last executing test programs: 12.821258446s ago: executing program 0: r0 = socket$unix(0x1, 0x1, 0x0) r1 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCMGET(r1, 0x5451, 0x0) ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8903, &(0x7f0000000080)={'batadv0\x00'}) bind$unix(0xffffffffffffffff, &(0x7f00000000c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r0, 0x0) openat$thread_pidfd(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = mq_open(&(0x7f0000000140)='@^}\x00', 0x40, 0x0, 0x0) ioctl$F2FS_IOC_START_ATOMIC_WRITE(r2, 0x5450, 0x0) 12.636173996s ago: executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f00000016c0)={0x2, 0x400, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10) openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000480)=@req={0x7ff, 0x7, 0x4, 0xff}, 0x10) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001439) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, 0x0) ioctl$TUNSETOFFLOAD(r2, 0x4004743d, 0x2000000b) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) close(r1) sendmmsg$inet(r0, &(0x7f0000000540)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)}], 0x1}}, {{0x0, 0x0, &(0x7f0000000440)}}], 0x2, 0x2004000) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x41, 0x0, 0x0) 10.130533453s ago: executing program 1: mlockall(0x1) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) r0 = gettid() timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, 0x0, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) write$binfmt_script(r2, &(0x7f0000000340), 0xffffff46) dup3(r2, r1, 0x0) sendmsg$netlink(r1, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000001340)=ANY=[], 0x10}], 0x1}, 0x0) timer_settime(0x0, 0x0, 0x0, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000001300)={&(0x7f0000000280)=@in6={0xa, 0x0, 0x0, @local}, 0x80, 0x0, 0xfffffc5a}, 0x0) rt_sigreturn() timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000100)={'ipvlan0\x00', 0x2}) preadv2(r4, 0x0, 0x0, 0x0, 0x0, 0x0) close(r4) eventfd2(0x0, 0x0) dup(0xffffffffffffffff) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) rt_sigreturn() poll(0x0, 0x0, 0x64) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) rt_sigreturn() mlockall(0x1) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) 8.790240363s ago: executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) geteuid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_wireguard(r4, 0x8933, &(0x7f0000001880)={'wg1\x00', 0x0}) r6 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000fc0), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000280)={0x40, r6, 0xa29, 0x0, 0x0, {}, [@WGDEVICE_A_IFINDEX={0x8, 0x1, r5}, @WGDEVICE_A_PRIVATE_KEY={0x24}]}, 0x40}}, 0x0) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x40, r6, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @a}, @WGDEVICE_A_IFINDEX={0x8, 0x1, r5}]}, 0x40}}, 0x0) removexattr(0x0, 0x0) 6.168858397s ago: executing program 1: ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @remote}}}}) r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000380)=ANY=[], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000001000)={0x84, &(0x7f00000002c0)=ANY=[@ANYBLOB="000001000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 4.422330339s ago: executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) getpid() sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[], 0x7c}}, 0x0) openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000100), 0x24d00, 0x0) r2 = socket(0x0, 0x2, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000100)) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) r5 = dup3(r4, r3, 0x0) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r6, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000000000)={0x73622a85, 0xa}) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000280), 0x1, 0x1000000, &(0x7f00000006c0)='U'}) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000480)={0x44, 0x0, &(0x7f0000000580)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000000080)={"db9d3f230249eb22b0099c9f05550615", 0x0, 0x0, {0x80000000000001}, {0x2, 0x20}, 0x0, [0x0, 0x0, 0x0, 0x0, 0xfffffffffffeffff, 0x40000000020, 0x9, 0x232, 0x2, 0x0, 0x2000, 0x0, 0x9, 0x0, 0xfffffffffffffffd, 0xfffffffffffffff7]}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'bridge0\x00'}) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000fc0), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000640)={0x40, r7, 0xa29, 0x0, 0x0, {}, [@WGDEVICE_A_IFINDEX={0x8}, @WGDEVICE_A_PRIVATE_KEY={0x24}]}, 0x40}}, 0x20008004) sendmsg$nl_xfrm(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000440)=ANY=[@ANYBLOB="40010000170001000000000000000000ac1e00010000000000000000000000000000000000000000fe8800000000000000000000000000010a010100000000000000000000000000ff01000000000000000000000000000100"/104, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff010000000000000000000000000001e000000100000000000000000000000000000000000000000200", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fdffffff0000000000000000000000000000000000000000000000000000000000000c00150000000000000000000c0008"], 0x140}}, 0x0) 4.347184365s ago: executing program 2: ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8912, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x4010744d, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000000c0)='jbd2_handle_stats\x00', r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r1, &(0x7f0000000180), 0x2000) 4.310262921s ago: executing program 0: syz_mount_image$jfs(&(0x7f0000005dc0), &(0x7f0000005e00)='./file0\x00', 0x0, &(0x7f0000000080)={[{@iocharset={'iocharset', 0x3d, 'iso8859-2'}}, {}, {@uid}, {}, {@noquota}, {@quota}, {@uid}]}, 0x1, 0x5ed3, &(0x7f0000011c00)="$eJzs3UuPFNfZB/CnL9Nz4TWMLL2WhbIYY+dCMDBcDLnb3iRSVpEiNlmBxmMLBScRkCi2UBhrFvkGUbJIlOyzyifIHj6EF1kGCZKNV6moZs6BmqKHHgLT1TPn95OGqqdOVfcp/l3T3dNVfQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAiB9+/8fnehFx9VdpwXLE/8Ugoh+xWNcrEbG4spzXH0bE67HVHK/Vq89H1Ntv/XMs4mJE3D8a8fDRnbV68fk99uPfR/7/2D//+oPTv//b7+6d/OOpt9vtf1r/x72f3E33BQAAADyXqqqqXnqbfzy9v+933SkAYCry83+V5OVqtVqtVqsPX91UjXe3WUTERnOb+jXD3XE3BgDMro34ousu0CH5F20YEUe67gQw05x3fzg9fHRnrZfy7TWfD1a22/O5IDvy3+g9vr5jt+kk7XNMpvX42oxBvLpLfxan1IdZkvPvt/O/ut0+Suvtd/7Tslv+o+1Ln4qT8x+08285PPn3x+Zfqpz/8LnyH8gfAAAAAABmWP77/3LHn//Ov/iu7MmzPv9dmVIfAAAAAAAAAOBle9Hx/x4z/h8AAADMrPq9eu3PR58s2+09dr38Si/ildb6QGHSxTJLXfcDAAAAAAAAAAAAAEoy3D6H90ovYi4iXllaqqqq/mlq18/rRbc/6ErffyhZ17/kAQBg2/2jrWv5exELEXElfdff3NLSUlUtLC5VS9XifH49O5pfqBYb72vztF42P9rDC+LhqKpvbKGxXdOk98uT2tu3V9/XqBrsoWPT0WHgABAR289GDz0jHTJVdSy6fpXDweD4P3wc/+xF149TAAAAYP9VVVX10td5H0+f+fe77hQAMBX5+b/9uYBarVar1erDVzdV491tFhGx0dymfs1wd9yNAQCzayO+6LoLdEj+RRtGxOtddwKYab2uO8C+ePjozlov5dtrPh+k8d3zuSA78t/obW2Xtx83naR9jsm0Hl+bMYhXd+nPa1PqwyzJ+ffb+V/dbh+l9fY7/2nZLf96P5c76E/Xcv6Ddv4thyf//tj8S5XzHz5X/gP5AwAAAADADMt//1/2+W/eZQAAAAAAAAA4cB4+urOWr3vNn/9/acx6rv88nHL+PfkXKeffb+X/tdZ6g8b8g/ef5P+vR3fWfvSHz4/n6V7zn88zvfTI6qVHRC/dU2+Ypi+yd0/bnBuM6nua6/UHw3TOTzX3YVyPG7EeqzvW7af/jyft53a01z2d29F+fkf78Kn2Czva59L3DlSLuf1MrMXP40Z8sNVet81P2P+FCe3VhPac/8DxX6Sc/7DxU+e/lNp7rWntwWf9p4775nTc/bz323v3V/d/dybajMHjfWuq9+9EB/3Z+j85Mopf3lq/eebX127fvnku0mTH0vORJi9Zzn8u/Tz+/f/mdnv+vd88Xh98Nnru/GfFZgx3zf/Nxny9vyen3Lcu5PxH6Sfn/0FqH3/8H+T8dz/+T3XQHwAAAAAAAAAAAAAAAHiWqqq2LhF9LyIupet/uro2EwCYrvz8XyV5uVqtVqvV6sNXN1XjvdssIuLvzW3q1wy/GXdjAMAs+09EfN51J+iM/AuWv++vnr7VdWeAqbr1yac/vXbjxvrNW133BAAAAAAAAAD4X+XxP1ca4z+/FRHLrfV2jP/6fqy86PifwzzzeIDRlzzQ9y42+6NBvzHc+Bvx7PG/T8Szx/8eTri/uQntownt8xPaFya0j73QoyHn/0ZjvPM6/+Ot4ddLGP+1PeZ9CXL+JxqP5zr/r7bWa+Zf/eUg59/fkf/Z2x//4uytTz49ff3jax+tf7T+s4urq5cuXH5n9fLq2Q+v31hP/3bY4/2V889jXzsPtCw5/5y5/MuS8/9yquVflpz/V1It/7Lk/PPrPfmXJeef3/vIvyw5/5Opln9Zcv5fT7X8y5LzP5Vq+Zcl5/92quVflpz/6VTLvyw5/zOpln9Zcv5nUy3/suT88ydc8i9Lzj+f2SD/suT8z6da/mXJ+V9ItfzLkvO/mGr5lyXn/06q5V+WnP+lVMu/LDn/y6mWf1ly/t9ItfzLkvP/ZqrlX5ac/7dSLf+y5Py/neqJ+S9Op19MR87/O6l2/Jcl5//dVMu/LDn/76Va/mXJ+b+bavmX5cn3/5sxY8ZMnun6NxMAAAAAAAAAAAAA0DaN04m73kcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/7IDBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWFHTgQAAAAAADyf22EqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqKuzda4xc5X0G8LM3e20S2CZAXEJgbRwwsLDrO07rYC5pKIQ2TSBt04vj2mvj4Fu9drgICUekBamoRWo+kA9NSIpUvlRBSVRRNY0cqVUiJVL4lFZqS6ggFUpD66T9kFQhW82c9313Zjy7sz6za2bO+f0k/PfOnJl5Z+ad2X3WPLsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI3W3jb9+ECWZbX/6n+MZdlban9fNT5W+3D9e97sFQIAAADdeqP+55mL0gm7FnGhhmO+ccV3vjI7OzubvfT9a9/x6dnZdMZ4lo2tzLL6edFrd//d+sZjgsey0YHBho8HO9z8UIfzhzucP9Lh/BUdzl/Z4fzRDufPdrqCbFX+/Zj6la2v/3Usf0izi7OR+nnr21zqsYGVg4Pxezl1A/XLzI7szw5mh7LpbKrp+PzYgfrxX11bu607snhbgw23dXlth/zokb1xDQPhMV7fdFtz1xm9fks2/uMfPbL3g595+bJ2s9Oj0Hx9+To3rKut81PhlHytA9nK9JjEdQ42rPPyNs/JUNM6B+qXq/29dZ1nFrnOobllnletz/loNlj/+4v1x2m48dt66XG6PJz2k6uyLDs1t+zWY866rWwwW910yuDc8zOa78jaddS20tuy4XPap2sXsU9rc9/65n3a+pqIz//acLnhedbQ+DS9/skVZz3v57pPo9q9nu+10roHl/q10it7MO6LF+t3+om2e3B9uP+PXD3/Hmy7d9rswXS/G/bguk57cHDFUH3N6UkYqF9mbg9ubDp+qH5LA/X52tUL78HJE4ePTc489PANBw/vOTB9YPrIlqmpbZu3b53aPjW5/+Ch6fBnwUe7963OBtNrYF147OJr4JqWYxu36uznl+51OLrA63Cs5dilfh0Ot965gfPzgjx7T+evjXtqD/rok4PZPK+x+vNzXfevw3S/G16Hww2vw7afU9q8DocX8TqsHXPsusV9zTLc8F+7NSzX54Kxhj3Y+vVI6x5c6q9HemUPjoZ98a/Xzf+54PKw3icmzvXrkaGz9mC6u+G9p3ZK+np/9Kb6aLcvL6udccGK7OTM9PEbH9xz4sTxjVkY58XbG/ZK635d3XCfsrP26+A579ddj3/r25e1OX0sPFajN9T+GJ33uaods+XGhZ+r+me39o9n06mbsjCW2Pl+PNt9Nq89nilLLvB41o751GT3X4unWNnw/jsyz/tvzP0/r9/O+nRVjw2NDOev36H06Iw0vR83P1XD9feugfptn5lc3PvxSPjvfL8fX7zA+/GalmOX+v14pPXOxffjgU7f7ehO6/M5GvbJoamF349rx6zZdK57cnjB9+OrwhwIj/+1ISmkXNSwd+bbt+m2hodHwv0ajrfQvE83Nx0/ErJZ7bae21Rsn264Kr+uoXTv5pyvfTrecuxS79P0fjXfPh3o9N23Ylqfz9GwLy7evPA+rR1zekv3752r4l8b3jtXdNqDI0MramseSZswf7+fXRX34I3Z3uxodijbVz93RX0/DdRva2Lr4vbgivDf+X6vXLPAHtzQcuxS78H0eWy+vTcwfPadXwKtz+do2BdPb114D9aOuX370n7tuiGcko5p+Nq19ftr833P67KWh2k5v+dVW+c/bF/4e7O1Yw7ddK45c+HH6fpwygVtHqfW1+98r6l92fl5nNaEdf7wpvkfp9p6asd8esci99OuLMu+fNeu+vd7w7+vfOnkd7/S9O8uu/LzXtgxd11nfdXR7t99vnzXrtP/fOdPz+U+AtDbfl7/c/3q/HNdw79MLebf/wEAAIC+EHP/YJiJ/A8AAAClEXN//L/CE/kfAAAASiPm/uEwk4rk/yf+7ZL7f/Zolpr5s0E8Pz4Mx17Jj4sd12fCx+Ozc2qn3/rsP37ro48u7rYHsyz72Z3/0vb4J16J68o9FdY5/r3m08+y5nuLuv2P3Tt3XGMHcCxcf7w/rdvgq//9Sv1y4zvyefrO0/X5oVNPPFY7/8yO/OPYnXztf/Lj/iKUeXft/3rT5Te8lN/e+pcWvl/xcl/8wKq73vmRuduLlxtYd2H9bjz93vx648+9eeq2/Pgz4bj51v/3f/LcF2vHP/ju9ut/dLD9+l8L1/tqmD99Iz+98TGtfRwv90dh/fH24uVu/MLX2q7/+ffnxz8fnpdnwmxd/y1/9q43Gh+vuP54O7tezi8Xb3/qb/6jfrl4ffH6W9c/evMrTY9H6/Wf/lJ+PTs/8b9DjcfH0+PtpH33cvPzXLuexv0WPffHp5se5+zf88v9bcv64/Ude7n9+q9vWeexjavrl5+vMv7Z6Vfb3t+4nl1//WLT/Xn+B+Hxu/Xu+vWO/iTsx3D+/z2VX1/rT0t48QfN7yfx+GfG8tdlvL7JlvU/1bL+U1fWHrvO67/jx/n6n7/5G83Px3/m69j1ej47rf/A577TdPnPfzd/Po4/MHHk6MzJg7FDPRZ+9s+x7+fXt3J01eoL3vLWCy8K75WtH+8+euK+6ePjU+NTWTbehz8Sb7nX/4Uw/ysfp5b6+h/JsuyBhs9r170v33/ZFWf+9Mo7nr0vHvdPt+enP3lX/nnrmnDcU+H0U+H5jtfz2c/knw+7XX+8nflmWu8infzm49sWdWC4/0+vvbT+Khs4nZ/c+n5VVHydv3xJ8+v+pXvy+UJ4XGfDT2Zed+k368e13n782QhPfjh/fcev5OLlu13/X4Xn++5X8+uP15vWG76O+dqa5vfH+Py88GjLTxoYy3+Kx6nw/pGdys+PR8WvqZ48c+m5LHNeMw/NTB46eOTkg5MnpmdOTM489PDuw0dPHjmxu/6zOXd/vNPl517fq+uv733T27Zk9Vf70Xwsszd7/cfu3btv+9TV+6b37zm5/8S9x6aPH9g7M7N3et/M1Xv2759+oNPlD+7buXHTjs3bN00cOLhv5007dmzeMXHwyNHaMvJFdbBt6v6JI8d31y8ys3PLjo1bt26Zmjh8dN/0zu1TUxMnO12+/rlponbpT0wcnz6058TBw9MTMwcfnt65cce2bZs6/nS/w8f2z4xPHj95ZPLkzPTxyfy+jJ+on1z73Nfp8lAz87lVbT9PDYSv3jdevy39fNaaZz8571Xlh7T8ANEfhp9F8+2//POti/k45v6RMJOK5H8AAACogpj7V4SZyP8AAABQGjH3rwwzkf8BAACgNGLuHw0zqUj+1//X/69a/39E/1//Pz4f+v9LQv9f/78I/X/9/35Yv/6//j/d67X+f8z9q7KskvkfAAAAqiDm/tVhJvI/AAAAlEbM/ReEmcj/AAAAUBox978lzKQi+V//vz/7/0PhMdf/9/v/9f87r1//f3np/+v/F6H/r//fD+vX/9f/p3u91v+Puf+tYSYVyf8AAABQBTH3XxhmIv8DAABAacTcf1GYifwPAAAApRFz/1iYSUXyv/5/f/b//f5//X/9f/3/XqH/r/9fhP6//n8/rF//X/+f7vVa/z/m/l8IM6lI/gcAAIAqiLn/bWEm8j8AAACURsz9bw8zkf8BAACgNGLuvzjMpCL5X/9f/1//X/8/0v/X/y9C/1//vwj9f/3/fli//r/+P93rtf5/zP2XhJlUJP8DAABAFcTcf2mYifwPAAAApRFz/zvCTOR/AAAAKI2Y+9eEmVQk/+v/6//r/+v/R/r/+v9F6P/r/xeh/6//3w/r1//X/6d7vdb/j7n/F8NMKpL/AQAAoApi7r8szET+BwAAgNKIuf+dYSbyPwAAAJRGzP2Xh5lUJP/r/+v/6//r/0f6//r/Rej/6/8Xof+v/98P69f/1/+ne73W/4+5/11hJhXJ/wAAAFAFMfdfEWYyf/7/+vKvCgAAAFhKMfdfGWbi3/8BAACgNGLuHw8zqUj+1//X/++5/v+4/r/+v/5/P9H/1/8vQv9f/78f1q//r/9P93qt/x9z/9owk4rkfwAAAKiCmPvXhZnI/wAAAFAaMfdfFWYi/wMAAEBpxNy/PsykIvlf/1//v+f6/37/v/6//n9f0f/X/y9C/1//vx/Wr/+v/0/3eq3/H3P/u8NMKpL/AQAAoApi7r86zET+BwAAgNKIuf+aMBP5HwAAAEoj5v4NYSYVyf/6//r/+v/6/5H+v/5/Efr/+v9F6P/r//fD+vX/9f/pXq/1/2PuvzbMpCL5HwAAAKog5v7rwkzkfwAAACiNmPuvDzOR/wEAAKA0Yu6fCDOpSP7X/y95//+N2dlZ/X/9f/1//f9lpP+v/1+E/r/+fz+sX/9f/5/u9Vr/P+b+G8JMKpL/AQAAoApi7r8xzET+BwAAgNKIuX8yzET+BwAAgNKIuX8qzKQi+V//v7/7/1nm9//r/+v/d1q//v/y0v/X/y9C/1//vx/Wr/+v/0/3eq3/H3P/xjCTiuR/AAAAqIKY+zeFmcj/AAAAUBox928OM5H/AQAAoDRi7t8SZlKR/K//39/9/46//1//X/9f/1//f5np/+v/F6H/r//fD+vX/9f/p3u91v+PuX9rmElF8j8AAABUQcz928JM5H8AAAAojZj7t4eZyP8AAABQGjH33xRmUpH8r/+v/6//r/8f6f/r/xeh/6//X4T+v/5/P6xf/1//n+71Wv8/5v4dYSYVyf8AAABQBTH3vyfMRP4HAACA0oi5/5fCTOR/AAAAKI2Y+385zKQi+V//X/9f/3+x/f9TZ12//v957f+vzPT/e5L+v/5/Efr/+v/9sH79f/1/utdr/f+Y+3eGmVQk/wMAAEAVxNz/3jAT+R8AAABKI+b+m8NM5H8AAAAojZj7d4WZVCT/6//r/+v/+/3/UY/3//3+/x6l/6//X4T+v/5/P6xf/1//n+71Wv8/5v5bwkwqkv8BAACgCmLuvzXMRP4HAACA0oi5/7YwE/kfAAAASiPm/tvDTCqS//X/9f/1//X/I/1//f8i9P/1/4vQ/9f/74f1H1uR6f/r/9OlXuv/x9z/vjCTiuR/AAAAqIKY+38lzET+BwAAgNKIuf/9YSbyPwAAAJRGzP13hJlUJP/r/y9t/3+V/r/+v/6//r/+/5LS/9f/z/T/C3uz+/P9vn6//1//n+71Wv8/5v5fDTOpSP4HAACAKoi5/84wE/kfAAAASiPm/rvCTOR/AAAAKI2Y+z8QZlKR/K//7/f/6//r/0f6/73Q/181z7PTu/T/9f+L0P/X/++H9ev/6//TvV7r/8fcf3eYSUXyPwAAAFRBzP2/FmYi/wMAAEBpxNz/62Em8j8AAACURsz9HwwzqUj+1//X/9f/1/+P9P97of8/z5PTw/T/9f+L0P/X/++H9ev/6//TvV7r/8fc/xthJhXJ/wAAAFAFMfd/KMxE/gcAAIDSiLn/w2Em8j8AAACURsz994SZVCT/6//r/+v/6/9H+v/6/0Xo/+v/F1GW/n98w9X/Xx5v9vr1//X/6V6v9f9j7r83zKQi+R8AAACqIOb+j4SZyP8AAABQGjH3/2aYifwPAAAApRFz/2+FmVQk/+v/6//r/+v/R/r/+v9F6P/r/xdRlv6/3/+/vN7s9ev/6//TvV7r/8fc/9thJhXJ/wAAAFAFMfd/NMxE/gcAAIDSiLn/d8JM5H8AAAAojZj7fzfMpCL5X/9f/1//X/8/0v/X/y9C/1//vwj9f/3/fli//r/+P93rtf5/zP2/F2ZSkfwPAAAAVRBz/++Hmcj/AAAAUBox9+8OM5H/AQAAoDRi7v9YmElF8r/+v/6//r/+f6T/r/9fhP6//n8R+v/6//2wfv1//X+612v9/5j794SZVCT/AwAAQBXE3P8HYSbyPwAAAJRGzP17w0zkfwAAACiNmPv3hZlUJP/r/+v/6//r/0f6//r/Rej/6/8Xof+v/98P669S/7/1c3Wm/88S6bX+f8z902EmFcn/AAAAUAUx9+8PM5H/AQAAoDRi7j8QZiL/AwAAQGnE3H9fmElF8r/+v/6//r/+f6T/r/9fhP6//n8R+v/6//2w/ir1/9vR/2cp9Fr/P+b+g2EmFcn/AAAAUAUx9388zET+BwAAgNKIuf/+MBP5HwAAAEoj5v5DYSYVyf/6//r/+v/6/5H+v/5/Efr/+v9F6P/r//fD+vX/9f/pXq/1/2PuPxxmUpH8DwAAAFUQc/+RMBP5HwAAAEoj5v6jYSbyPwAAAJRGzP3Hwkwqkv/1//X/W/v/A/r/+v8tp+v/5/T/29P/1/8vQv9f/78f1q//r/9P93qt/x9z/x+GmVQk/wMAAEAVxNx/PMxE/gcAAIDSiLl/JsxE/gcAAIDSiLn/RJhJRfK//r/+v9//r/8f6f/r/xeh/3+e+/+1Dar////s3VXP4EcVx/ElIWn6Hki45v1wCS8Ddy1a3Iu7u7u7Fne34m4JBHrOSZcsCztTsjNzPp+b0z5pmnl60eSXzTf/ov+/vKvdz+/+fv2//p95q/X/ufvvErc02f8AAADQQe7+u8Yt9j8AAAAcI3f/3eIW+x8AAACOkbv/7nFLk/2v/9f/6//1/0n/r/8fof/3/f8R+n/9/w7v1//r/5m3Wv+fu/8ecUuT/Q8AAAAd5O6/Z9xi/wMAAMAxcvffK26x/wEAAOAYufvvHbc02f/6f/3/zv3/HS/o//X///39+v//L/2//n+E/l//v8P79f/6f+at1v/n7r9P3NJk/wMAAEAHufvvG7fY/wAAAHCM3P33i1vsfwAAADhG7v77xy1N9r/+X/+/c//v+//6/y79/50u/eMl6P/1/yP0//r/Hd6v/9f/M2+1/j93/wPilib7HwAAADrI3f/AuMX+BwAAgGPk7n9Q3GL/AwAAwDFy9z84bmmy//X/+n/9v/4/6f/X7f9Xpv/X/4+Y6P8v+m+o/7+8q93P7/5+/b/+n3mr9f+5+x8StzTZ/wAAANBB7v6Hxi32PwAAABwjd/91cYv9DwAAAMfI3f+wuKXJ/tf/6//1//r/pP/X/4/Q/+v/R/j+v/5/h/fr//X/zFut/8/d//C4pcn+BwAAgA5y9z8ibrH/AQAA4Bi5+x8Zt9j/AAAAcIzc/Y+KW5rsf/2//l//r/9P+n/9/wj9v/5/hP5f/7/D+/X/+n/mrdb/5+5/dNzSZP8DAABAB7n7r49b7H8AAAA4xvUXLlzzz93/mH/9nf0PAAAAJ8rd/9i4pcn+1//r//X/+v+k/9f/j9D/6/9H6P/1/zu8X/+v/2feav1/7v7HxS1N9j8AAAB0kLv/8XGL/Q8AAADHyN3/hLjF/gcAAICt3XSL8it3/xPjlib7X/+v/9f/79n/3/6C/l//vwb9v/5/hP5f/7/D+/X/+n/mrdb/5+5/UtzSZP8DAABAB7n7nxy32P8AAABwjNz9T4lb7H8AAAA4Ru7+p8YtTfa//l//r//fs//3/X/9/yr0//r/Efp//f8O79f/6/+Zt1r/n7v/aXFLk/0PAAAAHeTuf3rcYv8DAADAMXL3PyNusf8BAADgGLn7b4hbmux//b/+X/+v/0/6f/3/CP2//n+E/l//v8P79f/6f+at1v/n7n9m3NJk/wMAAEAHufufFbfY/wAAAHCM3P3PjlvsfwAAADhG7v7nxC1N9r/+X/+v/9f/J/2//n+E/l//P0L/r//f4f36f/0/81br/3P3PzduabL/AQAAoIPc/c+LW+x/AAAAOEbu/ufHLfY/AAAAHCN3/wvilib7X/+v/9f/6/+T/l//P0L/r/8fof/X/+/wfv2//p95q/X/uftfGLc02f8AAADQQe7+F8Ut9j8AAAAcI3f/i+MW+x8AAACOkbv/JXFLk/2v/9f/6//1/0n/r/8fof/X/4/Q/w/0/7e9kpff7Gr387Ou9vv1//p/5q3W/+fuf2nc0mT/AwAAQAe5+18Wt9j/AAAAcIzc/S+PW+x/AAAAOEbu/lfELU32v/5f/798/3+t/l//r/9fmf5f/z9C/+/7/zu8X/+v/2feav1/7v5Xxi1N9j8AAAB0kLv/VXGL/Q8AAADHyN3/6rjF/gcAAIBj5O5/TdzSZP/r//X/y/f/vv+v/9f/L03/f9n+/w5/n3y//v/mf17/P+Zq9/O7v1//r/9n3mr9f+7+18YtTfY/AAAAdJC7/3Vxi/0PAAAAx8jd//q4xf4HAACAY+Tuf0Pc0mT/6//1//p//X/S/+v/R+j/ff9/hP5f/7/D+/X/+n/mrdb/5+5/Y9zSZP8DAABAB7n73xS32P8AAABwjNz9b45b7H8AAAA4Ru7+t8QtTfa//l//r//X/6cO/f+1t/i5/v/Wof/X/49Ysf+/8RI/0//r//X/+n/mrNb/5+5/a9zSZP8DAABAB7n73xa32P8AAABwjNz9b49b7H8AAAA4Ru7+d8QtTfa//l//r//X/6cO/b/v/9/69P/6/xEr9v+Xov/X/+v/9f/MWa3/z93/zrilyf4HAACADnL3vytusf8BAADgGLn73x232P8AAABwjNz974lbmux//b/+X/+v/0/6f/3/CP2//n+E/l//v8P79f/6f+at1v/n7n9v3NJk/wMAAEAHufvfF7fY/wAAAHCM3P3vj1vsfwAAADhG7v4PxC1N9r/+X/+v/9f/J/2//n+E/l//P0L/r//f4f36f/0/81br/3P3fzBuabL/AQAAoIPc/R+KW+x/AAAAOEbu/g/HLfY/AAAAHCN3/0filib7X/+v/9f/6/+T/l//P0L/r/8fof/X/+/w/n/r/2+IH+v/9f9cgdX6/9z9H41bmux/AAAA6CB3/8fiFvsfAAAAjpG7/+Nxi/0PAAAAx8jd/4m4pcn+1//r//X/+v+k/9f/j9D/6/9H6P/1/zu83/f/9f/MW63/z93/ybilyf4HAACADnL3fypusf8BAADgGLn7Px232P8AAABwjNz9n4lbmux//b/+X/+v/0/6f/3/CP2//n+E/l//v8P79f/6f+at1v/n7v9s3NJk/wMAAEAHufs/F7fY/wAAAHCM3P03xi32PwAAABwjd//n45Ym+1//r//X/+v/k/5f/z9C/6//H6H/1//v8H79v/6feav1/7n7vxC3NNn/AAAA0EHu/i/GLfY/AAAAHCN3/5fiFvsfAAAAjpG7/8txS5P9r//X/+v/9f9J/6//H6H/1/+P0P8v3f9fl3+h/9f/6/+ZtVr/n7v/K3FLk/0PAAAAHeTu/2rcYv8DAADAMXL3fy1usf8BAADgGLn7vx63NNn/+n/9v/5f/5/0//r/Efp//f8I/f/S/X/R/+v/9f/MWq3/z93/jbilyf4HAACADnL3fzNusf8BAADgGLn7vxW32P8AAABwjNz9345bmux//b/+X/+v/0/6f/3/CP2//n+E/l//v8P79f/6f+at1v/n7v9O3NJk/wMAAEAHufu/G7fY/wAAAHCM3P3fi1vsfwAAADhG7v7vxy1N9r/+X/+v/9f/J/2//n+E/l//P6JR/3/x/5L0/1u9X/+v/2feav1/7v4fxC1N9j8AAAB0kLv/h3GL/Q8AAADHyN3/o7jF/gcAAIBj5O7/cdzSZP/r//X/+n/9f9L/6/9H6P+79/93vt0V/DqlUf9/8b9Q/7/V+5fs/2+j/2cvq/X/uft/Erc02f8AAADQQe7+n8Yt9j8AAAAcI3f/TXGL/Q8AAADHyN3/s7ilyf7X/+v/9f/6/6T/1/+P0P937//H6P/1/zu8f8n+3/f/2cxq/X/u/p/HLU32PwAAAHSQu/8XcYv9DwAAAMfI3f/LuMX+BwAAgGPk7v9V3NJk/+v/9f/6f/1/0v/r/0fo//X/I/T/+v8d3q//1/8zb7X+P3f/r+OWJvsfAAAAOsjd/5u4xf4HAACAY+Tu/23cYv8DAADAMXL3/y5uabL/9f/6f/2//j/p//X/I/T/+v8R+n/9/w7v1//r/5m3Wv+fu//3cct/2P/X/E+/JQAAALCS3P1/iFua/Pk/AAAAdJC7/49xi/0PAAAAx8jd/6e4pcn+1//r//X/+v+k/9f/j9D/6/9H6P/1/zu8X/+v/2feav1/7v4/xy1N9j8AAAB0kLv/L3GL/Q8AAADHyN3/17jF/gcAAIBj5O7/W9zSZP/r//X/+n/9f9L/6/9H6P/1/yP0//r/Hd6v/9f/M2+1/j93/z8CAAD//wlxcUc=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) write(r0, &(0x7f0000000540)="953820a61a166fd5dd4b4b", 0xfdef) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) openat$vimc0(0xffffff9c, &(0x7f0000000040), 0x2, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setscheduler(r3, 0x1, &(0x7f0000000200)=0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xbfe4e000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fcntl$setstatus(r2, 0x4, 0x0) r6 = dup(r2) pwritev2(r6, &(0x7f0000000300)=[{&(0x7f0000000680)="a9", 0x1}], 0x1, 0x0, 0x0, 0x0) sendfile(r6, r2, 0x0, 0x87fffa0) ftruncate(r1, 0x6) 4.078175802s ago: executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a140000"], 0x64}}, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x30}}, 0x10) 3.894783266s ago: executing program 2: r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) r1 = eventfd(0x0) r2 = fcntl$dupfd(r1, 0x0, r1) write$FUSE_ATTR(r2, &(0x7f0000000240)={0x78, 0xfffffffffffffffe}, 0x78) write$cgroup_devices(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="01202a3a8a"], 0x8) close(r2) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) rt_sigreturn() futex(&(0x7f0000000700)=0x2, 0x0, 0x2, &(0x7f0000000740)={0x0, 0x3938700}, 0x0, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x2, &(0x7f00000000c0)=0x81, 0x4) r4 = fcntl$dupfd(r3, 0x0, r3) bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e21, @local}, 0x10) connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) sendto$inet(r3, &(0x7f0000000480)="fbbf0b5044e308cb7bd572aa2b42e9678bcf30eff9f3aed14dc94a114bd2b45956aebe2b108a87e865501a5f9e0383611afdd3f8bac3d5cfd7772a3ab48d0ba4b600731e357e38716c449fae7c28548a4f2105f44b8fd9b33041270ae01f1a405e3f650fc3b0926d481c364fca00000000000000006d3a3ede9fc738b8d86209c060161d5ddb5fcf3d09001117cdb9d055aa2d89fe3458720724853a876448d4a1fe9ef0569ad98a05ab5df763923b4e2c576e00000000000000000000000000000000002090666159e3075f7244cf4ec3d7814c0c934f44e200219e6dd7bc23397d5f2f2c76a5baddd0fd8c340362691ef226f7a0ac51b74b6be5ed6737948514cd466943d08eeb3895b80499da2b209da4f3ec5e3744ce3e863b0e04d0ec2f39edf50b6e08c4b47e448a35414763d687fbe3792ee15c5b9791310a346472723c100bf77a310b0ced8004b5ac6d48c40439f512e8ef34a53d65f55563f68136a577736ca5f6f66e01ef4ec2cdc8db34f6de50713adaa3f70189958263fddc1314f8a28ccdef6e1390c5fbaeadc3035d019f0dc75de307de6c0d010000000000000027083d1d5b4b013c503b863b560688d94de886b6dc73d5da2dfeff4bed1a49a975a6c8dbb480e4415ddca5657a5a8e3b111015499e952bb5e8d8f60de3d688df7802c6e8b27b31fac4e199038b79a3999920e634a5af162a9581b0e6647e410700246548234acacf9cb43ab332a37bbc926c39897395c974fda31536be523bf4260300730ae6136fecae5f0fa6ab2df8d98128b24589e3bbe5230e07dc5e0d65cc397e3f8204d48e59e8e294a6d7008ba8fba28cd5009fe1a7c569ce740078bf1c7389a6ba0f89257f0eac417aac0d2d89b05ee5dafa2f1d936c87264d077b2c0d5abdbc64ce943f895dd4c2e9dd7393543d89b00dc6b3a25045d4ec932366c67dfad087fa8dc104644828440bdf67dd97ebccb3bd", 0x10af6109, 0xc000, 0x0, 0xfffffcef) recvmmsg(r3, &(0x7f0000000c80)=[{{0x0, 0x0, &(0x7f0000003140)=[{&(0x7f0000002140)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0) ioctl$FIONREAD(r4, 0x541b, 0x0) timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) pipe2$9p(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RSETATTR(r5, &(0x7f0000000000)={0x7}, 0x69ff9a93bfc25838) r6 = dup(r5) write$cgroup_netprio_ifpriomap(r6, 0x0, 0xa) 3.618232809s ago: executing program 4: syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00') socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, &(0x7f0000002200)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x20008000) recvmmsg(r1, &(0x7f00000051c0)=[{{0x0, 0x0, &(0x7f0000001c00)=[{&(0x7f0000004000)=""/4101, 0x1005}], 0x1}}], 0x1, 0x0, 0x0) sendmsg$nl_netfilter(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000002a00)=ANY=[], 0x7a8}}, 0x0) 3.495268213s ago: executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000100), 0x4) recvmmsg(r1, &(0x7f0000001440)=[{{&(0x7f0000000280)=@un=@abs, 0x0, &(0x7f0000001400)=[{&(0x7f0000001480)=""/1}, {&(0x7f0000000300)=""/102}, {&(0x7f0000000380)=""/4096}, {&(0x7f0000001380)=""/111}]}}], 0x700, 0x40002002, 0x0) write$binfmt_misc(r0, &(0x7f00000000c0)=ANY=[], 0x3e) write$binfmt_misc(r0, &(0x7f0000000040)=ANY=[], 0xffc1) 3.393189561s ago: executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000100)={'ipvlan0\x00', 0x2}) preadv2(r1, 0x0, 0x0, 0x0, 0x0, 0x0) close(r1) rt_sigreturn() r2 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r2, &(0x7f0000000000)={0x2, 0x4e21, @local}, 0x10) connect$inet(r2, &(0x7f0000000140)={0x2, 0x4e21, @local}, 0x10) sendto$inet(r2, &(0x7f0000000480)="fbbf0b5044e308cb7bd572aa2b42e9678bcf30eff9f3aed14dc94a114bd2b45956aebe2b108a87e865501a5f9e0383611afdd3f8bac3d5cfd7772a3ab48d0ba4b600731e357e38716c449fae7c28548a4f2105f44b8fd9b33041270ae01f1a405e3f650fc3b0926d481c364fca00000000000000006d3a3ede9fc738b8d86209c060161d5ddb5fcf3d09001117cdb9d055aa2d89fe3458720724853a876448d4a1fe9ef0569ad98a05ab5df763923b4e2c576e00000000000000000000000000000000002090666159e3075f7244cf4ec3d7814c0c934f44e200219e6dd7bc23397d5f2f2c76a5baddd0fd8c340362691ef226f7a0ac51b74b6be5ed6737948514cd466943d08eeb3895b80499da2b209da4f3ec5e3744ce3e863b0e04d0ec2f39edf50b6e08c4b47e448a35414763d687fbe3792ee15c5b9791310a346472723c100bf77a310b0ced8004b5ac6d48c40439f512e8ef34a53d65f55563f68136a577736ca5f6f66e01ef4ec2cdc8db34f6de50713adaa3f70189958263fddc1314f8a28ccdef6e1390c5fbaeadc3035d019f0dc75de307de6c0d010000000000000027083d1d5b4b013c503b863b560688d94de886b6dc73d5da2dfeff4bed1a49a975a6c8dbb480e4415ddca5657a5a8e3b111015499e952bb5e8d8f60de3d688df7802c6e8b27b31fac4e199038b79a3999920e634a5af162a9581b0e6647e410700246548234acacf9cb43ab332a37bbc926c39897395c974fda31536be523bf4260300730ae6136fecae5f0fa6ab2df8d98128b24589e3bbe5230e07dc5e0d65cc397e3f8204d48e59e8e294a6d7008ba8fba28cd5009fe1a7c569ce740078bf1c7389a6ba0f89257f0eac417aac0d2d89b05ee5dafa2f1d936c87264d077b2c0d5abdbc64ce943f895dd4c2e9dd7393543d89b00dc6b3a25045d4ec932366c67dfad087fa8dc104644828440bdf67dd97ebccb3bd", 0xfffffea5, 0xc000, 0x0, 0xfffffcef) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) 3.106089419s ago: executing program 3: r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) poll(0x0, 0x0, 0x401) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) rt_sigreturn() mlockall(0x1) r1 = openat$yama_ptrace_scope(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r2 = socket(0x1, 0x3, 0x0) ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(r2, 0x5452, &(0x7f00000000c0)) write$FUSE_IOCTL(r1, 0x0, 0x0) ioctl$FS_IOC_GETFSLABEL(r1, 0x81009431, &(0x7f0000000000)) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) setxattr$incfs_metadata(0x0, 0x0, 0x0, 0x0, 0x0) 3.043834047s ago: executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) geteuid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_wireguard(r4, 0x8933, &(0x7f0000001880)={'wg1\x00', 0x0}) r6 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000fc0), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000280)={0x40, r6, 0xa29, 0x0, 0x0, {}, [@WGDEVICE_A_IFINDEX={0x8, 0x1, r5}, @WGDEVICE_A_PRIVATE_KEY={0x24}]}, 0x40}}, 0x0) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x40, r6, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @a}, @WGDEVICE_A_IFINDEX={0x8, 0x1, r5}]}, 0x40}}, 0x0) removexattr(0x0, 0x0) 3.032915571s ago: executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) unshare(0x2a020400) ioctl$SNDRV_CTL_IOCTL_TLV_READ(r0, 0xc008551a, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) unshare(0x44020400) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x4, &(0x7f00000001c0)=[{0x15, 0x0, 0x2}, {0x3, 0xfc}, {}, {0x6}]}) openat$capi20(0xffffffffffffff9c, &(0x7f0000001f80), 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(0xffffffffffffffff, 0xc0505350, &(0x7f0000000200)={{0x0, 0x1}, {0xf, 0x1f}}) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) sendmmsg$inet6(r3, &(0x7f0000007e40)=[{{&(0x7f0000000340)={0xa, 0xce20, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1=0xe0000010}}, 0x1c, 0x0}}], 0x1, 0x0) 2.677317137s ago: executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f00000016c0)={0x2, 0x400, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10) openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000480)=@req={0x7ff, 0x7, 0x4, 0xff}, 0x10) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001439) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000140)) ioctl$TUNSETOFFLOAD(r2, 0x4004743d, 0x2000000b) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) close(r1) sendmmsg$inet(r0, &(0x7f0000000540)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)}], 0x1}}, {{0x0, 0x0, &(0x7f0000000440)}}], 0x2, 0x2004000) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x41, 0x0, 0x0) 1.751232879s ago: executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20842, 0x0) ioctl$FS_IOC_GETFSMAP(r0, 0x5452, &(0x7f0000000380)) 1.712135051s ago: executing program 2: mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) r0 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) mknodat$loop(r0, &(0x7f0000001600)='./file1\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./bus\x00') link(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)='./bus\x00') unlink(&(0x7f00000001c0)='./file0\x00') open(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) 1.65167171s ago: executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a14000000"], 0x64}}, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x30}}, 0x10) 1.421689147s ago: executing program 2: socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="64000000020601080000000000000000160000001400078008001140000000000500150000000000050005000a00000005000100070000000500040000000000099ab2"], 0x64}}, 0x0) gettid() r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) read(r0, &(0x7f0000000200)=""/209, 0xd1) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000100)={0x235, @time}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000001380)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r0, 0x40505331, &(0x7f0000000500)) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000180)) socket$alg(0x26, 0x5, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) 1.341534209s ago: executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) getpid() sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[], 0x7c}}, 0x0) openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000100), 0x24d00, 0x0) r2 = socket(0x0, 0x2, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000100)) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) r5 = dup3(r4, r3, 0x0) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r6, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000000000)={0x73622a85, 0xa}) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000280), 0x1, 0x1000000, &(0x7f00000006c0)='U'}) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000480)={0x44, 0x0, &(0x7f0000000580)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000000080)={"db9d3f230249eb22b0099c9f05550615", 0x0, 0x0, {0x80000000000001}, {0x2, 0x20}, 0x0, [0x0, 0x0, 0x0, 0x0, 0xfffffffffffeffff, 0x40000000020, 0x9, 0x232, 0x2, 0x0, 0x2000, 0x0, 0x9, 0x0, 0xfffffffffffffffd, 0xfffffffffffffff7]}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'bridge0\x00'}) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000fc0), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000640)={0x40, r7, 0xa29, 0x0, 0x0, {}, [@WGDEVICE_A_IFINDEX={0x8}, @WGDEVICE_A_PRIVATE_KEY={0x24}]}, 0x40}}, 0x20008004) sendmsg$nl_xfrm(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000440)=ANY=[@ANYBLOB="40010000170001000000000000000000ac1e00010000000000000000000000000000000000000000fe8800000000000000000000000000010a010100000000000000000000000000ff01000000000000000000000000000100"/104, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff010000000000000000000000000001e000000100000000000000000000000000000000000000000200000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fdffffff0000000000000000000000000000000000000000000000000000000000000c00150000000000000000000c0008"], 0x140}}, 0x0) 1.132608874s ago: executing program 0: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000300)={'syz1'}, 0x4) r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='memory.events\x00', 0x7a05, 0x1700) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) pwritev(r1, &(0x7f00000004c0)=[{0x0}, {0x0}, {&(0x7f0000000200)="db", 0xfffff000}], 0x3, 0x8040000, 0x0) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0xfdef, 0x0) 1.103600417s ago: executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000100)=0xfffe, 0x4) recvmmsg(0xffffffffffffffff, &(0x7f0000001440)=[{{&(0x7f0000000280)=@un=@abs, 0x0, &(0x7f0000001400)=[{&(0x7f0000001480)=""/1}, {&(0x7f0000000300)=""/102}, {&(0x7f0000000380)=""/4096}, {&(0x7f0000001380)=""/111}]}}], 0x700, 0x40002002, 0x0) write$binfmt_misc(r0, &(0x7f00000000c0)=ANY=[], 0x3e) write$binfmt_misc(r0, &(0x7f0000000040)=ANY=[], 0xffc1) 979.276704ms ago: executing program 1: r0 = gettid() timer_create(0x0, &(0x7f0000000040)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) r1 = signalfd4(0xffffffffffffffff, &(0x7f00000000c0), 0x8, 0x0) read$FUSE(r1, 0x0, 0x0) close(r1) rt_sigreturn() openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) r2 = socket(0x1, 0x3, 0x0) recvmsg$inet_nvme(r2, &(0x7f00000014c0)={0x0, 0x0, 0x0}, 0x40000122) 831.2011ms ago: executing program 0: ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @remote}}}}) r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000380)=ANY=[], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000001000)={0x84, &(0x7f00000002c0)=ANY=[@ANYBLOB="000001000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 800.541728ms ago: executing program 3: r0 = gettid() connect$unix(0xffffffffffffffff, 0x0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) r1 = eventfd(0x0) r2 = fcntl$dupfd(r1, 0x0, r1) write$FUSE_ATTR(r2, &(0x7f0000000240)={0x78, 0xfffffffffffffffe}, 0x78) write$cgroup_devices(r2, &(0x7f0000000380)=ANY=[@ANYBLOB='b *:\n'], 0x8) close(r2) openat$full(0xffffffffffffff9c, &(0x7f0000004a00), 0x80002, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) rt_sigreturn() mlockall(0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r3, &(0x7f0000002200)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000300)=""/235, 0xeb}], 0x1}}], 0x1, 0x0, 0x0) 304.017462ms ago: executing program 4: socket$isdn(0x22, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) prlimit64(0x0, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)) read(0xffffffffffffffff, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000280)={0x77359400}, &(0x7f0000048000), 0x0) 298.632021ms ago: executing program 2: r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000d5e9bd40eb030200c0ba050000010902115c01000000000904000001b504b100090581"], 0x0) syz_usb_connect(0x0, 0x1b, 0x0, 0x0) r1 = syz_usb_connect$cdc_ecm(0x0, 0x56, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0) syz_open_dev$hidraw(&(0x7f0000000b00), 0x1000, 0x0) syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000300)={0x24, &(0x7f0000000140)={0x40, 0x21, 0xff, {0xff, 0x10, "57fbed51e79b61937dd90f63785c2102f7b935209796625913013fc6b1d8ae661e68585d421062f31e7f02c7fb33792fca92fc1a27d7cc08df9ff4dd01f1f9bf99a3366902c281bc621fffd8161f1a59b59daad5e4c4c7d01a047a927480f458c07e60fdf7685f815899407284b2e939393f9e5e1303dd2c70d5c759af9116abc8002cf7b8e202b7aba38bdeb2221f412ab881211627d7e2b79d54d44cb41c132cd7b3d2df3d569936facbd9fd9f5583b146fd7a8aba61e914951f57b55ce7215d690330f7677f96fdaf6f80c79f68d057fb541a4336cf85ac7a367a24c25bd8e7d53d560adf28ce1886176bd9700d68013d8b9f4153262049cdcf439c"}}, &(0x7f0000000b80)=ANY=[@ANYBLOB="00030400000004036504c25dce0cab3842c6cd03d8846a"], &(0x7f0000000280)={0x0, 0x22, 0x9, {[@main=@item_012={0x1, 0x0, 0x9, "e8"}, @main=@item_4={0x3, 0x0, 0xb, "21f69051"}, @main=@item_012={0x1, 0x0, 0xb, '+'}]}}, &(0x7f00000002c0)={0x0, 0x21, 0x9, {0x9, 0x21, 0x0, 0xf0, 0x1, {0x22, 0x7e2}}}}, &(0x7f00000004c0)={0x2c, &(0x7f0000000340)={0x20, 0x10, 0x17, "00d635586b88cb0c3b73943391d92de8af2e0fa5c5ffe0"}, &(0x7f0000000380)={0x0, 0xa, 0x1, 0x6}, &(0x7f00000003c0)={0x0, 0x8, 0x1, 0x4}, &(0x7f0000000400), &(0x7f0000000480)={0x20, 0x3, 0x1, 0x9}}) r2 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f00000001c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0xb05, 0x1807, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, {0x9}, {{{0x9, 0x5, 0x81, 0x3, 0x40}}}}}]}}]}}, 0x0) ioctl$EVIOCRMFF(r2, 0x4004550e, 0x0) ioctl$EVIOCGABS3F(0xffffffffffffffff, 0x8018457f, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000d5e9bd40eb030200c0ba050000010902115c01000000000904000001b504b100090581"], 0x0) syz_usb_connect(0x4, 0x5, 0x0, 0x0) r3 = syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0) ioctl$EVIOCSKEYCODE(r3, 0x40084504, &(0x7f0000000040)=[0x0, 0x1]) 0s ago: executing program 1: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = socket$kcm(0x29, 0x2, 0x0) memfd_create(&(0x7f0000000000)='e\xf4E\x88-\x00', 0x0) syz_open_procfs(0x0, 0x0) r3 = open_tree(0xffffffffffffff9c, 0x0, 0x89901) fchdir(r3) syz_mount_image$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x51d829, &(0x7f00000001c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYRESDEC=0xee00, @ANYBLOB=',allow_othe'], 0x0, 0x0, 0x0) clock_getres(0xeaffffff, 0x0) io_uring_setup(0x17c3, &(0x7f0000000200)={0x0, 0x1c28, 0x20, 0x8000000, 0x25d}) r4 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r4, &(0x7f0000000040), 0xc) r5 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2) write$binfmt_aout(r5, &(0x7f0000000100)=ANY=[@ANYBLOB="03010000b5"], 0xc8) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) r6 = io_uring_setup(0x266f, &(0x7f0000000400)={0x0, 0x9ea5, 0x2000, 0x1, 0x4026b, 0x0, r1}) r7 = socket(0x1d, 0x2, 0x6) r8 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_vcan(r8, 0x8933, &(0x7f00000000c0)={'vxcan0\x00'}) bind$can_j1939(r7, 0x0, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), r7) close_range(r6, 0xffffffffffffffff, 0x0) syz_usb_connect$cdc_ecm(0x0, 0x0, 0x0, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x3, 0x0) sendfile(r2, 0xffffffffffffffff, 0x0, 0x8000faff) r9 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000380)={0x0, {0x2, 0x0, @empty}, {0x2, 0x0, @remote}, {0x2, 0x0, @empty}, 0x107}) ioctl$sock_inet_SIOCADDRT(r9, 0x890b, &(0x7f0000000840)={0x0, {0x2, 0x0, @empty}, {0x2, 0x0, @loopback}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)='lo\x00'}) kernel console output (not intermixed with test programs): 90] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 668.999602][T10490] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 669.065692][T10490] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 669.079632][T10490] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 669.090981][T10490] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 669.116037][T10490] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 669.160481][T10490] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 669.224429][T10490] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 669.289900][T10490] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 669.355215][T10490] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 669.900420][T10490] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 669.969792][T10490] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 670.025082][T10490] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 670.083961][T10490] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 670.611382][ T29] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 670.648171][ T30] audit: type=1326 audit(1719028456.279:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11015 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcdc747d0a9 code=0x0 [ 670.665566][ T29] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 670.806372][T11000] loop4: detected capacity change from 0 to 40427 [ 670.862348][T11000] F2FS-fs (loop4): Found nat_bits in checkpoint [ 670.918803][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 670.952730][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 671.107178][T11000] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 671.287766][ T9574] bio_check_eod: 6 callbacks suppressed [ 671.287789][ T9574] syz-executor.4: attempt to access beyond end of device [ 671.287789][ T9574] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 671.334224][ T9574] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 672.324271][T11057] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 672.800599][T11065] netlink: 'syz-executor.1': attribute type 20 has an invalid length. [ 672.880899][T11039] loop2: detected capacity change from 0 to 32768 [ 672.909696][T11065] netlink: 'syz-executor.1': attribute type 20 has an invalid length. [ 673.004695][ T30] audit: type=1804 audit(1719028458.629:82): pid=11039 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir1059599991/syzkaller.xC7tUO/0/file0/file1" dev="loop2" ino=4 res=1 errno=0 [ 673.501761][ T30] audit: type=1800 audit(1719028459.129:83): pid=11080 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1945 res=0 errno=0 [ 675.521990][T11102] loop3: detected capacity change from 0 to 256 [ 675.578505][T11102] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x1aabf3fb, utbl_chksum : 0xe619d30d) [ 675.956557][T11109] PKCS7: Unknown OID: [4] 5.25.264.112.81.102.117 [ 675.999246][T11109] PKCS7: Only support pkcs7_signedData type [ 676.076549][T11090] loop4: detected capacity change from 0 to 32768 [ 676.086301][T11090] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor.4 (11090) [ 676.117422][T11109] loop1: detected capacity change from 0 to 1024 [ 676.130217][T11090] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 676.157645][T11090] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 676.203011][T11090] BTRFS info (device loop4): using free-space-tree [ 676.257410][T11109] loop1: detected capacity change from 0 to 256 [ 676.405137][T11090] BTRFS info (device loop4): checking UUID tree [ 676.799278][T11132] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.4'. [ 677.573673][ T9574] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 679.161408][ T30] audit: type=1800 audit(1719028464.789:84): pid=11142 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="overlay" ino=1969 res=0 errno=0 [ 679.536846][T11144] netlink: 'syz-executor.0': attribute type 20 has an invalid length. [ 679.631874][T11147] netlink: 'syz-executor.0': attribute type 20 has an invalid length. [ 681.345187][T11159] loop3: detected capacity change from 0 to 256 [ 681.389975][T11159] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x1aabf3fb, utbl_chksum : 0xe619d30d) [ 681.493058][T11166] fuse: Bad value for 'rootmode' [ 681.832549][T11172] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'. [ 681.857546][T11163] block nbd2: shutting down sockets [ 682.054096][T11146] loop4: detected capacity change from 0 to 32768 [ 682.117692][ T30] audit: type=1800 audit(1719028467.749:85): pid=11175 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="overlay" ino=1970 res=0 errno=0 [ 682.617697][ T30] audit: type=1804 audit(1719028467.769:86): pid=11146 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir2237233990/syzkaller.vcfMUx/84/file0/file1" dev="loop4" ino=4 res=1 errno=0 [ 683.081515][ T9041] Bluetooth: hci0: command 0x0406 tx timeout [ 684.206328][T11197] PKCS7: Unknown OID: [4] 5.25.264.112.81.102.117 [ 684.225880][T11197] PKCS7: Only support pkcs7_signedData type [ 684.287635][T11197] loop1: detected capacity change from 0 to 1024 [ 684.372570][T11177] loop3: detected capacity change from 0 to 40427 [ 684.397824][T10893] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 684.424764][T11177] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 684.444252][T11177] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 684.459585][T11197] loop1: detected capacity change from 0 to 256 [ 684.510529][T11177] F2FS-fs (loop3): Found nat_bits in checkpoint [ 684.671595][T11207] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 684.813735][T11177] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 684.855564][T11177] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 684.883962][T11211] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.4'. [ 686.055384][ T1247] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.062466][ T1247] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.613891][T11214] loop4: detected capacity change from 0 to 32768 [ 686.706119][ T30] audit: type=1804 audit(1719028472.339:87): pid=11214 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir2237233990/syzkaller.vcfMUx/88/file0/file1" dev="loop4" ino=4 res=1 errno=0 [ 687.437904][T11225] fuse: Bad value for 'rootmode' [ 689.854484][T11248] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.0'. [ 690.194642][T11252] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 691.873658][T11256] loop2: detected capacity change from 0 to 32768 [ 691.905717][T11256] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (11256) [ 691.964165][T11253] loop0: detected capacity change from 0 to 40427 [ 691.998072][T11253] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 692.002152][T11256] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 692.035599][T11253] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 692.065713][T11256] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 692.085059][T11256] BTRFS info (device loop2): using free-space-tree [ 692.123898][T11261] loop4: detected capacity change from 0 to 32768 [ 692.134774][T11253] F2FS-fs (loop0): Found nat_bits in checkpoint [ 692.252959][ T30] audit: type=1804 audit(1719028477.879:88): pid=11261 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir2237233990/syzkaller.vcfMUx/91/file0/file1" dev="loop4" ino=4 res=1 errno=0 [ 692.408520][T11256] BTRFS info (device loop2): checking UUID tree [ 692.415035][T11253] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 692.441678][T11253] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 692.979626][T11289] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.2'. [ 693.799708][T10490] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 694.264419][T11297] loop1: detected capacity change from 0 to 256 [ 695.672780][T11303] fuse: Bad value for 'rootmode' [ 697.828789][T11322] netlink: 'syz-executor.2': attribute type 20 has an invalid length. [ 700.713852][ T30] audit: type=1800 audit(1719028486.329:89): pid=11360 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="overlay" ino=1963 res=0 errno=0 [ 700.910840][T11350] loop2: detected capacity change from 0 to 40427 [ 700.962690][T11350] F2FS-fs (loop2): Small segment_count (9 < 1 * 24) [ 700.975748][T11350] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 701.030510][T11350] F2FS-fs (loop2): Found nat_bits in checkpoint [ 701.317902][T11350] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 701.345500][T11350] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 701.496714][T10490] syz-executor.2: attempt to access beyond end of device [ 701.496714][T10490] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 701.528681][T10490] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 702.678661][T11381] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 703.595537][ T30] audit: type=1800 audit(1719028489.219:90): pid=11391 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="overlay" ino=1969 res=0 errno=0 [ 705.702202][ T30] audit: type=1800 audit(1719028491.329:91): pid=11424 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="overlay" ino=1959 res=0 errno=0 [ 705.966358][T11430] netlink: 'syz-executor.2': attribute type 2 has an invalid length. [ 705.980637][T11430] : entered promiscuous mode [ 706.207872][T11397] loop3: detected capacity change from 0 to 40427 [ 706.298540][T11397] F2FS-fs (loop3): Small segment_count (9 < 1 * 24) [ 706.334581][T11397] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 706.430357][T11397] F2FS-fs (loop3): Found nat_bits in checkpoint [ 706.682298][T11397] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 706.765498][T11397] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 706.883893][T10033] syz-executor.3: attempt to access beyond end of device [ 706.883893][T10033] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 706.901053][T10033] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 707.427763][T11435] loop1: detected capacity change from 0 to 32768 [ 707.462617][T11433] loop2: detected capacity change from 0 to 32768 [ 707.520758][ T30] audit: type=1804 audit(1719028493.149:92): pid=11435 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir408602385/syzkaller.bh4V3J/133/file0/file1" dev="loop1" ino=4 res=1 errno=0 [ 707.526037][T11433] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (11433) [ 707.825769][T11433] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 707.838023][T11433] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 707.852769][T11433] BTRFS info (device loop2): using free-space-tree [ 708.167788][ T30] audit: type=1800 audit(1719028493.799:93): pid=11459 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1953 res=0 errno=0 [ 709.695213][T10490] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 709.911331][T11489] loop4: detected capacity change from 0 to 2048 [ 710.168085][T11489] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 710.551822][T11496] netlink: 'syz-executor.1': attribute type 2 has an invalid length. [ 710.566451][T11496] : entered promiscuous mode [ 711.101228][T11486] loop0: detected capacity change from 0 to 40427 [ 711.110398][T11486] F2FS-fs (loop0): Small segment_count (9 < 1 * 24) [ 711.140144][T11486] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 711.551661][T11486] F2FS-fs (loop0): Found nat_bits in checkpoint [ 711.860596][ T9574] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 711.923142][T11511] loop2: detected capacity change from 0 to 2048 [ 711.952264][T11511] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 711.992795][T11486] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 711.995957][T11511] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 712.035663][T11486] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 712.156987][T10461] syz-executor.0: attempt to access beyond end of device [ 712.156987][T10461] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 712.199814][T10461] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 713.253206][T11526] netlink: 'syz-executor.3': attribute type 2 has an invalid length. [ 713.267585][T11526] : entered promiscuous mode [ 713.377460][T11528] PKCS7: Unknown OID: [4] 5.25.264.112.81.102.117 [ 713.396278][T11528] PKCS7: Only support pkcs7_signedData type [ 713.461163][T11528] loop0: detected capacity change from 0 to 1024 [ 713.575143][T10893] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 713.631437][T11528] loop0: detected capacity change from 0 to 256 [ 713.795885][ T9041] Bluetooth: hci5: command 0x0406 tx timeout [ 713.988585][T11532] loop2: detected capacity change from 0 to 32768 [ 714.043156][T11532] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (11532) [ 714.145932][T11532] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 714.211955][T11532] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 714.242014][T11532] BTRFS info (device loop2): using free-space-tree [ 714.842656][T10490] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 718.268548][T11580] netlink: 'syz-executor.1': attribute type 2 has an invalid length. [ 718.297523][T11580] openvswitch: : Dropping previously announced user features [ 719.607448][T11599] mmap: syz-executor.3 (11599) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 720.475153][ T30] audit: type=1326 audit(1719028506.099:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11606 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff738a7d0a9 code=0x0 [ 720.541635][T11612] netlink: 'syz-executor.3': attribute type 20 has an invalid length. [ 720.652040][T11617] netlink: 'syz-executor.3': attribute type 20 has an invalid length. [ 721.087400][T11621] netlink: 'syz-executor.1': attribute type 2 has an invalid length. [ 721.098705][T11621] openvswitch: : Dropping previously announced user features [ 722.917247][T11637] fuse: Bad value for 'rootmode' [ 722.923669][T11639] loop0: detected capacity change from 0 to 128 [ 722.982118][T11639] EXT4-fs warning (device loop0): ext4_init_metadata_csum:4589: metadata_csum and uninit_bg are redundant flags; please run fsck. [ 723.031510][T11639] EXT4-fs (loop0): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 724.608018][T11627] loop3: detected capacity change from 0 to 32768 [ 724.967947][T11639] loop0: detected capacity change from 0 to 40427 [ 725.042159][T11642] loop4: detected capacity change from 0 to 32768 [ 725.055263][T11639] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 725.174041][T11639] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 725.235478][T11642] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor.4 (11642) [ 725.625429][T11639] F2FS-fs (loop0): Found nat_bits in checkpoint [ 725.661741][T11642] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 725.706552][T11660] netlink: 'syz-executor.1': attribute type 20 has an invalid length. [ 725.735632][T11642] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 725.791494][T11642] BTRFS info (device loop4): using free-space-tree [ 725.831554][T11662] netlink: 'syz-executor.1': attribute type 20 has an invalid length. [ 726.367922][ T9574] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 726.401121][T11684] loop3: detected capacity change from 0 to 256 [ 726.534241][T11684] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x1aabf3fb, utbl_chksum : 0xe619d30d) [ 726.930366][T11694] netlink: 'syz-executor.2': attribute type 2 has an invalid length. [ 727.244212][T11694] openvswitch: : Dropping previously announced user features [ 727.382122][T11698] fuse: Bad value for 'rootmode' [ 727.571537][T11700] process 'syz-executor.1' launched './file1' with NULL argv: empty string added [ 729.937734][T11727] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 730.800181][T11736] loop0: detected capacity change from 0 to 256 [ 730.910265][T11736] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x1aabf3fb, utbl_chksum : 0xe619d30d) [ 731.689004][T11753] fuse: Bad value for 'rootmode' [ 731.707760][ T30] audit: type=1326 audit(1719028517.339:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11754 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8b267d0a9 code=0x7ffc0000 [ 731.772168][ T30] audit: type=1326 audit(1719028517.359:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11754 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8b267d0a9 code=0x7ffc0000 [ 732.415770][ T1149] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 732.840707][T11770] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 733.053509][ T1149] usb 1-1: config index 0 descriptor too short (expected 23569, got 27) [ 733.203450][ T1149] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 733.399127][ T1149] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 733.455611][ T1149] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 733.502636][ T1149] usb 1-1: Manufacturer: syz [ 733.543482][ T1149] usb 1-1: config 0 descriptor?? [ 733.749247][ T1149] rc_core: IR keymap rc-hauppauge not found [ 733.755443][ T1149] Registered IR keymap rc-empty [ 734.009195][T11781] wireguard0: entered promiscuous mode [ 734.019941][T11781] wireguard0: entered allmulticast mode [ 734.378923][T11783] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 734.556305][T11783] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 734.627165][T11783] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 734.640874][ T1149] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 734.658236][ T1149] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input23 [ 734.687539][T11783] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 734.952949][ T1149] usb 1-1: USB disconnect, device number 10 [ 735.594000][T11800] loop2: detected capacity change from 0 to 256 [ 735.674623][T11800] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x1aabf3fb, utbl_chksum : 0xe619d30d) [ 736.372809][T11812] fuse: Bad value for 'rootmode' [ 738.832440][T11844] fuse: Bad value for 'fd' [ 738.852121][ T30] audit: type=1804 audit(1719028524.479:97): pid=11844 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir2237233990/syzkaller.vcfMUx/125/file0" dev="sda1" ino=1962 res=1 errno=0 [ 738.960999][T11845] loop3: detected capacity change from 0 to 256 [ 739.093217][T11845] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x1aabf3fb, utbl_chksum : 0xe619d30d) [ 739.701737][T11853] loop0: detected capacity change from 0 to 128 [ 740.869566][T11869] loop0: detected capacity change from 0 to 512 [ 740.903802][T11869] EXT4-fs (loop0): bad geometry: first data block 1 is beyond end of filesystem (0) [ 740.983681][T11794] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 741.125009][T11871] loop2: detected capacity change from 0 to 256 [ 741.175431][ T30] audit: type=1326 audit(1719028526.799:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11865 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7effc5e7d0a9 code=0x0 [ 741.209277][T11871] FAT-fs (loop2): Unrecognized mount option "gid=0xffffffffffffffff" or missing value [ 741.258493][T11873] fuse: Bad value for 'fd' [ 741.269686][T11871] futex_wake_op: syz-executor.2 tries to shift op by -1; fix this program [ 741.272610][ T30] audit: type=1804 audit(1719028526.899:99): pid=11873 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir2237233990/syzkaller.vcfMUx/129/file0" dev="sda1" ino=1962 res=1 errno=0 [ 741.588295][T11880] loop2: detected capacity change from 0 to 256 [ 741.671999][T11880] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x1aabf3fb, utbl_chksum : 0xe619d30d) [ 741.785874][ T1149] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 742.016599][ T1149] usb 2-1: Using ep0 maxpacket: 8 [ 742.090897][ T1149] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 742.108867][ T1149] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 742.120009][ T1149] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 742.131331][ T1149] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024 [ 742.143355][ T1149] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 742.155076][ T1149] usb 2-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 742.164384][ T1149] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 742.572711][ T1149] usb 2-1: config 0 descriptor?? [ 742.583439][T11878] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 742.848923][ T5125] Bluetooth: hci4: Opcode 0x0c03 failed: -71 [ 742.858321][ T1149] usb 2-1: USB disconnect, device number 15 [ 744.417839][T11912] netlink: 'syz-executor.0': attribute type 20 has an invalid length. [ 744.502942][T11915] netlink: 'syz-executor.0': attribute type 20 has an invalid length. [ 744.675899][ T9041] Bluetooth: hci3: command 0x0406 tx timeout [ 744.682116][T10861] Bluetooth: hci2: command 0x0406 tx timeout [ 744.846984][T11918] loop3: detected capacity change from 0 to 128 [ 745.016926][ T30] audit: type=1800 audit(1719028530.649:100): pid=11918 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=1048648 res=0 errno=0 [ 745.484291][T11926] loop3: detected capacity change from 0 to 512 [ 745.520715][T11926] EXT4-fs (loop3): bad geometry: first data block 1 is beyond end of filesystem (0) [ 746.583243][ T30] audit: type=1326 audit(1719028532.209:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11922 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8df2a7d0a9 code=0x0 [ 746.758806][T11942] fuse: Unknown parameter 'grou00000000000000000000' [ 747.039675][T11948] loop3: detected capacity change from 0 to 256 [ 747.478262][ T1247] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.494073][ T1247] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.783108][T11955] loop0: detected capacity change from 0 to 128 [ 747.990856][ T30] audit: type=1800 audit(1719028533.619:102): pid=11961 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="loop0" ino=1048649 res=0 errno=0 [ 748.374253][T11966] fuse: Bad value for 'rootmode' [ 749.029437][T11974] fuse: Unknown parameter 'grou00000000000000000000' [ 749.287261][ T30] audit: type=1326 audit(1719028534.919:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11975 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff738a7d0a9 code=0x0 [ 749.508653][T11987] loop4: detected capacity change from 0 to 512 [ 749.551140][T11987] EXT4-fs (loop4): bad geometry: first data block 1 is beyond end of filesystem (0) [ 749.832791][ T30] audit: type=1326 audit(1719028535.459:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11981 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa8b267d0a9 code=0x0 [ 750.920939][T12005] loop4: detected capacity change from 0 to 128 [ 751.063948][ T30] audit: type=1800 audit(1719028536.689:105): pid=12006 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=1048651 res=0 errno=0 [ 752.348176][T12015] fuse: Bad value for 'rootmode' [ 752.524008][T12020] fuse: Unknown parameter 'grou00000000000000000000' [ 753.734757][T12040] loop2: detected capacity change from 0 to 128 [ 753.861801][ T30] audit: type=1800 audit(1719028539.489:106): pid=12042 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=1048652 res=0 errno=0 [ 754.061685][T12028] loop0: detected capacity change from 0 to 32768 [ 754.695503][ T30] audit: type=1804 audit(1719028540.259:107): pid=12028 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir4116181656/syzkaller.iKFGeg/64/file0/file1" dev="loop0" ino=4 res=1 errno=0 [ 755.850362][T12066] fuse: Bad value for 'rootmode' [ 759.387814][T12093] overlayfs: failed to resolve './file0': -2 [ 761.033327][T12114] netlink: 'syz-executor.0': attribute type 2 has an invalid length. [ 761.047984][T12114] : entered promiscuous mode [ 763.140305][T12128] loop0: detected capacity change from 0 to 32768 [ 763.313899][ T30] audit: type=1804 audit(1719028548.939:108): pid=12128 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir4116181656/syzkaller.iKFGeg/67/file0/file1" dev="loop0" ino=4 res=1 errno=0 [ 766.169012][T12158] fuse: Unknown parameter 'group_id00000000000000000000' [ 767.476950][T12170] netlink: 'syz-executor.3': attribute type 2 has an invalid length. [ 767.497067][T12170] openvswitch: : Dropping previously announced user features [ 768.824212][ T30] audit: type=1800 audit(1719028554.449:109): pid=12193 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="overlay" ino=1968 res=0 errno=0 [ 768.939110][T12196] fuse: Unknown parameter 'group_id00000000000000000000' [ 770.127568][T12182] loop3: detected capacity change from 0 to 32768 [ 770.171164][T12211] netlink: 'syz-executor.0': attribute type 2 has an invalid length. [ 770.278857][T12211] openvswitch: : Dropping previously announced user features [ 770.353733][T12212] fuse: Bad value for 'rootmode' [ 770.379610][ T30] audit: type=1804 audit(1719028555.999:110): pid=12182 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir260214043/syzkaller.p2afMa/113/file0/file1" dev="loop3" ino=4 res=1 errno=0 [ 771.229491][T12221] loop2: detected capacity change from 0 to 8 [ 771.755162][ T30] audit: type=1800 audit(1719028557.379:111): pid=12233 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="overlay" ino=1955 res=0 errno=0 [ 771.833840][T12237] fuse: Unknown parameter 'group_id00000000000000000000' [ 772.677923][T12251] netlink: 'syz-executor.1': attribute type 2 has an invalid length. [ 772.689246][T12251] openvswitch: : Dropping previously announced user features [ 774.377583][T12258] loop3: detected capacity change from 0 to 32768 [ 774.393664][T12270] loop4: detected capacity change from 0 to 8 [ 774.474938][ T30] audit: type=1804 audit(1719028560.099:112): pid=12258 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir260214043/syzkaller.p2afMa/116/file0/file1" dev="loop3" ino=4 res=1 errno=0 [ 774.822290][ T30] audit: type=1800 audit(1719028560.449:113): pid=12272 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="overlay" ino=1970 res=0 errno=0 [ 775.622901][T12282] fuse: Bad value for 'user_id' [ 776.409775][T12300] netlink: 'syz-executor.4': attribute type 2 has an invalid length. [ 776.424077][T12300] : entered promiscuous mode [ 777.520339][ T30] audit: type=1800 audit(1719028563.139:114): pid=12312 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="overlay" ino=1969 res=0 errno=0 [ 778.309129][T12310] loop4: detected capacity change from 0 to 32768 [ 778.393080][ T30] audit: type=1804 audit(1719028564.019:115): pid=12310 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir2237233990/syzkaller.vcfMUx/158/file0/file1" dev="loop4" ino=4 res=1 errno=0 [ 779.227989][T12329] loop1: detected capacity change from 0 to 8 [ 782.195338][ C0] DEBUG: holding rtnl_mutex for 537 jiffies. [ 782.201395][ C0] task:syz-executor.0 state:R running task stack:24672 pid:12302 tgid:12302 ppid:10461 flags:0x00004006 [ 782.213309][ C0] Call Trace: [ 782.216712][ C0] [ 782.219687][ C0] __schedule+0x17e8/0x4a20 [ 782.224267][ C0] ? __pfx___schedule+0x10/0x10 [ 782.229224][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 782.235264][ C0] ? kasan_save_track+0x51/0x80 [ 782.240209][ C0] ? preempt_schedule_irq+0xf0/0x1c0 [ 782.245598][ C0] preempt_schedule_irq+0xfb/0x1c0 [ 782.250768][ C0] ? __pfx_autoremove_wake_function+0x10/0x10 [ 782.256948][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 782.263342][ C0] synchronize_rcu+0x11b/0x360 [ 782.268231][ C0] ? __pfx_synchronize_rcu+0x10/0x10 [ 782.273591][ C0] lockdep_unregister_key+0x4b7/0x540 [ 782.279085][ C0] ? __pfx_lockdep_unregister_key+0x10/0x10 [ 782.285037][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 782.290357][ C0] ? __qdisc_destroy+0x150/0x410 [ 782.295379][ C0] ? kfree+0x149/0x360 [ 782.299507][ C0] ? __pfx_pfifo_fast_destroy+0x10/0x10 [ 782.305108][ C0] __qdisc_destroy+0x165/0x410 [ 782.310014][ C0] dev_shutdown+0x9b/0x440 [ 782.314498][ C0] unregister_netdevice_many_notify+0x977/0x16b0 [ 782.321048][ C0] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 782.327897][ C0] ? __asan_memset+0x23/0x50 [ 782.332547][ C0] ? skb_queue_purge_reason+0x2de/0x500 [ 782.338222][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 782.343481][ C0] unregister_netdevice_queue+0x303/0x370 [ 782.349321][ C0] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 782.355676][ C0] __tun_detach+0x6b6/0x1600 [ 782.360324][ C0] tun_chr_close+0x108/0x1b0 [ 782.364968][ C0] ? __pfx_tun_chr_close+0x10/0x10 [ 782.370183][ C0] __fput+0x24a/0x8a0 [ 782.374240][ C0] task_work_run+0x24f/0x310 [ 782.378956][ C0] ? __pfx_task_work_run+0x10/0x10 [ 782.384125][ C0] ? syscall_exit_to_user_mode+0xa3/0x370 [ 782.389971][ C0] syscall_exit_to_user_mode+0x168/0x370 [ 782.395705][ C0] do_syscall_64+0x100/0x230 [ 782.400344][ C0] ? clear_bhb_loop+0x35/0x90 [ 782.405072][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 782.411063][ C0] RIP: 0033:0x7effc5e7d0a9 [ 782.415552][ C0] RSP: 002b:00007ffc1097e168 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 782.424014][ C0] RAX: 0000000000000000 RBX: 00007effc5fb5980 RCX: 00007effc5e7d0a9 [ 782.432099][ C0] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 782.440161][ C0] RBP: 00007effc5fb5980 R08: 000000000000017a R09: 0000000800000000 [ 782.448238][ C0] R10: 0000001b30c20000 R11: 0000000000000246 R12: 00000000000bdcc3 [ 782.456304][ C0] R13: 00007effc5fb405c R14: 0000000000000032 R15: 00007effc5fb5980 [ 782.464349][ C0] [ 782.467517][ C0] [ 782.467517][ C0] Showing all locks held in the system: [ 782.475323][ C0] 2 locks held by kworker/u8:3/53: [ 782.480472][ C0] #0: ffff888015089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 782.492294][ C0] #1: ffffc90000bd7d00 ((reaper_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 782.503116][ C0] 5 locks held by kworker/u8:4/62: [ 782.508355][ C0] 2 locks held by getty/4851: [ 782.513156][ C0] #0: ffff88802ad6e0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 782.523047][ C0] #1: ffffc900031232f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 782.533307][ C0] 2 locks held by kworker/u8:6/11254: [ 782.538799][ C0] #0: ffff888015089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 782.550643][ C0] #1: ffffc90009ef7d00 (connector_reaper_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 782.561758][ C0] 2 locks held by syz-executor.0/12302: [ 782.567386][ C0] #0: ffffffff8f5f7d08 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 [ 782.576533][ C0] #1: ffffffff8e33ab78 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830 [ 782.587567][ C0] 5 locks held by syz-executor.3/12314: [ 782.593150][ C0] #0: ffff88801d283118 (&mm->mmap_lock){++++}-{3:3}, at: exit_mmap+0x159/0xc80 [ 782.602354][ C0] #1: ffffffff8e3357a0 (rcu_read_lock){....}-{1:2}, at: percpu_ref_put+0x19/0x180 [ 782.611817][ C0] #2: ffffc90000007c00 (net/core/rtnetlink.c:82){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 [ 782.622067][ C0] #3: ffffffff8e3357a0 (rcu_read_lock){....}-{1:2}, at: report_rtnl_holders+0x20/0x2d0 [ 782.632214][ C0] #4: ffffffff8e3357a0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 782.642211][ C0] 2 locks held by syz-executor.4/12342: [ 782.647835][ C0] #0: ffffffff8ee516a8 (ppp_mutex){+.+.}-{3:3}, at: ppp_ioctl+0x112/0x1cd0 [ 782.656692][ C0] #1: ffffffff8f5f7d08 (rtnl_mutex){+.+.}-{3:3}, at: ppp_ioctl+0x78b/0x1cd0 [ 782.665624][ C0] 1 lock held by syz-executor.4/12343: [ 782.671111][ C0] #0: ffffffff8ee516a8 (ppp_mutex){+.+.}-{3:3}, at: ppp_ioctl+0x112/0x1cd0 [ 782.679942][ C0] 2 locks held by syz-executor.2/12356: [ 782.685567][ C0] #0: ffffffff8e1f0308 (sched_core_mutex){+.+.}-{3:3}, at: sched_core_get+0x51/0x180 [ 782.695269][ C0] #1: ffffffff8e33ab78 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830 [ 782.706357][ C0] 1 lock held by syz-executor.2/12357: [ 782.711853][ C0] #0: ffffffff8e1f0308 (sched_core_mutex){+.+.}-{3:3}, at: sched_core_get+0x51/0x180 [ 782.721580][ C0] [ 782.723942][ C0] ============================================= [ 782.723942][ C0] [ 783.801828][ C0] DEBUG: holding rtnl_mutex for 697 jiffies. [ 783.807893][ C0] task:syz-executor.0 state:R running task stack:24672 pid:12302 tgid:12302 ppid:10461 flags:0x0000400e [ 783.819725][ C0] Call Trace: [ 783.823016][ C0] [ 783.825899][ C0] sched_show_task+0x578/0x740 [ 783.830676][ C0] ? report_rtnl_holders+0x183/0x2d0 [ 783.836086][ C0] ? __pfx__printk+0x10/0x10 [ 783.840688][ C0] ? __pfx_sched_show_task+0x10/0x10 [ 783.846060][ C0] report_rtnl_holders+0x1ba/0x2d0 [ 783.851184][ C0] ? report_rtnl_holders+0x20/0x2d0 [ 783.856452][ C0] call_timer_fn+0x18e/0x650 [ 783.861084][ C0] ? call_timer_fn+0xc0/0x650 [ 783.865798][ C0] ? __pfx_report_rtnl_holders+0x10/0x10 [ 783.871448][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 783.876626][ C0] ? __pfx_report_rtnl_holders+0x10/0x10 [ 783.882268][ C0] ? __pfx_report_rtnl_holders+0x10/0x10 [ 783.887935][ C0] ? __pfx_report_rtnl_holders+0x10/0x10 [ 783.893663][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 783.898999][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 783.904306][ C0] ? __pfx_report_rtnl_holders+0x10/0x10 [ 783.909969][ C0] __run_timer_base+0x66a/0x8e0 [ 783.914839][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 783.920253][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 783.926812][ C0] run_timer_softirq+0xb7/0x170 [ 783.931688][ C0] handle_softirqs+0x2c4/0x970 [ 783.936528][ C0] ? __irq_exit_rcu+0xf4/0x1c0 [ 783.941309][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 783.946632][ C0] ? irqtime_account_irq+0xd4/0x1e0 [ 783.951844][ C0] __irq_exit_rcu+0xf4/0x1c0 [ 783.956563][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 783.961783][ C0] irq_exit_rcu+0x9/0x30 [ 783.966158][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 783.971839][ C0] [ 783.974773][ C0] [ 783.977740][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 783.983734][ C0] RIP: 0010:preempt_schedule_irq+0xf6/0x1c0 [ 783.989676][ C0] Code: 89 f5 49 c1 ed 03 eb 0d 48 f7 03 08 00 00 00 0f 84 8b 00 00 00 bf 01 00 00 00 e8 f5 d2 cb f5 e8 70 6e 04 f6 fb bf 01 00 00 00 95 ad ff ff 43 80 7c 3d 00 00 74 08 4c 89 f7 e8 95 27 63 f6 48 [ 784.009323][ C0] RSP: 0018:ffffc90004147760 EFLAGS: 00000286 [ 784.015439][ C0] RAX: d84c4926aaeae400 RBX: 1ffff92000828ef4 RCX: ffffffff816fd09a [ 784.023431][ C0] RDX: dffffc0000000000 RSI: ffffffff8bcac8a0 RDI: 0000000000000001 [ 784.031441][ C0] RBP: ffffc90004147810 R08: ffffffff92fe474f R09: 1ffffffff25fc8e9 [ 784.039455][ C0] R10: dffffc0000000000 R11: fffffbfff25fc8ea R12: 1ffff92000828eec [ 784.047453][ C0] R13: 1ffff92000828ef0 R14: ffffc90004147780 R15: dffffc0000000000 [ 784.055501][ C0] ? mark_lock+0x9a/0x360 [ 784.059863][ C0] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 784.065625][ C0] irqentry_exit+0x5e/0x90 [ 784.070083][ C0] asm_sysvec_reschedule_ipi+0x1a/0x20 [ 784.075581][ C0] RIP: 0010:synchronize_rcu+0x0/0x360 [ 784.080981][ C0] Code: e1 07 80 c1 03 38 c1 0f 8c 97 fe ff ff 4c 89 f7 e8 a5 15 80 00 e9 8a fe ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1e fa 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 e4 e0 48 [ 784.100619][ C0] RSP: 0018:ffffc900041478d8 EFLAGS: 00000206 [ 784.106716][ C0] RAX: dffffc0000000000 RBX: 1ffff92000828f24 RCX: ffffffff947dc803 [ 784.114692][ C0] RDX: 0000000000000001 RSI: ffffffff8bcad580 RDI: ffffffff8c206c80 [ 784.122690][ C0] RBP: ffffc900041479b8 R08: ffffffff947ca3af R09: 1ffffffff28f9475 [ 784.130708][ C0] R10: dffffc0000000000 R11: fffffbfff28f9476 R12: ffffffff947c7df8 [ 784.138705][ C0] R13: 1ffff92000828f20 R14: 0000000000000a07 R15: ffffc90004147920 [ 784.146718][ C0] lockdep_unregister_key+0x4b7/0x540 [ 784.152118][ C0] ? __pfx_lockdep_unregister_key+0x10/0x10 [ 784.158045][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 784.163270][ C0] ? __qdisc_destroy+0x150/0x410 [ 784.168238][ C0] ? kfree+0x149/0x360 [ 784.172342][ C0] ? __pfx_pfifo_fast_destroy+0x10/0x10 [ 784.178033][ C0] __qdisc_destroy+0x165/0x410 [ 784.182826][ C0] dev_shutdown+0x9b/0x440 [ 784.187304][ C0] unregister_netdevice_many_notify+0x977/0x16b0 [ 784.193665][ C0] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 784.200500][ C0] ? __asan_memset+0x23/0x50 [ 784.205131][ C0] ? skb_queue_purge_reason+0x2de/0x500 [ 784.210773][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 784.216022][ C0] unregister_netdevice_queue+0x303/0x370 [ 784.222213][ C0] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 784.228541][ C0] __tun_detach+0x6b6/0x1600 [ 784.233163][ C0] tun_chr_close+0x108/0x1b0 [ 784.237823][ C0] ? __pfx_tun_chr_close+0x10/0x10 [ 784.242967][ C0] __fput+0x24a/0x8a0 [ 784.247017][ C0] task_work_run+0x24f/0x310 [ 784.251636][ C0] ? __pfx_task_work_run+0x10/0x10 [ 784.256804][ C0] ? syscall_exit_to_user_mode+0xa3/0x370 [ 784.262560][ C0] syscall_exit_to_user_mode+0x168/0x370 [ 784.268244][ C0] do_syscall_64+0x100/0x230 [ 784.272859][ C0] ? clear_bhb_loop+0x35/0x90 [ 784.277611][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 784.283534][ C0] RIP: 0033:0x7effc5e7d0a9 [ 784.287974][ C0] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 784.307703][ C0] RSP: 002b:00007ffc1097e168 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 784.316167][ C0] RAX: 0000000000000000 RBX: 00007effc5fb5980 RCX: 00007effc5e7d0a9 [ 784.324152][ C0] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 784.332156][ C0] RBP: 00007effc5fb5980 R08: 000000000000017a R09: 0000000800000000 [ 784.340155][ C0] R10: 0000001b30c20000 R11: 0000000000000246 R12: 00000000000bdcc3 [ 784.348151][ C0] R13: 00007effc5fb405c R14: 0000000000000032 R15: 00007effc5fb5980 [ 784.356169][ C0] [ 784.359191][ C0] [ 784.359191][ C0] Showing all locks held in the system: [ 784.366952][ C0] 2 locks held by getty/4851: [ 784.371623][ C0] #0: ffff88802ad6e0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 784.381427][ C0] #1: ffffc900031232f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 784.391583][ C0] 2 locks held by kworker/u8:6/11254: [ 784.396992][ C0] #0: ffff888015089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 784.408686][ C0] #1: ffffc90009ef7d00 ((reaper_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 784.419443][ C0] 4 locks held by syz-executor.0/12302: [ 784.424983][ C0] #0: ffffffff8f5f7d08 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 [ 784.434261][ C0] #1: ffffc90000007c00 (net/core/rtnetlink.c:82){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 [ 784.444425][ C0] #2: ffffffff8e3357a0 (rcu_read_lock){....}-{1:2}, at: report_rtnl_holders+0x20/0x2d0 [ 784.454275][ C0] #3: ffffffff8e3357a0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 784.464191][ C0] 2 locks held by syz-executor.4/12342: [ 784.469775][ C0] #0: ffffffff8ee516a8 (ppp_mutex){+.+.}-{3:3}, at: ppp_ioctl+0x112/0x1cd0 [ 784.478554][ C0] #1: ffffffff8f5f7d08 (rtnl_mutex){+.+.}-{3:3}, at: ppp_ioctl+0x78b/0x1cd0 [ 784.487439][ C0] 1 lock held by syz-executor.4/12343: [ 784.492893][ C0] #0: ffffffff8ee516a8 (ppp_mutex){+.+.}-{3:3}, at: ppp_ioctl+0x112/0x1cd0 [ 784.501644][ C0] 2 locks held by syz-executor.2/12356: [ 784.507248][ C0] 1 lock held by syz-executor.3/12360: [ 784.512716][ C0] #0: ffff88801e912798 (&mm->mmap_lock){++++}-{3:3}, at: vm_mmap_pgoff+0x17c/0x3d0 [ 784.522172][ C0] 4 locks held by syz-executor.3/12361: [ 784.527800][ C0] [ 784.530151][ C0] ============================================= [ 784.530151][ C0] [ 785.556294][ C0] DEBUG: holding rtnl_mutex for 873 jiffies. [ 785.562359][ C0] task:syz-executor.0 state:R running task stack:24672 pid:12302 tgid:12302 ppid:10461 flags:0x0000400e [ 785.574240][ C0] Call Trace: [ 785.577603][ C0] [ 785.580482][ C0] sched_show_task+0x578/0x740 [ 785.585338][ C0] ? report_rtnl_holders+0x183/0x2d0 [ 785.590700][ C0] ? __pfx__printk+0x10/0x10 [ 785.595387][ C0] ? __pfx_sched_show_task+0x10/0x10 [ 785.600738][ C0] report_rtnl_holders+0x1ba/0x2d0 [ 785.605942][ C0] ? report_rtnl_holders+0x20/0x2d0 [ 785.611200][ C0] call_timer_fn+0x18e/0x650 [ 785.615877][ C0] ? call_timer_fn+0xc0/0x650 [ 785.620596][ C0] ? __pfx_report_rtnl_holders+0x10/0x10 [ 785.626307][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 785.631464][ C0] ? __pfx_report_rtnl_holders+0x10/0x10 [ 785.637182][ C0] ? __pfx_report_rtnl_holders+0x10/0x10 [ 785.642858][ C0] ? __pfx_report_rtnl_holders+0x10/0x10 [ 785.648566][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 785.653809][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 785.659086][ C0] ? __pfx_report_rtnl_holders+0x10/0x10 [ 785.664757][ C0] __run_timer_base+0x66a/0x8e0 [ 785.669783][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 785.675212][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 785.681641][ C0] run_timer_softirq+0xb7/0x170 [ 785.686574][ C0] handle_softirqs+0x2c4/0x970 [ 785.691381][ C0] ? __irq_exit_rcu+0xf4/0x1c0 [ 785.696231][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 785.701566][ C0] ? irqtime_account_irq+0xd4/0x1e0 [ 785.706847][ C0] __irq_exit_rcu+0xf4/0x1c0 [ 785.711482][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 785.716776][ C0] irq_exit_rcu+0x9/0x30 [ 785.721060][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 785.726779][ C0] [ 785.730029][ C0] [ 785.732998][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 785.739070][ C0] RIP: 0010:synchronize_rcu+0x0/0x360 [ 785.744508][ C0] Code: e1 07 80 c1 03 38 c1 0f 8c 97 fe ff ff 4c 89 f7 e8 a5 15 80 00 e9 8a fe ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1e fa 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 e4 e0 48 [ 785.764210][ C0] RSP: 0018:ffffc900041478d8 EFLAGS: 00000206 [ 785.770379][ C0] RAX: dffffc0000000000 RBX: 1ffff92000828f24 RCX: ffffffff947dc803 [ 785.778455][ C0] RDX: 0000000000000001 RSI: ffffffff8bcad580 RDI: ffffffff8c206c80 [ 785.786567][ C0] RBP: ffffc900041479b8 R08: ffffffff947d23e7 R09: 1ffffffff28fa47c [ 785.794598][ C0] R10: dffffc0000000000 R11: fffffbfff28fa47d R12: ffffffff947cfe08 [ 785.802669][ C0] R13: 1ffff92000828f20 R14: 0000000000000a07 R15: ffffc90004147920 [ 785.810763][ C0] lockdep_unregister_key+0x4b7/0x540 [ 785.816237][ C0] ? __pfx_lockdep_unregister_key+0x10/0x10 [ 785.822186][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 785.827495][ C0] ? __qdisc_destroy+0x150/0x410 [ 785.832488][ C0] ? kfree+0x149/0x360 [ 785.836647][ C0] ? __pfx_pfifo_fast_destroy+0x10/0x10 [ 785.842246][ C0] __qdisc_destroy+0x165/0x410 [ 785.847123][ C0] dev_shutdown+0x9b/0x440 [ 785.851790][ C0] unregister_netdevice_many_notify+0x977/0x16b0 [ 785.858305][ C0] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 785.865155][ C0] ? __asan_memset+0x23/0x50 [ 785.869847][ C0] ? skb_queue_purge_reason+0x2de/0x500 [ 785.875486][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 785.880738][ C0] unregister_netdevice_queue+0x303/0x370 [ 785.886558][ C0] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 785.892869][ C0] __tun_detach+0x6b6/0x1600 [ 785.897558][ C0] tun_chr_close+0x108/0x1b0 [ 785.902201][ C0] ? __pfx_tun_chr_close+0x10/0x10 [ 785.907397][ C0] __fput+0x24a/0x8a0 [ 785.911442][ C0] task_work_run+0x24f/0x310 [ 785.916225][ C0] ? __pfx_task_work_run+0x10/0x10 [ 785.921516][ C0] ? syscall_exit_to_user_mode+0xa3/0x370 [ 785.927342][ C0] syscall_exit_to_user_mode+0x168/0x370 [ 785.933040][ C0] do_syscall_64+0x100/0x230 [ 785.937707][ C0] ? clear_bhb_loop+0x35/0x90 [ 785.942433][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 785.948411][ C0] RIP: 0033:0x7effc5e7d0a9 [ 785.952868][ C0] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 785.972565][ C0] RSP: 002b:00007ffc1097e168 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 785.981084][ C0] RAX: 0000000000000000 RBX: 00007effc5fb5980 RCX: 00007effc5e7d0a9 [ 785.989142][ C0] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 785.997206][ C0] RBP: 00007effc5fb5980 R08: 000000000000017a R09: 0000000800000000 [ 786.005370][ C0] R10: 0000001b30c20000 R11: 0000000000000246 R12: 00000000000bdcc3 [ 786.013383][ C0] R13: 00007effc5fb405c R14: 0000000000000032 R15: 00007effc5fb5980 [ 786.021487][ C0] [ 786.024545][ C0] DEBUG: waiting rtnl_mutex for 542 jiffies. [ 786.030612][ C0] task:syz-executor.4 state:D stack:26736 pid:12342 tgid:12337 ppid:9574 flags:0x00000006 [ 786.041142][ C0] Call Trace: [ 786.044462][ C0] [ 786.047477][ C0] __schedule+0x17e8/0x4a20 [ 786.052068][ C0] ? __pfx___schedule+0x10/0x10 [ 786.057110][ C0] ? __pfx_lock_release+0x10/0x10 [ 786.062194][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 786.067763][ C0] ? schedule+0x90/0x320 [ 786.072053][ C0] schedule+0x14b/0x320 [ 786.076305][ C0] schedule_preempt_disabled+0x13/0x30 [ 786.081821][ C0] __mutex_lock+0x6a4/0xd70 [ 786.086416][ C0] ? __mutex_lock+0x527/0xd70 [ 786.091262][ C0] ? ppp_ioctl+0x78b/0x1cd0 [ 786.095848][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 786.099940][T12374] loop2: detected capacity change from 0 to 32768 [ 786.101031][ C0] ? rtnl_lock+0xe7/0x130 [ 786.111874][ C0] ppp_ioctl+0x78b/0x1cd0 [ 786.116317][ C0] ? __pfx_ppp_ioctl+0x10/0x10 [ 786.121144][ C0] ? __fget_files+0x3f6/0x470 [ 786.125909][ C0] ? __fget_files+0x29/0x470 [ 786.130645][ C0] ? bpf_lsm_file_ioctl+0x9/0x10 [ 786.135665][ C0] ? security_file_ioctl+0x87/0xb0 [ 786.140830][ C0] ? __pfx_ppp_ioctl+0x10/0x10 [ 786.145680][ C0] __se_sys_ioctl+0xfc/0x170 [ 786.150325][ C0] do_syscall_64+0xf3/0x230 [ 786.154872][ C0] ? clear_bhb_loop+0x35/0x90 [ 786.159639][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 786.165610][ C0] RIP: 0033:0x7fa8b267d0a9 [ 786.170076][ C0] RSP: 002b:00007fa8b33700c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 786.178574][ C0] RAX: ffffffffffffffda RBX: 00007fa8b27b4120 RCX: 00007fa8b267d0a9 [ 786.186628][ C0] RDX: 0000000020001400 RSI: 00000000c004743e RDI: 0000000000000008 [ 786.194647][ C0] RBP: 00007fa8b26ec074 R08: 0000000000000000 R09: 0000000000000000 [ 786.202737][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 786.210800][ C0] R13: 000000000000006e R14: 00007fa8b27b4120 R15: 00007ffe70d77008 [ 786.218890][ C0] [ 786.221956][ C0] [ 786.221956][ C0] Showing all locks held in the system: [ 786.229771][ C0] 2 locks held by kworker/u8:3/53: [ 786.235057][ C0] #0: ffff888015089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 786.246872][ C0] #1: ffffc90000bd7d00 (connector_reaper_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 786.258003][ C0] 2 locks held by kworker/u8:7/2450: [ 786.263334][ C0] #0: ffff888015089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 786.275274][ C0] #1: ffffc90009087d00 ((reaper_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 786.285136][ T30] audit: type=1804 audit(1719028571.859:116): pid=12374 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir1059599991/syzkaller.xC7tUO/88/file0/file1" dev="loop2" ino=4 res=1 errno=0 [ 786.286123][ C0] 2 locks held by getty/4851: [ 786.286143][ C0] #0: ffff88802ad6e0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 786.286226][ C0] #1: ffffc900031232f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 786.286314][ C0] 4 locks held by syz-executor.0/12302: [ 786.286330][ C0] #0: ffffffff8f5f7d08 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 [ 786.286405][ C0] #1: ffffc90000007c00 (net/core/rtnetlink.c:82){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 [ 786.286469][ C0] #2: ffffffff8e3357a0 (rcu_read_lock){....}-{1:2}, at: report_rtnl_holders+0x20/0x2d0 [ 786.371384][ C0] #3: ffffffff8e3357a0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 786.381385][ C0] 2 locks held by syz-executor.4/12342: [ 786.387135][ C0] #0: ffffffff8ee516a8 (ppp_mutex){+.+.}-{3:3}, at: ppp_ioctl+0x112/0x1cd0 [ 786.395962][ C0] #1: ffffffff8f5f7d08 (rtnl_mutex){+.+.}-{3:3}, at: ppp_ioctl+0x78b/0x1cd0 [ 786.404896][ C0] 1 lock held by syz-executor.4/12343: [ 786.410410][ C0] #0: ffffffff8ee516a8 (ppp_mutex){+.+.}-{3:3}, at: ppp_ioctl+0x112/0x1cd0 [ 786.419228][ C0] 1 lock held by syz-executor.1/12363: [ 786.424729][ C0] #0: ffffffff8f5f7d08 (rtnl_mutex){+.+.}-{3:3}, at: __tun_chr_ioctl+0x48f/0x2400 [ 786.434211][ C0] 1 lock held by syz-executor.1/12365: [ 786.439743][ C0] #0: ffffffff8f5f7d08 (rtnl_mutex){+.+.}-{3:3}, at: devinet_ioctl+0x2ce/0x1bc0 [ 786.449042][ C0] 2 locks held by syz-executor.3/12376: [ 786.454631][ C0] #0: ffffffff8e1f0308 (sched_core_mutex){+.+.}-{3:3}, at: sched_core_get+0x51/0x180 [ 786.464450][ C0] #1: ffffffff8e33ab78 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830 [ 786.475460][ C0] 4 locks held by syz-executor.3/12377: [ 786.481043][ C0] [ 786.483409][ C0] ============================================= [ 786.483409][ C0] [ 787.555614][ C0] DEBUG: holding rtnl_mutex for 1073 jiffies. [ 787.561773][ C0] task:syz-executor.0 state:R running task stack:24672 pid:12302 tgid:12302 ppid:10461 flags:0x00004006 [ 787.573663][ C0] Call Trace: [ 787.577072][ C0] [ 787.580142][ C0] __schedule+0x17e8/0x4a20 [ 787.584725][ C0] ? __pfx___schedule+0x10/0x10 [ 787.589715][ C0] ? __pfx_lock_release+0x10/0x10 [ 787.594814][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 787.600847][ C0] ? schedule+0x90/0x320 [ 787.605123][ C0] schedule+0x14b/0x320 [ 787.609357][ C0] synchronize_rcu_expedited+0x684/0x830 [ 787.615111][ C0] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 787.621360][ C0] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 787.626748][ C0] ? __pfx___might_resched+0x10/0x10 [ 787.632045][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 787.638194][ C0] ? __pfx_autoremove_wake_function+0x10/0x10 [ 787.644305][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 787.650715][ C0] synchronize_rcu+0x11b/0x360 [ 787.655588][ C0] ? __pfx_synchronize_rcu+0x10/0x10 [ 787.660934][ C0] lockdep_unregister_key+0x4b7/0x540 [ 787.666382][ C0] ? __pfx_lockdep_unregister_key+0x10/0x10 [ 787.672319][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 787.677602][ C0] ? __qdisc_destroy+0x150/0x410 [ 787.682586][ C0] ? kfree+0x149/0x360 [ 787.686726][ C0] ? __pfx_pfifo_fast_destroy+0x10/0x10 [ 787.693188][ C0] __qdisc_destroy+0x165/0x410 [ 787.698047][ C0] dev_shutdown+0x9b/0x440 [ 787.702540][ C0] unregister_netdevice_many_notify+0x977/0x16b0 [ 787.708988][ C0] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 787.715850][ C0] ? __asan_memset+0x23/0x50 [ 787.720561][ C0] ? skb_queue_purge_reason+0x2de/0x500 [ 787.726236][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 787.731495][ C0] unregister_netdevice_queue+0x303/0x370 [ 787.737323][ C0] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 787.743617][ C0] __tun_detach+0x6b6/0x1600 [ 787.748288][ C0] tun_chr_close+0x108/0x1b0 [ 787.752923][ C0] ? __pfx_tun_chr_close+0x10/0x10 [ 787.758108][ C0] __fput+0x24a/0x8a0 [ 787.762181][ C0] task_work_run+0x24f/0x310 [ 787.766873][ C0] ? __pfx_task_work_run+0x10/0x10 [ 787.772051][ C0] ? syscall_exit_to_user_mode+0xa3/0x370 [ 787.777873][ C0] syscall_exit_to_user_mode+0x168/0x370 [ 787.783606][ C0] do_syscall_64+0x100/0x230 [ 787.788265][ C0] ? clear_bhb_loop+0x35/0x90 [ 787.792997][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 787.798957][ C0] RIP: 0033:0x7effc5e7d0a9 [ 787.803410][ C0] RSP: 002b:00007ffc1097e168 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 787.811924][ C0] RAX: 0000000000000000 RBX: 00007effc5fb5980 RCX: 00007effc5e7d0a9 [ 787.819969][ C0] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 787.828016][ C0] RBP: 00007effc5fb5980 R08: 000000000000017a R09: 0000000800000000 [ 787.836050][ C0] R10: 0000001b30c20000 R11: 0000000000000246 R12: 00000000000bdcc3 [ 787.844130][ C0] R13: 00007effc5fb405c R14: 0000000000000032 R15: 00007effc5fb5980 [ 787.852201][ C0] [ 787.855262][ C0] DEBUG: waiting rtnl_mutex for 725 jiffies. [ 787.861312][ C0] task:syz-executor.4 state:D stack:26736 pid:12342 tgid:12337 ppid:9574 flags:0x00000006 [ 787.871595][ C0] Call Trace: [ 787.874913][ C0] [ 787.877931][ C0] __schedule+0x17e8/0x4a20 [ 787.882500][ C0] ? __pfx___schedule+0x10/0x10 [ 787.887439][ C0] ? __pfx_lock_release+0x10/0x10 [ 787.892514][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 787.898082][ C0] ? schedule+0x90/0x320 [ 787.902375][ C0] schedule+0x14b/0x320 [ 787.906750][ C0] schedule_preempt_disabled+0x13/0x30 [ 787.912304][ C0] __mutex_lock+0x6a4/0xd70 [ 787.916898][ C0] ? __mutex_lock+0x527/0xd70 [ 787.921645][ C0] ? ppp_ioctl+0x78b/0x1cd0 [ 787.926218][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 787.931291][ C0] ? rtnl_lock+0xe7/0x130 [ 787.935688][ C0] ppp_ioctl+0x78b/0x1cd0 [ 787.940077][ C0] ? __pfx_ppp_ioctl+0x10/0x10 [ 787.944873][ C0] ? __fget_files+0x3f6/0x470 [ 787.949701][ C0] ? __fget_files+0x29/0x470 [ 787.954346][ C0] ? bpf_lsm_file_ioctl+0x9/0x10 [ 787.959355][ C0] ? security_file_ioctl+0x87/0xb0 [ 787.964509][ C0] ? __pfx_ppp_ioctl+0x10/0x10 [ 787.969347][ C0] __se_sys_ioctl+0xfc/0x170 [ 787.973975][ C0] do_syscall_64+0xf3/0x230 [ 787.978579][ C0] ? clear_bhb_loop+0x35/0x90 [ 787.983301][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 787.989278][ C0] RIP: 0033:0x7fa8b267d0a9 [ 787.993730][ C0] RSP: 002b:00007fa8b33700c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 788.002329][ C0] RAX: ffffffffffffffda RBX: 00007fa8b27b4120 RCX: 00007fa8b267d0a9 [ 788.010453][ C0] RDX: 0000000020001400 RSI: 00000000c004743e RDI: 0000000000000008 [ 788.018484][ C0] RBP: 00007fa8b26ec074 R08: 0000000000000000 R09: 0000000000000000 [ 788.026542][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 788.034539][ C0] R13: 000000000000006e R14: 00007fa8b27b4120 R15: 00007ffe70d77008 [ 788.042605][ C0] [ 788.045712][ C0] [ 788.045712][ C0] Showing all locks held in the system: [ 788.053567][ C0] 2 locks held by kworker/u8:7/2450: [ 788.058900][ C0] #0: ffff888015089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 788.070679][ C0] #1: ffffc90009087d00 ((reaper_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 788.081491][ C0] 2 locks held by getty/4851: [ 788.086236][ C0] #0: ffff88802ad6e0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 788.096085][ C0] #1: ffffc900031232f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 788.106319][ C0] 4 locks held by kworker/1:8/5344: [ 788.111557][ C0] #0: ffff8880b953e8d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 788.121634][ C0] #1: ffff8880b9528948 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x441/0x770 [ 788.133143][ C0] #2: ffff8880b9428948 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: update_rq_clock+0x22b/0x8a0 [ 788.144617][ C0] #3: ffffffff94a6aaf8 (&obj_hash[i].lock){-.-.}-{2:2}, at: debug_object_activate+0x16d/0x510 [ 788.155077][ C0] 2 locks held by kworker/u8:12/6091: [ 788.160491][ C0] #0: ffff888015089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 788.172252][ C0] #1: ffffc9001398fd00 (connector_reaper_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 788.183405][ C0] 6 locks held by syz-executor.2/10490: [ 788.189002][ C0] #0: ffffffff8e3e2650 (dup_mmap_sem){.+.+}-{0:0}, at: copy_mm+0x277/0x1f30 [ 788.197874][ C0] #1: ffff88806234ea18 (&mm->mmap_lock){++++}-{3:3}, at: copy_mm+0x29a/0x1f30 [ 788.206987][ C0] #2: ffff88807f1ff398 (&mm->mmap_lock/1){+.+.}-{3:3}, at: copy_mm+0x3de/0x1f30 [ 788.216357][ C0] #3: ffffc90000007c00 (net/core/rtnetlink.c:82){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 [ 788.226578][ C0] #4: ffffffff8e3357a0 (rcu_read_lock){....}-{1:2}, at: report_rtnl_holders+0x20/0x2d0 [ 788.236461][ C0] #5: ffffffff8e3357a0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 788.246442][ C0] 2 locks held by syz-executor.0/12302: [ 788.252023][ C0] #0: ffffffff8f5f7d08 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 [ 788.261126][ C0] #1: ffffffff8e33ab78 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830 [ 788.272116][ C0] 2 locks held by syz-executor.4/12342: [ 788.277711][ C0] #0: ffffffff8ee516a8 (ppp_mutex){+.+.}-{3:3}, at: ppp_ioctl+0x112/0x1cd0 [ 788.286524][ C0] #1: ffffffff8f5f7d08 (rtnl_mutex){+.+.}-{3:3}, at: ppp_ioctl+0x78b/0x1cd0 [ 788.295406][ C0] 1 lock held by syz-executor.4/12343: [ 788.300913][ C0] #0: ffffffff8ee516a8 (ppp_mutex){+.+.}-{3:3}, at: ppp_ioctl+0x112/0x1cd0 [ 788.309796][ C0] 1 lock held by syz-executor.1/12363: [ 788.315279][ C0] #0: ffffffff8f5f7d08 (rtnl_mutex){+.+.}-{3:3}, at: __tun_chr_ioctl+0x48f/0x2400 [ 788.324739][ C0] 1 lock held by syz-executor.1/12365: [ 788.330263][ C0] #0: ffffffff8f5f7d08 (rtnl_mutex){+.+.}-{3:3}, at: devinet_ioctl+0x2ce/0x1bc0 [ 788.339541][ C0] 1 lock held by syz-executor.3/12382: [ 788.345015][ C0] #0: ffffffff8e33aa40 (rcu_state.barrier_mutex){+.+.}-{3:3}, at: rcu_barrier+0x4c/0x530 [ 788.355024][ C0] [ 788.357422][ C0] ============================================= [ 788.357422][ C0] [ 788.470689][T12386] loop2: detected capacity change from 0 to 256 [ 788.506993][T12386] FAT-fs (loop2): Unrecognized mount option "iochabset=default" or missing value [ 788.766478][T11794] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 789.385151][T12386] loop2: detected capacity change from 0 to 32768 [ 789.405359][ C0] DEBUG: holding rtnl_mutex for 1258 jiffies. [ 789.411547][ C0] task:syz-executor.0 state:R running task stack:24672 pid:12302 tgid:12302 ppid:10461 flags:0x00004006 [ 789.423447][ C0] Call Trace: [ 789.426805][ C0] [ 789.429787][ C0] __schedule+0x17e8/0x4a20 [ 789.434371][ C0] ? __pfx___schedule+0x10/0x10 [ 789.439315][ C0] ? __pfx_lock_release+0x10/0x10 [ 789.444388][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 789.450392][ C0] ? schedule+0x90/0x320 [ 789.454690][ C0] schedule+0x14b/0x320 [ 789.458961][ C0] synchronize_rcu_expedited+0x684/0x830 [ 789.464660][ C0] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 789.470949][ C0] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 789.476352][ C0] ? __pfx___might_resched+0x10/0x10 [ 789.481699][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 789.487809][ C0] ? __pfx_autoremove_wake_function+0x10/0x10 [ 789.494111][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 789.500571][ C0] synchronize_rcu+0x11b/0x360 [ 789.505430][ C0] ? __pfx_synchronize_rcu+0x10/0x10 [ 789.510871][ C0] ? __phys_addr+0x105/0x170 [ 789.515599][ C0] lockdep_unregister_key+0x4b7/0x540 [ 789.521128][ C0] ? __pfx_lockdep_unregister_key+0x10/0x10 [ 789.527150][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 789.532428][ C0] ? __qdisc_destroy+0x150/0x410 [ 789.537483][ C0] ? kfree+0x149/0x360 [ 789.541615][ C0] ? __pfx_pfifo_fast_destroy+0x10/0x10 [ 789.547296][ C0] __qdisc_destroy+0x165/0x410 [ 789.552131][ C0] dev_shutdown+0x9b/0x440 [ 789.556651][ C0] unregister_netdevice_many_notify+0x977/0x16b0 [ 789.563056][ C0] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 789.569948][ C0] ? __asan_memset+0x23/0x50 [ 789.574610][ C0] ? skb_queue_purge_reason+0x2de/0x500 [ 789.580276][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 789.585571][ C0] unregister_netdevice_queue+0x303/0x370 [ 789.591358][ C0] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 789.597712][ C0] __tun_detach+0x6b6/0x1600 [ 789.602422][ C0] tun_chr_close+0x108/0x1b0 [ 789.607227][ C0] ? __pfx_tun_chr_close+0x10/0x10 [ 789.612409][ C0] __fput+0x24a/0x8a0 [ 789.616510][ C0] task_work_run+0x24f/0x310 [ 789.621173][ C0] ? __pfx_task_work_run+0x10/0x10 [ 789.626407][ C0] ? syscall_exit_to_user_mode+0xa3/0x370 [ 789.632205][ C0] syscall_exit_to_user_mode+0x168/0x370 [ 789.637953][ C0] do_syscall_64+0x100/0x230 [ 789.642610][ C0] ? clear_bhb_loop+0x35/0x90 [ 789.647395][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 789.653351][ C0] RIP: 0033:0x7effc5e7d0a9 [ 789.657930][ C0] RSP: 002b:00007ffc1097e168 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 789.666435][ C0] RAX: 0000000000000000 RBX: 00007effc5fb5980 RCX: 00007effc5e7d0a9 [ 789.674467][ C0] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 789.682527][ C0] RBP: 00007effc5fb5980 R08: 000000000000017a R09: 0000000800000000 [ 789.690599][ C0] R10: 0000001b30c20000 R11: 0000000000000246 R12: 00000000000bdcc3 [ 789.698762][ C0] R13: 00007effc5fb405c R14: 0000000000000032 R15: 00007effc5fb5980 [ 789.706940][ C0] [ 789.710011][ C0] DEBUG: waiting rtnl_mutex for 911 jiffies. [ 789.716076][ C0] task:syz-executor.4 state:D stack:26736 pid:12342 tgid:12337 ppid:9574 flags:0x00000006 [ 789.726343][ C0] Call Trace: [ 789.729669][ C0] [ 789.732651][ C0] __schedule+0x17e8/0x4a20 [ 789.737296][ C0] ? __pfx___schedule+0x10/0x10 [ 789.742253][ C0] ? __pfx_lock_release+0x10/0x10 [ 789.747359][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 789.752850][ C0] ? schedule+0x90/0x320 [ 789.757189][ C0] schedule+0x14b/0x320 [ 789.761402][ C0] schedule_preempt_disabled+0x13/0x30 [ 789.767042][ C0] __mutex_lock+0x6a4/0xd70 [ 789.771608][ C0] ? __mutex_lock+0x527/0xd70 [ 789.776365][ C0] ? ppp_ioctl+0x78b/0x1cd0 [ 789.780911][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 789.786057][ C0] ? rtnl_lock+0xe7/0x130 [ 789.790432][ C0] ppp_ioctl+0x78b/0x1cd0 [ 789.794786][ C0] ? __pfx_ppp_ioctl+0x10/0x10 [ 789.799684][ C0] ? __fget_files+0x3f6/0x470 [ 789.804434][ C0] ? __fget_files+0x29/0x470 [ 789.809486][ C0] ? bpf_lsm_file_ioctl+0x9/0x10 [ 789.814476][ C0] ? security_file_ioctl+0x87/0xb0 [ 789.819660][ C0] ? __pfx_ppp_ioctl+0x10/0x10 [ 789.824467][ C0] __se_sys_ioctl+0xfc/0x170 [ 789.829130][ C0] do_syscall_64+0xf3/0x230 [ 789.833668][ C0] ? clear_bhb_loop+0x35/0x90 [ 789.838423][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 789.844354][ C0] RIP: 0033:0x7fa8b267d0a9 [ 789.848950][ C0] RSP: 002b:00007fa8b33700c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 789.857436][ C0] RAX: ffffffffffffffda RBX: 00007fa8b27b4120 RCX: 00007fa8b267d0a9 [ 789.865577][ C0] RDX: 0000000020001400 RSI: 00000000c004743e RDI: 0000000000000008 [ 789.873588][ C0] RBP: 00007fa8b26ec074 R08: 0000000000000000 R09: 0000000000000000 [ 789.881651][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 789.889692][ C0] R13: 000000000000006e R14: 00007fa8b27b4120 R15: 00007ffe70d77008 [ 789.897781][ C0] [ 789.900824][ C0] DEBUG: waiting rtnl_mutex for 531 jiffies. [ 789.906968][ C0] task:syz-executor.1 state:D stack:27360 pid:12363 tgid:12362 ppid:9271 flags:0x00000006 [ 789.917243][ C0] Call Trace: [ 789.920550][ C0] [ 789.923518][ C0] __schedule+0x17e8/0x4a20 [ 789.928113][ C0] ? __pfx___schedule+0x10/0x10 [ 789.933007][ C0] ? __pfx_lock_release+0x10/0x10 [ 789.938101][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 789.943635][ C0] ? schedule+0x90/0x320 [ 789.948050][ C0] schedule+0x14b/0x320 [ 789.952272][ C0] schedule_preempt_disabled+0x13/0x30 [ 789.957829][ C0] __mutex_lock+0x6a4/0xd70 [ 789.962384][ C0] ? __mutex_lock+0x527/0xd70 [ 789.967139][ C0] ? __tun_chr_ioctl+0x48f/0x2400 [ 789.972218][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 789.977337][ C0] ? rtnl_lock+0xe7/0x130 [ 789.981711][ C0] __tun_chr_ioctl+0x48f/0x2400 [ 789.987041][ C0] ? __pfx___tun_chr_ioctl+0x10/0x10 [ 789.992401][ C0] ? __fget_files+0x3f6/0x470 [ 789.997165][ C0] ? __fget_files+0x29/0x470 [ 790.001810][ C0] ? bpf_lsm_file_ioctl+0x9/0x10 [ 790.006810][ C0] ? security_file_ioctl+0x87/0xb0 [ 790.011997][ C0] ? __pfx_tun_chr_ioctl+0x10/0x10 [ 790.017208][ C0] __se_sys_ioctl+0xfc/0x170 [ 790.021841][ C0] do_syscall_64+0xf3/0x230 [ 790.026432][ C0] ? clear_bhb_loop+0x35/0x90 [ 790.031154][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 790.037205][ C0] RIP: 0033:0x7fcdc747d0a9 [ 790.041656][ C0] RSP: 002b:00007fcdc82c00c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 790.050143][ C0] RAX: ffffffffffffffda RBX: 00007fcdc75b3f80 RCX: 00007fcdc747d0a9 [ 790.058266][ C0] RDX: 0000000020000200 RSI: 00000000400454ca RDI: 0000000000000003 [ 790.066332][ C0] RBP: 00007fcdc74ec074 R08: 0000000000000000 R09: 0000000000000000 [ 790.074354][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 790.082605][ C0] R13: 000000000000000b R14: 00007fcdc75b3f80 R15: 00007ffd044fe3f8 [ 790.090654][ C0] [ 790.093685][ C0] DEBUG: waiting rtnl_mutex for 524 jiffies. [ 790.099717][ C0] task:syz-executor.1 state:D stack:27248 pid:12365 tgid:12362 ppid:9271 flags:0x00004006 [ 790.110084][ C0] Call Trace: [ 790.113468][ C0] [ 790.116482][ C0] __schedule+0x17e8/0x4a20 [ 790.121056][ C0] ? __pfx___schedule+0x10/0x10 [ 790.125999][ C0] ? __pfx_lock_release+0x10/0x10 [ 790.131083][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 790.136645][ C0] ? schedule+0x90/0x320 [ 790.140966][ C0] schedule+0x14b/0x320 [ 790.145147][ C0] schedule_preempt_disabled+0x13/0x30 [ 790.150683][ C0] __mutex_lock+0x6a4/0xd70 [ 790.155238][ C0] ? __mutex_lock+0x527/0xd70 [ 790.159998][ C0] ? devinet_ioctl+0x2ce/0x1bc0 [ 790.164897][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 790.170000][ C0] ? bpf_lsm_capable+0x9/0x10 [ 790.174730][ C0] ? security_capable+0x90/0xb0 [ 790.179744][ C0] ? rtnl_lock+0xe7/0x130 [ 790.184139][ C0] devinet_ioctl+0x2ce/0x1bc0 [ 790.188900][ C0] ? get_user_ifreq+0x1bb/0x200 [ 790.193815][ C0] inet_ioctl+0x3d7/0x4f0 [ 790.198284][ C0] ? __pfx_inet_ioctl+0x10/0x10 [ 790.203206][ C0] ? packet_ioctl+0x26b/0x350 [ 790.207956][ C0] sock_do_ioctl+0x158/0x460 [ 790.212605][ C0] ? __pfx_sock_do_ioctl+0x10/0x10 [ 790.217849][ C0] sock_ioctl+0x629/0x8e0 [ 790.222217][ C0] ? __pfx_sock_ioctl+0x10/0x10 [ 790.227131][ C0] ? __fget_files+0x29/0x470 [ 790.231759][ C0] ? __fget_files+0x3f6/0x470 [ 790.236608][ C0] ? __fget_files+0x29/0x470 [ 790.241255][ C0] ? bpf_lsm_file_ioctl+0x9/0x10 [ 790.246304][ C0] ? security_file_ioctl+0x87/0xb0 [ 790.251474][ C0] ? __pfx_sock_ioctl+0x10/0x10 [ 790.256405][ C0] __se_sys_ioctl+0xfc/0x170 [ 790.261038][ C0] do_syscall_64+0xf3/0x230 [ 790.265603][ C0] ? clear_bhb_loop+0x35/0x90 [ 790.270321][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 790.276475][ C0] RIP: 0033:0x7fcdc747d0a9 [ 790.280921][ C0] RSP: 002b:00007fcdc829f0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 790.289423][ C0] RAX: ffffffffffffffda RBX: 00007fcdc75b4050 RCX: 00007fcdc747d0a9 [ 790.297475][ C0] RDX: 0000000020000180 RSI: 0000000000008914 RDI: 0000000000000004 [ 790.305532][ C0] RBP: 00007fcdc74ec074 R08: 0000000000000000 R09: 0000000000000000 [ 790.313620][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 790.321663][ C0] R13: 000000000000006e R14: 00007fcdc75b4050 R15: 00007ffd044fe3f8 [ 790.329746][ C0] [ 790.332793][ C0] [ 790.332793][ C0] Showing all locks held in the system: [ 790.340571][ C0] 3 locks held by kworker/u8:4/62: [ 790.345759][ C0] #0: ffff88802a839148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 790.357500][ C0] #1: ffffc900015dfd00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 790.371386][ C0] #2: ffffffff8f5f7d08 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x19/0x30 [ 790.381001][ C0] 2 locks held by kworker/u8:5/1048: [ 790.386346][ C0] #0: ffff888015089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 790.398095][ C0] #1: ffffc90003e57d00 (connector_reaper_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 790.409317][ C0] 2 locks held by kworker/u8:7/2450: [ 790.414621][ C0] #0: ffff888015089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 790.426389][ C0] #1: ffffc90009087d00 ((reaper_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 790.437251][ C0] 2 locks held by getty/4851: [ 790.441938][ C0] #0: ffff88802ad6e0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 790.451835][ C0] #1: ffffc900031232f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 790.462047][ C0] 6 locks held by kworker/0:6/5171: [ 790.467329][ C0] #0: ffff888055bd5548 ((wq_completion)wg-crypt-wg0#11){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 790.479253][ C0] #1: ffffc90003ee7d00 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((typeof(*((worker))) *)((worker))); (typeof((typeof(*((worker))) *)((worker)))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 790.515171][ C0] #2: ffffffff8e3357a0 (rcu_read_lock){....}-{1:2}, at: __skb_flow_dissect+0x4f1/0x7d00 [ 790.525169][ C0] #3: ffffc90000007c00 (net/core/rtnetlink.c:82){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 [ 790.535396][ C0] #4: ffffffff8e3357a0 (rcu_read_lock){....}-{1:2}, at: report_rtnl_holders+0x20/0x2d0 [ 790.545228][ C0] #5: ffffffff8e3357a0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 790.555201][ C0] 2 locks held by syz-executor.0/12302: [ 790.560812][ C0] #0: ffffffff8f5f7d08 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 [ 790.569984][ C0] #1: ffffffff8e33ab78 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830 [ 790.580967][ C0] 2 locks held by syz-executor.4/12342: [ 790.586717][ C0] #0: ffffffff8ee516a8 (ppp_mutex){+.+.}-{3:3}, at: ppp_ioctl+0x112/0x1cd0 [ 790.595529][ C0] #1: ffffffff8f5f7d08 (rtnl_mutex){+.+.}-{3:3}, at: ppp_ioctl+0x78b/0x1cd0 [ 790.604450][ C0] 1 lock held by syz-executor.4/12343: [ 790.610084][ C0] #0: ffffffff8ee516a8 (ppp_mutex){+.+.}-{3:3}, at: ppp_ioctl+0x112/0x1cd0 [ 790.618928][ C0] 1 lock held by syz-executor.1/12363: [ 790.624431][ C0] #0: ffffffff8f5f7d08 (rtnl_mutex){+.+.}-{3:3}, at: __tun_chr_ioctl+0x48f/0x2400 [ 790.633854][ C0] 1 lock held by syz-executor.1/12365: [ 790.639372][ C0] #0: ffffffff8f5f7d08 (rtnl_mutex){+.+.}-{3:3}, at: devinet_ioctl+0x2ce/0x1bc0 [ 790.648600][ C0] 1 lock held by syz-executor.2/12386: [ 790.654090][ C0] [ 790.656465][ C0] ============================================= [ 790.656465][ C0] [ 790.699177][T12386] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (12386) [ 790.731636][T12386] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 790.757619][T12386] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 790.768884][T12386] BTRFS info (device loop2): using free-space-tree [ 790.792832][ T30] audit: type=1326 audit(1719028576.419:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12395 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8df2a7d0a9 code=0x0 [ 790.993425][T12386] BTRFS info (device loop2): rebuilding free space tree [ 791.398478][T10490] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 795.500669][T12439] fuse: Bad value for 'fd' [ 795.576901][T12442] loop3: detected capacity change from 0 to 8 [ 798.894909][T12471] loop1: detected capacity change from 0 to 2048 [ 799.027828][T12471] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 801.520121][ T30] audit: type=1326 audit(1719028585.499:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12482 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa8b267d0a9 code=0x0 [ 801.823479][ T5727] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 802.048774][ T5727] usb 3-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.32 [ 802.073269][ T5727] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 802.094936][ T5727] usb 3-1: config 0 descriptor?? [ 802.168150][ T5727] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 802.363626][ T5727] gp8psk: usb in 128 operation failed. [ 802.392668][ T5727] gp8psk: usb in 137 operation failed. [ 802.425899][ T5727] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-22) [ 802.460076][ T5727] dvb_usb_gp8psk 3-1:0.0: probe with driver dvb_usb_gp8psk failed with error -22 [ 802.550608][ T5727] usb 3-1: USB disconnect, device number 4 [ 804.831378][T12534] nfs: Unknown parameter '&\^' [ 804.850341][T12534] loop2: detected capacity change from 0 to 1024 [ 804.858973][T12534] EXT4-fs: Ignoring removed i_version option [ 804.865094][T12534] EXT4-fs: Ignoring removed oldalloc option [ 804.871147][T12534] EXT4-fs: Ignoring removed i_version option [ 804.877203][T12534] EXT4-fs: Ignoring removed orlov option [ 804.882877][T12534] EXT4-fs: Ignoring removed mblk_io_submit option [ 805.361947][T12525] loop1: detected capacity change from 0 to 32768 [ 806.906465][ T30] audit: type=1804 audit(1719028591.099:119): pid=12525 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir408602385/syzkaller.bh4V3J/189/file0/file1" dev="loop1" ino=4 res=1 errno=0 [ 807.230551][ T30] audit: type=1326 audit(1719028592.419:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12530 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff738a7d0a9 code=0x0 [ 808.324743][T12557] binder: BINDER_SET_CONTEXT_MGR already set [ 808.332649][T12557] binder: 12552:12557 ioctl 4018620d 20000000 returned -16 [ 808.919036][ T1247] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.925737][ T1247] ieee802154 phy1 wpan1: encryption failed: -22 [ 809.043065][T12566] loop4: detected capacity change from 0 to 2048 [ 809.105699][T12566] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 810.147609][T12583] nfs: Unknown parameter '&\^' [ 810.211934][T12583] loop1: detected capacity change from 0 to 1024 [ 810.220801][T12583] EXT4-fs: Ignoring removed i_version option [ 810.226995][T12583] EXT4-fs: Ignoring removed oldalloc option [ 810.233261][T12583] EXT4-fs: Ignoring removed i_version option [ 810.239396][T12583] EXT4-fs: Ignoring removed orlov option [ 810.245140][T12583] EXT4-fs: Ignoring removed mblk_io_submit option [ 810.949672][ T30] audit: type=1326 audit(1719028596.579:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12579 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcdc747d0a9 code=0x0 [ 811.369008][T12602] usb usb8: usbfs: process 12602 (syz-executor.0) did not claim interface 0 before use [ 811.764839][T12608] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 813.070464][T12646] nfs: Unknown parameter '&\^' [ 813.131094][T12646] loop0: detected capacity change from 0 to 1024 [ 813.139862][T12646] EXT4-fs: Ignoring removed i_version option [ 813.146046][T12646] EXT4-fs: Ignoring removed oldalloc option [ 813.153168][T12646] EXT4-fs: Ignoring removed i_version option [ 813.160123][T12646] EXT4-fs: Ignoring removed orlov option [ 813.165975][T12646] EXT4-fs: Ignoring removed mblk_io_submit option [ 813.978220][ T30] audit: type=1326 audit(1719028599.609:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12638 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7effc5e7d0a9 code=0x0 [ 814.008353][T12648] loop1: detected capacity change from 0 to 256 [ 814.026474][T12648] FAT-fs (loop1): Unrecognized mount option "iochabset=default" or missing value [ 814.730828][T12665] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 815.419407][T12648] loop1: detected capacity change from 0 to 32768 [ 815.458390][T12648] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (12648) [ 815.866171][T12648] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 815.896579][T12648] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 815.905268][T12648] BTRFS info (device loop1): using free-space-tree [ 816.296959][T12648] BTRFS info (device loop1): rebuilding free space tree [ 816.622314][T12701] usb usb8: usbfs: process 12701 (syz-executor.3) did not claim interface 0 before use [ 816.645785][T12703] futex_wake_op: syz-executor.2 tries to shift op by -1; fix this program [ 816.939258][T12705] loop2: detected capacity change from 0 to 16 [ 817.734512][T12705] erofs: (device loop2): mounted with root inode @ nid 36. [ 817.790767][T10861] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -41 in[4096, 0] out[9000] [ 817.810957][T12704] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -41 in[4096, 0] out[8192] [ 817.833740][ T30] audit: type=1800 audit(1719028603.449:123): pid=12704 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.2" name="file3" dev="loop2" ino=89 res=0 errno=0 [ 817.955125][ T9271] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 818.081357][T12704] syz-executor.2 (12704) used greatest stack depth: 18480 bytes left [ 818.639080][T12716] nfs: Unknown parameter '&\^' [ 818.656631][T12716] loop3: detected capacity change from 0 to 1024 [ 818.663645][T12716] EXT4-fs: Ignoring removed i_version option [ 818.669768][T12716] EXT4-fs: Ignoring removed oldalloc option [ 818.675800][T12716] EXT4-fs: Ignoring removed i_version option [ 818.683503][T12716] EXT4-fs: Ignoring removed orlov option [ 818.689345][T12716] EXT4-fs: Ignoring removed mblk_io_submit option [ 819.590253][T11794] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 819.603577][ T30] audit: type=1326 audit(1719028605.219:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12710 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8df2a7d0a9 code=0x0 [ 820.466454][T12742] usb usb8: usbfs: process 12742 (syz-executor.4) did not claim interface 0 before use [ 820.668548][ T30] audit: type=1326 audit(1719028606.299:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12746 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7effc5e7d0a9 code=0x0 [ 821.367972][T12761] netlink: 'syz-executor.4': attribute type 1 has an invalid length. [ 826.846472][T12787] input: syz1 as /devices/virtual/input/input24 [ 826.996687][ T9041] Bluetooth: hci4: sending frame failed (-49) [ 827.014543][T10861] Bluetooth: hci4: Entering manufacturer mode failed (-49) [ 828.210964][ T30] audit: type=1326 audit(1719028613.839:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12809 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcdc747d0a9 code=0x0 [ 828.574966][T12825] nfs: Unknown parameter '&\^' [ 828.635863][T12825] loop2: detected capacity change from 0 to 1024 [ 828.644801][T12825] EXT4-fs: Ignoring removed i_version option [ 828.651020][T12825] EXT4-fs: Ignoring removed oldalloc option [ 828.657271][T12825] EXT4-fs: Ignoring removed i_version option [ 828.663386][T12825] EXT4-fs: Ignoring removed orlov option [ 828.669230][T12825] EXT4-fs: Ignoring removed mblk_io_submit option [ 828.876335][ T30] audit: type=1326 audit(1719028614.489:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12813 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff738a7d0a9 code=0x0 [ 829.981612][ T30] audit: type=1800 audit(1719028615.599:128): pid=12840 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz-executor.1" name="/nvram" dev="devtmpfs" ino=625 res=0 errno=0 [ 832.570397][T12885] netlink: 'syz-executor.0': attribute type 2 has an invalid length. [ 832.702677][T12885] openvswitch: : Dropping previously announced user features [ 833.781854][T12872] loop1: detected capacity change from 0 to 32768 [ 833.865095][ T30] audit: type=1804 audit(1719028619.489:129): pid=12872 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir408602385/syzkaller.bh4V3J/205/file0/file1" dev="loop1" ino=4 res=1 errno=0 [ 833.969657][ T30] audit: type=1326 audit(1719028619.529:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12891 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8df2a7d0a9 code=0x0 [ 836.541146][T12929] netlink: 'syz-executor.0': attribute type 2 has an invalid length. [ 836.887240][T12929] openvswitch: : Dropping previously announced user features [ 839.893546][T12951] loop0: detected capacity change from 0 to 32768 [ 839.942969][T12951] XFS: attr2 mount option is deprecated. [ 839.955670][T12968] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 840.031186][T12951] XFS (loop0): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 840.166281][T12951] XFS (loop0): Ending clean mount [ 840.226104][T12951] XFS (loop0): Quotacheck needed: Please wait. [ 840.347973][T12951] XFS (loop0): Quotacheck: Done. [ 840.586608][T12987] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 840.708866][T10461] XFS (loop0): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 841.686357][ T9041] Bluetooth: hci4: sending frame failed (-49) [ 841.696885][T10861] Bluetooth: hci4: Entering manufacturer mode failed (-49) [ 843.265806][ T5169] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 843.475526][ T5169] usb 2-1: Using ep0 maxpacket: 32 [ 843.504208][ T5169] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 48, changing to 9 [ 843.541026][ T5169] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8240, setting to 1024 [ 843.561273][ T5169] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 843.587227][ T5169] usb 2-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 843.613077][ T5169] usb 2-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 843.625369][ T5169] usb 2-1: Product: syz [ 843.629595][ T5169] usb 2-1: Manufacturer: syz [ 843.654616][ T5169] usb 2-1: SerialNumber: syz [ 843.671375][ T5169] input: appletouch as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/input/input25 [ 843.935990][ T5169] usb 2-1: USB disconnect, device number 16 [ 844.005145][ T5169] appletouch 2-1:1.0: input: appletouch disconnected [ 846.410128][T13081] devtmpfs: Too few inodes for current use [ 847.554294][T13100] netlink: 56 bytes leftover after parsing attributes in process `syz-executor.2'. [ 847.692243][T13098] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 848.786294][ T930] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 849.013033][ T930] usb 1-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.32 [ 849.031221][ T930] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 849.056216][ T930] usb 1-1: config 0 descriptor?? [ 849.076290][ T930] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 849.541193][ T930] gp8psk: usb in 137 operation failed. [ 849.554713][ T930] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-22) [ 849.570437][ T930] dvb_usb_gp8psk 1-1:0.0: probe with driver dvb_usb_gp8psk failed with error -22 [ 849.602068][ T930] usb 1-1: USB disconnect, device number 11 [ 850.030709][T13137] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 850.436510][T13144] netlink: 'syz-executor.0': attribute type 20 has an invalid length. [ 850.510419][T13144] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'. [ 852.705470][ T25] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 852.911404][ T25] usb 1-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.32 [ 852.959778][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 852.974191][ T25] usb 1-1: config 0 descriptor?? [ 853.004478][ T25] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 853.438162][T13178] usb usb8: usbfs: process 13178 (syz-executor.4) did not claim interface 0 before use [ 853.519184][ T25] gp8psk: usb in 137 operation failed. [ 853.541103][ T25] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-22) [ 853.563323][ T25] dvb_usb_gp8psk 1-1:0.0: probe with driver dvb_usb_gp8psk failed with error -22 [ 853.602587][ T25] usb 1-1: USB disconnect, device number 12 [ 853.744750][T13186] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 854.411908][T13196] overlayfs: missing 'workdir' [ 856.142802][T13213] loop4: detected capacity change from 0 to 32768 [ 856.241315][ T30] audit: type=1804 audit(1719028641.869:131): pid=13213 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir2237233990/syzkaller.vcfMUx/215/file0/file1" dev="loop4" ino=4 res=1 errno=0 [ 857.370503][T13238] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 857.972434][T13244] overlayfs: missing 'workdir' [ 859.658945][T10923] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 859.885859][T10923] usb 5-1: Using ep0 maxpacket: 8 [ 859.904552][T10923] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 860.015863][T10923] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 860.077840][T10923] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 860.116649][T10923] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 860.143924][T10923] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 860.173506][T13273] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 860.200543][T10923] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 860.230737][T10923] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 860.482527][T10923] usb 5-1: GET_CAPABILITIES returned 0 [ 860.500976][T13267] loop0: detected capacity change from 0 to 32768 [ 860.507841][T10923] usbtmc 5-1:16.0: can't read capabilities [ 860.692914][ T30] audit: type=1804 audit(1719028646.319:132): pid=13267 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir4116181656/syzkaller.iKFGeg/132/file0/file1" dev="loop0" ino=4 res=1 errno=0 [ 861.551636][T13287] loop3: detected capacity change from 0 to 256 [ 861.632528][T13287] FAT-fs (loop3): Unrecognized mount option "iochabset=default" or missing value [ 861.642864][ T5169] usb 5-1: USB disconnect, device number 8 [ 862.077054][T13298] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 862.487589][T13287] loop3: detected capacity change from 0 to 32768 [ 862.531286][T13287] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor.3 (13287) [ 862.569373][T13287] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 862.580436][T13287] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 862.599323][T13287] BTRFS info (device loop3): using free-space-tree [ 862.896913][T13287] BTRFS info (device loop3): rebuilding free space tree [ 864.063517][T13326] binder: BINDER_SET_CONTEXT_MGR already set [ 864.113233][T13326] binder: 13318:13326 ioctl 4018620d 20000000 returned -16 [ 864.118847][T13329] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 864.384025][T10033] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 868.744205][T13353] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 869.535699][ T5344] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 869.742888][ T5344] usb 4-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.32 [ 869.795376][ T5344] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 869.877033][ T5344] usb 4-1: config 0 descriptor?? [ 869.903590][ T5344] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 869.933499][T13372] loop4: detected capacity change from 0 to 256 [ 869.962545][T13372] FAT-fs (loop4): Unrecognized mount option "iochabset=default" or missing value [ 869.999520][T13368] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 870.038675][T13181] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 870.305465][ T5344] gp8psk: usb in 137 operation failed. [ 870.324060][ T5344] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-22) [ 870.351946][ T5344] dvb_usb_gp8psk 4-1:0.0: probe with driver dvb_usb_gp8psk failed with error -22 [ 870.375860][ T1247] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.390662][ T1247] ieee802154 phy1 wpan1: encryption failed: -22 [ 870.411839][ T5344] usb 4-1: USB disconnect, device number 7 [ 872.787110][T13387] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 872.819129][T13389] [U] ſ3Fh&f-)ZY B9REpG DvƩ [ 872.827111][T13389] [U] ؓas26*TQ&Љ'q]H2}Jl~3Y꿐mT0̨pu%$ȣ<#V [ 873.084917][ T30] audit: type=1326 audit(1719028658.709:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13390 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7effc5e7d0a9 code=0x0 [ 873.128777][T13389] [U] $lfL4O UjGKJvv,9 [ 873.135506][T13389] [U] V8ACF$q2! [ 873.140616][T13389] [U] ?0pq#Q [ 873.144596][T13389] [U] /2P+1KI*:(b򁕠n%̀ތ E(H=ҳx +(̶W'!dHc&]_&w&wId [ 873.156926][T13389] [U] BqeO3OoYF7!"ha [ 873.231705][T13389] [U] L2Z|C [ 873.236579][T13389] [U] 8X0>&K [ 873.240948][T13389] [U] IsAQvpC` *)Rˬ6 =}DhGߥ+@(@1(T^:bm;Cu,'֝R^jړ M\*(Nxy [ 873.262476][T13389] [U] 1zIKk0ڎ*0{gM8`8i٭Frn\`IJM69OszkY{3W')Z4 M͓x@[9>lhٓ2@m#;.;U8/A[,ˏvdʹL_s5A%D/^Z Ex[Y7'Xۻ tf [ 873.294375][T13389] [U] 2͵mh~6R`\*̻6J+qoi&ELvH̷X?z\.R-2Vgg^98O\ōР4"#$3hl`m\kDZˏ?(,F"?DӉFexO埦/A[Q̉W [ 873.453094][T13389] [U] K3j?`M,Z`A!x2X -n&DnĚ9R [ 873.465577][T13389] [U] 7j:u3Ay臮֮^ M$ ijB=65g'&U [ 873.473794][T13389] [U] שW ;kz5XNƓ% {,~ŏ [ 873.483250][T13389] [U] ͅAɌg+[c]KS*LP1t.eL nJ6gׅ)c Ubh8 CJ LiÕC4N ~ a [ 873.499113][T13389] [U] g$>@w [ 873.528772][T13389] [U] 2`>}VyI޷Q}o&vC jhk~0eKQ2ǖQMHP'Id@lt [ 873.545472][T13389] [U] :Yڭ&Gחh0|A:<-GEx7'T)s0/L)c׵j9aT8,ڵL#cm[[ %%g=\?,>5:vˢqnC8[`*ԖpkyJsn朽g,4RUQucVгg8n.5[i?6F7;BlT{Ȼ" [ 873.593403][T13389] [U] Fhڬ@GA7vKnWDh,HjS/@U~伤eȄxfHGE [ 873.609169][T13389] [U] Aq(%! p4Km$6D7B?`Wﺹɖ(gmU?,bGJJ]loCLDt@&^ (zS8|OW( [ 873.632070][T13389] [U] 2jFq) [ 873.683916][T13389] [U] ce[c[WmQEGCoI-[oC]y/cg l0U(-0 Ha}@fBRKkXo~UŋP8meec}1I^zCjE.}HsY芐#ί [ 873.704456][T13389] [U] %}v$+w0AfFjUUB܁M&܇^/bh$>r6G{X*sQksC./ys~dBS[Ee[* [ 873.728737][T13389] [U] I8zHwvۺ-d- !o^R*\e#qF@%*T.W!>L4;Fc&& [ 873.754284][T13389] [U] -nP} [ 873.762914][T13389] [U] w5WVp DCwp $늎]]xc9 x.%pr8;k1cX /bQ2@՟VgXT퀹${϶~d|\!t\z+b< [ 873.784992][T13389] [U] n(alvEuJw#g\ą"q"Mx1aǬP!)WFK#Ӥ 璭ϴ)S fzu#~HsJGtPJ [ 873.811351][T13389] [U] |(;!!WjlV,QhgwHT [ 873.823616][T13389] [U] uCl2 [ 873.827214][T13389] [U] @eew478nUDg;!KAY!Q tX—c̭bC%DLówc: [ 873.844748][T13389] [U] =pBzD76rRjئ͍z}y%7ͭ;uۊh619#(nBKЏ3aÌrH 4΄KwD!#pckG.4MO9?Jmt6iA^(}Xr{ȭE 8vQv [ 873.868930][T13389] [U] U{2Ť6:=ņe_< ܰ6Hi [ 874.412564][T13385] loop1: detected capacity change from 0 to 32768 [ 874.472863][ T30] audit: type=1804 audit(1719028660.099:134): pid=13385 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir408602385/syzkaller.bh4V3J/236/file0/file1" dev="loop1" ino=4 res=1 errno=0 [ 875.526726][T13424] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 877.598464][T13428] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 877.747693][T13433] loop3: detected capacity change from 0 to 256 [ 877.785678][T13433] FAT-fs (loop3): Unrecognized mount option "iochabset=default" or missing value [ 877.841009][T13432] loop2: detected capacity change from 0 to 256 [ 878.001935][T13432] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x1aabf3fb, utbl_chksum : 0xe619d30d) [ 878.112341][ T30] audit: type=1326 audit(1719028663.739:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13438 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7effc5e7d0a9 code=0x0 [ 878.258477][T13444] [U] ſ3Fh&f-)ZY B9REpG DvƩ [ 878.265450][T13444] [U] ؓas26*TQ&Љ'q]H2}Jl~3Y꿐mT0̨pu%$ȣ<#V [ 878.603157][T13433] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor.3 (13433) [ 878.627839][T13444] [U] $lfL4O UjGKJvv,9 [ 878.634686][T13444] [U] V8ACF$q2! [ 878.639799][T13444] [U] ?0pq#Q [ 878.643688][T13444] [U] /2P+1KI*:(b򁕠n%̀ތ E(H=ҳx +(̶W'!dHc&]_&w&wId [ 878.655917][T13444] [U] BqeO3OoYF7!"ha [ 878.699124][T13433] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 878.728822][T13433] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 878.738004][T13433] BTRFS info (device loop3): using free-space-tree [ 878.745024][T13444] [U] L2Z|C [ 878.749687][T13444] [U] 8X0>&K [ 878.754569][T13444] [U] IsAQvpC` *)Rˬ6 =}DhGߥ+@(@1(T^:bm;Cu,'֝R^jړ M\*(Nxy [ 878.769890][T13444] [U] 1zIKk0ڎ*0{gM8`8i٭Frn\`IJM69OszkY{3W')Z4 M͓x@[9>lhٓ2@m#;.;U8/A[,ˏvdʹL_s5A%D/^Z Ex[Y7'Xۻ tf [ 878.815543][T13444] [U] 2͵mh~6R`\*̻6J+qoi&ELvH̷X?z\.R-2Vgg^98O\ōР4"#$3hl`m\kDZˏ?(,F"?DӉFexO埦/A[Q̉W [ 879.205903][T13444] [U] K3j?`M,Z`A!x2X -n&DnĚ9R [ 879.213033][T13444] [U] 7j:u3Ay臮֮^ M$ ijB=65g'&U [ 880.133228][T13444] [U] שW ;kz5XNƓ% {,~ŏ [ 880.196058][T13444] [U] ͅAɌg+[c]KS*LP1t.eL nJ6gׅ)c Ubh8 CJ LiÕC4N ~ a [ 880.229246][T13444] [U] g$>@w [ 880.233130][T13444] [U] 2`>}VyI޷Q}o&vC jhk~0eKQ2ǖQMHP'Id@lt [ 880.256045][T13444] [U] :Yڭ&Gחh0|A:<-GEx7'T)s0/L)c׵j9aT8,ڵL#cm[[ %%g=\?,>5:vˢqnC8[`* [ 880.634308][T13481] binder: BINDER_SET_CONTEXT_MGR already set [ 882.464944][T13481] binder: 13475:13481 ioctl 4018620d 20000000 returned -16 [ 882.555753][T10033] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 882.746718][T13488] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 882.764351][T13479] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 883.183400][T13494] loop2: detected capacity change from 0 to 256 [ 883.294880][T13494] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x1aabf3fb, utbl_chksum : 0xe619d30d) [ 883.632170][ T30] audit: type=1326 audit(1719028669.219:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13498 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcdc747d0a9 code=0x0 [ 884.651963][T13520] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 884.692822][T13525] binder: BINDER_SET_CONTEXT_MGR already set [ 884.720856][T13525] binder: 13517:13525 ioctl 4018620d 20000000 returned -16 [ 885.474384][T13530] fuse: Unknown parameter 'fd0x0000000000000003' [ 890.103266][T13557] loop3: detected capacity change from 0 to 256 [ 890.139502][T13557] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x1aabf3fb, utbl_chksum : 0xe619d30d) [ 890.704818][T13546] loop1: detected capacity change from 0 to 32768 [ 890.759197][T13566] fuse: Unknown parameter 'fd0x0000000000000003' [ 890.980755][ T30] audit: type=1804 audit(1719028676.409:137): pid=13546 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir408602385/syzkaller.bh4V3J/244/file0/file1" dev="loop1" ino=4 res=1 errno=0 [ 891.705985][T13576] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 892.273304][T13596] binder: BINDER_SET_CONTEXT_MGR already set [ 892.279680][T13596] binder: 13591:13596 ioctl 4018620d 20000000 returned -16 [ 892.392663][T13593] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 893.285823][T13603] loop3: detected capacity change from 0 to 32768 [ 893.350263][ T30] audit: type=1804 audit(1719028678.969:138): pid=13603 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir260214043/syzkaller.p2afMa/191/file0/file1" dev="loop3" ino=4 res=1 errno=0 [ 894.345591][T13618] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 897.795936][ C0] DEBUG: holding rtnl_mutex for 564 jiffies. [ 897.802002][ C0] task:syz-executor.2 state:R running task stack:24672 pid:13577 tgid:13577 ppid:10490 flags:0x0000400e [ 897.813890][ C0] Call Trace: [ 897.817344][ C0] [ 897.820224][ C0] sched_show_task+0x578/0x740 [ 897.825792][ C0] ? report_rtnl_holders+0x183/0x2d0 [ 897.831147][ C0] ? __pfx__printk+0x10/0x10 [ 897.835840][ C0] ? __pfx_sched_show_task+0x10/0x10 [ 897.841199][ C0] report_rtnl_holders+0x1ba/0x2d0 [ 897.846411][ C0] ? report_rtnl_holders+0x20/0x2d0 [ 897.851664][ C0] call_timer_fn+0x18e/0x650 [ 897.856406][ C0] ? call_timer_fn+0xc0/0x650 [ 897.861135][ C0] ? __pfx_report_rtnl_holders+0x10/0x10 [ 897.866860][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 897.872022][ C0] ? __pfx_report_rtnl_holders+0x10/0x10 [ 897.877765][ C0] ? __pfx_report_rtnl_holders+0x10/0x10 [ 897.883537][ C0] ? __pfx_report_rtnl_holders+0x10/0x10 [ 897.889360][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 897.894620][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 897.900303][ C0] ? __pfx_report_rtnl_holders+0x10/0x10 [ 897.906037][ C0] __run_timer_base+0x66a/0x8e0 [ 897.910966][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 897.916457][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 897.923026][ C0] run_timer_softirq+0xb7/0x170 [ 897.928009][ C0] handle_softirqs+0x2c4/0x970 [ 897.932832][ C0] ? __irq_exit_rcu+0xf4/0x1c0 [ 897.937704][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 897.943088][ C0] ? irqtime_account_irq+0xd4/0x1e0 [ 897.948413][ C0] __irq_exit_rcu+0xf4/0x1c0 [ 897.953062][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 897.958379][ C0] irq_exit_rcu+0x9/0x30 [ 897.962674][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 897.968421][ C0] [ 897.971389][ C0] [ 897.974359][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 897.980537][ C0] RIP: 0010:preempt_schedule_irq+0xf6/0x1c0 [ 897.986538][ C0] Code: 89 f5 49 c1 ed 03 eb 0d 48 f7 03 08 00 00 00 0f 84 8b 00 00 00 bf 01 00 00 00 e8 f5 d2 cb f5 e8 70 6e 04 f6 fb bf 01 00 00 00 95 ad ff ff 43 80 7c 3d 00 00 74 08 4c 89 f7 e8 95 27 63 f6 48 [ 898.006258][ C0] RSP: 0018:ffffc900092cf760 EFLAGS: 00000286 [ 898.012385][ C0] RAX: 6dda080ac65a5500 RBX: 1ffff92001259ef4 RCX: ffffffff816fd09a [ 898.020551][ C0] RDX: dffffc0000000000 RSI: ffffffff8bcac8a0 RDI: 0000000000000001 [ 898.028628][ C0] RBP: ffffc900092cf810 R08: ffffffff92fe474f R09: 1ffffffff25fc8e9 [ 898.036706][ C0] R10: dffffc0000000000 R11: fffffbfff25fc8ea R12: 1ffff92001259eec [ 898.044740][ C0] R13: 1ffff92001259ef0 R14: ffffc900092cf780 R15: dffffc0000000000 [ 898.052822][ C0] ? mark_lock+0x9a/0x360 [ 898.057324][ C0] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 898.063211][ C0] irqentry_exit+0x5e/0x90 [ 898.067734][ C0] asm_sysvec_reschedule_ipi+0x1a/0x20 [ 898.073241][ C0] RIP: 0010:synchronize_rcu+0x0/0x360 [ 898.078727][ C0] Code: e1 07 80 c1 03 38 c1 0f 8c 97 fe ff ff 4c 89 f7 e8 a5 15 80 00 e9 8a fe ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1e fa 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 e4 e0 48 [ 898.098445][ C0] RSP: 0018:ffffc900092cf8d8 EFLAGS: 00000206 [ 898.104564][ C0] RAX: dffffc0000000000 RBX: 1ffff92001259f24 RCX: ffffffff947dc803 [ 898.112654][ C0] RDX: 0000000000000001 RSI: ffffffff8bcad580 RDI: ffffffff8c206c80 [ 898.120738][ C0] RBP: ffffc900092cf9b8 R08: ffffffff947d252f R09: 1ffffffff28fa4a5 [ 898.128823][ C0] R10: dffffc0000000000 R11: fffffbfff28fa4a6 R12: ffffffff947cfe08 [ 898.136893][ C0] R13: 1ffff92001259f20 R14: 0000000000000a03 R15: ffffc900092cf920 [ 898.144951][ C0] lockdep_unregister_key+0x4b7/0x540 [ 898.150450][ C0] ? __pfx_lockdep_unregister_key+0x10/0x10 [ 898.156453][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 898.161724][ C0] ? __qdisc_destroy+0x150/0x410 [ 898.166775][ C0] ? kfree+0x149/0x360 [ 898.170895][ C0] ? __pfx_pfifo_fast_destroy+0x10/0x10 [ 898.176550][ C0] __qdisc_destroy+0x165/0x410 [ 898.181374][ C0] dev_shutdown+0x9b/0x440 [ 898.185906][ C0] unregister_netdevice_many_notify+0x977/0x16b0 [ 898.192315][ C0] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 898.199187][ C0] ? __asan_memset+0x23/0x50 [ 898.203843][ C0] ? skb_queue_purge_reason+0x2de/0x500 [ 898.209511][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 898.214759][ C0] unregister_netdevice_queue+0x303/0x370 [ 898.220591][ C0] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 898.226980][ C0] __tun_detach+0x6b6/0x1600 [ 898.231672][ C0] tun_chr_close+0x108/0x1b0 [ 898.236394][ C0] ? __pfx_tun_chr_close+0x10/0x10 [ 898.241790][ C0] __fput+0x24a/0x8a0 [ 898.245910][ C0] task_work_run+0x24f/0x310 [ 898.250581][ C0] ? __pfx_task_work_run+0x10/0x10 [ 898.255820][ C0] ? syscall_exit_to_user_mode+0xa3/0x370 [ 898.261632][ C0] syscall_exit_to_user_mode+0x168/0x370 [ 898.267398][ C0] do_syscall_64+0x100/0x230 [ 898.272044][ C0] ? clear_bhb_loop+0x35/0x90 [ 898.276842][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 898.282800][ C0] RIP: 0033:0x7ff738a7d0a9 [ 898.287340][ C0] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 898.307072][ C0] RSP: 002b:00007fff2cec7658 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 898.315614][ C0] RAX: 0000000000000000 RBX: 00007ff738bb5980 RCX: 00007ff738a7d0a9 [ 898.323736][ C0] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 898.331918][ C0] RBP: 00007ff738bb5980 R08: 0000000000000169 R09: 0000000800000000 [ 898.340004][ C0] R10: 0000001b32b20000 R11: 0000000000000246 R12: 00000000000d9ecd [ 898.348116][ C0] R13: 00007ff738bb405c R14: 0000000000000032 R15: 00007ff738bb5980 [ 898.356414][ C0] [ 898.359517][ C0] DEBUG: waiting rtnl_mutex for 613 jiffies. [ 898.365598][ C0] task:syz-executor.0 state:D stack:28960 pid:13595 tgid:13589 ppid:10461 flags:0x00000006 [ 898.375871][ C0] Call Trace: [ 898.379202][ C0] [ 898.382208][ C0] __schedule+0x17e8/0x4a20 [ 898.386862][ C0] ? __pfx___schedule+0x10/0x10 [ 898.391784][ C0] ? __pfx_lock_release+0x10/0x10 [ 898.396925][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 898.402517][ C0] ? schedule+0x90/0x320 [ 898.406861][ C0] schedule+0x14b/0x320 [ 898.411082][ C0] schedule_preempt_disabled+0x13/0x30 [ 898.416688][ C0] __mutex_lock+0x6a4/0xd70 [ 898.421258][ C0] ? __mutex_lock+0x527/0xd70 [ 898.426047][ C0] ? ppp_release+0x8a/0x1f0 [ 898.430613][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 898.435753][ C0] ? __pfx___fsnotify_parent+0x10/0x10 [ 898.441285][ C0] ? rtnl_lock+0xe7/0x130 [ 898.445737][ C0] ppp_release+0x8a/0x1f0 [ 898.450129][ C0] ? __pfx_ppp_release+0x10/0x10 [ 898.455133][ C0] __fput+0x24a/0x8a0 [ 898.459276][ C0] __x64_sys_close+0x7f/0x110 [ 898.464049][ C0] do_syscall_64+0xf3/0x230 [ 898.468673][ C0] ? clear_bhb_loop+0x35/0x90 [ 898.473423][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 898.479438][ C0] RIP: 0033:0x7effc5e7d0a9 [ 898.483914][ C0] RSP: 002b:00007effc6c6a0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 898.492503][ C0] RAX: ffffffffffffffda RBX: 00007effc5fb4050 RCX: 00007effc5e7d0a9 [ 898.500790][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 898.509245][ C0] RBP: 00007effc5eec074 R08: 0000000000000000 R09: 0000000000000000 [ 898.517326][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 898.525410][ C0] R13: 000000000000006e R14: 00007effc5fb4050 R15: 00007ffc1097e088 [ 898.533461][ C0] [ 898.536588][ C0] DEBUG: waiting rtnl_mutex for 560 jiffies. [ 898.542621][ C0] task:syz-executor.0 state:D stack:24672 pid:13589 tgid:13589 ppid:10461 flags:0x00004006 [ 898.552954][ C0] Call Trace: [ 898.556356][ C0] [ 898.559342][ C0] __schedule+0x17e8/0x4a20 [ 898.563937][ C0] ? __pfx___schedule+0x10/0x10 [ 898.568927][ C0] ? __pfx_lock_release+0x10/0x10 [ 898.574032][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 898.579689][ C0] ? schedule+0x90/0x320 [ 898.584008][ C0] schedule+0x14b/0x320 [ 898.588341][ C0] schedule_preempt_disabled+0x13/0x30 [ 898.593870][ C0] __mutex_lock+0x6a4/0xd70 [ 898.598546][ C0] ? __mutex_lock+0x527/0xd70 [ 898.603419][ C0] ? ppp_release+0x8a/0x1f0 [ 898.608076][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 898.613186][ C0] ? rtnl_lock+0xe7/0x130 [ 898.617705][ C0] ppp_release+0x8a/0x1f0 [ 898.622105][ C0] ? __pfx_ppp_release+0x10/0x10 [ 898.627190][ C0] __fput+0x24a/0x8a0 [ 898.631277][ C0] task_work_run+0x24f/0x310 [ 898.636019][ C0] ? __pfx_task_work_run+0x10/0x10 [ 898.641297][ C0] ? syscall_exit_to_user_mode+0xa3/0x370 [ 898.647161][ C0] syscall_exit_to_user_mode+0x168/0x370 [ 898.652860][ C0] do_syscall_64+0x100/0x230 [ 898.657555][ C0] ? clear_bhb_loop+0x35/0x90 [ 898.662399][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 898.668506][ C0] RIP: 0033:0x7effc5e7d0a9 [ 898.672954][ C0] RSP: 002b:00007ffc1097e168 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 898.681554][ C0] RAX: 0000000000000000 RBX: 00007effc5fb5980 RCX: 00007effc5e7d0a9 [ 898.689687][ C0] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 898.697868][ C0] RBP: 00007effc5fb5980 R08: 0000000000000029 R09: 0000000f00000000 [ 898.705946][ C0] R10: 0000001b30a20000 R11: 0000000000000246 R12: 00000000000d9fd8 [ 898.713969][ C0] R13: 00007effc5fb412c R14: 0000000000000032 R15: 00007effc5fb5980 [ 898.722202][ C0] [ 898.725325][ C0] DEBUG: waiting rtnl_mutex for 516 jiffies. [ 898.731430][ C0] task:syz-executor.4 state:D stack:26800 pid:13610 tgid:13608 ppid:9574 flags:0x00000006 [ 898.741713][ C0] Call Trace: [ 898.745121][ C0] [ 898.748151][ C0] __schedule+0x17e8/0x4a20 [ 898.752742][ C0] ? __pfx___schedule+0x10/0x10 [ 898.757742][ C0] ? __pfx_lock_release+0x10/0x10 [ 898.762821][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 898.768399][ C0] ? schedule+0x90/0x320 [ 898.772749][ C0] schedule+0x14b/0x320 [ 898.777019][ C0] schedule_preempt_disabled+0x13/0x30 [ 898.782556][ C0] __mutex_lock+0x6a4/0xd70 [ 898.787174][ C0] ? __mutex_lock+0x527/0xd70 [ 898.791910][ C0] ? rtnetlink_rcv_msg+0x839/0x1170 [ 898.797284][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 898.802334][ C0] ? rtnl_lock+0xe7/0x130 [ 898.806765][ C0] rtnetlink_rcv_msg+0x839/0x1170 [ 898.811841][ C0] ? rtnetlink_rcv_msg+0x208/0x1170 [ 898.817146][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 898.822737][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 898.828825][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 898.835200][ C0] ? __local_bh_enable_ip+0x168/0x200 [ 898.840683][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 898.846097][ C0] ? __local_bh_enable_ip+0x168/0x200 [ 898.851527][ C0] ? dev_hard_start_xmit+0x773/0x7e0 [ 898.856932][ C0] ? __dev_queue_xmit+0x2d2/0x3d30 [ 898.862096][ C0] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 898.867926][ C0] ? __dev_queue_xmit+0x2d2/0x3d30 [ 898.873099][ C0] ? __dev_queue_xmit+0x16c9/0x3d30 [ 898.875386][ T9132] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 898.878412][ C0] ? __dev_queue_xmit+0x2d2/0x3d30 [ 898.891074][ C0] ? ref_tracker_free+0x643/0x7e0 [ 898.896217][ C0] netlink_rcv_skb+0x1e3/0x430 [ 898.901014][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 898.906598][ C0] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 898.911952][ C0] ? netlink_deliver_tap+0x2e/0x1b0 [ 898.917277][ C0] netlink_unicast+0x7f0/0x990 [ 898.922210][ C0] ? __pfx_netlink_unicast+0x10/0x10 [ 898.927608][ C0] ? __virt_addr_valid+0x183/0x520 [ 898.932799][ C0] ? __check_object_size+0x49c/0x900 [ 898.938188][ C0] ? bpf_lsm_netlink_send+0x9/0x10 [ 898.943395][ C0] netlink_sendmsg+0x8e4/0xcb0 [ 898.948293][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 898.953633][ C0] ? __import_iovec+0x536/0x820 [ 898.958599][ C0] ? aa_sock_msg_perm+0x91/0x160 [ 898.963605][ C0] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 898.969035][ C0] ? security_socket_sendmsg+0x87/0xb0 [ 898.974556][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 898.979938][ C0] __sock_sendmsg+0x221/0x270 [ 898.984685][ C0] ____sys_sendmsg+0x525/0x7d0 [ 898.989751][ C0] ? __pfx_____sys_sendmsg+0x10/0x10 [ 898.995114][ C0] __sys_sendmsg+0x2b0/0x3a0 [ 898.999835][ C0] ? __pfx___sys_sendmsg+0x10/0x10 [ 899.005061][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 899.011505][ C0] ? do_syscall_64+0x100/0x230 [ 899.016375][ C0] ? do_syscall_64+0xb6/0x230 [ 899.021095][ C0] do_syscall_64+0xf3/0x230 [ 899.025688][ C0] ? clear_bhb_loop+0x35/0x90 [ 899.030594][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 899.036747][ C0] RIP: 0033:0x7fa8b267d0a9 [ 899.041177][ C0] RSP: 002b:00007fa8b33b20c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 899.045516][ T9132] usb 2-1: device descriptor read/64, error -71 [ 899.049683][ C0] RAX: ffffffffffffffda RBX: 00007fa8b27b3f80 RCX: 00007fa8b267d0a9 [ 899.063905][ C0] RDX: 0000000000000000 RSI: 00000000200003c0 RDI: 0000000000000008 [ 899.072045][ C0] RBP: 00007fa8b26ec074 R08: 0000000000000000 R09: 0000000000000000 [ 899.080109][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 899.088193][ C0] R13: 000000000000000b R14: 00007fa8b27b3f80 R15: 00007ffe70d77008 [ 899.096256][ C0] [ 899.099288][ C0] [ 899.099288][ C0] Showing all locks held in the system: [ 899.107067][ C0] 2 locks held by kworker/u8:2/29: [ 899.112212][ C0] #0: ffff888015089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 899.124002][ C0] #1: ffffc90000a57d00 ((reaper_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 899.134904][ C0] 2 locks held by getty/4851: [ 899.139694][ C0] #0: ffff88802ad6e0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 899.149600][ C0] #1: ffffc900031232f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 899.159953][ C0] 5 locks held by kworker/1:1/9132: [ 899.165335][ C0] #0: ffff88801ceb9d48 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 899.176817][ C0] #1: ffffc9000405fd00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 899.188871][ C0] #2: ffff88802374a190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1fe/0x5150 [ 899.197877][ C0] #3: ffff88802370f518 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_event+0x25b6/0x5150 [ 899.208012][ C0] #4: ffff888022111468 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_event+0x25f4/0x5150 [ 899.217778][ C0] 2 locks held by kworker/u8:10/12799: [ 899.223351][ C0] #0: ffff888015089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 899.235140][ C0] #1: ffffc90011217d00 (connector_reaper_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 899.246282][ C0] 4 locks held by syz-executor.2/13577: [ 899.251859][ C0] #0: ffffffff8f5f7d08 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 [ 899.261030][ C0] #1: ffffc90000007c00 (net/core/rtnetlink.c:82){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 [ 899.271618][ C0] #2: ffffffff8e3357a0 (rcu_read_lock){....}-{1:2}, at: report_rtnl_holders+0x20/0x2d0 [ 899.281535][ C0] #3: ffffffff8e3357a0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 899.291538][ C0] 1 lock held by syz-executor.0/13589: [ 899.297090][ C0] #0: ffffffff8f5f7d08 (rtnl_mutex){+.+.}-{3:3}, at: ppp_release+0x8a/0x1f0 [ 899.306062][ C0] 1 lock held by syz-executor.0/13595: [ 899.311637][ C0] #0: ffffffff8f5f7d08 (rtnl_mutex){+.+.}-{3:3}, at: ppp_release+0x8a/0x1f0 [ 899.320524][ C0] 1 lock held by syz-executor.4/13610: [ 899.326074][ C0] #0: ffffffff8f5f7d08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x839/0x1170 [ 899.335724][ C0] 3 locks held by syz-executor.3/13635: [ 899.335731][ T9132] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 899.341282][ C0] #0: ffffffff8f661470 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 899.357133][ C0] #1: ffffffff8f661328 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x121/0xec0 [ 899.366196][ C0] #2: ffffffff8f5f7d08 (rtnl_mutex){+.+.}-{3:3}, at: wg_set_device+0x102/0x2160 [ 899.375565][ C0] 2 locks held by syz-executor.3/13636: [ 899.381147][ C0] #0: ffffffff8f661470 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 899.389470][ C0] #1: ffffffff8f661328 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x121/0xec0 [ 899.398555][ C0] [ 899.400889][ C0] ============================================= [ 899.400889][ C0] [ 899.537124][ T9132] usb 2-1: device descriptor read/64, error -71 [ 899.657234][ T9132] usb usb2-port1: attempt power cycle [ 900.096695][ T9132] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 900.127741][ T9132] usb 2-1: device descriptor read/8, error -71 [ 900.420385][ T9132] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 900.501265][ T9132] usb 2-1: device descriptor read/8, error -71 [ 900.592124][T13653] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 900.633028][T13655] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 900.636636][ T9132] usb usb2-port1: unable to enumerate USB device [ 901.257916][T13652] loop0: detected capacity change from 0 to 32768 [ 901.323568][ T30] audit: type=1804 audit(1719028686.949:139): pid=13652 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir4116181656/syzkaller.iKFGeg/160/file0/file1" dev="loop0" ino=4 res=1 errno=0 [ 902.888558][ T30] audit: type=1326 audit(1719028688.499:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13680 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcdc747d0a9 code=0x0 [ 903.145893][T13695] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 903.706371][T13707] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 904.268758][ T9132] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 904.435975][ T9132] usb 1-1: device descriptor read/64, error -71 [ 904.707466][ T9132] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 904.805369][ T930] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 904.905469][ T9132] usb 1-1: device descriptor read/64, error -71 [ 1009.905225][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 1009.905257][ C0] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P13723/1:b..l [ 1009.905293][ C0] rcu: (detected by 0, t=10502 jiffies, g=86001, q=115 ncpus=2) [ 1009.905310][ C0] task:syz-executor.3 state:R running task stack:24656 pid:13723 tgid:13722 ppid:10033 flags:0x00004006 [ 1009.905342][ C0] Call Trace: [ 1009.905350][ C0] [ 1009.905360][ C0] __schedule+0x17e8/0x4a20 [ 1009.905404][ C0] ? __pfx___schedule+0x10/0x10 [ 1009.905427][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1009.905456][ C0] ? preempt_schedule_irq+0xf0/0x1c0 [ 1009.905479][ C0] preempt_schedule_irq+0xfb/0x1c0 [ 1009.905498][ C0] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 1009.905529][ C0] irqentry_exit+0x5e/0x90 [ 1009.905552][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1009.905571][ C0] RIP: 0010:blk_cgroup_congested+0x115/0x220 [ 1009.905595][ C0] Code: 81 49 60 fd 48 8b 5d 00 4c 01 e3 48 89 df be 04 00 00 00 e8 dd 4b 60 fd 48 89 d8 48 c1 e8 03 42 0f b6 04 38 84 c0 75 3c 8b 1b <31> ff 89 de e8 72 e6 f9 fc 85 db 75 4c 48 81 c5 10 01 00 00 48 89 [ 1009.905609][ C0] RSP: 0018:ffffc90004137530 EFLAGS: 00000246 [ 1009.905622][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff84999883 [ 1009.905634][ C0] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff888023480a50 [ 1009.905644][ C0] RBP: ffffffff9498a320 R08: ffff888023480a53 R09: 1ffff1100469014a [ 1009.905656][ C0] R10: dffffc0000000000 R11: ffffed100469014b R12: 0000000000000a10 [ 1009.905667][ C0] R13: ffffc90004137a78 R14: ffffffff8499979d R15: dffffc0000000000 [ 1009.905680][ C0] ? blk_cgroup_congested+0x1d/0x220 [ 1009.905704][ C0] ? blk_cgroup_congested+0x103/0x220 [ 1009.905731][ C0] __folio_throttle_swaprate+0x84/0x1d0 [ 1009.905756][ C0] folio_prealloc+0x10a/0x170 [ 1009.905780][ C0] handle_pte_fault+0x257b/0x7040 [ 1009.905810][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 1009.905830][ C0] ? __pfx_handle_pte_fault+0x10/0x10 [ 1009.905846][ C0] ? do_raw_spin_lock+0x14f/0x370 [ 1009.905877][ C0] ? follow_page_pte+0x292/0x1d90 [ 1009.905901][ C0] ? follow_page_pte+0x859/0x1d90 [ 1009.905924][ C0] ? __pfx_lock_release+0x10/0x10 [ 1009.905948][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 1009.905974][ C0] handle_mm_fault+0x10df/0x1ba0 [ 1009.906016][ C0] ? __pfx_handle_mm_fault+0x10/0x10 [ 1009.906048][ C0] ? __pfx_find_vma+0x10/0x10 [ 1009.906071][ C0] ? vma_is_secretmem+0xd/0x50 [ 1009.906093][ C0] ? check_vma_flags+0x531/0x5a0 [ 1009.906126][ C0] __get_user_pages+0x6ef/0x1590 [ 1009.906156][ C0] ? mt_find+0x62d/0x850 [ 1009.906186][ C0] ? __pfx___get_user_pages+0x10/0x10 [ 1009.906220][ C0] populate_vma_page_range+0x264/0x330 [ 1009.906244][ C0] ? __pfx_populate_vma_page_range+0x10/0x10 [ 1009.906270][ C0] ? apply_mlockall_flags+0x34a/0x3c0 [ 1009.906291][ C0] __mm_populate+0x27a/0x460 [ 1009.906317][ C0] ? __pfx___mm_populate+0x10/0x10 [ 1009.906348][ C0] __se_sys_mlockall+0x3e3/0x4d0 [ 1009.906368][ C0] do_syscall_64+0xf3/0x230 [ 1009.906384][ C0] ? clear_bhb_loop+0x35/0x90 [ 1009.906404][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1009.906421][ C0] RIP: 0033:0x7f8df2a7d0a9 [ 1009.906433][ C0] RSP: 002b:00007f8df380c0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1009.906448][ C0] RAX: ffffffffffffffda RBX: 00007f8df2bb3f80 RCX: 00007f8df2a7d0a9 [ 1009.906460][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1009.906469][ C0] RBP: 00007f8df2aec074 R08: 0000000000000000 R09: 0000000000000000 [ 1009.906479][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1009.906488][ C0] R13: 000000000000000b R14: 00007f8df2bb3f80 R15: 00007ffdd16b97d8 [ 1009.906511][ C0] [ 1010.269697][ C0] rcu: rcu_preempt kthread starved for 9043 jiffies! g86001 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 1010.269728][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 1010.269739][ C0] rcu: RCU grace-period kthread stack dump: [ 1010.269748][ C0] task:rcu_preempt state:R running task stack:26448 pid:17 tgid:17 ppid:2 flags:0x00004000 [ 1010.269794][ C0] Call Trace: [ 1010.269803][ C0] [ 1010.269818][ C0] __schedule+0x17e8/0x4a20 [ 1010.269876][ C0] ? __pfx___schedule+0x10/0x10 [ 1010.269905][ C0] ? __pfx_lock_release+0x10/0x10 [ 1010.269931][ C0] ? __asan_memset+0x23/0x50 [ 1010.269970][ C0] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 1010.269999][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1010.270031][ C0] ? schedule+0x90/0x320 [ 1010.270070][ C0] schedule+0x14b/0x320 [ 1010.270099][ C0] schedule_timeout+0x1be/0x310 [ 1010.270123][ C0] ? __pfx_schedule_timeout+0x10/0x10 [ 1010.270148][ C0] ? __pfx_process_timeout+0x10/0x10 [ 1010.270200][ C0] ? prepare_to_swait_event+0x32e/0x350 [ 1010.270233][ C0] rcu_gp_fqs_loop+0x2df/0x1330 [ 1010.270260][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 1010.270304][ C0] ? __pfx_rcu_implicit_dynticks_qs+0x10/0x10 [ 1010.270335][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 1010.270360][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 1010.270393][ C0] ? finish_swait+0xd4/0x1e0 [ 1010.270423][ C0] rcu_gp_kthread+0xa7/0x3b0 [ 1010.270455][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 1010.270481][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 1010.270511][ C0] ? __kthread_parkme+0x169/0x1d0 [ 1010.270544][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 1010.270573][ C0] kthread+0x2f0/0x390 [ 1010.270604][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 1010.270632][ C0] ? __pfx_kthread+0x10/0x10 [ 1010.270662][ C0] ret_from_fork+0x4b/0x80 [ 1010.270691][ C0] ? __pfx_kthread+0x10/0x10 [ 1010.270722][ C0] ret_from_fork_asm+0x1a/0x30 [ 1010.270769][ C0] [ 1010.270778][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 1010.270797][ C0] Sending NMI from CPU 0 to CPUs 1: [ 1010.270828][ C1] NMI backtrace for cpu 1 [ 1010.270854][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.10.0-rc4-next-20240621-syzkaller #0 [ 1010.270875][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1010.270886][ C1] RIP: 0010:__sanitizer_cov_trace_const_cmp8+0x35/0x90 [ 1010.270916][ C1] Code: 0c 25 00 d6 03 00 65 8b 05 40 56 70 7e a9 00 01 ff 00 74 10 a9 00 01 00 00 74 57 83 b9 1c 16 00 00 00 74 4e 8b 81 f8 15 00 00 <83> f8 03 75 43 48 8b 91 00 16 00 00 44 8b 89 fc 15 00 00 49 c1 e1 [ 1010.270932][ C1] RSP: 0018:ffffc900001a7bf8 EFLAGS: 00000046 [ 1010.270947][ C1] RAX: 0000000000000000 RBX: 0000000000000035 RCX: ffff8880176b0000 [ 1010.270960][ C1] RDX: 0000000000000000 RSI: 0000000000000010 RDI: 0000000000000000 [ 1010.270971][ C1] RBP: dffffc0000000000 R08: ffffffff8184a8e6 R09: 1ffffffff1f5dbbd [ 1010.270985][ C1] R10: dffffc0000000000 R11: fffffbfff1f5dbbe R12: ffff8880b952d188 [ 1010.270999][ C1] R13: 0000000000000001 R14: ffff8880b952d188 R15: ffff8880b9528358 [ 1010.271012][ C1] FS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 1010.271027][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1010.271040][ C1] CR2: 0000555b3e7ff040 CR3: 000000000e132000 CR4: 00000000003506f0 [ 1010.271056][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1010.271068][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1010.271080][ C1] Call Trace: [ 1010.271087][ C1] [ 1010.271095][ C1] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 1010.271117][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 1010.271142][ C1] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 1010.271163][ C1] ? nmi_handle+0x2a/0x5a0 [ 1010.271189][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 1010.271211][ C1] ? nmi_handle+0x14f/0x5a0 [ 1010.271227][ C1] ? nmi_handle+0x2a/0x5a0 [ 1010.271245][ C1] ? __sanitizer_cov_trace_const_cmp8+0x35/0x90 [ 1010.271271][ C1] ? default_do_nmi+0x63/0x160 [ 1010.271294][ C1] ? exc_nmi+0x123/0x1f0 [ 1010.271322][ C1] ? end_repeat_nmi+0xf/0x53 [ 1010.271348][ C1] ? can_stop_idle_tick+0xa6/0x1c0 [ 1010.271371][ C1] ? __sanitizer_cov_trace_const_cmp8+0x35/0x90 [ 1010.271398][ C1] ? __sanitizer_cov_trace_const_cmp8+0x35/0x90 [ 1010.271426][ C1] ? __sanitizer_cov_trace_const_cmp8+0x35/0x90 [ 1010.271452][ C1] [ 1010.271458][ C1] [ 1010.271464][ C1] can_stop_idle_tick+0xa6/0x1c0 [ 1010.271486][ C1] tick_nohz_get_sleep_length+0x130/0x1f0 [ 1010.271511][ C1] menu_select+0xbf9/0x1e70 [ 1010.271551][ C1] ? __pfx_menu_select+0x10/0x10 [ 1010.271579][ C1] ? tsc_verify_tsc_adjust+0x24a/0x320 [ 1010.271606][ C1] do_idle+0x30e/0x5d0 [ 1010.271630][ C1] ? __pfx_do_idle+0x10/0x10 [ 1010.271659][ C1] cpu_startup_entry+0x42/0x60 [ 1010.271678][ C1] start_secondary+0x100/0x100 [ 1010.271699][ C1] common_startup_64+0x13e/0x147 [ 1010.271727][ C1]