] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.552385][ T5787] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.565603][ T5787] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.597560][ T5788] team0: Port device team_slave_0 added [ 63.629408][ T5786] team0: Port device team_slave_0 added [ 63.638240][ T5786] team0: Port device team_slave_1 added [ 63.647194][ T5785] team0: Port device team_slave_0 added [ 63.666200][ T5788] team0: Port device team_slave_1 added [ 63.675654][ T5787] team0: Port device team_slave_0 added [ 63.683343][ T5785] team0: Port device team_slave_1 added [ 63.710236][ T5787] team0: Port device team_slave_1 added [ 63.738198][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.745261][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.772138][ T5786] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.785439][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.792403][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.818480][ T5786] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.859989][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.867042][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.894104][ T5785] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.911326][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.918336][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.944320][ T5788] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.957168][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.964319][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.990668][ T5788] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.013067][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 64.020283][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.046397][ T5785] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.095167][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 64.102129][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.128156][ T5787] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 64.142032][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 64.149085][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.175436][ T5787] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.213820][ T5786] hsr_slave_0: entered promiscuous mode [ 64.220167][ T5786] hsr_slave_1: entered promiscuous mode [ 64.244989][ T5785] hsr_slave_0: entered promiscuous mode [ 64.251246][ T5785] hsr_slave_1: entered promiscuous mode [ 64.257635][ T5785] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 64.266205][ T5785] Cannot create hsr debugfs directory [ 64.323127][ T5788] hsr_slave_0: entered promiscuous mode [ 64.329995][ T5788] hsr_slave_1: entered promiscuous mode [ 64.336523][ T5788] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 64.344344][ T5788] Cannot create hsr debugfs directory [ 64.364730][ T5798] Bluetooth: hci3: command tx timeout [ 64.370503][ T5798] Bluetooth: hci2: command tx timeout [ 64.377288][ T5795] Bluetooth: hci0: command tx timeout [ 64.401175][ T5787] hsr_slave_0: entered promiscuous mode [ 64.407671][ T5787] hsr_slave_1: entered promiscuous mode [ 64.414134][ T5787] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 64.421699][ T5787] Cannot create hsr debugfs directory [ 64.443795][ T5795] Bluetooth: hci1: command tx timeout [ 64.744262][ T5788] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 64.757617][ T5788] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 64.768313][ T5788] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 64.779443][ T5788] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 64.856933][ T5785] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 64.866732][ T5785] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 64.879757][ T5785] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 64.890813][ T5785] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 64.970338][ T5786] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 64.980536][ T5786] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 64.999817][ T5786] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 65.011611][ T5786] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 65.079885][ T5787] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 65.103460][ T5787] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 65.118205][ T5787] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 65.128204][ T5787] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 65.199170][ T5788] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.233330][ T5788] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.269845][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.277178][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.287807][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.295104][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.332007][ T5785] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.399377][ T5785] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.438466][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.445679][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.490269][ T5786] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.510854][ T1128] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.518064][ T1128] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.532027][ T5787] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.578915][ T5787] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.622522][ T139] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.629714][ T139] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.663414][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.670581][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.685659][ T5786] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.711388][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.718579][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.749438][ T1128] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.756627][ T1128] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.787935][ T5788] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.940707][ T5788] veth0_vlan: entered promiscuous mode [ 65.971041][ T5788] veth1_vlan: entered promiscuous mode [ 66.090658][ T5788] veth0_macvtap: entered promiscuous mode [ 66.131032][ T5788] veth1_macvtap: entered promiscuous mode [ 66.172900][ T5785] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.254991][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.271226][ T5785] veth0_vlan: entered promiscuous mode [ 66.300142][ T5787] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.309779][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.325955][ T5788] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.336154][ T5788] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.346269][ T5788] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.355294][ T5788] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.401970][ T5786] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.415102][ T5785] veth1_vlan: entered promiscuous mode [ 66.444509][ T5795] Bluetooth: hci0: command tx timeout [ 66.450154][ T5798] Bluetooth: hci2: command tx timeout [ 66.454358][ T5792] Bluetooth: hci3: command tx timeout [ 66.525370][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.526052][ T5795] Bluetooth: hci1: command tx timeout [ 66.533483][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.592110][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.606923][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.631001][ T5787] veth0_vlan: entered promiscuous mode [ 66.648854][ T5785] veth0_macvtap: entered promiscuous mode [ 66.657965][ T5786] veth0_vlan: entered promiscuous mode [ 66.680235][ T5785] veth1_macvtap: entered promiscuous mode [ 66.706077][ T5787] veth1_vlan: entered promiscuous mode [ 66.718935][ T5786] veth1_vlan: entered promiscuous mode [ 66.760509][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.773316][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.786973][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.812198][ T5786] veth0_macvtap: entered promiscuous mode [ 66.827192][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.842635][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.856389][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.868077][ T5786] veth1_macvtap: entered promiscuous mode [ 66.903012][ T5785] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.912429][ T5785] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.924469][ T5785] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.933189][ T5785] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.972817][ T5787] veth0_macvtap: entered promiscuous mode [ 66.993505][ T5787] veth1_macvtap: entered promiscuous mode [ 67.015059][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.029624][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.042342][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.054796][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.065974][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.086104][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.097527][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.108283][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.119103][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.132812][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.144077][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.156167][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.167581][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.179970][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.180382][ T5855] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 67.197609][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.208550][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.219713][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.263417][ T5787] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.274730][ T5787] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.283452][ T5787] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.292600][ T5787] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.317721][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.329014][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.339872][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.351060][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.362315][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.373057][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.385034][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.387786][ T5855] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 67.397762][ T5786] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.413214][ T5786] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.415894][ T5855] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 67.423025][ T5786] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.441802][ T5855] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 67.446172][ T5786] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.460372][ T5855] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 67.462414][ T5855] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 67.489502][ T5855] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 67.499066][ T5855] usb 4-1: Manufacturer: syz [ 67.505082][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.520750][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.525695][ T5855] usb 4-1: config 0 descriptor?? [ 67.620627][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.641385][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.719162][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.733401][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.792849][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.825790][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.878791][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.883217][ T5878] syz.2.3[5878]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 67.893595][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.921477][ T5855] rc_core: IR keymap rc-hauppauge not found [ 67.931889][ T5855] Registered IR keymap rc-empty [ 67.937858][ T5878] loop2: detected capacity change from 0 to 256 [ 67.948657][ T5855] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 67.958084][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.996943][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.015786][ T5855] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 68.075807][ T5855] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 68.124843][ T5855] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input5 [ 68.157634][ T5878] FAT-fs (loop2): Directory bread(block 64) failed [ 68.174720][ T5878] FAT-fs (loop2): Directory bread(block 65) failed [ 68.200444][ T5855] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 68.212763][ T5878] FAT-fs (loop2): Directory bread(block 66) failed [ 68.225805][ T5878] FAT-fs (loop2): Directory bread(block 67) failed [ 68.232816][ T5878] FAT-fs (loop2): Directory bread(block 68) failed [ 68.243297][ T5878] FAT-fs (loop2): Directory bread(block 69) failed [ 68.254154][ T5878] FAT-fs (loop2): Directory bread(block 70) failed [ 68.260815][ T5878] FAT-fs (loop2): Directory bread(block 71) failed [ 68.274123][ T5855] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 68.276586][ T5878] FAT-fs (loop2): Directory bread(block 72) failed [ 68.316862][ T5855] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 68.329726][ T5878] FAT-fs (loop2): Directory bread(block 73) failed [ 68.373759][ T5855] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 68.396614][ T5886] loop1: detected capacity change from 0 to 256 [ 68.424192][ T5855] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 68.427775][ T5886] ======================================================= [ 68.427775][ T5886] WARNING: The mand mount option has been deprecated and [ 68.427775][ T5886] and is ignored by this kernel. Remove the mand [ 68.427775][ T5886] option from the mount to silence this warning. [ 68.427775][ T5886] ======================================================= [ 68.478057][ T5855] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 68.522782][ T5886] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 68.540164][ T5795] Bluetooth: hci0: command tx timeout [ 68.545715][ T5795] Bluetooth: hci3: command tx timeout [ 68.548604][ T5792] Bluetooth: hci2: command tx timeout [ 68.563766][ T5855] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 68.609801][ T5792] Bluetooth: hci1: command tx timeout [ 68.615589][ T5855] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 68.663745][ T5855] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 68.696705][ T5855] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 68.706537][ T5886] loop1: detected capacity change from 256 to 0 [ 68.725096][ T5890] syz.1.5: attempt to access beyond end of device [ 68.725096][ T5890] loop1: rw=524288, sector=161, nr_sectors = 1 limit=0 [ 68.738885][ T5890] syz.1.5: attempt to access beyond end of device [ 68.738885][ T5890] loop1: rw=524288, sector=162, nr_sectors = 1 limit=0 [ 68.752745][ T5890] syz.1.5: attempt to access beyond end of device [ 68.752745][ T5890] loop1: rw=524288, sector=163, nr_sectors = 1 limit=0 [ 68.777804][ T5855] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 68.799139][ T5890] syz.1.5: attempt to access beyond end of device [ 68.799139][ T5890] loop1: rw=524288, sector=164, nr_sectors = 1 limit=0 [ 68.812723][ T5855] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 68.824228][ T5890] syz.1.5: attempt to access beyond end of device [ 68.824228][ T5890] loop1: rw=524288, sector=165, nr_sectors = 1 limit=0 [ 68.850406][ T5855] usb 4-1: USB disconnect, device number 2 [ 68.871558][ T5890] syz.1.5: attempt to access beyond end of device [ 68.871558][ T5890] loop1: rw=524288, sector=166, nr_sectors = 1 limit=0 [ 68.902792][ T5890] syz.1.5: attempt to access beyond end of device [ 68.902792][ T5890] loop1: rw=524288, sector=167, nr_sectors = 1 limit=0 [ 69.067930][ T5787] syz-executor: attempt to access beyond end of device [ 69.067930][ T5787] loop1: rw=395265, sector=0, nr_sectors = 1 limit=0 [ 69.085804][ T5787] Buffer I/O error on dev loop1, logical block 0, lost sync page write [ 69.101252][ T5883] loop0: detected capacity change from 0 to 32768 [ 69.292393][ T5883] JBD2: Ignoring recovery information on journal [ 69.398760][ T5883] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 69.573156][ T5902] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 69.784323][ T5786] ocfs2: Unmounting device (7,0) on (node local) [ 69.810225][ T5899] loop2: detected capacity change from 0 to 32768 [ 69.894886][ T5899] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.10 (5899) [ 70.606535][ T5798] Bluetooth: hci0: command tx timeout [ 70.612034][ T5798] Bluetooth: hci2: command tx timeout [ 70.617908][ T5792] Bluetooth: hci3: command tx timeout [ 70.680643][ T5906] loop3: detected capacity change from 0 to 131072 [ 70.724407][ T5906] F2FS-fs (loop3): Found nat_bits in checkpoint [ 70.776317][ T5899] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 70.803500][ T5906] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 70.856391][ T5899] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 70.884423][ T5899] BTRFS info (device loop2): metadata ratio 2 [ 70.906861][ T5899] BTRFS info (device loop2): allowing degraded mounts [ 70.908694][ T5906] F2FS-fs (loop3): lookup inode (7) has corrupted xattr [ 70.935102][ T5899] BTRFS info (device loop2): force zlib compression, level 3 [ 70.942798][ T5899] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 70.959517][ T27] audit: type=1800 audit(1752723062.664:2): pid=5906 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.13" name="file1" dev="loop3" ino=7 res=0 errno=0 [ 70.992554][ T5899] BTRFS info (device loop2): use zstd compression, level 3 [ 71.006626][ T5906] F2FS-fs (loop3): lookup inode (7) has corrupted xattr [ 71.047580][ T5899] BTRFS info (device loop2): force clearing of disk cache [ 71.060415][ T5899] BTRFS info (device loop2): max_inline at 0 [ 71.068416][ T5899] BTRFS info (device loop2): using free space tree [ 71.189345][ T5899] BTRFS info (device loop2): enabling ssd optimizations [ 71.212384][ T5899] BTRFS info (device loop2): rebuilding free space tree [ 71.358283][ T27] audit: type=1800 audit(1752723063.084:3): pid=5899 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.10" name="bus" dev="loop2" ino=263 res=0 errno=0 [ 71.508437][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.517128][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.737563][ T139] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.772829][ T5785] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 71.909408][ T139] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 72.100869][ T139] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 72.252653][ T139] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 72.865901][ T5798] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 72.876160][ T5798] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 72.884873][ T5798] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 72.899148][ T5798] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 72.914006][ T5798] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 72.923308][ T5798] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 73.303583][ T5966] only policy match revision 0 supported [ 73.303673][ T5966] unable to load match [ 73.330480][ T5964] kvm: kvm [5963]: vcpu2, guest rIP: 0x9131 Unhandled WRMSR(0x11e) = 0x0 [ 74.068443][ T5993] loop0: detected capacity change from 0 to 16 [ 74.106421][ T5993] erofs: (device loop0): mounted with root inode @ nid 36. [ 74.300890][ T5955] chnl_net:caif_netlink_parms(): no params data found [ 74.858355][ T6016] loop3: detected capacity change from 0 to 8192 [ 74.968108][ T6016] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 75.013848][ T5792] Bluetooth: hci1: command tx timeout [ 75.033800][ T6016] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal [ 75.073155][ T139] hsr_slave_0: left promiscuous mode [ 75.093411][ T6016] REISERFS (device loop3): using ordered data mode [ 75.123108][ T6016] reiserfs: using flush barriers [ 75.123656][ T139] hsr_slave_1: left promiscuous mode [ 75.151889][ T6016] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 75.173134][ T139] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 75.193292][ T139] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 75.209857][ T6016] REISERFS (device loop3): checking transaction log (loop3) [ 75.219183][ T139] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 75.263826][ T139] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 75.291446][ T139] bridge_slave_1: left allmulticast mode [ 75.314923][ T139] bridge_slave_1: left promiscuous mode [ 75.345543][ T139] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.422646][ T139] bridge_slave_0: left allmulticast mode [ 75.464998][ T139] bridge_slave_0: left promiscuous mode [ 75.471806][ T6016] REISERFS (device loop3): Using tea hash to sort names [ 75.491508][ T139] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.497889][ T6016] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 75.586749][ T139] veth1_macvtap: left promiscuous mode [ 75.586984][ T139] veth0_macvtap: left promiscuous mode [ 75.587191][ T139] veth1_vlan: left promiscuous mode [ 75.587441][ T139] veth0_vlan: left promiscuous mode [ 75.619996][ T6037] loop2: detected capacity change from 0 to 2048 [ 75.709231][ T6037] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 75.709322][ T6037] UDF-fs: Scanning with blocksize 512 failed [ 75.800124][ T6037] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 76.461010][ T6050] loop0: detected capacity change from 0 to 128 [ 76.576176][ T6050] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 76.617939][ T6050] ext4 filesystem being mounted at /17/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 76.793891][ T6050] syz.0.45 (pid 6050) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 76.934245][ T5786] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 76.958059][ T6043] loop3: detected capacity change from 0 to 32768 [ 77.074192][ T5789] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 77.093805][ T5792] Bluetooth: hci1: command tx timeout [ 77.128078][ T6056] loop0: detected capacity change from 0 to 128 [ 77.228168][ T139] team0 (unregistering): Port device team_slave_1 removed [ 77.230293][ T6043] ERROR: (device loop3): jfs_readdir: JFS:Dtree error: ino = 2, bn=44, index = 4 [ 77.230293][ T6043] [ 77.255398][ T6056] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 77.263724][ T5789] usb 3-1: Using ep0 maxpacket: 16 [ 77.287715][ T5789] usb 3-1: config 1 has an invalid descriptor of length 97, skipping remainder of the config [ 77.304981][ T5789] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 77.316792][ T6056] ext4 filesystem being mounted at /18/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 77.317500][ T5789] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 77.356522][ T5789] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 77.365648][ T139] team0 (unregistering): Port device team_slave_0 removed [ 77.397918][ T6043] ERROR: (device loop3): remounting filesystem as read-only [ 77.410791][ T5789] usb 3-1: Product: syz [ 77.416381][ T5789] usb 3-1: Manufacturer: syz [ 77.421026][ T5789] usb 3-1: SerialNumber: syz [ 77.528534][ T139] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 77.593725][ T6056] fscrypt: Adiantum using implementation "adiantum(xchacha12-simd,aes-aesni,nhpoly1305-avx2)" [ 77.638899][ T139] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 77.668249][ T5789] usb 3-1: 0:2 : does not exist [ 77.723022][ T5789] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 77.727203][ T5786] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 77.821950][ T5789] usb 3-1: USB disconnect, device number 2 [ 77.991760][ T5889] udevd[5889]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 78.508520][ T6080] loop2: detected capacity change from 0 to 512 [ 78.537653][ T6080] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 78.552413][ T6080] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 78.644344][ T6080] EXT4-fs (loop2): 1 truncate cleaned up [ 78.667696][ T6080] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 78.696389][ T139] bond0 (unregistering): Released all slaves [ 78.749338][ T6080] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2244: inode #15: comm syz.2.52: corrupted in-inode xattr: overlapping e_value [ 78.778332][ T6080] EXT4-fs warning (device loop2): ext4_xattr_set_entry:1781: inode #15: comm syz.2.52: unable to update i_inline_off [ 78.798999][ T6080] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2867: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 78.843573][ T5955] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.851365][ T5955] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.859257][ T5955] bridge_slave_0: entered allmulticast mode [ 78.866883][ T5955] bridge_slave_0: entered promiscuous mode [ 78.868604][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 78.876015][ T5955] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.892515][ T5955] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.903196][ T5955] bridge_slave_1: entered allmulticast mode [ 78.944891][ T5955] bridge_slave_1: entered promiscuous mode [ 79.167436][ T5792] Bluetooth: hci1: command tx timeout [ 79.176412][ T5955] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.227796][ T5955] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.318595][ T5955] team0: Port device team_slave_0 added [ 79.358465][ T5955] team0: Port device team_slave_1 added [ 79.450915][ T5955] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.459315][ T5955] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.503659][ T5955] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.554703][ T5955] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.600842][ T5955] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.671080][ T5955] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.787390][ T6100] pim6reg1: entered promiscuous mode [ 79.792755][ T6100] pim6reg1: entered allmulticast mode [ 79.850764][ T5955] hsr_slave_0: entered promiscuous mode [ 79.873363][ T5955] hsr_slave_1: entered promiscuous mode [ 79.879789][ T5955] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 79.898291][ T5955] Cannot create hsr debugfs directory [ 80.217637][ T6095] loop2: detected capacity change from 0 to 40427 [ 80.236219][ T6095] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 80.274851][ T6095] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 80.324683][ T6095] F2FS-fs (loop2): Found nat_bits in checkpoint [ 80.485607][ T6095] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 80.492799][ T6095] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 80.767437][ T5955] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 80.801312][ T5955] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 80.856736][ T5955] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 80.888932][ T5955] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 81.195801][ T5955] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.243881][ T5792] Bluetooth: hci1: command tx timeout [ 81.273375][ T5955] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.362853][ T139] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.370059][ T139] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.390088][ T139] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.397273][ T139] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.745349][ T55] cfg80211: failed to load regulatory.db [ 81.998722][ T6176] loop2: detected capacity change from 0 to 512 [ 82.000619][ T5955] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.035012][ T6176] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 82.138343][ T6176] EXT4-fs error (device loop2): ext4_validate_block_bitmap:430: comm syz.2.69: bg 0: block 104: invalid block bitmap [ 82.211252][ T6176] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6642: Corrupt filesystem [ 82.238857][ T6176] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.69: invalid indirect mapped block 1 (level 1) [ 82.283301][ T6176] EXT4-fs (loop2): 1 truncate cleaned up [ 82.303061][ T6176] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 82.591101][ T6180] loop3: detected capacity change from 0 to 32768 [ 82.728957][ T6180] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 82.739002][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 82.908882][ T6180] XFS (loop3): Ending clean mount [ 83.011072][ T6180] XFS (loop3): Quotacheck needed: Please wait. [ 83.193412][ T6180] XFS (loop3): Quotacheck: Done. [ 83.353730][ T27] audit: type=1800 audit(1752723075.084:4): pid=6180 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.71" name="file1" dev="loop3" ino=4422 res=0 errno=0 [ 83.379115][ T27] audit: type=1800 audit(1752723075.094:5): pid=6180 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.71" name="file1" dev="loop3" ino=4422 res=0 errno=0 [ 83.772754][ T5788] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 84.125913][ T6211] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 84.345304][ T6214] loop3: detected capacity change from 0 to 128 [ 84.387530][ T6214] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 84.412885][ T6214] ext4 filesystem being mounted at /18/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 84.503897][ T5788] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 84.978157][ T6222] syz.3.78 uses obsolete (PF_INET,SOCK_PACKET) [ 85.481348][ T6233] loop2: detected capacity change from 0 to 1024 [ 85.521958][ T6233] EXT4-fs: Ignoring removed orlov option [ 85.556039][ T6233] EXT4-fs: Ignoring removed nomblk_io_submit option [ 85.564512][ T5955] veth0_vlan: entered promiscuous mode [ 85.621062][ T5955] veth1_vlan: entered promiscuous mode [ 85.657514][ T6239] loop3: detected capacity change from 0 to 128 [ 85.671199][ T6233] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 85.705714][ T5955] veth0_macvtap: entered promiscuous mode [ 85.716722][ T5955] veth1_macvtap: entered promiscuous mode [ 85.736705][ T5955] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.747219][ T5955] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.757210][ T5955] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.768001][ T5955] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.778772][ T5955] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.801142][ T5955] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.833042][ T5955] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.879565][ T5955] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.916411][ T5955] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.944073][ T5955] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.963942][ T5955] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.987999][ T5955] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.016721][ T5955] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.046443][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 86.055270][ T5955] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.070783][ T5955] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.084888][ T5955] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.103341][ T5955] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.122463][ T5955] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.408755][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.424474][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.468072][ T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.479269][ T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.603853][ T5789] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 86.672083][ T41] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.833872][ T5789] usb 3-1: Using ep0 maxpacket: 16 [ 86.845254][ T5789] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 86.859058][ T41] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.874685][ T5789] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 86.904039][ T5789] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 86.937625][ T5789] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 86.977199][ T5789] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 87.041233][ T5789] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 87.053197][ T41] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.067026][ T5789] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 87.077758][ T5789] usb 3-1: Manufacturer: syz [ 87.099831][ T5789] usb 3-1: config 0 descriptor?? [ 87.207739][ T41] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.251728][ T6258] loop4: detected capacity change from 0 to 32768 [ 87.388606][ T6258] ocfs2: Mounting device (7,4) on (node local, slot 0) with writeback data mode. [ 87.534387][ T27] audit: type=1800 audit(1752723079.264:6): pid=6258 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.20" name="file1" dev="loop4" ino=17058 res=0 errno=0 [ 87.605145][ T5789] rc_core: IR keymap rc-hauppauge not found [ 87.609862][ T27] audit: type=1800 audit(1752723079.324:7): pid=6258 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.20" name="file1" dev="loop4" ino=17058 res=0 errno=0 [ 87.612385][ T5789] Registered IR keymap rc-empty [ 87.713941][ T5789] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 87.784244][ T5789] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 87.839075][ T5789] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 87.906104][ T5789] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input6 [ 87.945657][ T5798] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 87.964651][ T5798] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 87.989372][ T6258] syz.4.20 (6258) used greatest stack depth: 18288 bytes left [ 87.997423][ T5798] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 88.031765][ T5789] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 88.074925][ T5798] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 88.086036][ T5798] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 88.093970][ T5798] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 88.141466][ T5789] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 88.182686][ T5789] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 88.208736][ T5955] (syz-executor,5955,1):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 76 [ 88.224072][ T5789] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 88.256602][ T5789] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 88.266159][ T5955] ocfs2: Unmounting device (7,4) on (node local) [ 88.333822][ T5789] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 88.363921][ T5789] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 88.398172][ T5789] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 88.438706][ T5789] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 88.483959][ T5789] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 88.552433][ T5789] mceusb 3-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 88.576004][ T5789] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 88.641171][ T5789] usb 3-1: USB disconnect, device number 3 [ 88.869424][ T6301] block nbd0: shutting down sockets [ 89.252294][ T6281] chnl_net:caif_netlink_parms(): no params data found [ 89.327653][ T6314] vcan0: tx drop: invalid sa for name 0x0000000000000001 [ 89.724926][ T6281] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.758298][ T6281] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.780157][ T6281] bridge_slave_0: entered allmulticast mode [ 89.794431][ T6281] bridge_slave_0: entered promiscuous mode [ 89.840315][ T6281] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.852635][ T6281] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.861876][ T6281] bridge_slave_1: entered allmulticast mode [ 89.889855][ T6281] bridge_slave_1: entered promiscuous mode [ 89.967736][ T6306] loop2: detected capacity change from 0 to 32768 [ 90.081700][ T6306] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 90.121006][ T6281] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.124460][ T5792] Bluetooth: hci3: command tx timeout [ 90.146106][ T41] hsr_slave_0: left promiscuous mode [ 90.152433][ T41] hsr_slave_1: left promiscuous mode [ 90.160426][ T788] kernel read not supported for file /newroot/40 (pid: 788 comm: kworker/1:2) [ 90.189448][ T41] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 90.204109][ T41] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 90.219541][ T41] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 90.228170][ T41] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 90.236952][ T41] bridge_slave_1: left allmulticast mode [ 90.242885][ T41] bridge_slave_1: left promiscuous mode [ 90.249937][ T41] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.263429][ T41] bridge_slave_0: left allmulticast mode [ 90.269454][ T41] bridge_slave_0: left promiscuous mode [ 90.282445][ T6306] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 90.294189][ T41] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.324693][ T6306] XFS (loop2): Starting recovery (logdev: internal) [ 90.333506][ T41] veth1_macvtap: left promiscuous mode [ 90.339831][ T41] veth0_macvtap: left promiscuous mode [ 90.345928][ T41] veth1_vlan: left promiscuous mode [ 90.350860][ T6306] XFS (loop2): Ending recovery (logdev: internal) [ 90.351283][ T41] veth0_vlan: left promiscuous mode [ 90.537274][ T5785] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 91.309107][ T41] team0 (unregistering): Port device team_slave_1 removed [ 91.357241][ T41] team0 (unregistering): Port device team_slave_0 removed [ 91.431888][ T41] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 91.479544][ T41] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 91.877153][ T41] bond0 (unregistering): Released all slaves [ 91.945412][ T6281] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.036523][ T6359] netlink: 8 bytes leftover after parsing attributes in process `syz.0.103'. [ 92.086206][ T6281] team0: Port device team_slave_0 added [ 92.107408][ T6281] team0: Port device team_slave_1 added [ 92.215391][ T5792] Bluetooth: hci3: command tx timeout [ 92.314460][ T6281] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.334234][ T6281] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.361251][ T6281] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.394329][ T6281] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.414087][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 92.430252][ T6281] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.513994][ T6281] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.823519][ T6281] hsr_slave_0: entered promiscuous mode [ 92.837493][ T6281] hsr_slave_1: entered promiscuous mode [ 92.848951][ T6281] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 92.870512][ T6281] Cannot create hsr debugfs directory [ 93.663102][ T6281] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 93.676409][ T6281] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 93.689306][ T6281] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 93.753928][ T42] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 93.756922][ T6281] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 93.965154][ T42] usb 3-1: Using ep0 maxpacket: 32 [ 94.000154][ T42] usb 3-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 94.036170][ T42] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 94.053275][ T6281] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.072815][ T42] usb 3-1: config 0 descriptor?? [ 94.103151][ T42] gspca_main: sunplus-2.14.0 probing 041e:400b [ 94.135750][ T6281] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.182670][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.189887][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.246930][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.254168][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.283788][ T5792] Bluetooth: hci3: command tx timeout [ 94.957024][ T6281] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.971367][ T6427] loop4: detected capacity change from 0 to 512 [ 95.130492][ T6427] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a802c01c, mo2=0002] [ 95.199893][ T6427] System zones: 0-2, 18-18, 34-35 [ 95.287581][ T6427] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 95.349166][ T6427] ext4 filesystem being mounted at /11/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 95.570105][ T6416] loop0: detected capacity change from 0 to 32768 [ 95.583321][ T42] gspca_sunplus: reg_w_riv err -71 [ 95.598199][ T42] sunplus: probe of 3-1:0.0 failed with error -71 [ 95.641299][ T42] usb 3-1: USB disconnect, device number 4 [ 95.664028][ T6416] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 95.737096][ T27] audit: type=1800 audit(1752723087.474:8): pid=6427 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.115" name="bus" dev="overlay" ino=15 res=0 errno=0 [ 95.837759][ T6281] veth0_vlan: entered promiscuous mode [ 95.875350][ T6281] veth1_vlan: entered promiscuous mode [ 95.933803][ T6416] XFS (loop0): Ending clean mount [ 95.979777][ T6416] XFS (loop0): Quotacheck needed: Please wait. [ 95.993186][ T6281] veth0_macvtap: entered promiscuous mode [ 96.011067][ T5955] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 96.016323][ T6281] veth1_macvtap: entered promiscuous mode [ 96.066387][ T6416] XFS (loop0): Quotacheck: Done. [ 96.104088][ T6281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.140002][ T6281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.188339][ T6281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.229426][ T6281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.283826][ T6281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.313684][ T6281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.332178][ T6416] XFS (loop0): User initiated shutdown received. [ 96.345568][ T6281] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.356396][ T6416] XFS (loop0): Log I/O Error (0x6) detected at xfs_fs_goingdown+0x71/0x150 (fs/xfs/xfs_fsops.c:501). Shutting down filesystem. [ 96.365293][ T5792] Bluetooth: hci3: command tx timeout [ 96.418607][ T6281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 96.445224][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 96.479337][ T6416] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 96.492929][ T6281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.555920][ T6281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 96.588522][ T6281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.619565][ T6281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 96.655506][ T6281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.673275][ T5786] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 96.674855][ T6281] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.726424][ T6281] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.750554][ T6281] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.778341][ T6281] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.824446][ T6281] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.047327][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 97.172527][ T41] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.203648][ T41] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.335882][ T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.379583][ T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.514046][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 97.683960][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 97.724914][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 97.733166][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 97.942577][ T6486] netlink: 4 bytes leftover after parsing attributes in process `syz.0.123'. [ 97.974031][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.802709][ T6503] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 99.054410][ T6492] loop5: detected capacity change from 0 to 32768 [ 99.094746][ T6492] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 scanned by syz.5.125 (6492) [ 99.152804][ T6492] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 99.188483][ T6492] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm [ 99.223926][ T6492] BTRFS info (device loop5): using free space tree [ 99.580003][ T6492] BTRFS info (device loop5): enabling ssd optimizations [ 99.589874][ T6492] BTRFS info (device loop5): auto enabling async discard [ 99.862142][ T6281] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 100.092949][ T5889] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 9 /dev/loop5 scanned by udevd (5889) [ 100.365748][ T6562] netlink: 8 bytes leftover after parsing attributes in process `syz.4.137'. [ 101.096715][ T6582] loop2: detected capacity change from 0 to 64 [ 101.153387][ T6582] hfs: unable to locate alternate MDB [ 101.184777][ T6582] hfs: continuing without an alternate MDB [ 101.222271][ T6582] hfs: filesystem was not cleanly unmounted, running fsck.hfs is recommended. mounting read-only. [ 101.533729][ T23] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 101.567545][ T27] audit: type=1326 audit(1752723093.304:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6597 comm="syz.5.150" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb65b58e929 code=0x0 [ 101.724424][ T23] usb 1-1: Using ep0 maxpacket: 16 [ 101.732933][ T23] usb 1-1: config 0 has no interfaces? [ 101.748189][ T23] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 101.761145][ T23] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 101.773178][ T23] usb 1-1: Manufacturer: syz [ 101.781965][ T23] usb 1-1: config 0 descriptor?? [ 102.035086][ T788] usb 1-1: USB disconnect, device number 2 [ 102.404726][ T6630] netlink: 'syz.2.155': attribute type 1 has an invalid length. [ 102.407790][ T6634] capability: warning: `syz.4.156' uses deprecated v2 capabilities in a way that may be insecure [ 102.431253][ T6630] netlink: 'syz.2.155': attribute type 4 has an invalid length. [ 102.461667][ T6630] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.155'. [ 102.640211][ T6640] netlink: 8 bytes leftover after parsing attributes in process `syz.5.157'. [ 102.676366][ T6644] loop0: detected capacity change from 0 to 64 [ 102.724071][ T6642] netlink: 44 bytes leftover after parsing attributes in process `syz.2.158'. [ 103.248804][ T6663] Bluetooth: MGMT ver 1.22 [ 103.283785][ T6663] Bluetooth: hci0: unsupported parameter 32767 [ 103.289994][ T6663] Bluetooth: hci0: invalid len left 3, exp >= 173 [ 103.722393][ T6685] netlink: 156 bytes leftover after parsing attributes in process `syz.0.171'. [ 103.931776][ T6694] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 104.372278][ T6707] netlink: 'syz.2.177': attribute type 1 has an invalid length. [ 104.583258][ T6695] loop0: detected capacity change from 0 to 32768 [ 104.614667][ T6710] bond1: (slave bridge1): making interface the new active one [ 104.633165][ T6714] Zero length message leads to an empty skb [ 104.644464][ T6710] bond1: (slave bridge1): Enslaving as an active interface with an up link [ 104.692137][ T6695] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode. [ 104.853925][ T6721] [ 104.856305][ T6721] ====================================================== [ 104.863411][ T6721] WARNING: possible circular locking dependency detected [ 104.870438][ T6721] 6.6.98-syzkaller #0 Not tainted [ 104.875474][ T6721] ------------------------------------------------------ [ 104.882478][ T6721] syz.0.174/6721 is trying to acquire lock: [ 104.888356][ T6721] ffff88805f4614a0 (&ocfs2_file_ip_alloc_sem_key){++++}-{3:3}, at: ocfs2_try_remove_refcount_tree+0xb7/0x320 [ 104.899932][ T6721] [ 104.899932][ T6721] but task is already holding lock: [ 104.907370][ T6721] ffff88805f461538 (&oi->ip_xattr_sem){++++}-{3:3}, at: ocfs2_try_remove_refcount_tree+0xa5/0x320 [ 104.917996][ T6721] [ 104.917996][ T6721] which lock already depends on the new lock. [ 104.917996][ T6721] [ 104.928382][ T6721] [ 104.928382][ T6721] the existing dependency chain (in reverse order) is: [ 104.937377][ T6721] [ 104.937377][ T6721] -> #4 (&oi->ip_xattr_sem){++++}-{3:3}: [ 104.945193][ T6721] down_read+0x46/0x2e0 [ 104.949860][ T6721] ocfs2_init_acl+0x2fa/0x720 [ 104.955048][ T6721] ocfs2_mknod+0x12e5/0x20f0 [ 104.960154][ T6721] ocfs2_create+0x196/0x410 [ 104.965178][ T6721] path_openat+0x1277/0x3190 [ 104.970290][ T6721] do_filp_open+0x1c5/0x3d0 [ 104.975308][ T6721] do_sys_openat2+0x12c/0x1c0 [ 104.980504][ T6721] __x64_sys_openat+0x139/0x160 [ 104.985874][ T6721] do_syscall_64+0x55/0xb0 [ 104.990801][ T6721] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 104.997212][ T6721] [ 104.997212][ T6721] -> #3 (jbd2_handle){++++}-{0:0}: [ 105.004585][ T6721] start_this_handle+0x1e9d/0x20c0 [ 105.010211][ T6721] jbd2__journal_start+0x2bb/0x5b0 [ 105.015830][ T6721] jbd2_journal_start+0x2a/0x40 [ 105.021194][ T6721] ocfs2_start_trans+0x376/0x6c0 [ 105.026643][ T6721] ocfs2_mknod+0xe47/0x20f0 [ 105.031690][ T6721] ocfs2_create+0x196/0x410 [ 105.036736][ T6721] path_openat+0x1277/0x3190 [ 105.041857][ T6721] do_filp_open+0x1c5/0x3d0 [ 105.046883][ T6721] do_sys_openat2+0x12c/0x1c0 [ 105.052076][ T6721] __x64_sys_openat+0x139/0x160 [ 105.057447][ T6721] do_syscall_64+0x55/0xb0 [ 105.062376][ T6721] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 105.068786][ T6721] [ 105.068786][ T6721] -> #2 (&journal->j_trans_barrier){.+.+}-{3:3}: [ 105.077297][ T6721] down_read+0x46/0x2e0 [ 105.081969][ T6721] ocfs2_start_trans+0x36a/0x6c0 [ 105.087454][ T6721] ocfs2_mknod+0xe47/0x20f0 [ 105.092562][ T6721] ocfs2_create+0x196/0x410 [ 105.097595][ T6721] path_openat+0x1277/0x3190 [ 105.102719][ T6721] do_filp_open+0x1c5/0x3d0 [ 105.107741][ T6721] do_sys_openat2+0x12c/0x1c0 [ 105.112951][ T6721] __x64_sys_openat+0x139/0x160 [ 105.118344][ T6721] do_syscall_64+0x55/0xb0 [ 105.123275][ T6721] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 105.129679][ T6721] [ 105.129679][ T6721] -> #1 (sb_internal#2){.+.+}-{0:0}: [ 105.137155][ T6721] ocfs2_start_trans+0x26b/0x6c0 [ 105.142606][ T6721] ocfs2_truncate_file+0x611/0x13a0 [ 105.148320][ T6721] ocfs2_setattr+0x150d/0x1b20 [ 105.153600][ T6721] notify_change+0xb0d/0xe10 [ 105.158716][ T6721] do_truncate+0x19b/0x220 [ 105.163653][ T6721] path_openat+0x298c/0x3190 [ 105.168765][ T6721] do_filp_open+0x1c5/0x3d0 [ 105.173787][ T6721] do_sys_openat2+0x12c/0x1c0 [ 105.178985][ T6721] __x64_sys_open+0x11f/0x140 [ 105.184189][ T6721] do_syscall_64+0x55/0xb0 [ 105.189117][ T6721] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 105.195724][ T6721] [ 105.195724][ T6721] -> #0 (&ocfs2_file_ip_alloc_sem_key){++++}-{3:3}: [ 105.204491][ T6721] __lock_acquire+0x2ddb/0x7c80 [ 105.209876][ T6721] lock_acquire+0x197/0x410 [ 105.214888][ T6721] down_write+0x97/0x1f0 [ 105.219647][ T6721] ocfs2_try_remove_refcount_tree+0xb7/0x320 [ 105.226676][ T6721] ocfs2_truncate_file+0xd84/0x13a0 [ 105.232415][ T6721] ocfs2_setattr+0x150d/0x1b20 [ 105.237699][ T6721] notify_change+0xb0d/0xe10 [ 105.242810][ T6721] do_truncate+0x19b/0x220 [ 105.247746][ T6721] path_openat+0x298c/0x3190 [ 105.253369][ T6721] do_filp_open+0x1c5/0x3d0 [ 105.258384][ T6721] do_sys_openat2+0x12c/0x1c0 [ 105.264010][ T6721] __x64_sys_open+0x11f/0x140 [ 105.269199][ T6721] do_syscall_64+0x55/0xb0 [ 105.274150][ T6721] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 105.280626][ T6721] [ 105.280626][ T6721] other info that might help us debug this: [ 105.280626][ T6721] [ 105.290868][ T6721] Chain exists of: [ 105.290868][ T6721] &ocfs2_file_ip_alloc_sem_key --> jbd2_handle --> &oi->ip_xattr_sem [ 105.290868][ T6721] [ 105.304868][ T6721] Possible unsafe locking scenario: [ 105.304868][ T6721] [ 105.312326][ T6721] CPU0 CPU1 [ 105.317682][ T6721] ---- ---- [ 105.323034][ T6721] lock(&oi->ip_xattr_sem); [ 105.327621][ T6721] lock(jbd2_handle); [ 105.334215][ T6721] lock(&oi->ip_xattr_sem); [ 105.341325][ T6721] lock(&ocfs2_file_ip_alloc_sem_key); [ 105.347017][ T6721] [ 105.347017][ T6721] *** DEADLOCK *** [ 105.347017][ T6721] [ 105.355166][ T6721] 3 locks held by syz.0.174/6721: [ 105.360176][ T6721] #0: ffff88802bc8e418 (sb_writers#15){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 105.369403][ T6721] #1: ffff88805f461818 (&sb->s_type->i_mutex_key#22){+.+.}-{3:3}, at: do_truncate+0x187/0x220 [ 105.379753][ T6721] #2: ffff88805f461538 (&oi->ip_xattr_sem){++++}-{3:3}, at: ocfs2_try_remove_refcount_tree+0xa5/0x320 [ 105.390895][ T6721] [ 105.390895][ T6721] stack backtrace: [ 105.396782][ T6721] CPU: 0 PID: 6721 Comm: syz.0.174 Not tainted 6.6.98-syzkaller #0 [ 105.404663][ T6721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 105.414738][ T6721] Call Trace: [ 105.418024][ T6721] [ 105.421048][ T6721] dump_stack_lvl+0x16c/0x230 [ 105.425732][ T6721] ? load_image+0x3b0/0x3b0 [ 105.430239][ T6721] ? show_regs_print_info+0x20/0x20 [ 105.435463][ T6721] ? print_circular_bug+0x12b/0x1a0 [ 105.440679][ T6721] check_noncircular+0x2bd/0x3c0 [ 105.445623][ T6721] ? print_deadlock_bug+0x5d0/0x5d0 [ 105.451359][ T6721] ? lockdep_lock+0xe0/0x220 [ 105.455973][ T6721] ? lockdep_unlock+0x137/0x2d0 [ 105.460837][ T6721] ? _find_first_zero_bit+0xd3/0x100 [ 105.466128][ T6721] __lock_acquire+0x2ddb/0x7c80 [ 105.470997][ T6721] ? verify_lock_unused+0x140/0x140 [ 105.476202][ T6721] lock_acquire+0x197/0x410 [ 105.480704][ T6721] ? ocfs2_try_remove_refcount_tree+0xb7/0x320 [ 105.486855][ T6721] ? __might_sleep+0xe0/0xe0 [ 105.491446][ T6721] ? read_lock_is_recursive+0x20/0x20 [ 105.496817][ T6721] down_write+0x97/0x1f0 [ 105.501049][ T6721] ? ocfs2_try_remove_refcount_tree+0xb7/0x320 [ 105.507207][ T6721] ? down_read_killable+0x340/0x340 [ 105.512411][ T6721] ? ocfs2_truncate_file+0xcaa/0x13a0 [ 105.517792][ T6721] ? __lock_acquire+0x7c80/0x7c80 [ 105.522815][ T6721] ocfs2_try_remove_refcount_tree+0xb7/0x320 [ 105.528801][ T6721] ? ocfs2_remove_refcount_tree+0xd50/0xd50 [ 105.534690][ T6721] ? up_write+0x1c3/0x410 [ 105.539012][ T6721] ocfs2_truncate_file+0xd84/0x13a0 [ 105.544209][ T6721] ? ocfs2_inode_lock_tracker+0x3ec/0x660 [ 105.549924][ T6721] ? ocfs2_simple_size_update+0x470/0x470 [ 105.555644][ T6721] ? do_raw_spin_unlock+0x121/0x230 [ 105.560833][ T6721] ? _raw_spin_unlock+0x28/0x40 [ 105.565674][ T6721] ? ocfs2_inode_lock_tracker+0x3ec/0x660 [ 105.571393][ T6721] ? ocfs2_inode_lock_atime+0x4e0/0x4e0 [ 105.576933][ T6721] ? ocfs2_rw_lock+0x138/0x240 [ 105.581705][ T6721] ? dquot_initialize+0x20/0x20 [ 105.586585][ T6721] ? ocfs2_create_new_inode_locks+0x640/0x640 [ 105.592646][ T6721] ? setattr_prepare+0x1e6/0xac0 [ 105.597580][ T6721] ? inode_newsize_ok+0x116/0x1b0 [ 105.602601][ T6721] ocfs2_setattr+0x150d/0x1b20 [ 105.607894][ T6721] ? ocfs2_extend_allocation+0x1760/0x1760 [ 105.613696][ T6721] ? ktime_get_coarse_real_ts64+0x3a/0x120 [ 105.619500][ T6721] ? seqcount_lockdep_reader_access+0x176/0x1c0 [ 105.625735][ T6721] ? ktime_get_coarse_real_ts64+0x110/0x120 [ 105.631625][ T6721] ? current_time+0x18e/0x270 [ 105.636292][ T6721] ? inode_set_ctime_current+0x2d0/0x2d0 [ 105.641916][ T6721] ? evm_inode_setattr+0x94/0x6a0 [ 105.646929][ T6721] ? bpf_lsm_inode_setattr+0x9/0x10 [ 105.652116][ T6721] ? try_break_deleg+0x79/0x120 [ 105.656962][ T6721] ? ocfs2_extend_allocation+0x1760/0x1760 [ 105.662766][ T6721] notify_change+0xb0d/0xe10 [ 105.667354][ T6721] do_truncate+0x19b/0x220 [ 105.671767][ T6721] ? put_page_bootmem+0x2c0/0x2c0 [ 105.676780][ T6721] ? apparmor_file_truncate+0x23f/0x2d0 [ 105.682318][ T6721] ? ima_bprm_check+0x1f0/0x1f0 [ 105.687161][ T6721] path_openat+0x298c/0x3190 [ 105.691756][ T6721] ? do_filp_open+0x3d0/0x3d0 [ 105.696427][ T6721] do_filp_open+0x1c5/0x3d0 [ 105.700919][ T6721] ? vfs_tmpfile+0x490/0x490 [ 105.705504][ T6721] ? _raw_spin_unlock+0x28/0x40 [ 105.710346][ T6721] ? alloc_fd+0x58f/0x630 [ 105.714670][ T6721] do_sys_openat2+0x12c/0x1c0 [ 105.719340][ T6721] ? do_sys_open+0xe0/0xe0 [ 105.723749][ T6721] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 105.729718][ T6721] ? lock_chain_count+0x20/0x20 [ 105.734559][ T6721] ? lock_chain_count+0x20/0x20 [ 105.739398][ T6721] __x64_sys_open+0x11f/0x140 [ 105.744067][ T6721] do_syscall_64+0x55/0xb0 [ 105.748475][ T6721] ? clear_bhb_loop+0x40/0x90 [ 105.753146][ T6721] ? clear_bhb_loop+0x40/0x90 [ 105.757821][ T6721] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 105.763710][ T6721] RIP: 0033:0x7fdd8238e929 [ 105.768133][ T6721] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 105.787741][ T6721] RSP: 002b:00007fdd8311e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 105.796147][ T6721] RAX: ffffffffffffffda RBX: 00007fdd825b6080 RCX: 00007fdd8238e929 [ 105.804111][ T6721] RDX: 00000000000000a0 RSI: 000000000014927e RDI: 0000200000000180 [ 105.812069][ T6721] RBP: 00007fdd82410ca1 R08: 0000000000000000 R09: 0000000000000000 [ 105.820028][ T6721] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 105.827989][ T6721] R13: 0000000000000001 R14: 00007fdd825b6080 R15: 00007fff7f6bb748 [ 105.835954][ T6721] [ 105.861037][ T5792] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 105.862896][ T6724] netlink: 12 bytes leftover after parsing attributes in process `syz.4.181'. [ 105.869507][ T5792] Bluetooth: hci2: Injecting HCI hardware error event [ 105.888062][ T5792] Bluetooth: hci2: hardware error 0x00 [ 105.912302][ T6724] netlink: 'syz.4.181': attribute type 20 has an invalid length. [ 105.969173][ T6724] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 105.978097][ T6724] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 105.986854][ T6724] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 105.995569][ T6724] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 106.024986][ T6724] netlink: 12 bytes leftover after parsing attributes in process `syz.4.181'. [ 106.033990][ T6724] netlink: 'syz.4.181': attribute type 20 has an invalid length. [ 106.131061][ T5786] ocfs2: Unmounting device (7,0) on (node local) [ 107.974864][ T5792] Bluetooth: hci2: Opcode 0x0c03 failed: -110