last executing test programs: 38.826401078s ago: executing program 1 (id=238): r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000440)="ad56b287db1e57f7b0a3db92ea364143eaba7ec841abb59b14a95608c8d4a138a13c033c2f1719b6a8f809786681fff5a7056d67175c055a0e530b86856891893ab2f7aab7d7604999dcecbbe37259d90a6e0b077196638ccd1b3eb39021d7d612191e74870cb7ae885248d8a4b4726b245676527a735feab1ddd2e7dd448ed30760fc64777bb7c1a160fa79dbfad6886a782759533d622832", 0x99) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c6261636b67726f756e645f67633d6f6e2c6e6f757365725f78617474722c6e6f71756f74612c64697361626c655f726f6c6c5f666f72776172642c67635f6d657267652c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c757365725f78617474722c6673796e635f6d6f64653d7374726963742c646973636172645f756e69743d73656374696f6e2c636865636b706f696e743d64697361626c652c6e6f696e6c696e655f64656e7472792c00ec6da92d1c80a6c720380e3c2c55bf27596d2776ce408c4bb19b149757508e1c7e919c6c2047023baa412d14fa75c8cac6e5f103e13ea52708af0a7c5da8af4ecb6612"], 0x2, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S") bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x5, 0x0, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/crash_elfcorehdr_size', 0x800, 0x11) ioctl$SW_SYNC_IOC_INC(r2, 0x40045701, &(0x7f0000000200)=0x8) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0) ioctl$F2FS_IOC_SET_PIN_FILE(r4, 0x4004f50d, &(0x7f0000000180)=0xfffffff9) ioctl$FS_IOC_RESVSP(r4, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000003}) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r5, 0x40305829, &(0x7f0000000240)={0x17c04, 0xffffffffffffffff, 0x4ffa1, 0x100000001}) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000500)={0x53, 0xffffffffffffffff, 0x3c, 0x40, @buffer={0x0, 0x24, &(0x7f0000000340)=""/36}, &(0x7f0000000040)="3a1dd60a04000421001f6be54d61fe82c859d8cf9278395dfe1be91a7c0d983767de1448967104534ec7c4390737dc712569227f7093a60aa7328cf6", 0x0, 0x4, 0x0, 0x2, 0x0}) 34.135769782s ago: executing program 1 (id=246): r0 = socket$kcm(0x10, 0x2, 0x10) bpf$TOKEN_CREATE(0x24, 0x0, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x1000, 0x2}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$VIDIOC_S_SELECTION(0xffffffffffffffff, 0xc0405668, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000014c0)=[@text64={0x40, 0x0}], 0x1, 0x43, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) bpf$ITER_CREATE(0x21, &(0x7f0000000140), 0x8) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newtaction={0x48, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x34, 0x1, [@m_sample={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x4, {0x3}}}}]}]}, 0x48}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003f000b05d25a806c8c6394f90324fc60100002000a000300053582c137153e3704020180fc0b09000c00", 0x33fe0}], 0x1}, 0x0) 30.353393329s ago: executing program 4 (id=250): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) openat$nvme_fabrics(0xffffffffffffff9c, 0x0, 0x315500, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0xffffffb3, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8) ftruncate(0xffffffffffffffff, 0x0) syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fffffff, 0x2) r3 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r3, 0xc0205648, &(0x7f00000001c0)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0xf0f041, 0x0, '\x00', @ptr}}) r4 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r4, &(0x7f00000000c0)={0x1d, 0x0, 0x0, {}, 0x1}, 0x18) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x4000c00) close_range(r2, 0xffffffffffffffff, 0x0) 28.307934908s ago: executing program 0 (id=253): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r1 = getpid() prlimit64(r1, 0x3, 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) syz_open_dev$radio(0x0, 0x1, 0x2) socket$nl_route(0x10, 0x3, 0x0) r2 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x589001, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) init_module(&(0x7f0000001140)={{0x7f, 0x45, 0x4c, 0x46, 0x4, 0x8, 0xc, 0x5, 0x8, 0x2, 0x6, 0x2b, 0x94, 0x40, 0x293, 0xfffff001, 0x1, 0x38, 0x3, 0xf000, 0x4, 0x4}, [{0x6, 0xfffffffa, 0x4, 0x5, 0x5, 0x1, 0x2, 0x5}, {0x2, 0x7fff, 0xffffffffffffffff, 0x0, 0x1, 0xf81, 0x8, 0x5}, {0x1, 0x5615, 0x0, 0xa, 0x401, 0x6, 0x0, 0x81}], "a69ab30406d816cbca972ecc145a6630b24219f7f1ffb35314ea437ab12be71ada432af3b87a7cd2244d5777c7b37cb7c972b9fe273397f8451c2908087c5407c1414393c91b7f00f2631302e172be08edbd291ccfababd6051213659bae9c6487f376bc8cce", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x94e, 0x0) ptrace$ARCH_SHSTK_UNLOCK(0x1e, 0x0, 0x2, 0x5004) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) signalfd4(0xffffffffffffffff, &(0x7f00000003c0)={[0x1fffffffff]}, 0x8, 0x0) r3 = syz_io_uring_setup(0x30a7, 0x0, 0x0, &(0x7f0000000200)) io_uring_enter(r3, 0x2def, 0x9566, 0x0, 0x0, 0x0) unshare(0x24020400) ioctl$FBIOPUT_VSCREENINFO(r2, 0x4601, 0x0) syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x800, &(0x7f0000000180)=ANY=[@ANYBLOB='iocharset=cp869,umask=00000000000000000000005,namecase=1,uid=', @ANYRESHEX=0x0, @ANYBLOB="2c666d61736b3d30303030303030303030303030303030303030303235332c646973636172642c666d61736b3d30303030303030303030303030303030303030303032362c757466382c756d61736b3d30303030303030303030303030303030303030303030362c616c6c6f775f7574696d653d303030303030303030b0303030303030303134373037302c00"], 0x1, 0x1528, &(0x7f00000037c0)="$eJzs3AuYT9X6OPD3XWvtMSS+TXIZ1lrv5ptclkmSXJLkkiRJkuSWkDTJkYTEEJI0JCG5DEkMIblMTBr3+/2SkCRNkoTklqz/M+FxOnX+p/M7/XKe37yf59mP9X73ftd+9/f9XvbeZubbrkNrNaldvRERwX8EL/yTBACxADAQAPICQAAA5ePKx2Wtzykx6T/bCftzPZh6pStgVxL3P3vj/mdv3P/sjfufvXH/szfuf/bG/c/euP+MZWebphW6hpfsu/D9/+yMv///D8ksM/bLNWWu6wYQ80dTuP/ZG/f//6zgj2zE/c/euP/ZVeyVLoD9F+D3f3aQ45+u4f5nb9x/xrKzK33/+UovEPkvew6O5LzQmL/q+BljjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMsb/AaX+ZAoBL4ytdF2OMMcYYY4wxxv48PseVroAxxhhjjDHGGGP/+xAESFAQQAzkgFjICblAAMDVkAfyQgSugTi4FvLBdZAfCkBBKATxUBiKgAYDFghCKArFIArXQ3G4AUpASSgFpcFBGUiAG6Es3ATl4GYoD7dABbgVKkIlqAxV4DaoCrdDNbgDqsOdUANqQi2oDXdBHbgb6sI9UA/uhfpwHzSA+6EhPACN4EFoDA9BE3gYmsIj0AyaQwtoCa3+R/nPQ094AXpBb0iCPtAXXoR+0B8GwEswEF6GQfAKDIZXIRmGwFB4DYbB6zAc3oARMBJGwZswGt6CMTAWxsF4SIEJMBHehknwDkyGd2EKTIVUmAbT4T2YATNhFrwPs+EDmANzYR7MhzT4EBbAQkiHj2ARfAwZsBiWwFJYBsthBayEVbAa1sBaWAfrYQNshE2wGbbAVtgG22EHfAI74VPYBbthD3wGe+HzfzP/1D/kd0NAQIECFSqMwRiMxVjMhbkwN+bGPJgHIxjBOIzDfJgP82N+LIgFMR7jsQgWQYMGCQmLYlGMYhSLY3EsgSWwFJZChw4TMAHL4k1YDstheSyPFbACVsRKWAmrYBWsilWxGlbD6lgda2ANrIW18C68C/tgXayL9bAe1sf6l25PYSNshI2xMTbBJtgUm2IzbIYtsAW2wlbYGltjG2yD7bAdtsf22AE7YCImYkfsiJ2wE3bGztgFu2BX7IrdsDt2z3w+B+AL+AL2xhqiD/bFvtgPk3MMwJfwJXwZB+Er+Aq+isk4BIfia/gavo7D8SSOwJE4CkdhVfEWjsGxSGI8pmAKTsSJOAknYVah7+JUTMVpOB2n4wyciTPxfZyNH+AHOBfn4nxMwzRcgAsxHdNxEZ7CDFyMS3ApLsPluAxX4ipciWtwLa7B9bgeN+JG3IybcStuxe24HT9BBYCf4m7cjcm4F/fiPtyH+3E/HsADmImZeBAP4iE8hIfxMB7BI3gUj+FxPIYn8ASexFN4Gk/jWTyL5/DZ+K8bf1JydTKILEooESNiRKyIFblELpFb5BZ5RB4RERERJ+JEPpFP5Bf5RUFRUMSLeFFEFBFGGEEijAEAERVRUVwUFyVECVFKlBJOOJEgEkRZUVaUE+VEeXGLqCBuFRVFJdHWVRFVRFXRzlUTd4jqorqoIWqKWqK2qC3qiDqirqgr6ol6or6oLxqI+0VD0QcH4IMiqzNNxBBsKoZiM9FcyIufYK3FcGwj2op24nExEkdgB9HaJYqnREcxBjuJv4mx+IzoIsZjV/Gc6Ca6ix7iedFTtHG9RG8xGfuIvmIq9hP9xQDxkpiBNcX7ODtnLfGqSBZDxFDxmpiPr4vh4g0xQowUo8SbYrR4S4wRY8U4MV6kiAlionhbTBLviMniXTFFTBWpYpqYLt4TM8RMMUu8L2aLD8QcMVfME/NFmvhQLBALRbr4SCwSH4sMsVgsEUvFMrFcrBArxSqxWqwRa8U6sV5sEBvFJrFZbBFbxTaxXewQn4id4lOxS+wWe8RnYq/4XOwTX4j94ktxQHwlMsXX4qD4RhwS34rD4jtxRHwvjopj4rj4QZwQP4qT4pQ4Lc6Is+IncU78LM4LL0CiFFJKJQMZI3PIWJlT5pJXydwyuPjsXiPj5LUyn7xO5pcFZEFZSMbLwrKI1NJIK0mGsqgsJqPyellc3iBLyJKylCwtnSwjE+SNsqy8SZaTN8vy8hZZQd4qK8pKsrKsIm+TVeXtEiIX9lFD1pS1ZG15l0yCu2VdeY+sJ++V9eV9soG8XzaUD8hG8kHZWD4km8iHZVP5iGwmm8sWsqVsJR+VreVjso1sK9vJx2V7+YTsIJ+UifIp2VH6iy+RZ2QX+azsKp+T3WR32UP+LM9LL3vJ3hL6gOwrX5T9ZH85IBYA5MtykHxFDpavymQ5RA6Vr8lh8nU5XL4hR8iRcpR8U46Wb8kxcqwcJ8fLFDlBTpRvy0nyHTlZviunyKkyVU6TA+TAX2aaJeW/zH/7d/IH/7L3jXKT3Cy3yK1ym9wud8hP5E65U+6Su+QeuUfulXvlPrlP7pf75QF5QGbKTHlQHpSH5CF5WB6WR+QReVQek2fkD/KE/FGelKfkKXlGnpVn5bmLzwEoVEJJpVSgYlQOFatyqlzqKpVbXa3yqLwqoq5RcepalU9dp/KrAqqgKqTiVWFVRGlllFWkQlVUFVNRdT1efMGoUqq0cqqMSlA3/jv5qri6QZVQJX+Vf6m+pH9SXyvVSrVWrVUb1Ua1U+1Ue9VedVAdVKJKVB1VR9VJdVKdVWfVRXVRXVVX1U11Uz1UD9VT9VS9VC+VpJJUX/Wi6qf6qwHqJTVQvawGqUFqsBqsklWyGqqGqmFqmBquhqsRaoQapUap0Wq0GqPGqHFqnEpRKWqimqgmqUlqspqspqgpKlWlqulqupqhZqhZapaarWarOWqOmqfmqTSVphaoBSpdpatFapHKUIvVYrVULVXL1XK1Uq1Uq9VqtVatVevVepWhNqlNaovaorapbWqH2qF2qp1ql9ql9qg9aq/aq/apfWq/2q8OqAMqU2Wqg+qgOqQOqcPqsDqijqij6qg6ro6rE+qEOqlOqtPqtDqrzqpz6pw6r85nnfYFIhCBClQQE8QEsUFskCvIFeQOcgd5gjxBJIgEcUFckC+4LsgfFAgKBoWC+KBwUCTQgQlsIC42PRpcHxQPbghKBCWDUkHpwAVlgoTgxqBscFNQLrg5KB/cElQIbg0qBpWCykGV4LaganB7UC24I6ge3BnUCGoGtYLawV1BneDuoG5wT1AvuDeoH9wXNAjuDxoGDwSNggeDxsFDQZPg4aBp8EjQLGgetAhaBq3+1Pm9P1ngMddL99ZJuo/uq1/U/XR/PUC/pAfql/Ug/YoerF/VyXqIHqpf08P063q4fkOP0CP1KP2mHq3f0mP0WD1Oj9cpeoKeqN/Wk/Q7erJ+V0/RU3Wqnqan6/f0DD1Tz9Lv69n6Az1Hz9Xz9Hydpj/UC/RCna4/0ov0xzpDL9ZL9FK9TC/XK/RKvUqv1mv0Wr1Or9cb9Ea9SW/WW/RWvU1v1zv0J3qn/lTv0rv1Hv2Z3qs/1/v0F3q//lIf0F/pTP21Pqi/0Yf0t/qw/k4f0d/ro/qYPq5/0Cf0j/qkPqVP6zP6rP5Jn9M/6/PaZ53cZ329G2WUiTExJtbEmlwml8ltcps8Jo+JmIiJM3Emn8ln8pv8pqApaOJNvCliipgsZMgUNUVN1ERNcVPclDAlTClTyjjjTIJJMGVNWVPOlDPlTXlTwVQwFU1FU9lUNreZ28zt5nZzh7nD3GnuNDVNTVPb1DZ1TB1T19Q19Uw9U9/UNw1MA9PQNDSNTCPT2DQ2TUwT09Q0Nc1MM9PCtDCtTCvT2rQ2bUwb0860M+1Ne9PBdDCJJtF0NB1NJ9PJdDadTRfTxXQ1XU030830MD1MT9PT9DK9TJJJMn1NX9PP9DMDzAAz0Aw0g8wgM9gMNskm2Qw1Q80wM8wMN8PNCDPSjMo6UTVvmTFmrBlnxpsUk2ImmolmkplkJpvJZoqZYlJNqpluppsZZoaZZWaZ2Wa2mWPmmHlmnkkzaWaBWWDSTbpZZBaZDJNhlpglZplZZlaYFWaVWWXWmDVmHawzG8wGs8lsMlvMFrPNbDM7zA6z0+w0u8wus8fsMXvNXrPP7DP7zX5zwBwwmSbTHDQHzSFzyBw2h80Rc8QcNUfNcXPcnDAnzElz0pw2p81ZU+Di96U3sTanzWWvsrnt1TaPzWv/MS5oC9l4W9gWsdrmtwV+FRtrbQlb0paypa2zZWyCvfE3cUVbyVa2Vexttqq93Vb7TVzH3m3r2ntsPXuvrW3v+lVc395nG9iHbUNEANvcNrYtbRP7sG1qH7HNbHPbwra07e0TtoN90ibap2xH+/Rv4gV2oV1lV9s1dq3dZXfb0/aMPWS/tWftT7aX7W0H2pftIPuKHWxftcl2yG/iUfZNO9q+ZcfYsXacHf+beIqdalPtNDvdvmdn2Jm/idPsh3a2Tbdz7Fw7z87/Jc6qKd1+ZBfZj22GDWCJXWqX2eV2hV15qVaf1663G+xGu9N+arfYrXab3W53XDoRtrvtHvuZ3Ws/twftN3a//dIesIdtpv36lzjr+A7b7+wR+709ao/Z4/YHe8L+qC5lZx37D/Zne956C4QEJElRQDGUg2IpJ+Wiqyg3XU15KC9F6BqKo2spH11H+akAFaRCFE+FqQhpMmSJKKSiVIyidD1dKq8UlSZHZSiBbqSydBOVo5upPN1CFehWqkiVqDJVoduoKt1O1egOqk53Ug2qSbWoNt1Fdehuqkv3UD26l+rTfdSA7qeG9AA1ogepMT1ETehhakqPUDNqTi2oJbWiR6k1PUZtqC21o8epPT1BHehJSqSnqCM9TZ3ob9SZnqEu9Cx1peeoG3WnHvQ89aQXqBf1piTqQ33pRepH/WkAvUQD6WUaRK/QYHqVkmkIDaXXaBi9TsPpDRpBI2kUvUmj6S0aQ2NpHI2nFJpAE+ltmkTv0GR6l6bQVEqlaTSd3qMZNJNm0fs0mz6gOTSX5tF8SqMPaQEtpHT6iBbRx5RBi2kJLaVltJxW0EpaRatpDa2ldbSeNtBG2kSbaQttpW20nXbQJ7STPqVdtJv20Ge0lz6nffQF7acv6QB9RZn0NR2kb+gQfUuH6Tvfm76no3SMjtMPdIJ+pJN0ik7TGTpLP9E5+pnOkycIMRShDFUYhDFhjjA2zBnmCq8Kc4dXh3nCvGEkvCaMC68N84XXhfnDAmHBsFAYHxYOi4Q6NKENKQzDomGxMBpeHxYPbwhLhCXDUmHp0IVlwoTwxrBseFNYLrw5LB/eElYIbw0rhpXCh++tEt4WVg1vD6uFd4TVwzvDGmHNsFZYO7wrrBPeHdYN7wnrhfeG5cL7wgbh/WHD8IGwUfhg2Dh8KGwSPhw2DR8Jm4XNwxZhy7BV+GjYOnwsbBO2DduFj4ftwyfCDuGTYWL4VNgxfPqX9fct/Ofrk8I+Yd/wxfDF0Pt75Lzo/Gha9MPogujCaHr0o+ii6MfRjOji6JLo0uiy6PLoiujK6Kro6uia6Nrouuj66Iboxqj3tXOAQyecdMoFLsblcLEup8vlrnK53dUuj8vrIu4aF+eudfncdS6/K+AKukIu3hV2RZx2xllHLnRFXTEXdde74u4GV8KVdKVcaedcGZfgWrpWrpVr7R5zbVxb18497h53T7gn3JPuSfeU6+iedp3c31xn94zr4p51z7rnXDfX3fVwz7uebkKeC+/JJNfX9XX9XD83wA1wA91AN8gNcoPdYJfskt1QN9QNc8PccDfcjXAj3Cg3yo12o90YN8aNc+NciktxE91EN8lNcpPdZDfFTXGpLtVNd9PdDDfDVZ15YS9z3Bw3z81zaS7NLXBZ54zpbpFb5DJchlvilrhlbplb4Va4VW6VW+PWuHVundvgNrhNbpPb4ra4bW6b2+F2uJ1up9vl816Y1O11+9w+t9/tdwfcVy7Tfe0Oum/cIfetO+y+c0fc9+6oO+aOux/cCfejO+lOudPujDvrfnLn3M/uvPMuJTIhMjHydmRS5J3I5Mi7kSmRqZHUyLTI9Mh7kRmRmZFZkfcjsyMfROZE5kbmReZH0iIfRhZEFkbSIx9FFkU+jmREFkeWRJZGlkWWR7wvvCX0RX0xH/XX++L+Bl/Cl/SlfGnvfBmf4G/0Zf1Nvpy/2Zf3t/gK/lZf0Vfylf0jvplv7lv4lr6Vf9S39o/5Nr6tb+cf9+39E76Df9In+qd8R/+07+T/5jv7Z3wX/6zv6p/z3Xx338M/73v6F3wv39sn+T6+r3/R9/P9/QD/kh/oX/aD/Ct+sH/VJ/shfqh/zQ/zr/vh/g0/wo/0o2Le9KMvXSLDeJ/iJ/iJ/m0/yb/jJ/t3/RQ/1af6aX66f8/P8DP9LP++n+0/8HP8XD/Pz/dp/kO/wC/06f4jv8h/7DP84ks3lf0Kv9Kv8qv9Gr/Wr/Pr/Qa/0W/ym/0Wv9Vv89v9Dv+J3+k/9bv8br/Hf+b3+s/9Pv+F3++/9Af8Vz7Tf+0P+m/8If+tP+y/80f89/6oP+aP+x/8Cf+jP+lP+dP+jD/rf/Ln/M/+PP/OGmOMMcbYHzLh8lD8es2F2/l9fidH/N3GfQHg6q2FMv9+fdYZ5br8F8b9RXz7CAA81bvrg5eWGjWSkpIubpshISg2F+DS/wRliYHL8WJoB09AIrSFsr9bf3/R/Sz9i/mjtwDk+rucWLgcX57/CwBM+p35H3181IIK4em4/8/8cwFKFLuckxMux4uh3S/3V9pCuX9Sf4HW/6L+nF+mALT5u5zccDm+XH8CPAZPQ+KvtmSMMcYYY4wxxi7oLyp3vnT9eeknPn/v+jxeXc7JAZfjf3V9zhhjjDHGGGOMsSvvme49nnw0MbFt539/UO1/lPWHB03hf2tmHvzuwHuAS48oAPgPJwTIGsi/8ig2/yX7Sr741vnHVcvO+AD+O1r5Zwyu8AcTY4wxxhhj7E93+aT/14+rK1UQY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDGWDf0Vf07sSh8jY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxdqX9vwAAAP//kfb+pw==") 27.904131889s ago: executing program 4 (id=256): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0) syz_emit_ethernet(0x66, &(0x7f0000000540)=ANY=[@ANYBLOB], 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000), 0x0) accept4(r3, 0x0, 0x0, 0x800) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) syz_io_uring_complete(0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) r5 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_SET(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000500)=ANY=[@ANYBLOB], 0x29}, 0x1, 0x0, 0x0, 0x10000801}, 0x40810) ioctl$KVM_RUN(r2, 0xae80, 0x0) 23.448316089s ago: executing program 0 (id=260): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x1, 0x42, 0x40, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000001a40), 0x1003, r0}, 0x38) 21.424236261s ago: executing program 3 (id=262): syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x840, &(0x7f0000000d40)={[{@test_dummy_encryption}]}, 0x1, 0x246, &(0x7f0000000ac0)="$eJzs3DFoJFUcBvBvZnc9c7fIqY0gqCAiGghnJ9icjcKJHIeIoMKJiI1yEWKCXWJlY6G1SiqbIHZGS0kTbBTBKmqK2AgaLAwWiqzMTiJJXGNgkx3J/H4wuzM78+b/htnv7TbzArTWxSSXk3SSTCfpJSn2H3BPvVzc3VyeWr+eDAZP/VIMj6u3a3vtLiRZSvJwkrWyyCvdZGH1ua3fNh6//+353n0frj47NdGL3LW9tfnkzgdX3/rkykMLX33z09Uil9M/cF0nrxjxWbdIbjuNYv8TRbfpHnAc1974+Nsq97cnuXeY/17K1Dfvnbmb1np58P1/a/vuz1/fOcm+AidvMOhVv4FLA6B1yiT9FOVMknq9LGdm6v/w33XOl6/Ozr0+/fLs/I2Xmh6pgJPSTzYf++zcpxcO5f/HTp1/4Cx54sBWlf+nr618X63vdJrqE9CEKv/TLyw+EPmH1pF/aC/5h/aSf2gv+Yf2kn9oL/mH9pJ/aC/5h7PtxSP2HSP/5Wn1C2jW/vwDAO0yONf0E8hAU5oefwAAAAAAAAAAAAAAAAAAgH9anlq/vrdMquYX7yXbjybpjqrf2Z2A7Obh6/lfi+qwvxV1s7E8f/eYJxjTRw0/fX3LD83W//KuZusv3kiW3kxyqds99P37c5Bi7Anwbv2P/b2jJuibgEeeabb+HyvN1r+ykXxejT+XRo0/Ze4Yvo8ef/rV/Ruz/mu/j3kCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJuavAAAA///41m/U") r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000820004000000000000000c00850000000f00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000540)='attr/exec\x00') preadv(r5, &(0x7f0000000c80)=[{&(0x7f0000000480)=""/178, 0xb2}], 0x1, 0xffff, 0x0) syz_open_procfs(0x0, 0x0) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0) setuid(0xee01) setgroups(0x0, 0x0) getgroups(0x1, &(0x7f0000000340)=[0xee00]) setregid(0x0, r7) syz_mount_image$vfat(&(0x7f0000000180), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000002240)=ANY=[@ANYRES64=r1, @ANYRESHEX=0x0, @ANYRESOCT, @ANYRES16, @ANYRESHEX=r6], 0x6, 0x2aa, &(0x7f0000000500)="$eJzs3T1re1UYAPDnpulN1CEZnETwgg5Ope3qkiItFDMpGdRBi21BmiC0UPAFYydXF0c/gSC4+SVc/AQKrqKbHQpX7s29Jq1paqSx/5ffb+nTc89zznNODy0d7sn7L45ODrM4vvjsl2i3k2j0oheXSXSjEbUv4preVwEAPM4u8zz+yCeWyUsior26sgCAFVr67//3Ky8JAFixt95+542dfn/3zSxrx97oy/NB8Z998XXyfOc4PoxhHMVmdOIqIv/bJN7L83zczArdeGU0Ph8UmaP3fqzG3/ktoszfik50y6br+fv93a1sYiZ/XNTxbDV/r8jfjk48P2f+/f7u9pz8GKTx6ssz9W9EJ376ID6KYRyWRUzzP9/Kstfzr//89N2ivCI/GZ8PWmW/qXzt5t61Vv/jAQAAAAAAAAAAAAAAAAAAAADgCbVR3Z3TivL+nqKpun9n7ar4Zj2yWvf6/TyT/KQeaOZ+oDTyfJzHN/X9OptZluVVx2l+M15oRvNhVg0AAAAAAAAAAAAAAAAAAACPlrOPPzk5GA6PTu8lqG8DqF/r/6/j9GZaXorFnVvTuRpVuGDkWKv7JBG3lZEU21Is4p625a7gmdtq/va7ZQds391nfdH+3E9Qn66Tg2T+HraibmnXh+SH2T5plMHPv981V3rbo3yp45fOfdRZeu3pc2UwXtAnkkWFvfbrZOeqluTmKtJyV+emr1fBTPqNs7HUef7n74rEbR0AAAAAAAAAAAAAAAAAALBS05d+5zy8WJjayFsrKwsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/lfTz/9fIhhXyf+icxqnZw+8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ4CfwUAAP//UZdgPQ==") openat(0xffffffffffffff9c, &(0x7f0000000680)='./file1\x00', 0x143041, 0x0) 21.28130182s ago: executing program 0 (id=263): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000003380)) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0xffffffb3, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f00000000c0)='westwood\x00', 0x9) sendto$inet(r4, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r4, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) 21.250795934s ago: executing program 1 (id=264): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) poll(0x0, 0x0, 0x5) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='ramfs\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000440)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) r4 = open(&(0x7f0000000040)='./file0\x00', 0x400, 0x43) mknodat$loop(r4, &(0x7f00000002c0)='./file1\x00', 0x100, 0x1) chdir(&(0x7f00000003c0)='./bus\x00') linkat(r4, &(0x7f0000000100)='./file1\x00', r4, &(0x7f0000000240)='./file0\x00', 0x0) rename(&(0x7f0000000140)='./file0\x00', &(0x7f0000001900)='./file1\x00') 20.228990214s ago: executing program 2 (id=265): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x8031, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x18c) openat(0xffffffffffffff9c, 0x0, 0x351142, 0x1cd) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x19}) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000b22000/0x2000)=nil, 0x2000, 0x19) sendto$inet6(0xffffffffffffffff, &(0x7f0000847fff), 0x0, 0x0, 0x0, 0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000010000/0x1000)=nil, 0x1000}, 0x5}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) close(r0) 20.227720231s ago: executing program 4 (id=266): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) r3 = socket$inet_udp(0x2, 0x2, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) connect$inet(r3, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) r4 = socket(0x10, 0x2, 0x0) write(r4, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f00"/28, 0x1c) recvmmsg(r4, &(0x7f0000002ec0), 0x400000000000ec0, 0x2, &(0x7f00000001c0)={0x77359400}) fchdir(0xffffffffffffffff) openat$sysfs(0xffffffffffffff9c, 0x0, 0xe41, 0x0) mount(0x0, 0x0, 0x0, 0x21a8f5, 0x0) syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x2000000, &(0x7f0000000800)=ANY=[@ANYBLOB="706172743d3078300002a27f9edc6b44900000c63d5f852c6769643d", @ANYRESHEX, @ANYRES32, @ANYRESOCT, @ANYRES16, @ANYRESHEX, @ANYRESHEX, @ANYRES16, @ANYRES16], 0x1, 0x708, &(0x7f0000001100)="$eJzs3UtoHPcdB/DvrFYvFxwlceK0BCJiSEtNbcnCad1L3VKKD6GE9NCzsOVYeG0HSSmyKY3Sx72HnHpKDzoUQg8lvRvac0OgpEcdA4VccvJNZWZnVytptbuyLb/6+dgz85/5P+Y/v3nt7iAmwP+tS6fTvJsil06/tV7Ob20utMY2Fybr7FaSiSSNpJkU5aLiZqrci/WQb6bO6Znu89HyhXe++Hrry/Zcsx6q8o1B9fqY2L9oox4ym2Ssnu43fkCLn+5d/a72Lh/Y3qiK7haWATvVCVz+9ECtwgPb3mejm/fJv6txt0yf6oc5b4EnVNG+b9Z2TvWZ5FiSqaR916+vDo1H38OHa+NxdwAAAAAOa/rwVZ67l3tZz/Gj6A4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8q+r3/xf10OikZ1N03v8/US9LnX4CDX8R4ueT7endo+8MAAAAAAAAAByJ3of2r93LvazneGd+u6ie+b/e84z/G3k/q1nKSs5kPYtZy1pWMp9kprfR9cW1tZX5qmZyYkDNc/msT81zB/f34u7Z4kG2HQAAAAAAAACeAlND8q+P71/221zaef4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABPgiIZa0+q4UQnPZNGM8lUp9xG8lmSier/06Hot/Duo+8HAAAAPJCp3bPF1Ah1nvsg97Ke45357aL6zv9y9X15Ku/nZtaynLW0spQraVSFyq/8ja3NhdbW5sKNctjf7o+/OlTXqxbT/u2h/5pfqUpM52qWqyVncjlFtiuNupVXtjYXyumN/v36sOxT8aPagN6M9aSvlKOTn1bpP+7+FaF5qE0c0d5GGweWnKlyx7sRmav7VtZ4vhOB/pEYuneaA9c0n0b3Z58Tg9fUP+YfDl77sT2l+v5y81jsjcS5NLp76OXBkUi+/fdPfnmtdfP6taurp5+cTerrg6El9kZioScSJ5+hSAw3V0Xipe78pfwsv8jpfDX5dlaynF9lMWtZmu3kL9bHczmeGRypz4/1zr09rCflOTnbvX7169NsdvUps/lplVrM69U+PZ7lFLmVZClvVv/OZb57NdjZwy+NcNY3RrjS9jj1nWrSDVOmDy7719GafFjKuD7fjuv23mvuTJXXu2QnSi/0jVLnXjf6/ahH81t1omzhdwPvD4/a3kjM90TixYOOl/ah+uftcrzaunl95drieyOu7416Wp5HfxhwlziS2/RA5R5+IVP1xj1fjYvqnJqr8l7s9qoTr/8sJ/NV3oluK7vvuGXeS9167TP157mVK7vO1O/nfM7nQlX65ar0+L47Vpl3stvS7mt4mVd+0mp2n+r0ft66lVb781Cy8dRftgGeZce+e2xi+r/T/5r+ePr309em35r6yeQPJl+dyPg/x3/YnBt7o/Fq8bd8nN/sfP8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADu3+rtO9cXW62llf6JRv+sYnCtxdZ250ViA8rsShT1q3JGKFys3r6zPbTBwYnJunv3Wf1hJjpvaxxeePYIu1Fs7N1fU8P3RectTyOsoqhfU9lzaCW57z531ryzZPwJ2JV7E7OHrjW7b7vqROeA7Sl8+KN3ut/+GkvSr/CQC8fYQ7j4AI/V2bUb751dvX3ne8s3Ft9denfp5vj58xfmLpx/c+Hs1eXW0lx73FPh0b9VDzgivR8nuiaSvDa87oAXtQIAAAAAAAAAAABH6FH8LcTj3kYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg6XbpdJp3U2R+7sxcOb+1udAqh056p2QzSSNJ8euk+EdyMe0hMz3NFQet56PlC+988fXWlzttNTvlG8nGgfUGtbljox4ym2SsnuYvwyuO0t7lTnsHm9hJTvbJLrpbUQbsVCdw8Lj9LwAA///f9fT0") open$dir(&(0x7f00000000c0)='./cgroup\x00', 0x8000, 0x14) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) 17.816054586s ago: executing program 4 (id=267): syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000280)='./file1\x00', 0x10c42, &(0x7f0000000d80)=ANY=[@ANYBLOB="756e695f786c6174653d312c6e6f6e756d7461696c3d300000000000000008303030303030303030303034303030303030303030302c73686f72746e616d653d65722c73686f72746e616d653d6d697865642c756e695f786c6174653d312c73686f72f46e616d653d6d697865642c696f630100727365743d757466f69e75731725e72216799ebd57484a7e1948a8aa65667265652c757466383d312c6e66733d6e6f7374616c655f726f2c73686f72682e616d653d6d697865642c757466383d306d653d77696e6e742c007aea3388304ddedb3208ceb9b2c23924743277bd2c0d0019d44efede967f3df81cce421f7aafa8aa7c706311ab7a0ce39abf7858b6ba6ef5206da03692650000000000000001d0559b166f8c433d34c03a60999dea3bab649a260b216354ecc726cd1f6519546e8ef6ae17a0da1b9313ef4b5633c5f1bf756a7816d304d61c4d15539bae9f6e8dc91d178c85744c5cc226ca0568f9f6da8997bc10100b836488e47d0b7e6ccffaf123b1000000d6d876f2e37dde582f497ab6d4d11f7211b4aaf087f529ffc0000ee312a30cc69ae25ac6a986a76824020b12971980e00a27786eef1c2537fdcb1de9c4bed7175c6704f0c39d14da07a8edf97525a0c8138686d6e2b8d90102027245729e944719894ebe079bf1ab2b7002c54c5c714bff93d9475ff23f653874321e4ecc1ebd2baa44aea86a1617e53fcc5683e5c7b14e5158239aebf96ef3b73359414993575bf4e880ac24d7fee38c5a22f6fae6a22a2185cd5a25b7bc11062d649340f8220bfa18cae94fd73afbb38b2fc20a263e091c5eb14ce630628aaf65b7ccab9b4d3b2c220153cd28c86e6c8e58903c66698fd27f4f22a9fd1dd67d70de664e3b985f20ada8c0f531865a9093fe6d3cd52c721dcfe391a812583c4e745b824429ce98f2a7928d22c9b5302719058f593fddbbb60ca7f54653b33118a4e01fcfe3a2329576bf6a45353bf9f720cea11bf481ed7ed0979416e75e6fa5f6b699749e9d4446c849ed79650b35dd0bd6e1955fe9b0c09861cf61fd57be7ba905990ed7a4c5b3793959636630d74ecc23264ea54d4d2cc4f112f49319943f00"/797], 0x1, 0x27a, &(0x7f0000000540)="$eJzs3DFrE38cx/FP0/zbNKVNhr+CgvhFF12ONj4ACdKCGFBqI+ogXO1FQ85cyYVKRGw3FwcfR3F0E9Qn0MXN3a2L4FJQjCRNTdKmitr0onm/oHff5pdP8rvkEr53kNu6+fxBqRA6BbeqWMIUk9a1LaUbVctIax1r1mPqtK7zk5/en7p+6/aVbC43t2A2n128kDGz6dOvHz5+ceZtdfLGy+lX49pM39n6mPmweXzzxNbXxfvF0IqhlYOqubYUBFV3yfdsuRiWHLNrvueGnhXLoVfpGi/4wcpKzdzy8lRypeKFobnlmpW8mlUDq1Zq5t5zi2VzHMemksLP5DcWFtxs1LNA38Qbi0ol645Kmtg3nN+IYlIAACBanf2/Bq7/b3QtP+7/1+n//wD9/zBo9P/J1ue3G/0/AAAAAAAAAAAAAAAAAAAAAAB/g+16PVWv11O7692/cUkJSbv/Rz1P9Afv/3Dr+OFeQvKfruZX85I/0lg2ZAsqypenGaX0pbk/tOzU85dzczPWlNYbf62VX1vNj3bnZ5VSund+didv3fn/lOzMZ5TS/73zmZ75MZ0725F3lNK7uwrka7m5X7fzT2bNLl3N7clPNO8HAAAAAMC/wLHveh6/O85B4zv5Xzg/sOf4Oq6T8Wi3HQAAAACAYRHWHpVc3/cq0RSfWycLIp7GgBfHJP1W/GLHVV/bQ/F9txx28SwYlJduAIuEpEN9wAn1Y6oRfikBAAAA6It20x/1TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGF5HccGzA546dsSbCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAETuWwAAAP//AmwlzQ==") r0 = fsopen(&(0x7f0000000300)='tracefs\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r0, 0x4000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000580)='gid', &(0x7f0000000440)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xeaEb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80Y\xc2\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\xf8\xc9@h\x01\xf5\xcb\x88\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9a\x84\'\xa3\xf1\xd9<\xb9k\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) open(0x0, 0x4a0540, 0xc0) getresuid(&(0x7f00000000c0), &(0x7f00000001c0)=0x0, &(0x7f0000000340)) lstat(&(0x7f0000000380)='./file1\x00', &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0) fchown(0xffffffffffffffff, r4, r5) creat(0x0, 0x90) chdir(&(0x7f0000000140)='./file0\x00') execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) 16.997234884s ago: executing program 3 (id=268): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0x8, 0x8, 0x80, 0x5, 0x3, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0xff, 0x6, 0x5, 0x4, 0x0, 0x7, 0x3c5b, 0x0, 0x24, 0xd, 0x1, 0x0, 0xffffffff, 0xe661, 0x5, 0x7, 0x83, 0x8, 0x4c74, 0x0, 0x242, 0x2, 0xe, 0x4000, 0x80008071, 0x7, 0x17, 0x21, 0x7, 0x5, 0x3e, 0x8f, 0x6, 0x6, 0x0, 0x85, 0x6, 0x8, 0x3ff, 0x83, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x129432e6, 0x88, 0xf9, 0xe, 0x2bb, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0xff, 0x0, 0x1000ff, 0x5, 0x1000005, 0xfffffffe, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0x9, 0x8, 0x9, 0x6, 0x47, 0xbc2, 0x1, 0xfe000000, 0x8, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x4, 0x3, 0x3, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x1, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x3, 0x5, 0x800000, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x3038, 0x3e7, 0xb, 0x2, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x16d01, 0x6, 0x38, 0x800003, 0x600, 0x80, 0xbf7, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0x4a9, 0x5, 0x6, 0xac8, 0x5, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x8, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0xa, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x1, 0x7fff, 0xffff, 0xa620, 0x1, 0x7, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0xffffffff, 0xc8, 0x1, 0xfffff000, 0x10000, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0xae, 0x8, 0x6, 0x226, 0x5, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x8, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0x7ff]}, 0x45c) r4 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000), 0x2) r5 = memfd_create(&(0x7f0000000380)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xa9\x1fg\xf1\x85z{\x1d<\xe2\x1c7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xedn\x8c<5\xcf\x92;\x85)\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\x05\x831\xd3\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xf6\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\xc6(\x19\xf8\xb4?Fv\xac\xc7m\xe1\xf68W\x19\x0f\x87\x84\xafK\x91v\xb5\xe7Cf\xe0L\b9\xe2\x15d~R4\xdf\xbb\xfeiH', 0x3) ftruncate(r5, 0xffff) fcntl$addseals(r5, 0x409, 0x7) ioctl$UDMABUF_CREATE(r4, 0x40187542, &(0x7f0000000100)={r5, 0x0, 0x0, 0x1000}) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0xf00, 0x0, 0x4884d}, 0x10) 16.749873192s ago: executing program 2 (id=269): mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1) openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x40, 0x22, 0x14}, 0x18) 14.727074487s ago: executing program 3 (id=270): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) socket$qrtr(0x2a, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) socket$nl_generic(0x10, 0x3, 0x10) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a000000010000003f0000004000000042000000", @ANYRES32, @ANYBLOB="0000f2ff00003b00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/21], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)="7123069bf516a810795ef87b649c0472f8f6d2148dcf195768fc1bd21634595a15634c6644a2a1b31a93af205a1e4d65b950ad49070000000000000000005f3f6c196be3025c91a9eeafe9854fd2135010a088136dd6cdd83ff246d33ebcc112f3979230321f42a7bcb55906d43b6508869b937fbc55c6b6840d07a3d739", &(0x7f0000000080), 0x101, r3}, 0x38) bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000001d40)={r3, &(0x7f0000000240), 0x0}, 0x20) prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil) ptrace(0x10, 0x1) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) 14.485303078s ago: executing program 1 (id=271): r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r2, &(0x7f0000002540)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) syz_open_dev$tty1(0xc, 0x4, 0x1) write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000001040)={0xf, {"a2e3ad21ed0d1bf91b4d090955f70e06d038e7ff7fc6e5539b0d3f0e8b089b3f35076e090890e0878f0e1ac6e7049b3346959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07580936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x96d) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0) openat$bsg(0xffffff9c, &(0x7f0000000000), 0x80800, 0x0) socket$alg(0x26, 0x5, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000000), 0x4) syz_open_dev$sndpcmp(&(0x7f0000000040), 0x1, 0x2800) r4 = syz_open_procfs(0x0, &(0x7f0000000240)='smaps\x00') pread64(r4, &(0x7f0000000280)=""/70, 0x46, 0xbbf9) 14.482389845s ago: executing program 4 (id=272): syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x2000002, &(0x7f0000000080), 0x2, 0x556, &(0x7f0000000580)="$eJzs3c9vHFcdAPDvjL1eN03jBHqACkiAQkBRduNNG1W9tLmAUFUJUXFAHFJjbyyT3WzIrkttIuH+DUUCiRP8CRyQOCD1xIEbRyQOCKkckAJEoAQJpEUzu95s7TVesr9a7+cjTWbevJ35vhd79r15650XwNy6EBF7EbEUEW9GxEp3f9Jd4tXOkr3u4YN7648e3FtPot1+429Jnp/tyw8oPj7n091zLkfEN74a8Z3kcNzmzu6ttVqterebLrfqd8rNnd3LW/W1zepm9Xalcm312pWXrr5YGVtdz9d/cf8rW69989e/+vT7v9v78g+yYp3u5vXqMWadqhd6cTKLEfHaJILNwEJ3vTTjcvBk0oj4WER8Lr/+V2Ih/+0EAE6ydnsl2iv9aQDgpEvzMbAkLUVEmnY7AaXOGN6zcSqtNZqtSzcb27c3OmNlZ6OQ3tyqVa+cK/7he/mLC0mWXs3z8vw8XTmQvhoR5yLiR8Wn8nRpvVHbmE2XBwDm3tP97X9E/LOYpqXSUIcO+FQPAPjIWJ51AQCAqdP+A8D80f4DwPwZov3vfti/N/GyAADT8f/d/5+ZWDkAgOkx/g8A80f7DwBz5euvv54t7Ufd519vvLWzfavx1uWNavNWqb69Xlpv3L1T2mw0NvNn9tSPO1+t0biz+kJsv11uVZutcnNn90a9sX27dSN/rveNamEqtQIA/pdz59/7fRIRey8/lS/RN5eDthpOtnTWBQBmZmGUg3UQ4CPNbF8wv4ZqwvNOwm8nXhZgNgY+zHt54OYH/aSzeneYIP7OCD5ULn5y+PF/czzDyWL8H+bXk43/vzL2cgDTZ/wf5le7nRyc83+plwUAnEgj/Alf+4fj6oQAM3XcZN7Hff4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8+h0RHw3krSUzwWeZv+mpVLEMxFxNgrJza1a9UpEnInzEVEoZunVWRcaABhR+pekO//XxZXnTx/MXUr+VczXEfH9n77x47fXWq27q9n+v/f2F/enD6s8Pm6EeQUBgDHL2+9Kd913I//wwb31/WXwkYsTKc/96/Gf7lTE648e3MuX/XjZzojlvC9x6h9JrwTLEfFcRCyMIf7eOxHxiUH1T/KxkbPdmU/740c39jNTjZ9+IH6a53XWWefr42MoC8yb965HxKuDrr80LuTrwdf/8pjeEe9f75xs/73vUV/8xW6khQHxs2v+wrAxXvjN1w7tbK908t6JeG5xUPykFz85Iv7zQ8b/46c+8+4rR+S1fxZxMQbH749VbtXvlJs7u5e36mub1c3q7Url2uq1Ky9dfbFSzseoy/sj1Yf99eVLZ44qW1b/U0fEXx5Y/6XesV8Ysv4///eb3/7s42TxYPwvfX7wz//ZgfE7sjbxi0PGXzv1yyOn787ibxxR/+N+/peGjP/+n3c3hnwpADAFzZ3dW2u1WvXuSBvZXeg4znNoIyvicC/e7y6OFvRPMYlaDLtxoPCFSf2vTnxjsddXHO+Zv5WdcUBWuv9Lkt0qPWmIxRiYlY69FiNtPJxWrNm9JwHT0df4AAAAAAAAAAAAAAAAH1LHfx+oMPrX2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGBC/hsAAP///MXJLg==") bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004cc311ec85"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x62, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x4, 0x400, 0x0, 0x32}, 0x9c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c) bind$inet6(r1, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r1, &(0x7f0000847fff)='X', 0x162c8, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) shutdown(r1, 0x2) pipe2$9p(&(0x7f00000002c0), 0x4080) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r2, 0x107, 0x16, &(0x7f00000002c0)={0x3, &(0x7f0000000080)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x48}, {0x6, 0x37, 0x0, 0x9}]}, 0x10) syz_emit_ethernet(0xbe, &(0x7f0000000dc0)={@local, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x1, 0x6, 0xb0, 0x65, 0x0, 0x0, 0x11, 0x0, @remote, @remote}, {0x4e21, 0x4e21, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "ce9da0124daa3ba0b09615e2e1ebc697f12ca42a59d46356d6e156fcae65e456", "82548d39f1659e93c2cfa15fc2638d7d16e33a379239bb37b46c142fc9585a235a0837e190a943d38b1a8a231213abd8", "6570c799d788d01e203fa548034891d377d5e86d1682f37067c4f074", {"f574bc8534e4c07fe24f0ad349fd8a97", "8fbda8783abe815828bde2968771ec3f"}}}}}}}, 0x0) r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='.\x00', 0x0, 0x0) getdents64(r3, 0x0, 0x0) open(&(0x7f0000000040)='.\x00', 0x418601, 0x8) 12.455456082s ago: executing program 3 (id=273): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x2a, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r1, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x10) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wlan0\x00'}) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = dup(0xffffffffffffffff) ioctl$KVM_SET_MSRS(r5, 0x4018aee2, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000001a40), 0x1003}, 0x38) 12.345492652s ago: executing program 2 (id=274): socket$nl_netfilter(0x10, 0x3, 0xc) syz_open_procfs(0x0, 0x0) dup(0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000003, 0x50032, 0xffffffffffffffff, 0x0) ioctl$TCSETS2(0xffffffffffffffff, 0x402c542b, 0x0) syz_clone(0x100, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x0, &(0x7f0000000540)={[{@jqfmt_vfsv1}, {@data_ordered}, {@block_validity}, {@prjquota}, {@data_err_abort}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x800040}}]}, 0xfe, 0xb7e, &(0x7f0000000c40)="$eJzs3MtvVFUYAPDv3j4otNJijAoxsYlBjMahUKIJK3Bt1EQXLBnbKWk6POzUxDYsCu7VhTEuSAx/gol7ceHKxAUuFP8CYiSG6AZc1Nx5MaGdtsIMh8fvl5y558y58H3f3DD3nGQuATyxJouXPGJvRJzMIsab7+ftM0YiVhvn3b55fqZoWaytvf9XFllE3Lp5fqZ1ZtY8jjYHIxFx9a0snv50fdza8spCuVqtLDbHB5dOnztYW155ff50+VTlVOXMkek3j0y/MT3dw1qvn/vw6xd+eefli5c/m3r3q90/ZXEsxppznXX0ymRMtj+TToMRUe51sEQGmvV01pkNJkwIAIBN5R1ruGdjPAbizuJtPH78NWlyAAAAQE+sDUSsAQAAAI+5zP4fAAAAHnOt3wHcunl+ptXS/iLhwbpxPCImGvW3nm9uzAzGav04EkMRsevvLDofa80af+y+TRaRvvu5UrTo03PIm1m9EBHPb3T9s3r9E/WnuNfXn0fEVA/iT941fpTqP9aD+KnrB+DJdOV440a2/v6Xt9c/scH9b3CDe9e9SH3/a63/bq9b/92pf6DL+u+9bcbY9++rV7vNda7/Tnz++2wRvzjeV1H/w40LEfsGN6o/a9efdan/5DZjjM5cv9Rtrqi/qLfVHnT9a5cj9sfG9bdkm/3/RAfn5quVqcZrlxj7fzhxoFv8zutftCJ+ay/wIBTXf1eX+re6/ue2GWPiuT/3dpvbuv78j+Hsg3pvuPnOJ+WlpcVDEcPZ2+vfP7x5Lq1zWn9HUf8rL23+73+j+ovvhNXm51DsBS40j8X44l0xR/cf/vbe6++vov7Ze7z+X2wzxjffX/qo21zq+gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4NOQRMRZZXmr387xUihiNiGdiV149W1t6be7sx2dmi7mIiRjK5+arlamIGG+Ms2J8qN6/Mz5813g6IvZExJfjO+vj0szZ6mzq4gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGgbjYixyPJSROQR8c94npdKqbMCAAAAem4idQIAAABA39n/AwAAwOPP/h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA+2/PilWtZRKwe3VlvheHm3FDSzIB+y1MnACQzkDoBIJnB1AkAydjjA9kW8yNdZ3b0PBcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHl4H9l65lkXE6tGd9VYYbs4NJc0M6Lc8dQJAMgOpEwCSGUydAJCMPT6QbTE/0nVmR89zAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODhNVZvWV6KiLzez/NSKeKpiJiIoWxuvlqZiojdEfHb+NCOYnwoddIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD0XG15ZaFcrVYWdXR0dNqd1N9MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACkUFteWShXq5XFWupMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNRqyysL5Wq1stjHTuoaAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABI578AAAD//8CdBhM=") syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, 0x0, 0x0) mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000bc0000/0x400000)=nil, 0x400000, 0x9) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000180), 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x66, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x74}, [@initr0]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) 12.138459566s ago: executing program 0 (id=275): mkdir(&(0x7f0000000180)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) socket$nl_xfrm(0x10, 0x3, 0x6) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = socket$inet6(0xa, 0x3, 0x7) r4 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x62181) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, 0x0) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r5, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8822d55593a2179}, 0xc) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x1c) connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x1e}, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x20}, {0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x4, 0x7ff}, {}, 0x0, 0x6e6bb9, 0x1}, {{@in=@broadcast, 0xfffffffc, 0x32}, 0x0, @in=@empty, 0x0, 0x0, 0x2, 0x7, 0x200}}, 0xe8) sendmmsg(r3, &(0x7f0000000480), 0x2e9, 0x0) 12.055361307s ago: executing program 1 (id=276): ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(0xffffffffffffffff, 0x40605346, &(0x7f0000000580)={0x2, 0x0, {0x0, 0x1, 0x10, 0x1, 0x6}, 0x706}) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6(0xa, 0x3, 0x8000000003c) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000400)=[{{0x0, 0x0, &(0x7f00000017c0)=[{&(0x7f0000000540)="1d9de0ccf3678f43db0934b548ab5787a140c9341efcd419de9bacc88d7433bc3cad0b0c184f9a70ada3b45a8c36c16893f95ab1570059742250", 0x3a}], 0x1}}], 0x1, 0x4001c20) request_key(0x0, &(0x7f0000001ffb)={'syz', 0x1}, &(0x7f0000001fee)='y\xa9n::e\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00', 0x0) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x400, 0x0, @empty, 0x8}, 0x1c) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f0000000280), 0x0, 0x0) ioctl$RTC_AIE_ON(0xffffffffffffffff, 0x7001) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) r4 = fanotify_init(0xf00, 0x0) r5 = openat$mixer(0xffffffffffffff9c, &(0x7f00000016c0), 0x121040, 0x0) ioctl$SOUND_MIXER_READ_VOLUME(r5, 0x40086603, 0x0) fanotify_mark(r4, 0x105, 0x40009975, r3, 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000044c0)={0x0, 0x54}}, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x408, 0xd0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x338, 0xffffffff, 0xffffffff, 0x338, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'dvmrp0\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00', {}, {}, 0x0, 0x0, 0x0, 0x30}, 0x0, 0x238, 0x268, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@rt={{0x138}, {0xf, [0xd, 0x4], 0x0, 0x4, 0x6, [@empty, @private0, @loopback, @ipv4={'\x00', '\xff\xff', @loopback}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @empty, @mcast2, @empty, @dev={0xfe, 0x80, '\x00', 0x2d}, @mcast2, @mcast2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @mcast1, @loopback, @loopback, @mcast2], 0xa}}]}, @common=@unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x0, 0x200}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x468) sendmsg(r1, &(0x7f00000000c0)={0x0, 0x9521, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0xffd8}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) 10.882976347s ago: executing program 0 (id=277): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r0) ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0xc018da6e238e1988) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_int(r1, 0x29, 0x13, &(0x7f0000000200)=0x1, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000200)={{0x87, @loopback, 0x4e23, 0x4, 'sh\x00', 0x37, 0x1, 0x31}, {@dev={0xac, 0x14, 0x14, 0x33}, 0x4e21, 0x0, 0x4, 0x6, 0x3}}, 0x44) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x24, 0x1, 0x4, 0x5, 0x0, 0x0, {0x2, 0x0, 0xfffe}, [@NFULA_CFG_FLAGS={0x6, 0x6, 0x1, 0x0, 0x7}, @NFULA_CFG_CMD={0x5, 0x1, 0x1}]}, 0x22}}, 0x2000004) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)=ANY=[@ANYBLOB='l\x00', @ANYRES16, @ANYRES32=0x0, @ANYBLOB="0600120100000000"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4004885) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000004c00)=""/102392, 0x18ff8) r3 = socket(0xa, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000000)={0x11, @loopback, 0x200, 0x0, 'nq\x00', 0x6, 0xfffffffe, 0xfffffffc}, 0x2c) write(0xffffffffffffffff, 0x0, 0x0) setsockopt$IP_VS_SO_SET_FLUSH(r3, 0x0, 0x485, 0x0, 0x0) ioctl$TUNGETVNETLE(r0, 0x4010744d, 0x0) r4 = socket$kcm(0x2d, 0x2, 0x0) recvmmsg(r4, &(0x7f0000002dc0), 0x0, 0x40, 0x0) 10.748104308s ago: executing program 2 (id=278): bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='gid_map\x00') sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff}) connect$unix(r3, &(0x7f00000003c0)=@abs={0x1, 0x0, 0x4e23}, 0x6e) r4 = syz_io_uring_setup(0x6de4, &(0x7f0000000180)={0x0, 0x113a, 0x2, 0x2}, &(0x7f00000000c0), &(0x7f0000000000)) io_uring_enter(r4, 0x0, 0xe38e, 0x5, 0x0, 0x0) r5 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0) write$vga_arbiter(r5, &(0x7f0000000040)=@target={'target ', {'PCI:', '0', ':', '7', ':', '2', '.', '0'}}, 0x13) io_uring_register$IORING_REGISTER_BUFFERS2(r4, 0xf, &(0x7f00000024c0)={0x2, 0x0, 0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f0000000240)=""/191, 0xbf}], &(0x7f0000002480)=[0x0, 0x2]}, 0x20) r6 = socket$xdp(0x2c, 0x3, 0x0) write$binfmt_elf64(r6, &(0x7f0000000440)={{0x7f, 0x45, 0x4c, 0x46, 0x6, 0x22, 0xc, 0x1, 0x900000, 0x3, 0x3e, 0x2, 0x6e, 0x40, 0x282, 0xe, 0x7, 0x38, 0x3, 0x81, 0x8}, [{0x474e553, 0x2, 0x8000000000000001, 0xffffffffffffffff, 0x2, 0x2, 0x2627e68d, 0x9}, {0x6474e551, 0x80000000, 0x10001, 0xa26, 0x0, 0x1, 0x9, 0xe}, {0x6, 0x5, 0x7, 0x100, 0x3, 0x0, 0x200, 0xffffffffffffffff}], "25c8e7a093f5a0fce74731a433885038d6507dc8033239d05e3d57a06e2485dcc29e0fe563beb845fffb8c4b3c999c42406191634930ee2dee51270856c218df7d9c8ab3f364530c1adc5c2280597f53f8df4b93fd6896b69882bf6ba04be45f346c34ffb5ca574acb1eede1f34c21a6e164157ad539241d9c345bae08de41f5e83d8a075db754f776a6c254dc818af1d7f6109a94f09469dc9d137917e02ebc29f428349227a0dc85cafa85ed994d246d0f7d0352f84f34b289eedf3ff3934ed7619b45d8653427436c1d", ['\x00']}, 0x2b3) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 3.110533939s ago: executing program 2 (id=279): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) fallocate(0xffffffffffffffff, 0x700100, 0x0, 0x1000f4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000001640)=@mangle={'mangle\x00', 0x44, 0x6, 0x510, 0x3a8, 0x210, 0x210, 0x0, 0x138, 0x478, 0x478, 0x478, 0x478, 0x478, 0x6, 0x0, {[{{@ip={@broadcast, @multicast1=0xe0007600, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @local, 0x0, 0x0, 'batadv_slave_1\x00', 'veth1_virt_wifi\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @local}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'vlan1\x00', 'nr0\x00'}, 0x0, 0xb0, 0xd8, 0x0, {}, [@common=@unspec=@connlimit={{0x40}}]}, @unspec=@CHECKSUM={0x28}}, {{@ip={@loopback, @empty, 0x0, 0x0, 'syzkaller0\x00', 'veth1_to_team\x00'}, 0x0, 0x70, 0x198}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0x0, 'system_u:object_r:dbusd_etc_t:s0\x00'}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xd0, 0x0, {}, [@common=@unspec=@mac={{0x30}, {@multicast}}]}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @loopback}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x570) r4 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x48c41, 0x0) ioctl$SNDCTL_SEQ_PANIC(r4, 0x5111) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r5 = openat(0xffffffffffffff9c, 0x0, 0x420043, 0x1) fcntl$setlease(r5, 0x400, 0x1) r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000ef000000000000000000009500000000000000"], 0x0, 0x5, 0xe2, &(0x7f00000002c0)=""/226, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0), 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$INCFS_IOC_GET_FILLED_BLOCKS(r6, 0x80286722, &(0x7f00000000c0)={0x0, 0x0, 0x800, 0x3}) 3.09428535s ago: executing program 1 (id=280): ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(0xffffffffffffffff, 0x3ba0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0, 0x0, 0xfffffffffffffffe}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_open_procfs(r1, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r4, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x200000b, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0) setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x1, &(0x7f0000000100)=@gcm_128={{0x304}, "00000100ebffffff", "2607080d7f4fcf00fd4ef6dece6c7c58", '\x00', "006e34fb00"}, 0x28) sendto$inet6(r4, &(0x7f00000001c0), 0xfffffffffffffede, 0x0, 0x0, 0x3000137) 2.798667443s ago: executing program 4 (id=281): bpf$MAP_CREATE(0x0, 0x0, 0x0) socket$can_bcm(0x1d, 0x2, 0x2) r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) ioctl$VIDIOC_PREPARE_BUF(r0, 0xc058565d, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_init_net_socket$rose(0xb, 0x5, 0x0) socket$nl_sock_diag(0x10, 0x3, 0x4) r4 = open(0x0, 0x0, 0x0) getdents(r4, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = syz_open_dev$I2C(0x0, 0x0, 0x2000) ioctl$I2C_RDWR(r5, 0x707, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x5, 0x4, 0x4, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x3, 0x17, &(0x7f0000000880)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r6}, {}, {}, {0x85, 0x0, 0x0, 0x76}}, {{0x6, 0x0, 0x2, 0x9, 0x0, 0x6, 0xe7030000}, {0x4, 0x0, 0x0, 0x6}}, [@printk={@llu, {0x5, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0xa, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x14}}], {{0x4, 0x1, 0x5, 0x3}, {0x5, 0x0, 0xb, 0x3, 0x0, 0x2}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 1.884541912s ago: executing program 2 (id=282): r0 = socket$kcm(0x2, 0x7, 0x106) sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0xfc, 0x0}, 0x30004001) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) shutdown(r1, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000004980)=ANY=[@ANYBLOB="38010000100001000000000000000000ac1e010100000000000000000b000000fe8000000000000000000000000000aa00000020000000000000005c000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="fe8000000000000000000000000000bb000000146c00000000000014000000000000000000000000000000000000000000000000080000000000000000000000fffffffff7ffffff000000000000000000000000000000000000000000000010000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000008000000000020001062800000000000000480003006465666c61746500"/239], 0x138}, 0x1, 0x0, 0x0, 0x4004050}, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x5b, @private2}]}, &(0x7f0000000180)=0x10) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x85, 0x0, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) mbind(&(0x7f0000ff6000/0xa000)=nil, 0xa000, 0x4002, &(0x7f0000000000)=0x2, 0x3, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4002, 0x0, 0x83, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000010c0), 0x0, 0x0) add_key$user(&(0x7f00000003c0), 0x0, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) write$uinput_user_dev(r3, &(0x7f00000005c0)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47b07c7d], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000]}, 0x45c) r4 = dup(r3) ioctl$UI_DEV_CREATE(r4, 0x5501) write$uinput_user_dev(r4, &(0x7f00000000c0)={'syz0\x00', {0xfff7, 0xc, 0x100, 0x81}, 0x1d, [0x7b, 0xb7e2, 0x3, 0x9, 0x100, 0x3, 0x3, 0x7, 0x9, 0x2, 0x7, 0xa, 0x3, 0x0, 0x7f, 0xe, 0x7fff, 0x6, 0x6, 0x5, 0x6, 0x6, 0x7, 0x6, 0xff, 0x2, 0x4, 0x401, 0x0, 0xfc75, 0x8, 0x9, 0x4, 0x2, 0xffffffff, 0x81, 0xfffff765, 0x2, 0x3, 0xfffffff9, 0x5, 0x2, 0x5, 0x0, 0x3fb, 0x6, 0x7, 0x4c, 0xfffffffd, 0x1000080, 0x8, 0x8, 0x9, 0x7, 0x8000101, 0xc3c, 0x1733, 0x7fff, 0x7ffc, 0x1, 0x6, 0x9f2c, 0x1, 0x4], [0x8, 0x3, 0x8, 0x8, 0x0, 0x8, 0x4, 0x0, 0xd44, 0x10, 0x6, 0x7, 0x8, 0xe62, 0xffffff74, 0x1000, 0x6, 0x13e5, 0x3, 0x3, 0x1000, 0x7, 0x1, 0x3b3d, 0x16f0, 0x1000, 0x5, 0x7fff, 0x8, 0x5a, 0xffff2503, 0x7fffffff, 0x6995, 0x1, 0x80000000, 0x8, 0xdaa, 0x5, 0x2, 0x76c4, 0xfffffffd, 0x5, 0x4, 0x10000, 0xd, 0x2, 0x9, 0x10, 0x4000e, 0x9, 0x7, 0xa, 0x9, 0x3, 0x8, 0x3, 0x2, 0x3a6, 0x27f8, 0xc0d, 0xfffffffd, 0x9, 0xb, 0xfffffffb], [0xa3, 0x6, 0x6, 0x9, 0x1000, 0x0, 0x7ffffffc, 0x5, 0x7f, 0xa, 0x100, 0x1000, 0xf1, 0x6, 0xc, 0x10000, 0x72, 0xc, 0x633, 0xd, 0x7, 0x6, 0x80000000, 0x6, 0x8a69920, 0x7, 0x8, 0x2ef3adcb, 0x10, 0x2, 0x8, 0x8, 0x74, 0x4, 0x7, 0x7ff, 0xfffffff2, 0x63, 0x7, 0x2, 0x3, 0x3, 0x20a7fd9e, 0xfffffffd, 0x2, 0xa1, 0x0, 0x9d, 0x7, 0xa8a, 0x2, 0x6, 0x77, 0x8, 0x1ff, 0x7, 0x7, 0x2, 0x0, 0x2, 0x8, 0x2, 0x3, 0x5], [0x4, 0x4, 0x5, 0x8000, 0x493e, 0x3, 0x35ff4448, 0x7, 0x5, 0x4, 0x7fff, 0x5, 0x5, 0x3ff, 0xb88f, 0xffff0000, 0x9, 0xf7df, 0x2, 0x10, 0x8, 0x2, 0xff, 0x6, 0x4, 0x4, 0x0, 0x0, 0x7, 0x4e6, 0x8, 0x6, 0x5ef, 0x8000, 0xc, 0x4, 0x401, 0x1, 0x5, 0x0, 0x9a8, 0x99f, 0x231, 0x3ff, 0x8, 0x1, 0xffff0001, 0x1, 0x1, 0x10, 0x8, 0x5396, 0x6161, 0x9, 0x101, 0x1ff, 0x8, 0x431, 0x6, 0x5, 0x4, 0x7b, 0x7fc, 0x9]}, 0x45c) syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0xec25, 0x0, 0x0, 0x40000333}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1}) keyctl$dh_compute(0x17, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000540)={0x0}) creat(&(0x7f00000000c0)='./file0\x00', 0x0) 1.840146483s ago: executing program 3 (id=283): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000100)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, &(0x7f0000001040)={0x14, 0x0, &(0x7f0000000d00)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) ioctl$TUNSETSTEERINGEBPF(0xffffffffffffffff, 0x800454e0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="50000000020605000000000000000000000000000900020073797a3000e0f8000500040000000000050001000600000016000300686173683a6e65742c706f72742c6e6574000000050005000200"], 0x50}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, 0x3, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) 525.118771ms ago: executing program 0 (id=284): syz_open_dev$ttys(0xc, 0x2, 0x1) socket$nl_generic(0x10, 0x3, 0x10) syz_open_procfs(0xffffffffffffffff, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) prlimit64(0x0, 0xe, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_io_uring_setup(0x497, 0x0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001240)=@base={0xf, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x37) close(0xffffffffffffffff) socketpair$unix(0x1, 0x1, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0xe, 0xf, &(0x7f00000016c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)={@map=r2, r4, 0x5, 0x0, 0x0, @void, @value}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x803e000000000000) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 0s ago: executing program 3 (id=285): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a3000000000090003007379"], 0x7c}}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet_smc(0x2b, 0x1, 0x0) socket$netlink(0x10, 0x3, 0x14) connect$inet(r4, &(0x7f0000001980)={0x2, 0x1, @loopback}, 0x10) socket$inet_smc(0x2b, 0x1, 0x0) ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x10, 0x800, 0xbbbe, 0x0, 0x2, 0x4, {0x0, 0x0, 0x1}, {0x7, 0xfffffffd, 0xfffffffe}, {0x0, 0xffff0000}, {0x1000000}, 0x0, 0x3f0, 0x0, 0xd613, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x40a00, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, 0x0, 0x0) ioctl$TIOCMIWAIT(r5, 0x545c, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.144' (ED25519) to the list of known hosts. [ 84.583888][ T5824] cgroup: Unknown subsys name 'net' [ 84.708146][ T5824] cgroup: Unknown subsys name 'cpuset' [ 84.718100][ T5824] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 86.480508][ T5824] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 89.440989][ T5836] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 89.455762][ T5843] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 89.465541][ T5843] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 89.497072][ T5848] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 89.506171][ T5848] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 89.510469][ T5846] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 89.513975][ T5848] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 89.522333][ T5846] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 89.529630][ T5848] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 89.535690][ T5846] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 89.542832][ T5848] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 89.550212][ T5846] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 89.563771][ T5846] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 89.567958][ T5848] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 89.599336][ T5846] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 89.607671][ T5846] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 89.617238][ T5157] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 89.619449][ T5853] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 89.632310][ T5157] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 89.640210][ T5853] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 89.640895][ T5157] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 89.655846][ T5846] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 89.663965][ T5157] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 89.672568][ T5843] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 89.681129][ T5843] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 90.358281][ T5835] chnl_net:caif_netlink_parms(): no params data found [ 90.369973][ T5839] chnl_net:caif_netlink_parms(): no params data found [ 90.459436][ T5847] chnl_net:caif_netlink_parms(): no params data found [ 90.633118][ T5845] chnl_net:caif_netlink_parms(): no params data found [ 90.740306][ T5841] chnl_net:caif_netlink_parms(): no params data found [ 90.770081][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.778349][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.786102][ T5835] bridge_slave_0: entered allmulticast mode [ 90.793260][ T5835] bridge_slave_0: entered promiscuous mode [ 90.859437][ T5847] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.866985][ T5847] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.874276][ T5847] bridge_slave_0: entered allmulticast mode [ 90.881410][ T5847] bridge_slave_0: entered promiscuous mode [ 90.889865][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.897912][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.906077][ T5835] bridge_slave_1: entered allmulticast mode [ 90.913247][ T5835] bridge_slave_1: entered promiscuous mode [ 90.921169][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.929028][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.936319][ T5839] bridge_slave_0: entered allmulticast mode [ 90.943460][ T5839] bridge_slave_0: entered promiscuous mode [ 90.966566][ T5847] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.973722][ T5847] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.981141][ T5847] bridge_slave_1: entered allmulticast mode [ 90.988933][ T5847] bridge_slave_1: entered promiscuous mode [ 91.026770][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.033992][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.041282][ T5839] bridge_slave_1: entered allmulticast mode [ 91.050071][ T5839] bridge_slave_1: entered promiscuous mode [ 91.140053][ T5845] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.149958][ T5845] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.157541][ T5845] bridge_slave_0: entered allmulticast mode [ 91.165530][ T5845] bridge_slave_0: entered promiscuous mode [ 91.176244][ T5847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.189525][ T5847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.201533][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.215162][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.241676][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.259509][ T5845] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.266832][ T5845] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.273975][ T5845] bridge_slave_1: entered allmulticast mode [ 91.282301][ T5845] bridge_slave_1: entered promiscuous mode [ 91.320427][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.378007][ T5835] team0: Port device team_slave_0 added [ 91.443208][ T5845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.456772][ T5847] team0: Port device team_slave_0 added [ 91.467166][ T5835] team0: Port device team_slave_1 added [ 91.495890][ T5839] team0: Port device team_slave_0 added [ 91.521573][ T5845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.532938][ T5847] team0: Port device team_slave_1 added [ 91.565169][ T5839] team0: Port device team_slave_1 added [ 91.571408][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.578660][ T5841] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.586610][ T5841] bridge_slave_0: entered allmulticast mode [ 91.595247][ T5841] bridge_slave_0: entered promiscuous mode [ 91.612756][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.620092][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.632269][ T5836] Bluetooth: hci1: command tx timeout [ 91.632383][ T5841] bridge_slave_1: entered allmulticast mode [ 91.638222][ T5843] Bluetooth: hci0: command tx timeout [ 91.646737][ T5841] bridge_slave_1: entered promiscuous mode [ 91.695954][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.702942][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.704267][ T5843] Bluetooth: hci4: command tx timeout [ 91.729449][ T5847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.749003][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.756010][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.774420][ T5843] Bluetooth: hci3: command tx timeout [ 91.782013][ T5836] Bluetooth: hci2: command tx timeout [ 91.791981][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.810552][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.818270][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.848961][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.912814][ T5845] team0: Port device team_slave_0 added [ 91.921505][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.928653][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.955548][ T5847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.975940][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.982940][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.008946][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.016726][ T1213] cfg80211: failed to load regulatory.db [ 92.025074][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.032225][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.058441][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.085989][ T5845] team0: Port device team_slave_1 added [ 92.144895][ T5847] hsr_slave_0: entered promiscuous mode [ 92.151568][ T5847] hsr_slave_1: entered promiscuous mode [ 92.161670][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.176174][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.293545][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.301376][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.327798][ T5845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.358955][ T5839] hsr_slave_0: entered promiscuous mode [ 92.365596][ T5839] hsr_slave_1: entered promiscuous mode [ 92.371634][ T5839] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 92.379734][ T5839] Cannot create hsr debugfs directory [ 92.403258][ T5835] hsr_slave_0: entered promiscuous mode [ 92.410530][ T5835] hsr_slave_1: entered promiscuous mode [ 92.419399][ T5835] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 92.427410][ T5835] Cannot create hsr debugfs directory [ 92.449277][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.457521][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.483883][ T5845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.520688][ T5841] team0: Port device team_slave_0 added [ 92.530214][ T5841] team0: Port device team_slave_1 added [ 92.643125][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.650288][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.676483][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.689594][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.696695][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.722754][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.837814][ T5845] hsr_slave_0: entered promiscuous mode [ 92.844591][ T5845] hsr_slave_1: entered promiscuous mode [ 92.850731][ T5845] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 92.858579][ T5845] Cannot create hsr debugfs directory [ 92.981413][ T5841] hsr_slave_0: entered promiscuous mode [ 92.988259][ T5841] hsr_slave_1: entered promiscuous mode [ 92.995039][ T5841] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 93.002623][ T5841] Cannot create hsr debugfs directory [ 93.386935][ T5847] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 93.401502][ T5847] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 93.431779][ T5847] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 93.462447][ T5847] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 93.522136][ T5839] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 93.538858][ T5839] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 93.558965][ T5839] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 93.572418][ T5839] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 93.656983][ T5835] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 93.683581][ T5835] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 93.698241][ T5836] Bluetooth: hci0: command tx timeout [ 93.698296][ T5843] Bluetooth: hci1: command tx timeout [ 93.713103][ T5835] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 93.739348][ T5835] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 93.780330][ T5843] Bluetooth: hci4: command tx timeout [ 93.830119][ T5841] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 93.851605][ T5841] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 93.858525][ T5843] Bluetooth: hci2: command tx timeout [ 93.864633][ T5843] Bluetooth: hci3: command tx timeout [ 93.876798][ T5841] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 93.888262][ T5841] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 93.961216][ T5847] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.046786][ T5847] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.081379][ T2993] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.088704][ T2993] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.115468][ T5845] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 94.128016][ T5845] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 94.156101][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.164999][ T5845] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 94.176312][ T5845] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 94.200580][ T3458] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.207759][ T3458] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.277186][ T5839] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.321847][ T69] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.329042][ T69] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.406131][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.432087][ T69] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.439282][ T69] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.532054][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.552002][ T5835] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.576712][ T5845] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.623935][ T69] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.631165][ T69] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.663662][ T69] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.670850][ T69] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.697768][ T5845] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.717898][ T3520] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.725141][ T3520] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.750002][ T5841] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.777332][ T3520] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.784575][ T3520] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.841081][ T3458] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.848324][ T3458] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.866786][ T3458] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.874000][ T3458] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.011567][ T5847] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.268539][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.293530][ T5847] veth0_vlan: entered promiscuous mode [ 95.383810][ T5847] veth1_vlan: entered promiscuous mode [ 95.531403][ T5847] veth0_macvtap: entered promiscuous mode [ 95.597586][ T5847] veth1_macvtap: entered promiscuous mode [ 95.699485][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.757449][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.779601][ T5843] Bluetooth: hci0: command tx timeout [ 95.779610][ T5836] Bluetooth: hci1: command tx timeout [ 95.832258][ T5847] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.841996][ T5847] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.850808][ T5847] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.860732][ T5843] Bluetooth: hci4: command tx timeout [ 95.866294][ T5847] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.890292][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.946669][ T5843] Bluetooth: hci3: command tx timeout [ 95.946680][ T5836] Bluetooth: hci2: command tx timeout [ 95.962446][ T5845] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.054038][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.148664][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.163186][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.238130][ T5835] veth0_vlan: entered promiscuous mode [ 96.251943][ T5839] veth0_vlan: entered promiscuous mode [ 96.286017][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.295105][ T5841] veth0_vlan: entered promiscuous mode [ 96.306483][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.310136][ T5845] veth0_vlan: entered promiscuous mode [ 96.332240][ T5835] veth1_vlan: entered promiscuous mode [ 96.352205][ T5839] veth1_vlan: entered promiscuous mode [ 96.383279][ T5845] veth1_vlan: entered promiscuous mode [ 96.413513][ T5841] veth1_vlan: entered promiscuous mode [ 96.441601][ T5847] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 96.478256][ T5835] veth0_macvtap: entered promiscuous mode [ 96.509945][ T5839] veth0_macvtap: entered promiscuous mode [ 96.519162][ T5835] veth1_macvtap: entered promiscuous mode [ 96.532638][ T5839] veth1_macvtap: entered promiscuous mode [ 96.779877][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.012189][ T5845] veth0_macvtap: entered promiscuous mode [ 97.206316][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.217181][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.240700][ T5841] veth0_macvtap: entered promiscuous mode [ 97.267756][ T5845] veth1_macvtap: entered promiscuous mode [ 97.299063][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.310455][ T5835] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.325952][ T5835] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.338110][ T5835] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.347826][ T5835] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.368360][ T5839] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.379113][ T5839] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.389581][ T5839] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.398948][ T5839] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.413638][ T5841] veth1_macvtap: entered promiscuous mode [ 97.450562][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.467557][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.503093][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.545312][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.568081][ T5845] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.578619][ T5845] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.588051][ T5845] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.597139][ T5845] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.646599][ T5841] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.655909][ T5841] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.664780][ T5841] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.673687][ T5841] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.711767][ T2993] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.720021][ T2993] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.801409][ T69] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.811932][ T69] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.841848][ T69] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.854885][ T5843] Bluetooth: hci1: command tx timeout [ 97.856637][ T69] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.861290][ T5836] Bluetooth: hci0: command tx timeout [ 97.935444][ T5843] Bluetooth: hci4: command tx timeout [ 98.016374][ T5843] Bluetooth: hci2: command tx timeout [ 98.021696][ T5836] Bluetooth: hci3: command tx timeout [ 98.034475][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.042333][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.073573][ T3568] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.088359][ T3568] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.143324][ T3568] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.201016][ T3568] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.546088][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.554027][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.192579][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.217693][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.305917][ T5972] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1'. [ 99.763587][ T24] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 100.034757][ T0] NOHZ tick-stop error: local softirq work is pending, handler #342!!! [ 100.076384][ T24] usb 1-1: Using ep0 maxpacket: 32 [ 100.104414][ T24] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32 [ 100.139868][ T24] usb 1-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 100.165558][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 100.184043][ T24] usb 1-1: Product: syz [ 100.213039][ T24] usb 1-1: Manufacturer: syz [ 100.233281][ T24] usb 1-1: SerialNumber: syz [ 100.414879][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 100.444403][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 100.488892][ T24] usb 1-1: config 0 descriptor?? [ 100.498758][ T5972] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 100.544740][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 100.554752][ T0] NOHZ tick-stop error: local softirq work is pending, handler #c2!!! [ 100.749605][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 100.760333][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 100.851894][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 100.861948][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 100.954408][ T0] NOHZ tick-stop error: local softirq work is pending, handler #142!!! [ 101.426761][ T24] hub 1-1:0.0: bad descriptor, ignoring hub [ 101.432844][ T24] hub 1-1:0.0: probe with driver hub failed with error -5 [ 101.651397][ T24] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input5 [ 101.832647][ C1] usbtouchscreen 1-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 101.844419][ T24] usb 1-1: USB disconnect, device number 2 [ 102.715249][ T6002] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 105.209986][ T6021] loop0: detected capacity change from 0 to 256 [ 105.608851][ T6021] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 107.142271][ T6032] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 107.431022][ T6034] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 109.819201][ T6039] loop4: detected capacity change from 0 to 2048 [ 111.436333][ T5917] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 113.720125][ T6039] NILFS (loop4): ifile inode (checkpoint number=2) corrupted [ 113.932766][ T6039] NILFS (loop4): error -5 while loading last checkpoint (checkpoint number=2) [ 115.588825][ T6051] loop3: detected capacity change from 0 to 2048 [ 115.720956][ T6051] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 115.852639][ T6057] loop2: detected capacity change from 0 to 512 [ 116.066173][ T6057] EXT4-fs: Ignoring removed nobh option [ 116.917640][ T6057] EXT4-fs error (device loop2): ext4_orphan_get:1393: inode #15: comm syz.2.28: iget: bad i_size value: 38620345925642 [ 117.218638][ T6057] EXT4-fs error (device loop2): ext4_orphan_get:1398: comm syz.2.28: couldn't read orphan inode 15 (err -117) [ 117.357009][ T6057] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 117.450815][ T6077] Zero length message leads to an empty skb [ 117.557581][ T6078] loop1: detected capacity change from 0 to 24 [ 117.565767][ T6078] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 117.577231][ T6078] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 117.592169][ T6078] VFS: Lookup of 'file0' in romfs loop1 would have caused loop [ 118.434442][ T6081] loop0: detected capacity change from 0 to 64 [ 118.538163][ T6081] MINIX-fs: bad superblock [ 118.704298][ T5841] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 118.993564][ T6088] loop2: detected capacity change from 0 to 512 [ 119.099235][ T6088] ======================================================= [ 119.099235][ T6088] WARNING: The mand mount option has been deprecated and [ 119.099235][ T6088] and is ignored by this kernel. Remove the mand [ 119.099235][ T6088] option from the mount to silence this warning. [ 119.099235][ T6088] ======================================================= [ 119.178332][ T6088] EXT4-fs: Ignoring removed nomblk_io_submit option [ 119.201114][ T6088] EXT4-fs: Ignoring removed i_version option [ 119.550256][ T6088] EXT4-fs (loop2): 1 orphan inode deleted [ 119.566535][ T6088] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 121.299831][ T5841] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 122.315363][ T6113] sd 0:0:1:0: device reset [ 123.042276][ T6120] xt_connbytes: Forcing CT accounting to be enabled [ 123.049882][ T6120] Cannot find add_set index 0 as target [ 124.732830][ T6132] loop3: detected capacity change from 0 to 64 [ 124.894320][ T6135] ecryptfs: Unknown parameter '³(' [ 124.953110][ T6135] loop1: detected capacity change from 0 to 128 [ 124.965454][ T6135] affs: Unknown parameter 'verb' [ 125.796679][ T6136] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 125.804227][ T6136] IPv6: NLM_F_CREATE should be set when creating new route [ 128.599791][ T5917] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 128.839102][ T6153] xt_TPROXY: Can be used only with -p tcp or -p udp [ 129.346584][ T5917] usb 1-1: device descriptor read/all, error -71 [ 129.650779][ T6164] @: renamed from vlan0 (while UP) [ 130.194667][ T6168] random: crng reseeded on system resumption [ 130.252375][ T6168] Restarting kernel threads ... [ 130.258286][ T6168] Done restarting kernel threads. [ 130.520813][ T6166] loop0: detected capacity change from 0 to 764 [ 130.739791][ T6166] rock: directory entry would overflow storage [ 130.752360][ T6166] rock: sig=0x4654, size=5, remaining=4 [ 131.673219][ T6183] netlink: 8 bytes leftover after parsing attributes in process `syz.3.55'. [ 132.362205][ T48] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 132.675925][ T6191] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 132.983615][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.316765][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.334220][ T48] usb 5-1: Using ep0 maxpacket: 32 [ 133.451379][ T48] usb 5-1: config 0 interface 0 has no altsetting 0 [ 133.492130][ T48] usb 5-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 133.513488][ T48] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 133.562279][ T48] usb 5-1: Product: syz [ 133.714187][ T48] usb 5-1: Manufacturer: syz [ 133.718869][ T48] usb 5-1: SerialNumber: syz [ 133.729929][ T48] usb 5-1: config 0 descriptor?? [ 134.786945][ T48] usb 5-1: can't set config #0, error -71 [ 134.811000][ T48] usb 5-1: USB disconnect, device number 2 [ 135.363108][ T6203] loop3: detected capacity change from 0 to 128 [ 135.465249][ T6208] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 135.964625][ T6203] EXT4-fs warning (device loop3): ext4_init_metadata_csum:4622: metadata_csum and uninit_bg are redundant flags; please run fsck. [ 136.104856][ T6203] EXT4-fs (loop3): Encoding requested by superblock is unknown [ 136.598455][ T6214] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4) [ 136.605229][ T6214] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 136.677919][ T6214] vhci_hcd vhci_hcd.0: Device attached [ 137.829097][ T48] usb 35-1: new high-speed USB device number 2 using vhci_hcd [ 137.900880][ T1213] IPVS: starting estimator thread 0... [ 137.924892][ T6215] vhci_hcd: cannot find the pending unlink 5 [ 138.024856][ T6228] IPVS: using max 22 ests per chain, 52800 per kthread [ 138.062834][ T6215] vhci_hcd: connection reset by peer [ 138.090692][ T36] vhci_hcd: stop threads [ 138.144934][ T36] vhci_hcd: release socket [ 138.372802][ T36] vhci_hcd: disconnect device [ 139.112358][ T6240] loop3: detected capacity change from 0 to 512 [ 139.178634][ T6240] EXT4-fs error (device loop3): ext4_ext_check_inode:523: inode #3: comm syz.3.68: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 3, max 4(4), depth 0(0) [ 139.198414][ T6240] EXT4-fs error (device loop3): ext4_quota_enable:7127: comm syz.3.68: Bad quota inode: 3, type: 0 [ 139.210415][ T6240] EXT4-fs warning (device loop3): ext4_enable_quotas:7168: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 139.226263][ T6240] EXT4-fs (loop3): mount failed [ 140.586813][ T6234] loop4: detected capacity change from 0 to 4096 [ 140.763946][ T6255] loop3: detected capacity change from 0 to 2048 [ 140.772844][ T6255] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 140.823499][ T6234] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 142.701523][ T6264] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 142.729946][ T6234] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #15: comm syz.4.70: corrupted inode contents [ 142.963229][ T6234] EXT4-fs error (device loop4): ext4_dirty_inode:6459: inode #15: comm syz.4.70: mark_inode_dirty error [ 143.958441][ T48] vhci_hcd: vhci_device speed not set [ 143.985477][ T6234] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #15: comm syz.4.70: corrupted inode contents [ 144.584038][ T6234] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #15: comm syz.4.70: mark_inode_dirty error [ 144.605891][ T6234] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #15: comm syz.4.70: corrupted inode contents [ 144.618774][ T6234] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #15: comm syz.4.70: mark_inode_dirty error [ 144.681610][ T6234] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #15: comm syz.4.70: corrupted inode contents [ 144.734785][ T6234] EXT4-fs error (device loop4): ext4_truncate:4597: inode #15: comm syz.4.70: mark_inode_dirty error [ 144.750537][ T6234] EXT4-fs error (device loop4) in ext4_setattr:5986: Corrupt filesystem [ 144.792819][ T5836] Bluetooth: hci3: unexpected Set CIG Parameters response data [ 144.808905][ T6280] loop1: detected capacity change from 0 to 256 [ 144.822400][ T6280] exfat: Unknown parameter 'discau&' [ 144.846039][ T6282] mmap: syz.3.78 (6282) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 145.028758][ T6277] loop0: detected capacity change from 0 to 8 [ 145.037852][ T6277] squashfs: Unknown parameter 'ma}d' [ 146.389234][ T5829] IPVS: starting estimator thread 0... [ 146.875019][ T6291] IPVS: using max 24 ests per chain, 57600 per kthread [ 146.951328][ T5839] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 147.227331][ T6295] loop1: detected capacity change from 0 to 128 [ 147.273956][ T6295] ufs: ufs_fill_super(): fragment size 3263967611 is not a power of 2 [ 148.367314][ T6305] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.85'. [ 148.445466][ T6304] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.85'. [ 148.815255][ T5836] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 148.824443][ T5836] Bluetooth: hci3: Injecting HCI hardware error event [ 148.832156][ T5836] Bluetooth: hci3: hardware error 0x00 [ 151.084249][ T5836] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 151.299563][ T6318] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 151.398219][ T6318] kvm: pic: non byte read [ 151.411928][ T6318] kvm: pic: level sensitive irq not supported [ 151.413834][ T6318] kvm: pic: non byte read [ 151.699372][ T6331] loop0: detected capacity change from 0 to 4096 [ 152.184985][ T6318] kvm: pic: level sensitive irq not supported [ 152.266408][ T6318] kvm: pic: non byte read [ 152.993219][ T6333] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 157.630727][ T6358] loop1: detected capacity change from 0 to 2048 [ 158.837251][ T6358] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 159.415851][ T6379] loop0: detected capacity change from 0 to 64 [ 159.904786][ T6387] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 159.931231][ T6387] CIFS: Unable to determine destination address [ 160.817975][ T6388] process 'syz.2.105' launched './file0' with NULL argv: empty string added [ 162.547104][ T6397] loop3: detected capacity change from 0 to 4096 [ 163.456544][ T6397] ntfs3(loop3): Different NTFS sector size (2048) and media sector size (512). [ 165.487891][ T6397] ntfs3(loop3): Failed to read $UpCase (-4). [ 165.921266][ T6405] loop4: detected capacity change from 0 to 2048 [ 166.955017][ T6409] loop1: detected capacity change from 0 to 2048 [ 166.994586][ T6405] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 168.015530][ T6409] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 168.436839][ T6409] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 168.458049][ T6416] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 170.063307][ T13] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 298 with error 28 [ 170.284553][ T6433] loop0: detected capacity change from 0 to 40427 [ 170.294254][ T13] EXT4-fs (loop4): This should not happen!! Data will be lost [ 170.294254][ T13] [ 170.319642][ T6433] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 170.327762][ T6433] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 170.346005][ T6433] F2FS-fs (loop0): invalid crc value [ 170.353250][ T13] EXT4-fs (loop4): Total free blocks count 0 [ 170.575878][ T13] EXT4-fs (loop4): Free/Dirty block details [ 170.583160][ T13] EXT4-fs (loop4): free_blocks=2415919504 [ 170.588007][ T6433] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 170.596292][ T6433] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 170.596722][ T13] EXT4-fs (loop4): dirty_blocks=304 [ 170.611789][ T13] EXT4-fs (loop4): Block reservation details [ 171.177028][ T6443] syz.0.115: attempt to access beyond end of device [ 171.177028][ T6443] loop0: rw=2049, sector=77824, nr_sectors = 520 limit=40427 [ 171.554196][ T13] EXT4-fs (loop4): i_reserved_data_blocks=19 [ 171.667039][ T5839] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 171.691947][ T6444] loop1: detected capacity change from 0 to 1024 [ 171.766677][ T6444] EXT4-fs: Ignoring removed orlov option [ 171.772403][ T6444] EXT4-fs: Ignoring removed nomblk_io_submit option [ 171.962481][ T5829] libceph: connect (1)[c::]:6789 error -101 [ 171.974685][ T5829] libceph: mon0 (1)[c::]:6789 connect error [ 171.979171][ T6444] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 172.431644][ T6445] ceph: No mds server is up or the cluster is laggy [ 172.539207][ T5829] libceph: connect (1)[c::]:6789 error -101 [ 172.584330][ T5829] libceph: mon0 (1)[c::]:6789 connect error [ 172.679067][ T5845] syz-executor: attempt to access beyond end of device [ 172.679067][ T5845] loop0: rw=2051, sector=77824, nr_sectors = 520 limit=40427 [ 172.886257][ T5845] F2FS-fs (loop0): Issue discard(9728, 9728, 65) failed, ret: -5 [ 173.209511][ T6463] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 173.794201][ T6463] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 173.802551][ T6463] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 173.954366][ T5829] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 174.047219][ T6469] warning: `syz.4.123' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 174.157844][ T5829] usb 4-1: config 16 interface 0 altsetting 75 endpoint 0x6 has invalid maxpacket 1024, setting to 64 [ 175.220647][ T5847] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 175.541676][ T5829] usb 4-1: config 16 interface 0 altsetting 75 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 175.564203][ T5829] usb 4-1: config 16 interface 0 has no altsetting 0 [ 175.571003][ T5829] usb 4-1: New USB device found, idVendor=15c2, idProduct=0036, bcdDevice=bb.7a [ 175.657863][ T6476] loop0: detected capacity change from 0 to 4096 [ 175.667923][ T5829] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 175.677172][ T6476] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 175.714993][ T6476] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 4096) [ 175.752915][ T6152] udevd[6152]: incorrect nilfs2 checksum on /dev/loop0 [ 175.847320][ T6480] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 177.101774][ T6489] loop2: detected capacity change from 0 to 256 [ 177.436877][ T6489] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x89cb6648, utbl_chksum : 0xe619d30d) [ 177.668736][ T5829] usb 4-1: string descriptor 0 read error: -71 [ 177.876010][ T5829] imon:imon_find_endpoints: no valid input (IR) endpoint found [ 177.883955][ T5829] imon 4-1:16.0: unable to initialize intf0, err -19 [ 178.105357][ T5829] imon:imon_probe: failed to initialize context! [ 178.855548][ T5829] imon 4-1:16.0: unable to register, err -19 [ 178.872188][ T5829] usb 4-1: USB disconnect, device number 2 [ 182.136476][ T6517] capability: warning: `syz.3.132' uses 32-bit capabilities (legacy support in use) [ 184.018969][ T6535] netlink: 'syz.4.137': attribute type 6 has an invalid length. [ 184.459561][ T6525] loop2: detected capacity change from 0 to 4096 [ 184.505641][ T6525] ext2: Unknown parameter 'fsuuid' [ 188.242504][ T6544] nvme_fabrics: missing parameter 'transport=%s' [ 188.278920][ T6544] nvme_fabrics: missing parameter 'nqn=%s' [ 189.141724][ T6556] loop3: detected capacity change from 0 to 2048 [ 189.441134][ T6568] netlink: 76 bytes leftover after parsing attributes in process `syz.0.144'. [ 190.833355][ T6556] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 191.579071][ T6577] kthread_run failed with err -4 [ 191.780309][ T5835] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 191.821464][ T6579] loop1: detected capacity change from 0 to 1024 [ 192.880465][ T6588] loop4: detected capacity change from 0 to 512 [ 194.419284][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.421855][ T6588] EXT4-fs error (device loop4): ext4_iget_extra_inode:5035: inode #15: comm syz.4.149: corrupted in-inode xattr: invalid ea_ino [ 194.425722][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.439853][ T6588] EXT4-fs (loop4): Remounting filesystem read-only [ 194.453933][ T6588] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 194.813347][ T5839] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 195.136274][ T6597] use of bytesused == 0 is deprecated and will be removed in the future, [ 195.145005][ T6597] use the actual size instead. [ 195.913632][ T6599] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wireguard%d": -EINTR [ 197.057799][ T6597] vivid-000: kernel_thread() failed [ 198.278098][ T6609] loop3: detected capacity change from 0 to 131072 [ 198.372228][ T6609] F2FS-fs (loop3): Wrong CP boundary, start(512) end(1536) blocks(0) [ 198.380472][ T6609] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 199.283109][ T6609] F2FS-fs (loop3): invalid crc value [ 199.568385][ T6609] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 199.568416][ T6609] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 199.641191][ T30] audit: type=1800 audit(1749714506.911:2): pid=6609 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.153" name="file1" dev="loop3" ino=5 res=0 errno=0 [ 200.000635][ T6622] tty tty4: ldisc open failed (-12), clearing slot 3 [ 200.968929][ T6636] kernel read not supported for file /!selinuÿ (pid: 6636 comm: syz.1.159) [ 200.996043][ T30] audit: type=1800 audit(1749714508.271:3): pid=6636 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.159" name=2173656C696E75FF7F dev="mqueue" ino=9004 res=0 errno=0 [ 202.624375][ T6647] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 203.384537][ T6640] netlink: 28 bytes leftover after parsing attributes in process `syz.0.161'. [ 203.511344][ T6640] netlink: 28 bytes leftover after parsing attributes in process `syz.0.161'. [ 205.886056][ T6668] loop2: detected capacity change from 0 to 1024 [ 205.893818][ T6668] EXT4-fs: Ignoring removed bh option [ 206.203823][ T6668] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 206.217831][ T6668] ext4 filesystem being mounted at /29/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 206.967876][ T5841] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 207.585313][ T6673] ALSA: mixer_oss: invalid OSS volume '' [ 208.216050][ T6686] loop4: detected capacity change from 0 to 2048 [ 208.340234][ T6686] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 208.463274][ T6686] NILFS (loop4): bad btree root (ino=6): level = 0, flags = 0x7, nchildren = 0 [ 208.514223][ T6686] NILFS (loop4): ifile inode (checkpoint number=2) corrupted [ 208.536538][ T6697] netlink: 172 bytes leftover after parsing attributes in process `syz.0.173'. [ 208.557298][ T6686] NILFS (loop4): error -5 while loading last checkpoint (checkpoint number=2) [ 208.709333][ T6699] netlink: 'syz.0.173': attribute type 1 has an invalid length. [ 208.717412][ T6699] netlink: 'syz.0.173': attribute type 3 has an invalid length. [ 208.725194][ T6699] netlink: 224 bytes leftover after parsing attributes in process `syz.0.173'. [ 211.905778][ T6720] loop3: detected capacity change from 0 to 8 [ 212.106450][ T6721] netlink: 8 bytes leftover after parsing attributes in process `syz.4.178'. [ 212.888335][ T6725] SQUASHFS error: xz decompression failed, data probably corrupt [ 212.896643][ T6725] SQUASHFS error: Failed to read block 0xa8: -5 [ 212.941772][ T6725] SQUASHFS error: xz decompression failed, data probably corrupt [ 212.949890][ T6725] SQUASHFS error: Failed to read block 0xa8: -5 [ 213.126935][ T5836] Bluetooth: hci1: command 0x0406 tx timeout [ 213.133323][ T5836] Bluetooth: hci2: command 0x0406 tx timeout [ 213.139813][ T5836] Bluetooth: hci0: command 0x0406 tx timeout [ 213.153685][ T5836] Bluetooth: hci4: command 0x0406 tx timeout [ 213.185839][ T30] audit: type=1800 audit(1749714520.241:4): pid=6725 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.177" name="file0" dev="loop3" ino=3 res=0 errno=0 [ 213.548779][ T6721] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 217.543204][ T30] audit: type=1326 audit(1749714524.771:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6732 comm="syz.0.182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a4838e929 code=0x7ffc0000 [ 217.565281][ C0] vkms_vblank_simulate: vblank timer overrun [ 218.004251][ T30] audit: type=1326 audit(1749714524.771:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6732 comm="syz.0.182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a4838e929 code=0x7ffc0000 [ 218.058855][ T6757] loop2: detected capacity change from 0 to 512 [ 218.077025][ T30] audit: type=1326 audit(1749714524.781:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6732 comm="syz.0.182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=261 compat=0 ip=0x7f5a4838e929 code=0x7ffc0000 [ 218.103186][ T6756] loop3: detected capacity change from 0 to 1024 [ 218.155275][ T6757] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 218.355362][ T6756] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 218.449482][ T30] audit: type=1326 audit(1749714524.781:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6732 comm="syz.0.182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a4838e929 code=0x7ffc0000 [ 218.467428][ T6757] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 218.732098][ T30] audit: type=1326 audit(1749714524.781:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6732 comm="syz.0.182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f5a4838e929 code=0x7ffc0000 [ 218.735510][ T6757] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ee018, mo2=0002] [ 218.769654][ T6757] System zones: 1-12 [ 218.792773][ T6757] EXT4-fs (loop2): 1 truncate cleaned up [ 220.765734][ T6757] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 220.821851][ T30] audit: type=1326 audit(1749714524.781:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6732 comm="syz.0.182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a4838e929 code=0x7ffc0000 [ 221.284140][ T30] audit: type=1326 audit(1749714524.781:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6732 comm="syz.0.182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=325 compat=0 ip=0x7f5a4838e929 code=0x7ffc0000 [ 221.330163][ T6771] loop0: detected capacity change from 0 to 512 [ 221.337117][ T6771] EXT4-fs: Ignoring removed bh option [ 221.391266][ T6771] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 221.400778][ T6771] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 221.421898][ T30] audit: type=1326 audit(1749714524.781:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6732 comm="syz.0.182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a4838e929 code=0x7ffc0000 [ 221.450526][ T30] audit: type=1326 audit(1749714524.791:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6732 comm="syz.0.182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a4838e929 code=0x7ffc0000 [ 221.451710][ T5841] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 221.487944][ T6771] EXT4-fs (loop0): warning: mounting unchecked fs, running e2fsck is recommended [ 221.519857][ T6771] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006] [ 221.556008][ T6771] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 223.332134][ T5845] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 224.481429][ T6791] FAT-fs (nullb0): bogus number of reserved sectors [ 224.488513][ T6791] FAT-fs (nullb0): Can't find a valid FAT filesystem [ 227.511728][ T6821] loop0: detected capacity change from 0 to 16 [ 228.196979][ T6821] erofs (device loop0): negative i_size @ nid 36 [ 228.809988][ T6831] netdevsim netdevsim3: Direct firmware load for ./file0 failed with error -2 [ 228.819172][ T6831] netdevsim netdevsim3: Falling back to sysfs fallback for: ./file0 [ 229.651692][ T6833] vlan0: entered promiscuous mode [ 229.651939][ T6833] vlan0: entered allmulticast mode [ 229.651956][ T6833] hsr_slave_1: entered allmulticast mode [ 229.741091][ T6835] netlink: 4 bytes leftover after parsing attributes in process `syz.1.204'. [ 233.026314][ T6853] loop2: detected capacity change from 0 to 32768 [ 233.223097][ T6853] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names [ 233.223097][ T6853] allowing incompatible features above 0.0: (unknown version) [ 233.223097][ T6853] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 233.270495][ T6853] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0 [ 233.278832][ T6853] bcachefs (loop2): initializing new filesystem [ 233.295073][ T6853] bcachefs (loop2): going read-write [ 233.362617][ T6853] bcachefs (loop2): marking superblocks [ 233.381937][ T6853] bcachefs (loop2): initializing freespace [ 233.392285][ T6853] bcachefs (loop2): done initializing freespace [ 233.403345][ T6853] bcachefs (loop2): reading snapshots table [ 233.409519][ T6853] bcachefs (loop2): reading snapshots done [ 233.463693][ T6853] bcachefs (loop2): done starting filesystem [ 233.482006][ T5829] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 233.670953][ T5829] usb 2-1: Using ep0 maxpacket: 16 [ 233.705017][ T5829] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 233.768137][ T5829] usb 2-1: New USB device found, idVendor=5543, idProduct=0064, bcdDevice= 0.00 [ 233.924946][ T30] audit: type=1800 audit(1749714541.151:14): pid=6872 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.210" name="file1" dev="loop2" ino=4098 res=0 errno=0 [ 234.018752][ T5829] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 234.049102][ T6853] syz.2.210 (6853) used greatest stack depth: 17992 bytes left [ 234.129744][ T5829] usb 2-1: config 0 descriptor?? [ 234.684917][ T5841] bcachefs (loop2): shutting down [ 234.716552][ T5841] bcachefs (loop2): going read-only [ 234.723964][ T5841] bcachefs (loop2): finished waiting for writes to stop [ 234.903485][ T5841] bcachefs (loop2): flushing journal and stopping allocators, journal seq 4 [ 235.041031][ T6879] netlink: 8 bytes leftover after parsing attributes in process `syz.0.214'. [ 235.103110][ T5829] usbhid 2-1:0.0: can't add hid device: -71 [ 235.235851][ T5841] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 4 [ 235.246154][ T5829] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 235.272696][ T5841] bcachefs (loop2): clean shutdown complete, journal seq 5 [ 235.296703][ T5829] usb 2-1: USB disconnect, device number 2 [ 235.728525][ T5841] bcachefs (loop2): marking filesystem clean [ 235.825295][ T5841] bcachefs (loop2): shutdown complete [ 236.314259][ T5925] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 236.769899][ T5925] usb 4-1: Using ep0 maxpacket: 32 [ 236.999580][ T5925] usb 4-1: config 0 has an invalid interface number: 106 but max is 0 [ 237.030900][ T5925] usb 4-1: config 0 has no interface number 0 [ 237.038201][ T5925] usb 4-1: config 0 interface 106 has no altsetting 0 [ 237.274834][ T5925] usb 4-1: New USB device found, idVendor=0421, idProduct=6901, bcdDevice=2d.1d [ 237.283929][ T5925] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 237.296473][ T5925] usb 4-1: Product: syz [ 237.331866][ T5925] usb 4-1: Manufacturer: syz [ 237.352315][ T5925] usb 4-1: SerialNumber: syz [ 237.388140][ T5925] usb 4-1: config 0 descriptor?? [ 237.415944][ T5925] cdc_phonet 4-1:0.106: probe with driver cdc_phonet failed with error -22 [ 241.130291][ T10] usb 4-1: USB disconnect, device number 3 [ 244.191471][ T6929] loop2: detected capacity change from 0 to 131072 [ 244.201632][ T6929] F2FS-fs (loop2): Wrong CP boundary, start(512) end(1536) blocks(0) [ 244.209809][ T6929] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 244.259300][ T6929] F2FS-fs (loop2): invalid crc value [ 244.844587][ T6935] netlink: 104 bytes leftover after parsing attributes in process `syz.3.227'. [ 244.867362][ T6929] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 244.874533][ T6929] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 245.070127][ T30] audit: type=1800 audit(1749714552.351:15): pid=6929 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.213" name="file1" dev="loop2" ino=7 res=0 errno=0 [ 245.224356][ T5904] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 245.788691][ T6943] JFS: discard option not supported on device [ 245.796265][ T6943] Mount JFS Failure: -22 [ 245.800514][ T6943] jfs_mount failed w/return code = -22 [ 246.174343][ T5904] usb 4-1: Using ep0 maxpacket: 32 [ 246.204576][ T5904] usb 4-1: New USB device found, idVendor=0cf2, idProduct=6250, bcdDevice=10.ae [ 246.242673][ T5904] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 246.262496][ T6952] loop0: detected capacity change from 0 to 512 [ 246.264130][ T5904] usb 4-1: Product: syz [ 246.303477][ T5904] usb 4-1: Manufacturer: syz [ 246.320044][ T5904] usb 4-1: SerialNumber: syz [ 246.323539][ T6952] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 246.350367][ T5904] usb 4-1: config 0 descriptor?? [ 246.378969][ T5904] ums_eneub6250 4-1:0.0: USB Mass Storage device detected [ 246.420571][ T6952] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 248.670776][ T5925] usb 4-1: USB disconnect, device number 4 [ 248.769463][ T5845] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 251.260642][ T6990] loop1: detected capacity change from 0 to 40427 [ 253.338263][ T6990] F2FS-fs (loop1): invalid crc value [ 253.458398][ T6990] F2FS-fs (loop1): Start checkpoint disabled! [ 253.505156][ T6990] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 254.728271][ T1112] kworker/u8:5: attempt to access beyond end of device [ 254.728271][ T1112] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 255.696179][ T5829] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 255.708868][ T1112] CPU: 1 UID: 0 PID: 1112 Comm: kworker/u8:5 Not tainted 6.16.0-rc1-next-20250612-syzkaller #0 PREEMPT(full) [ 255.708897][ T1112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 255.708906][ T1112] Workqueue: writeback wb_workfn (flush-7:1) [ 255.708936][ T1112] Call Trace: [ 255.708943][ T1112] [ 255.708949][ T1112] dump_stack_lvl+0x189/0x250 [ 255.708966][ T1112] ? __pfx_dump_stack_lvl+0x10/0x10 [ 255.708976][ T1112] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 255.708991][ T1112] ? __pfx_queue_work_on+0x10/0x10 [ 255.709004][ T1112] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 255.709018][ T1112] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 255.709033][ T1112] ? f2fs_hw_is_readonly+0x39b/0x470 [ 255.709052][ T1112] f2fs_handle_critical_error+0x37c/0x540 [ 255.709072][ T1112] f2fs_write_end_io+0x495/0x810 [ 255.709086][ T1112] ? blkg_put+0x22/0x240 [ 255.709112][ T1112] __submit_merged_bio+0x27a/0x6a0 [ 255.709131][ T1112] __submit_merged_write_cond+0x255/0x530 [ 255.709151][ T1112] f2fs_write_data_pages+0x261d/0x3000 [ 255.709192][ T1112] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 255.709206][ T1112] ? __switch_to+0xd74/0x1600 [ 255.709254][ T1112] ? trace_sched_exit_tp+0x38/0x120 [ 255.709269][ T1112] ? __schedule+0x1713/0x4d00 [ 255.709302][ T1112] ? preempt_schedule_common+0x83/0xd0 [ 255.709321][ T1112] ? __pfx___schedule+0x10/0x10 [ 255.709333][ T1112] ? bpf_trace_run4+0x322/0x4a0 [ 255.709357][ T1112] ? irqentry_exit+0x74/0x90 [ 255.709375][ T1112] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 255.709391][ T1112] do_writepages+0x32b/0x550 [ 255.709411][ T1112] ? preempt_schedule+0xae/0xc0 [ 255.709425][ T1112] ? __pfx_preempt_schedule+0x10/0x10 [ 255.709440][ T1112] ? rcu_is_watching+0x67/0xb0 [ 255.709456][ T1112] __writeback_single_inode+0x145/0xff0 [ 255.709480][ T1112] writeback_sb_inodes+0x6c7/0x1010 [ 255.709496][ T1112] ? lockdep_hardirqs_on+0x9c/0x150 [ 255.709516][ T1112] ? rcu_is_watching+0x15/0xb0 [ 255.709539][ T1112] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 255.709588][ T1112] ? rcu_is_watching+0x15/0xb0 [ 255.709606][ T1112] wb_writeback+0x43b/0xaf0 [ 255.709630][ T1112] ? queue_io+0x2e1/0x590 [ 255.709649][ T1112] ? __pfx_wb_writeback+0x10/0x10 [ 255.709673][ T1112] ? _raw_spin_unlock_irq+0x23/0x50 [ 255.709694][ T1112] wb_workfn+0x409/0xef0 [ 255.709720][ T1112] ? __pfx_wb_workfn+0x10/0x10 [ 255.709739][ T1112] ? __lock_acquire+0xab9/0xd20 [ 255.709764][ T1112] ? process_scheduled_works+0x9ef/0x17b0 [ 255.709786][ T1112] ? _raw_spin_unlock_irq+0x23/0x50 [ 255.709799][ T1112] ? process_scheduled_works+0x9ef/0x17b0 [ 255.709815][ T1112] ? process_scheduled_works+0x9ef/0x17b0 [ 255.709833][ T1112] process_scheduled_works+0xade/0x17b0 [ 255.709872][ T1112] ? __pfx_process_scheduled_works+0x10/0x10 [ 255.709921][ T1112] worker_thread+0x8a0/0xda0 [ 255.709985][ T1112] kthread+0x711/0x8a0 [ 255.710015][ T1112] ? __pfx_worker_thread+0x10/0x10 [ 255.710033][ T1112] ? __pfx_kthread+0x10/0x10 [ 255.710050][ T1112] ? _raw_spin_unlock_irq+0x23/0x50 [ 255.710063][ T1112] ? lockdep_hardirqs_on+0x9c/0x150 [ 255.710077][ T1112] ? __pfx_kthread+0x10/0x10 [ 255.710091][ T1112] ret_from_fork+0x3fc/0x770 [ 255.710110][ T1112] ? __pfx_ret_from_fork+0x10/0x10 [ 255.710131][ T1112] ? __switch_to_asm+0x39/0x70 [ 255.710142][ T1112] ? __switch_to_asm+0x33/0x70 [ 255.710153][ T1112] ? __pfx_kthread+0x10/0x10 [ 255.710168][ T1112] ret_from_fork_asm+0x1a/0x30 [ 255.710193][ T1112] [ 255.710198][ T1112] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 255.861956][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.110285][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.174543][ T5829] usb 4-1: Using ep0 maxpacket: 8 [ 256.182166][ T5829] usb 4-1: config 0 has no interfaces? [ 256.189974][ T5829] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 256.360377][ T5829] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 256.447592][ T5829] usb 4-1: config 0 descriptor?? [ 258.383529][ T7034] 9pnet_fd: Insufficient options for proto=fd [ 259.020313][ T48] usb 4-1: USB disconnect, device number 5 [ 260.126901][ T7052] vivid-000: disconnect [ 260.133749][ T7052] vivid-000: reconnect [ 262.495903][ T7061] Invalid ELF header type: 2 != 1 [ 262.606071][ T7061] loop0: detected capacity change from 0 to 256 [ 262.640191][ T7061] exfat: Deprecated parameter 'namecase' [ 262.655687][ T7061] exfat: Deprecated parameter 'utf8' [ 262.661207][ T7061] exfat: Bad value for 'allow_utime' [ 264.955427][ T7078] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.246'. [ 266.721575][ T7084] loop3: detected capacity change from 0 to 32768 [ 267.205878][ T7088] sctp: failed to load transform for md5: -2 [ 268.516998][ T7102] loop3: detected capacity change from 0 to 128 [ 268.904197][ T7102] EXT4-fs (loop3): Test dummy encryption mode enabled [ 269.086401][ T7102] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 269.450289][ T7123] loop4: detected capacity change from 0 to 1024 [ 270.623819][ T7102] ext4 filesystem being mounted at /47/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 270.723435][ T7123] hfsplus: bad catalog file entry [ 270.729621][ T7123] hfsplus: failed to load root directory [ 271.884898][ T5835] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 271.897385][ T7128] loop4: detected capacity change from 0 to 128 [ 274.840287][ T7143] ptrace attach of "./syz-executor exec"[5835] was attempted by " [ 276.552475][ T7147] loop4: detected capacity change from 0 to 512 [ 277.890202][ T7147] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 278.131191][ T7147] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 285.474085][ C0] sched: DL replenish lagged too much [ 286.019167][ T5839] EXT4-fs warning (device loop4): ext4_update_dynamic_rev:1128: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 286.124796][ T7179] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 286.904091][ T30] audit: type=1326 audit(1749714593.451:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7175 comm="syz.2.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa09138e929 code=0x7ffc0000 [ 286.967360][ T5839] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 287.254281][ T30] audit: type=1326 audit(1749714593.451:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7175 comm="syz.2.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa09138e929 code=0x7ffc0000 [ 287.307856][ T30] audit: type=1326 audit(1749714593.451:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7175 comm="syz.2.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa09138e929 code=0x7ffc0000 [ 287.326652][ T7187] netlink: 72 bytes leftover after parsing attributes in process `syz.2.282'. [ 288.211062][ T30] audit: type=1326 audit(1749714593.451:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7175 comm="syz.2.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa09138e929 code=0x7ffc0000 [ 288.330341][ T30] audit: type=1326 audit(1749714593.451:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7175 comm="syz.2.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa09138e929 code=0x7ffc0000 [ 288.415939][ T30] audit: type=1326 audit(1749714593.461:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7175 comm="syz.2.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7fa09138e929 code=0x7ffc0000 [ 288.600590][ T30] audit: type=1326 audit(1749714593.461:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7175 comm="syz.2.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa09138e929 code=0x7ffc0000 [ 289.057133][ T30] audit: type=1326 audit(1749714593.461:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7175 comm="syz.2.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa09138e929 code=0x7ffc0000 [ 290.271877][ T7201] ================================================================== [ 290.279967][ T7201] BUG: KASAN: slab-use-after-free in do_check+0xb388/0xe170 [ 290.287250][ T7201] Read of size 1 at addr ffff888022374079 by task syz.4.281/7201 [ 290.294955][ T7201] [ 290.297274][ T7201] CPU: 0 UID: 0 PID: 7201 Comm: syz.4.281 Not tainted 6.16.0-rc1-next-20250612-syzkaller #0 PREEMPT(full) [ 290.297290][ T7201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 290.297298][ T7201] Call Trace: [ 290.297304][ T7201] [ 290.297309][ T7201] dump_stack_lvl+0x189/0x250 [ 290.297323][ T7201] ? __virt_addr_valid+0x1c8/0x5c0 [ 290.297335][ T7201] ? rcu_is_watching+0x15/0xb0 [ 290.297345][ T7201] ? __kasan_check_byte+0x12/0x40 [ 290.297357][ T7201] ? __pfx_dump_stack_lvl+0x10/0x10 [ 290.297367][ T7201] ? rcu_is_watching+0x15/0xb0 [ 290.297378][ T7201] ? lock_release+0x4b/0x3e0 [ 290.297401][ T7201] ? __virt_addr_valid+0x1c8/0x5c0 [ 290.297413][ T7201] ? __virt_addr_valid+0x4a5/0x5c0 [ 290.297425][ T7201] print_report+0xd2/0x2b0 [ 290.297441][ T7201] ? do_check+0xb388/0xe170 [ 290.297455][ T7201] kasan_report+0x118/0x150 [ 290.297468][ T7201] ? do_check+0xb388/0xe170 [ 290.297485][ T7201] do_check+0xb388/0xe170 [ 290.297500][ T7201] ? stack_depot_save_flags+0x40/0x900 [ 290.297534][ T7201] ? __pfx_do_check+0x10/0x10 [ 290.297549][ T7201] ? __asan_memset+0x22/0x50 [ 290.297564][ T7201] ? init_func_state+0x1ddf/0x2d20 [ 290.297582][ T7201] do_check_common+0x168d/0x20b0 [ 290.297602][ T7201] bpf_check+0x1381e/0x19e50 [ 290.297624][ T7201] ? __lock_acquire+0xab9/0xd20 [ 290.297645][ T7201] ? is_bpf_text_address+0x26/0x2b0 [ 290.297663][ T7201] ? is_bpf_text_address+0x292/0x2b0 [ 290.297679][ T7201] ? is_bpf_text_address+0x26/0x2b0 [ 290.297698][ T7201] ? __kernel_text_address+0xd/0x40 [ 290.297713][ T7201] ? unwind_get_return_address+0x4d/0x90 [ 290.297730][ T7201] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 290.297745][ T7201] ? __pfx_bpf_check+0x10/0x10 [ 290.297760][ T7201] ? __lock_acquire+0xab9/0xd20 [ 290.297779][ T7201] ? __pfx___mutex_trylock_common+0x10/0x10 [ 290.297791][ T7201] ? css_rstat_updated+0x1a5/0xca0 [ 290.297813][ T7201] ? __lock_acquire+0xab9/0xd20 [ 290.297831][ T7201] ? ktime_get_with_offset+0x8c/0x2a0 [ 290.297846][ T7201] ? seqcount_lockdep_reader_access+0x123/0x1c0 [ 290.297859][ T7201] ? lockdep_hardirqs_on+0x9c/0x150 [ 290.297875][ T7201] ? ktime_get_with_offset+0x8c/0x2a0 [ 290.297890][ T7201] ? seqcount_lockdep_reader_access+0x175/0x1c0 [ 290.297903][ T7201] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 290.297920][ T7201] ? bpf_obj_name_cpy+0x194/0x1e0 [ 290.297930][ T7201] ? bpf_lsm_bpf_prog_load+0x9/0x20 [ 290.297941][ T7201] ? security_bpf_prog_load+0x7f/0x310 [ 290.297956][ T7201] bpf_prog_load+0x1318/0x1930 [ 290.297975][ T7201] ? __pfx_bpf_prog_load+0x10/0x10 [ 290.297997][ T7201] ? bpf_lsm_bpf+0x9/0x20 [ 290.298006][ T7201] ? security_bpf+0x7e/0x300 [ 290.298020][ T7201] __sys_bpf+0x5f1/0x860 [ 290.298036][ T7201] ? __pfx___sys_bpf+0x10/0x10 [ 290.298055][ T7201] ? rcu_is_watching+0x15/0xb0 [ 290.298068][ T7201] __x64_sys_bpf+0x7c/0x90 [ 290.298082][ T7201] do_syscall_64+0xfa/0x3b0 [ 290.298097][ T7201] ? lockdep_hardirqs_on+0x9c/0x150 [ 290.298112][ T7201] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 290.298124][ T7201] ? clear_bhb_loop+0x60/0xb0 [ 290.298137][ T7201] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 290.298149][ T7201] RIP: 0033:0x7f9092f8e929 [ 290.298161][ T7201] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 290.298172][ T7201] RSP: 002b:00007f9093d5f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 290.298186][ T7201] RAX: ffffffffffffffda RBX: 00007f90931b6160 RCX: 00007f9092f8e929 [ 290.298195][ T7201] RDX: 0000000000000094 RSI: 0000200000000a40 RDI: 0000000000000005 [ 290.298203][ T7201] RBP: 00007f9093010b39 R08: 0000000000000000 R09: 0000000000000000 [ 290.298210][ T7201] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 290.298217][ T7201] R13: 0000000000000000 R14: 00007f90931b6160 R15: 00007fff3f9ffb28 [ 290.298230][ T7201] [ 290.298235][ T7201] [ 290.675597][ T7201] Allocated by task 7201: [ 290.679912][ T7201] kasan_save_track+0x3e/0x80 [ 290.684585][ T7201] __kasan_kmalloc+0x93/0xb0 [ 290.689158][ T7201] __kmalloc_cache_noprof+0x230/0x3d0 [ 290.694515][ T7201] do_check_common+0x13f/0x20b0 [ 290.699357][ T7201] bpf_check+0x1381e/0x19e50 [ 290.703936][ T7201] bpf_prog_load+0x1318/0x1930 [ 290.708693][ T7201] __sys_bpf+0x5f1/0x860 [ 290.712923][ T7201] __x64_sys_bpf+0x7c/0x90 [ 290.717325][ T7201] do_syscall_64+0xfa/0x3b0 [ 290.721818][ T7201] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 290.727697][ T7201] [ 290.730008][ T7201] Freed by task 7201: [ 290.733970][ T7201] kasan_save_track+0x3e/0x80 [ 290.738636][ T7201] kasan_save_free_info+0x46/0x50 [ 290.743648][ T7201] __kasan_slab_free+0x62/0x70 [ 290.748394][ T7201] kfree+0x18e/0x440 [ 290.752290][ T7201] push_stack+0x247/0x3c0 [ 290.756601][ T7201] check_cond_jmp_op+0x1069/0x2340 [ 290.761835][ T7201] do_check+0x672c/0xe170 [ 290.766153][ T7201] do_check_common+0x168d/0x20b0 [ 290.771077][ T7201] bpf_check+0x1381e/0x19e50 [ 290.775686][ T7201] bpf_prog_load+0x1318/0x1930 [ 290.780440][ T7201] __sys_bpf+0x5f1/0x860 [ 290.784671][ T7201] __x64_sys_bpf+0x7c/0x90 [ 290.789077][ T7201] do_syscall_64+0xfa/0x3b0 [ 290.793580][ T7201] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 290.799474][ T7201] [ 290.801795][ T7201] The buggy address belongs to the object at ffff888022374000 [ 290.801795][ T7201] which belongs to the cache kmalloc-192 of size 192 [ 290.815840][ T7201] The buggy address is located 121 bytes inside of [ 290.815840][ T7201] freed 192-byte region [ffff888022374000, ffff8880223740c0) [ 290.829626][ T7201] [ 290.831939][ T7201] The buggy address belongs to the physical page: [ 290.838332][ T7201] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x22374 [ 290.847082][ T7201] anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 290.854615][ T7201] page_type: f5(slab) [ 290.858586][ T7201] raw: 00fff00000000000 ffff88801a4413c0 0000000000000000 dead000000000001 [ 290.867156][ T7201] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 290.875723][ T7201] page dumped because: kasan: bad access detected [ 290.882122][ T7201] page_owner tracks the page as allocated [ 290.887825][ T7201] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 6405, tgid 6402 (syz.4.109), ts 169638104676, free_ts 165945666557 [ 290.907260][ T7201] post_alloc_hook+0x240/0x2a0 [ 290.912015][ T7201] get_page_from_freelist+0x21e4/0x22c0 [ 290.917547][ T7201] __alloc_frozen_pages_noprof+0x181/0x370 [ 290.923343][ T7201] allocate_slab+0x65/0x3b0 [ 290.927918][ T7201] ___slab_alloc+0xbfc/0x1480 [ 290.932583][ T7201] __kmalloc_node_noprof+0x2fd/0x4e0 [ 290.937849][ T7201] alloc_slab_obj_exts+0x39/0xa0 [ 290.942781][ T7201] __memcg_slab_post_alloc_hook+0x31e/0x7f0 [ 290.948663][ T7201] kmem_cache_alloc_noprof+0x2bf/0x3c0 [ 290.954131][ T7201] alloc_buffer_head+0x2a/0x270 [ 290.959015][ T7201] folio_alloc_buffers+0x32d/0x640 [ 290.964133][ T7201] create_empty_buffers+0x3a/0x530 [ 290.969244][ T7201] ext4_block_write_begin+0x480/0x14b0 [ 290.974691][ T7201] ext4_da_write_begin+0x889/0xd20 [ 290.979794][ T7201] generic_perform_write+0x2c7/0x910 [ 290.985070][ T7201] ext4_buffered_write_iter+0xce/0x3a0 [ 290.990521][ T7201] page last free pid 15 tgid 15 stack trace: [ 290.996483][ T7201] __free_frozen_pages+0xc71/0xe70 [ 291.001581][ T7201] __tlb_remove_table+0x2d2/0x3b0 [ 291.006595][ T7201] tlb_remove_table_rcu+0x85/0x100 [ 291.011698][ T7201] rcu_core+0xca8/0x1710 [ 291.015931][ T7201] handle_softirqs+0x283/0x870 [ 291.020690][ T7201] run_ksoftirqd+0x9b/0x100 [ 291.025180][ T7201] smpboot_thread_fn+0x542/0xa60 [ 291.030110][ T7201] kthread+0x711/0x8a0 [ 291.034165][ T7201] ret_from_fork+0x3fc/0x770 [ 291.038746][ T7201] ret_from_fork_asm+0x1a/0x30 [ 291.043497][ T7201] [ 291.045805][ T7201] Memory state around the buggy address: [ 291.051423][ T7201] ffff888022373f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 291.059484][ T7201] ffff888022373f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 291.067551][ T7201] >ffff888022374000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 291.075599][ T7201] ^ [ 291.083569][ T7201] ffff888022374080: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 291.091626][ T7201] ffff888022374100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 291.099674][ T7201] ================================================================== [ 291.131427][ T7201] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 291.138663][ T7201] CPU: 1 UID: 0 PID: 7201 Comm: syz.4.281 Not tainted 6.16.0-rc1-next-20250612-syzkaller #0 PREEMPT(full) [ 291.150052][ T7201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 291.160123][ T7201] Call Trace: [ 291.163437][ T7201] [ 291.166401][ T7201] dump_stack_lvl+0x99/0x250 [ 291.171009][ T7201] ? __asan_memcpy+0x40/0x70 [ 291.175624][ T7201] ? __pfx_dump_stack_lvl+0x10/0x10 [ 291.180833][ T7201] ? __pfx__printk+0x10/0x10 [ 291.185446][ T7201] panic+0x2db/0x790 [ 291.189371][ T7201] ? __pfx_panic+0x10/0x10 [ 291.193823][ T7201] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 291.199737][ T7201] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 291.206086][ T7201] ? print_memory_metadata+0x314/0x400 [ 291.211576][ T7201] ? do_check+0xb388/0xe170 [ 291.216106][ T7201] check_panic_on_warn+0x89/0xb0 [ 291.221066][ T7201] ? do_check+0xb388/0xe170 [ 291.225594][ T7201] end_report+0x78/0x160 [ 291.229853][ T7201] kasan_report+0x129/0x150 [ 291.234373][ T7201] ? do_check+0xb388/0xe170 [ 291.238912][ T7201] do_check+0xb388/0xe170 [ 291.243265][ T7201] ? stack_depot_save_flags+0x40/0x900 [ 291.248783][ T7201] ? __pfx_do_check+0x10/0x10 [ 291.253484][ T7201] ? __asan_memset+0x22/0x50 [ 291.258101][ T7201] ? init_func_state+0x1ddf/0x2d20 [ 291.263239][ T7201] do_check_common+0x168d/0x20b0 [ 291.268211][ T7201] bpf_check+0x1381e/0x19e50 [ 291.272839][ T7201] ? __lock_acquire+0xab9/0xd20 [ 291.277728][ T7201] ? is_bpf_text_address+0x26/0x2b0 [ 291.282958][ T7201] ? is_bpf_text_address+0x292/0x2b0 [ 291.288269][ T7201] ? is_bpf_text_address+0x26/0x2b0 [ 291.293501][ T7201] ? __kernel_text_address+0xd/0x40 [ 291.298724][ T7201] ? unwind_get_return_address+0x4d/0x90 [ 291.304389][ T7201] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 291.310567][ T7201] ? __pfx_bpf_check+0x10/0x10 [ 291.315353][ T7201] ? __lock_acquire+0xab9/0xd20 [ 291.320246][ T7201] ? __pfx___mutex_trylock_common+0x10/0x10 [ 291.326160][ T7201] ? css_rstat_updated+0x1a5/0xca0 [ 291.331313][ T7201] ? __lock_acquire+0xab9/0xd20 [ 291.336194][ T7201] ? ktime_get_with_offset+0x8c/0x2a0 [ 291.341589][ T7201] ? seqcount_lockdep_reader_access+0x123/0x1c0 [ 291.347852][ T7201] ? lockdep_hardirqs_on+0x9c/0x150 [ 291.353082][ T7201] ? ktime_get_with_offset+0x8c/0x2a0 [ 291.358469][ T7201] ? seqcount_lockdep_reader_access+0x175/0x1c0 [ 291.364725][ T7201] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 291.371341][ T7201] ? bpf_obj_name_cpy+0x194/0x1e0 [ 291.376399][ T7201] ? bpf_lsm_bpf_prog_load+0x9/0x20 [ 291.381617][ T7201] ? security_bpf_prog_load+0x7f/0x310 [ 291.387099][ T7201] bpf_prog_load+0x1318/0x1930 [ 291.391896][ T7201] ? __pfx_bpf_prog_load+0x10/0x10 [ 291.397042][ T7201] ? bpf_lsm_bpf+0x9/0x20 [ 291.401394][ T7201] ? security_bpf+0x7e/0x300 [ 291.406005][ T7201] __sys_bpf+0x5f1/0x860 [ 291.410276][ T7201] ? __pfx___sys_bpf+0x10/0x10 [ 291.415075][ T7201] ? rcu_is_watching+0x15/0xb0 [ 291.419858][ T7201] __x64_sys_bpf+0x7c/0x90 [ 291.424307][ T7201] do_syscall_64+0xfa/0x3b0 [ 291.428835][ T7201] ? lockdep_hardirqs_on+0x9c/0x150 [ 291.434052][ T7201] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 291.440133][ T7201] ? clear_bhb_loop+0x60/0xb0 [ 291.444829][ T7201] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 291.450740][ T7201] RIP: 0033:0x7f9092f8e929 [ 291.455175][ T7201] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 291.474795][ T7201] RSP: 002b:00007f9093d5f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 291.483227][ T7201] RAX: ffffffffffffffda RBX: 00007f90931b6160 RCX: 00007f9092f8e929 [ 291.491217][ T7201] RDX: 0000000000000094 RSI: 0000200000000a40 RDI: 0000000000000005 [ 291.499202][ T7201] RBP: 00007f9093010b39 R08: 0000000000000000 R09: 0000000000000000 [ 291.507184][ T7201] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 291.515170][ T7201] R13: 0000000000000000 R14: 00007f90931b6160 R15: 00007fff3f9ffb28 [ 291.523165][ T7201] [ 291.526349][ T7201] Kernel Offset: disabled [ 291.530675][ T7201] Rebooting in 86400 seconds..