last executing test programs: 17m25.817855419s ago: executing program 1 (id=162): openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020700000000000002030207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000100850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sched_switch\x00', r0}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000000), 0x4) getpid() fsetxattr$security_capability(0xffffffffffffffff, 0x0, &(0x7f00000002c0)=@v2={0x2000000, [{0xffffffff, 0x7}, {0x9, 0x3}]}, 0x14, 0x2) socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$inet6(0xa, 0x3, 0x1) r2 = io_uring_setup(0xad5, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x20000}) close(r2) r3 = mq_open(&(0x7f000084dff0)='!selinuxselinux\x00', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000000300)={0x0, 0x1, 0x3}) mq_timedreceive(r3, &(0x7f00000017c0)=""/86, 0x56, 0x0, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) 17m24.853344454s ago: executing program 1 (id=170): bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x358, 0x800000000000) 17m24.168099655s ago: executing program 1 (id=174): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) shmctl$IPC_RMID(0x0, 0x0) gettid() socketpair$unix(0x1, 0x2, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000005c0)=ANY=[@ANYBLOB="14000000100001ff00000000000000000000000a2c000000050a01020000000000000000020000000900030073797a32000000000900010073797a300000000014000000020a031747d21400000000000000000014000000110001"], 0x68}}, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000100001000b000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f08000340000000045c0000000c0a01020000000000000000010000000900020073797a32000000000900010073797a3000000000300003802c00008028000180230001"], 0xe8}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)={{0x14}, [@NFT_MSG_NEWSETELEM={0x2c, 0xe, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10}}, 0x54}}, 0x0) 17m24.003839577s ago: executing program 1 (id=175): pipe2$watch_queue(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x1048001, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x2, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000100)='./file0\x00') socket$nl_route(0x10, 0x3, 0x0) r1 = syz_clone(0x904000, 0x0, 0x5f, 0x0, 0x0, 0x0) setpgid(r1, 0x0) r2 = getpgid(r1) setpgid(0x0, r2) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000240)={[{@errors_continue}, {@data_err_abort}, {@noinit_itable}, {@dioread_lock}, {@block_validity}, {@resgid}, {@data_err_ignore}, {@nodiscard}, {@nobh}, {@bh}, {@grpquota}, {@dioread_nolock}]}, 0x1, 0x56b, &(0x7f0000000b00)="$eJzs3c9rHOUbAPBnNkl/f79NoRQVkUAPVmo3TeKPCh7qUbRY0Htdkmko2XRLdlOaWLA92IsXKYKIBfGud4/Foxf/ioIWipSgBxFWZjObbpvdZJum2W3384EJ7zszu+/77szz5pmdXTaAgTWW/SlEvBgRXyURByMiybcNR75xbHW/lftXp7MliXr94z+Txn5ZvflczcftzysvRMQvX0QcL6xvt7q0PFcql9OFvD5em780Xl1aPnFhvjSbzqYXJ6emTr05NfnO229t21hfO/v3tx/dfv/Ul0dXvvnp7qGbSZyOA/m21nE8gWutlbEYy1+TkTj9yI4T29BYP0l63QG2ZCiP85HI5oCDMZRHPfD8+zwi6sCASsQ/DKhmHtC8tt/4Ovj/O5SV7Jx7761eAK0f//DqeyOxp3FttG8leejKKLveHd2G9rM2fv7j1s1sie17HwJgU9euR8TJ4eH181+Sz39bd7L96j2tlUfbMP/Bzrmd5T+vt8t/Cmv5T7TJf/a3id2t2Dz+C3e3oZmOsvzv3bb579pNq9GhvPa/Rs43kpy/UE5P5tnwsRjZndU3up9zauVOvdO21vwvW7L2m7lg3o+7w7sffsxMqVZ6kjG3unc94qW2+W+ydvyTNsc/ez3OdtnGkfTWK522bT7+p6v+Q8SrbY//gztaycb3J8cb58N486xY768bR37r1H6vx58d/30bj380ab1fW338Nr7f80/aadtD44/uz/9dySeN8q583ZVSrbYwEbEr+XD9+skHj23Wm/tn4z92dOP5r935vzciPu1y/DcO//hyV+Pv0fGfeazj//iFOx989l2n9rub/95olI7la7qZ/7rt4JO8dgAAAAAAANBvChFxIJJCca1cKBSLq5/vOBz7CuVKtXb8fGXx4kw0vis7GiOF5p3ugy2fh5jIPw/brE8+Up+KiEMR8fXQ3ka9OF0pz/R68AAAAAAAAAAAAAAAAAAAANAn9nf4/n/m96Fe9w546vzkNwyuTeN/O37pCehL/v/D4BL/MLjEPwwu8Q+DS/zD4BL/MLjEPwyudfH/b71e701XAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Hlw9syZbKmv3L86ndVnLi8tzlUun5hJq3PF+cXp4nRl4VJxtlKZLafF6cr8Zs9XrlQuTUzG4pXxWlqtjVeXls/NVxYv1s5dmC/NpufSkR0ZFQAAAAAAAAAAAAAAAAAAADxbqkvLc6VyOV1QUNhSYbg/uvGMFH6NiD7oRheFXs9MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDAfwEAAP//LN46xw==") creat(&(0x7f00000001c0)='./file0\x00', 0x8) 17m21.055417483s ago: executing program 1 (id=185): mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) munlockall() madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x3, 0x2}, 0x6) ioctl$KVM_RUN(r2, 0xae80, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) 17m18.902633567s ago: executing program 1 (id=194): syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000480)={'wlan1\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000133700000008000300", @ANYRES32=r1, @ANYBLOB="08002600901500000800570080"], 0x2c}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r3) socket(0x400000000010, 0x3, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000480)={'wlan1\x00', 0x0}) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000133700000008000300", @ANYRES32=r5, @ANYBLOB="08002600901500"], 0x2c}}, 0x0) r7 = socket$qrtr(0x2a, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r7, 0x8914, &(0x7f0000000000)={'wlan1\x00'}) 17m17.856928933s ago: executing program 32 (id=194): syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000480)={'wlan1\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000133700000008000300", @ANYRES32=r1, @ANYBLOB="08002600901500000800570080"], 0x2c}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r3) socket(0x400000000010, 0x3, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000480)={'wlan1\x00', 0x0}) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000133700000008000300", @ANYRES32=r5, @ANYBLOB="08002600901500"], 0x2c}}, 0x0) r7 = socket$qrtr(0x2a, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r7, 0x8914, &(0x7f0000000000)={'wlan1\x00'}) 15m29.870418596s ago: executing program 3 (id=471): io_setup(0x3, &(0x7f0000000180)) r0 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x20a02, 0x0) ioctl$TIOCSSOFTCAR(r0, 0x5453, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000340)="71e67a15cdf0311cfcf33a52a7d8", 0xe) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) openat$sndseq(0xffffffffffffff9c, 0x0, 0x62181) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x210000000013, 0x0, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$unix(r2, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000080)="03", 0x1}], 0x1, &(0x7f0000000280)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18}, 0x40) setsockopt$sock_int(r3, 0x1, 0x2a, &(0x7f0000000000), 0x4) recvmmsg(r3, &(0x7f0000001140), 0x700, 0x2, 0x0) 15m27.808740698s ago: executing program 3 (id=479): pipe2$9p(0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000380)={0x1, 0x0, 0x1}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000002540)=@newtaction={0x48, 0x31, 0x12f, 0x0, 0x25dfdbfc, {}, [{0x34, 0x1, [@m_police={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x48}}, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb7020000080000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000040)={0x0, 0x7000, 0x1}) mount$overlay(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 15m24.155136755s ago: executing program 3 (id=491): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) syz_open_pts(r4, 0x141601) close_range(r3, 0xffffffffffffffff, 0x0) 15m23.085982552s ago: executing program 3 (id=497): syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000002900)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000010, &(0x7f00000002c0)=ANY=[], 0x1, 0x6ca, &(0x7f0000000500)="$eJzs3c1vHGcdB/DvrNeuN1TBaRMaoSKsRCpIEYkTK4VwwSCEcqhQVQ49W4nTWN0kVeIit0LgAoITEof+AQXJNw4IiXtQuHApt159rITEJeIQ9bJoZmftXXv9lthrBz6faDzPM8/L/OaZZ2a866w2wP+t6xfSfJgi1y+8sVzm11Zn22ursy/Uxe0kZbqRNLurFHeT4lEyV5YXfUv61lt8vHjtrc8er33ezTXrpao/tlO7IYbUXamXTNf9TQ9tOb7XXazU4eXFJDfq9aCJvfY1ULEctPP1Go5cZ4uV/TTfz3ULHDO9p1PRfW5uMZWcSDJZ/x6Q+u7QGF2Eh2NfdzkAAAB4Tn1676gjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgOdP/f3/Rb006nWmU/S+/3+it61OH0Nze6758FDjAAAAAAAAAIDR+PqTPMlyTvbynaL6m/+5KnM6X3SSL+X9PMhC7udiljOfpSzlfi4nmerraGJ5fmnp/uX1lqXhLa8MbXllVEcMAAAAAAAAAP+TfpnWxt//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgOCiSse6qWk7X60yl0cxGWVaSfyaZOOp496EYtvHh6OMAAACAZzL5FG2+/CRPspyTvXynqF7zf6V6vTyZ93M3S1nMUtpZyM36NXT5qr+xtjrbXludvVMuZX6w3+//e19hTNQ9jFW5YXs+W9Vo5VYWqy0Xc6MK5mYa3X2fT8724umLq89HZUzF92p7jKxZD2u5s99v9y7CgRh8K6KxQ83WRnDJ+ojM1LGVLU91R6Co3qhJNo/ErmenOZCbqnodX9/T5TTW3/k5fQhjfqJel8fzm0Md8/1aH4lGqpG40pt95TWz80gk3/jrn96+3b777u1bDy4cn0Paxdg22zfPidm+kXjluR6J5j7rz1QjcWY9fz0/yk9yIdN5M/ezmJ9mPktZSKcun6/nc/lzaueRmhvIvblbJBP1eemes73ENJ0fVqn5nKvansxiitzLzSzk9erflVzOt3M1V3Ot7wyf2Tbu6tiqq76x+arvnem/DQ3+/DfrRHl3++3GXW5upyPebnYelO69vxzXU33j2p31j9drneq7Dmb6Ruml3uiMD+38ae6Nza/WiXIfv9rlOTFaU/VIlBdQ7ynRi+7l7kg0q2fR1nn+h07ZLu27nc7t+fe26X9lU/61el1Oq9Wv7Va7Z/ipOFjlfHkpk/WdZHB2lGUvr99l+so6G3O5Wzb4xC3bnanKiqJ3pf4496oJsPVKnah/h9va05Wq7JWhZbNV2dm+soHft3Iv7dwcwfgB8DT+8fZ6cionJlr/an3a+qT169bt1huTP3jhOy+8OpHxv49/tzkz9lrj1eIv+SQ/33j9DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPL0HH3z47ny7vXB/eKKxfdFAopXNW3breVOiqL/QZ3+tjm9iMsnAlup7jkYeRmtzGFsSnV8kIx+f3pcIDq/zuzLR3DKjhiXmBrb8eWuHH+0zwmJv18UhJhoZ7U7HMnwCHOFNCRiJS0t33rv04IMPv7V4Z/6dhXcW7o5fvXpt5trV12cv3VpsL8x0fx51lMBh2HjoH3UkAAAAAAAAAAAAwF4N+2DAuRd3+9DInj7j4X8WAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfi+oU0H6bI5ZmLM2V+bXW2XS699EbNZpJGIyl+lhSPkrl0l0z1dVfkj4/SGbKfjxevvfXZ47XPN/pqdusnjXq9vZ1Lk6zUS6aTjNXrZzDQ341n7q/4T+8YygH7otPpzD1bfHAw/hsAAP//msX1EQ==") pwritev2(0xffffffffffffffff, &(0x7f0000000140)=[{0x0}], 0x1, 0x5405, 0x0, 0x0) readlinkat(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) unshare(0x2040400) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) prlimit64(0x0, 0x3, &(0x7f0000000000)={0x0, 0xf9d5}, &(0x7f0000000c00)) bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0) setns(r1, 0x24020000) syz_clone(0x16040000, 0x0, 0x0, 0x0, 0x0, 0x0) 15m22.798008656s ago: executing program 3 (id=498): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r1, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000380)={'vcan0\x00', 0x0}) r3 = socket$can_j1939(0x1d, 0x2, 0x7) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, 0x0) setsockopt$MRT6_ADD_MFC(0xffffffffffffffff, 0x29, 0xd1, 0x0, 0x0) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000080)={0x1d, 0x0, 0xfffffffffffffffe, {0x3, 0x0, 0x4}}, 0x18) bind$can_j1939(r3, &(0x7f0000000080)={0x1d, r2}, 0x18) sendmsg$can_j1939(r3, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x1a000}}, 0xee) r5 = socket(0x40000000015, 0x5, 0x0) getsockopt(r5, 0x200000000114, 0x8, 0x0, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000007c0)=@newtfilter={0x24, 0x11, 0x1, 0x74bd2b, 0x100000, {0x0, 0x0, 0x74, r2, {0xfff3, 0x8}, {0x4, 0xfff3}, {0xffe0, 0xffe0}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4010}, 0x0) 15m19.165488663s ago: executing program 3 (id=503): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x240880c0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x15, 0xe, &(0x7f0000000640)=ANY=[@ANYBLOB="b700000028000000bca30000000000002403000040feffff7b0af0ff0000000079a4f0ff000000001f030000000000002e0a0200000000002604fdffffff000e61141800000000001d430000000000007a0a00fe0000001f61141c0000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f30002af51efd601b6bf01c8e8b1fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f0177184b6a89adaf17b0a6041bdef728f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101ab062cd54e67051d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566de74e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48b936e6f9e0fcda88fe4413537528fd79153baae244e7bf573eac34b781337ad5901a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab51380d7b4ead35a385e0b4a26b602396df7e0c1e02b88c114f2440000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb1188883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcc536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d648532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2654026c6ea08b83b123145ab5703dad844ceb201efeb6dc5f6a9037d2283c42efc54dd84323afc4c10eff462c8843187f1dd48ef0900000000000000ff0f4000000000f00700003c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fcdb4c1011e32f808890205f0e6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bbca48568325b2969e2b15f36b788bce5ccdbaf75c9494963442aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2869291b7d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e637d4219ef7ec61261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ecab5d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addbc4b3093c91b8068c5adfcb0d7fd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf699b3746979f99f6a1527f004f37e84fb478199dc1020f4beb98b8074bf7df8b5e783637daf121f175a81cffff4ac55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a4a274000000000000000000000000000000000000000000000009dd14b38f2f5426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4120260ffcd030000006d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb3928143be1c1023a375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10b0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d3b332240d450fdb0a9a69f432e277f3a0386eb2bd1305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07e18b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e8c0a0d213c3ffad44d2a376def42e41e9fc3167a257e040fa7cf32c221aaac6cfdeb33c27500001a0000000000000000000017350000c11ae694b0c69c2c03f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d10522a7a945b93fbf05b95b6aae27a8fab1e6984c8bdc12360627137ab6737b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481ffe46a4ce86be0b1f8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0b74903580ac98708007c80d6c7d0de4614195e40d797c0348dd70f36a220e8b3710fb5358c27e90793bcb9ee6319342c4b239ca8cbc6fc83d32e6eb62ad92e43991f2447be9c2a1ae1119eafb901a43d57e885116d19aa152bfb89f8d0b2516f80120a1cddff771657f3d0288ec3899f1e3ba0151c4037148fb479de703fc52b6573349c28d1b107d859b4961324c17756dde99de1924a1d2b7095d34a55060f47f4407d89acf9f285b20c2e6b3d0491d0d3591b0d94713332b6b79c8297117b0d14eff64e0aca8a4b4aa773d8fba1217e9519952419bb9dd998d0ec870ff00b6d556018602738fbc6cec89d6dd13cf55b96f6fe9a137d2d6a56ad78e52c23ed080000000000002bc261a781fd14126c146a0aac4221839a4b9bbf61e4bba695a41e2109eba8e40c370267cc51ffadbd15cafc97a4d3edfdcb9b5729307c6bdaf7b69325fb05fa8a9869de0600ee477d71bf3e36d1d9019edfa27aae24b632f251df210c86a18fae731ecb8b0d48357378caf2b6789509b1bacfd4fa812dc341875cfa5e798bbf59770000000000000000c8a594ea3c3347962d9113b1fecdfad5a8da641053f02e49456f5d21674521e67a5b18ea451eccf69dd6af928d2d68da9304a296c22fdcea26498d26229110b1aade386b113045033a6188d56e675564d8cb8d5b40114b0f5bf15dd64c9ece60b8588ee8777d0ea8f4713b258427c7d90f9e93348e17723ba9ab8ae790f74cc41ae5795835f3cec40dff485d2802c08611454d9ea784a205bcc07ec26f906f3cf45bb37014ab6f22af6213618e242b283ea9d3f0677ee598072ec06f7170009d92bb7ed9d12c378dfd3e74ec056ee83eef666423d934fc5908c9ff98715218a5964f1e00000000426ac9588e27aefe307f49662990ee823568bbc2f89596ced7c6c52d76b8096f1848410843b93fd404f535be474f456778b5ef85abb8fc2336abd5ea64a6efea8a5aca0015499b88ae780a7bae4df603bd3c72808cf300440b1b638a6640f7de8d0d82f359ca2f779cd48cd8d3603f4f69e47f386988c9b7b5d6dd3d48a1fdca780049d7c87bea42161a4c0d7cf0125b43dc9d8845f3c05a08acda647e7143d0e0aee2949a45e2848890522c2288072467d2afe269f589fb7e034b92d3ca245b16b71998711bfe206c9690b6d0eebb06a29349229eb45ff15c63aa2c82c56d7420738cd1b04eb16e87cb524315d7361ea3635d3799bb7fcc56aa5e1dbe031a7a12554dee6754b72f43a6fddf427f32ec3df274a88097725679769beebf1aa6eb09d5154e4900000000000d0f7160a05911d969879953d3d4702b2676c07bb0fd14020a66718378825d5ed789711b77d40dc31e0b8fc651b45559da463f0000000000000000000000000052d42124e9c26aba885015e69d42ecd710342ac597ebea576ae15fdf611356f622e831741ab15549e0d7a2bd0324e2b3b48a10551607492c19eaf58485feb4cab19c303b30ba2ddea0d792d77724c9fa4ed58b93668fc20484f141ee2b6a0029e88fdc853189b4dafd36ff23b11967090e508f45e3f10857038a52ef275cf9e3e4b5d30b12d138dfa70930c603b5e3f4b7be67be3dba3cbd8d4d143195af0697d779445d67dcfbd922d12a8b49f93eac7a72faacf80346b3b60f132a2bf8a858392f34072d99aee0ec70aa6d75096e608d97ac4b7bfa2e0ae3e59718e7a7691a98b1334e34553300"/4140], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xffffffffffffffc2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) 15m18.204993298s ago: executing program 33 (id=503): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x240880c0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x15, 0xe, &(0x7f0000000640)=ANY=[@ANYBLOB="b700000028000000bca30000000000002403000040feffff7b0af0ff0000000079a4f0ff000000001f030000000000002e0a0200000000002604fdffffff000e61141800000000001d430000000000007a0a00fe0000001f61141c0000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f30002af51efd601b6bf01c8e8b1fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f0177184b6a89adaf17b0a6041bdef728f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101ab062cd54e67051d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566de74e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48b936e6f9e0fcda88fe4413537528fd79153baae244e7bf573eac34b781337ad5901a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab51380d7b4ead35a385e0b4a26b602396df7e0c1e02b88c114f2440000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb1188883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcc536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d648532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2654026c6ea08b83b123145ab5703dad844ceb201efeb6dc5f6a9037d2283c42efc54dd84323afc4c10eff462c8843187f1dd48ef0900000000000000ff0f4000000000f00700003c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fcdb4c1011e32f808890205f0e6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bbca48568325b2969e2b15f36b788bce5ccdbaf75c9494963442aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2869291b7d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e637d4219ef7ec61261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ecab5d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addbc4b3093c91b8068c5adfcb0d7fd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf699b3746979f99f6a1527f004f37e84fb478199dc1020f4beb98b8074bf7df8b5e783637daf121f175a81cffff4ac55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a4a274000000000000000000000000000000000000000000000009dd14b38f2f5426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4120260ffcd030000006d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb3928143be1c1023a375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10b0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d3b332240d450fdb0a9a69f432e277f3a0386eb2bd1305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07e18b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e8c0a0d213c3ffad44d2a376def42e41e9fc3167a257e040fa7cf32c221aaac6cfdeb33c27500001a0000000000000000000017350000c11ae694b0c69c2c03f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d10522a7a945b93fbf05b95b6aae27a8fab1e6984c8bdc12360627137ab6737b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481ffe46a4ce86be0b1f8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0b74903580ac98708007c80d6c7d0de4614195e40d797c0348dd70f36a220e8b3710fb5358c27e90793bcb9ee6319342c4b239ca8cbc6fc83d32e6eb62ad92e43991f2447be9c2a1ae1119eafb901a43d57e885116d19aa152bfb89f8d0b2516f80120a1cddff771657f3d0288ec3899f1e3ba0151c4037148fb479de703fc52b6573349c28d1b107d859b4961324c17756dde99de1924a1d2b7095d34a55060f47f4407d89acf9f285b20c2e6b3d0491d0d3591b0d94713332b6b79c8297117b0d14eff64e0aca8a4b4aa773d8fba1217e9519952419bb9dd998d0ec870ff00b6d556018602738fbc6cec89d6dd13cf55b96f6fe9a137d2d6a56ad78e52c23ed080000000000002bc261a781fd14126c146a0aac4221839a4b9bbf61e4bba695a41e2109eba8e40c370267cc51ffadbd15cafc97a4d3edfdcb9b5729307c6bdaf7b69325fb05fa8a9869de0600ee477d71bf3e36d1d9019edfa27aae24b632f251df210c86a18fae731ecb8b0d48357378caf2b6789509b1bacfd4fa812dc341875cfa5e798bbf59770000000000000000c8a594ea3c3347962d9113b1fecdfad5a8da641053f02e49456f5d21674521e67a5b18ea451eccf69dd6af928d2d68da9304a296c22fdcea26498d26229110b1aade386b113045033a6188d56e675564d8cb8d5b40114b0f5bf15dd64c9ece60b8588ee8777d0ea8f4713b258427c7d90f9e93348e17723ba9ab8ae790f74cc41ae5795835f3cec40dff485d2802c08611454d9ea784a205bcc07ec26f906f3cf45bb37014ab6f22af6213618e242b283ea9d3f0677ee598072ec06f7170009d92bb7ed9d12c378dfd3e74ec056ee83eef666423d934fc5908c9ff98715218a5964f1e00000000426ac9588e27aefe307f49662990ee823568bbc2f89596ced7c6c52d76b8096f1848410843b93fd404f535be474f456778b5ef85abb8fc2336abd5ea64a6efea8a5aca0015499b88ae780a7bae4df603bd3c72808cf300440b1b638a6640f7de8d0d82f359ca2f779cd48cd8d3603f4f69e47f386988c9b7b5d6dd3d48a1fdca780049d7c87bea42161a4c0d7cf0125b43dc9d8845f3c05a08acda647e7143d0e0aee2949a45e2848890522c2288072467d2afe269f589fb7e034b92d3ca245b16b71998711bfe206c9690b6d0eebb06a29349229eb45ff15c63aa2c82c56d7420738cd1b04eb16e87cb524315d7361ea3635d3799bb7fcc56aa5e1dbe031a7a12554dee6754b72f43a6fddf427f32ec3df274a88097725679769beebf1aa6eb09d5154e4900000000000d0f7160a05911d969879953d3d4702b2676c07bb0fd14020a66718378825d5ed789711b77d40dc31e0b8fc651b45559da463f0000000000000000000000000052d42124e9c26aba885015e69d42ecd710342ac597ebea576ae15fdf611356f622e831741ab15549e0d7a2bd0324e2b3b48a10551607492c19eaf58485feb4cab19c303b30ba2ddea0d792d77724c9fa4ed58b93668fc20484f141ee2b6a0029e88fdc853189b4dafd36ff23b11967090e508f45e3f10857038a52ef275cf9e3e4b5d30b12d138dfa70930c603b5e3f4b7be67be3dba3cbd8d4d143195af0697d779445d67dcfbd922d12a8b49f93eac7a72faacf80346b3b60f132a2bf8a858392f34072d99aee0ec70aa6d75096e608d97ac4b7bfa2e0ae3e59718e7a7691a98b1334e34553300"/4140], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xffffffffffffffc2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) 15m10.224743772s ago: executing program 2 (id=524): process_vm_readv(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000074000/0x3000)=nil, 0x3000, 0x2, 0x11, 0xffffffffffffffff, 0x1000) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0x103) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000600)) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f00000005c0)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, &(0x7f0000000080)=""/62, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/68, &(0x7f0000000880)=""/72, 0x8080000}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) ioctl$VHOST_SET_LOG_BASE(r0, 0x4008af04, &(0x7f0000000040)=&(0x7f0000000200)) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) pause() 15m8.203388994s ago: executing program 2 (id=532): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r3, 0x84, 0x7, &(0x7f0000000040), &(0x7f00000000c0)=0x4) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_RESIZE(r4, 0x4b49, 0xffffffffffffffff) 15m7.17129223s ago: executing program 2 (id=536): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(r1) bpf$MAP_DELETE_ELEM(0x2, &(0x7f00000003c0)={0xffffffffffffffff, 0x0, 0x20000000}, 0x20) recvmsg$unix(r0, &(0x7f0000000400)={0x0, 0x2e, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x40010040) r3 = socket$kcm(0x2c, 0x3, 0x0) setsockopt$sock_attach_bpf(r3, 0x11b, 0x2, &(0x7f0000000900)=r2, 0x4) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r6 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000080)=@raw={'raw\x00', 0x8, 0x3, 0x2c0, 0x100, 0xffffffff, 0xffffffff, 0x100, 0xffffffff, 0x1f0, 0xffffffff, 0xffffffff, 0x1f0, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @dev, [], [], 'batadv0\x00', 'wg1\x00', {}, {}, 0x6}, 0x0, 0xd8, 0x100, 0x0, {0x0, 0x4c00}, [@common=@inet=@tcp={{0x30}, {[], [], 0x0, 0x0, 0x2, 0x4}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0xffff}}}, {{@uncond, 0x0, 0xd0, 0xf0, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x320) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000000000003850000008600000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r7}, 0x10) ioctl$FAT_IOCTL_GET_VOLUME_ID(r4, 0x80047213, &(0x7f0000000000)) socket$nl_generic(0x10, 0x3, 0x10) 15m6.790124146s ago: executing program 2 (id=538): syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000002900)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000010, &(0x7f00000002c0)=ANY=[], 0x1, 0x6ca, &(0x7f0000000500)="$eJzs3c1vHGcdB/DvrNeuN1TBaRMaoSKsRCpIEYkTK4VwwSCEcqhQVQ49W4nTWN0kVeIit0LgAoITEof+AQXJNw4IiXtQuHApt159rITEJeIQ9bJoZmftXXv9lthrBz6faDzPM8/L/OaZZ2a866w2wP+t6xfSfJgi1y+8sVzm11Zn22ursy/Uxe0kZbqRNLurFHeT4lEyV5YXfUv61lt8vHjtrc8er33ezTXrpao/tlO7IYbUXamXTNf9TQ9tOb7XXazU4eXFJDfq9aCJvfY1ULEctPP1Go5cZ4uV/TTfz3ULHDO9p1PRfW5uMZWcSDJZ/x6Q+u7QGF2Eh2NfdzkAAAB4Tn1676gjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgOdP/f3/Rb006nWmU/S+/3+it61OH0Nze6758FDjAAAAAAAAAIDR+PqTPMlyTvbynaL6m/+5KnM6X3SSL+X9PMhC7udiljOfpSzlfi4nmerraGJ5fmnp/uX1lqXhLa8MbXllVEcMAAAAAAAAAP+TfpnWxt//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgOCiSse6qWk7X60yl0cxGWVaSfyaZOOp496EYtvHh6OMAAACAZzL5FG2+/CRPspyTvXynqF7zf6V6vTyZ93M3S1nMUtpZyM36NXT5qr+xtjrbXludvVMuZX6w3+//e19hTNQ9jFW5YXs+W9Vo5VYWqy0Xc6MK5mYa3X2fT8724umLq89HZUzF92p7jKxZD2u5s99v9y7CgRh8K6KxQ83WRnDJ+ojM1LGVLU91R6Co3qhJNo/ErmenOZCbqnodX9/T5TTW3/k5fQhjfqJel8fzm0Md8/1aH4lGqpG40pt95TWz80gk3/jrn96+3b777u1bDy4cn0Paxdg22zfPidm+kXjluR6J5j7rz1QjcWY9fz0/yk9yIdN5M/ezmJ9mPktZSKcun6/nc/lzaueRmhvIvblbJBP1eemes73ENJ0fVqn5nKvansxiitzLzSzk9erflVzOt3M1V3Ot7wyf2Tbu6tiqq76x+arvnem/DQ3+/DfrRHl3++3GXW5upyPebnYelO69vxzXU33j2p31j9drneq7Dmb6Ruml3uiMD+38ae6Nza/WiXIfv9rlOTFaU/VIlBdQ7ynRi+7l7kg0q2fR1nn+h07ZLu27nc7t+fe26X9lU/61el1Oq9Wv7Va7Z/ipOFjlfHkpk/WdZHB2lGUvr99l+so6G3O5Wzb4xC3bnanKiqJ3pf4496oJsPVKnah/h9va05Wq7JWhZbNV2dm+soHft3Iv7dwcwfgB8DT+8fZ6cionJlr/an3a+qT169bt1huTP3jhOy+8OpHxv49/tzkz9lrj1eIv+SQ/33j9DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPL0HH3z47ny7vXB/eKKxfdFAopXNW3breVOiqL/QZ3+tjm9iMsnAlup7jkYeRmtzGFsSnV8kIx+f3pcIDq/zuzLR3DKjhiXmBrb8eWuHH+0zwmJv18UhJhoZ7U7HMnwCHOFNCRiJS0t33rv04IMPv7V4Z/6dhXcW7o5fvXpt5trV12cv3VpsL8x0fx51lMBh2HjoH3UkAAAAAAAAAAAAwF4N+2DAuRd3+9DInj7j4X8WAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfi+oU0H6bI5ZmLM2V+bXW2XS699EbNZpJGIyl+lhSPkrl0l0z1dVfkj4/SGbKfjxevvfXZ47XPN/pqdusnjXq9vZ1Lk6zUS6aTjNXrZzDQ341n7q/4T+8YygH7otPpzD1bfHAw/hsAAP//msX1EQ==") pwritev2(0xffffffffffffffff, &(0x7f0000000140)=[{0x0}], 0x1, 0x5405, 0x0, 0x0) readlinkat(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) unshare(0x2040400) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) prlimit64(0x0, 0x3, &(0x7f0000000000)={0x0, 0xf9d5}, &(0x7f0000000c00)) bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0) setns(r1, 0x24020000) syz_clone(0x16040000, 0x0, 0x0, 0x0, 0x0, 0x0) 15m3.872072091s ago: executing program 2 (id=543): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_GET_WOWLAN(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x24, r4, 0x203, 0x70bd28, 0x25dfdbfe, {{}, {@val={0x8, 0x1, 0x80}, @val={0x8, 0x3, r6}, @void}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x4000) 15m2.67684064s ago: executing program 2 (id=549): r0 = inotify_init1(0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) pipe2(&(0x7f0000001440)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) splice(r5, 0x0, r4, 0x0, 0x3, 0x0) fcntl$setpipe(r3, 0x4, 0xfffffffffffff000) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000003c40)={0x0, 0x0, &(0x7f0000003c00)={&(0x7f0000003300)={0x28, 0x0, 0x1, 0x70bd25, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x0, 0x67}}}}}, 0x28}, 0x1, 0x0, 0x0, 0xc000}, 0x40000) accept(r6, &(0x7f0000000000)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x80) ppoll(&(0x7f0000000340)=[{r0, 0x4018}], 0x1, &(0x7f0000000400)={0x0, 0x989680}, 0x0, 0x0) 15m1.881602892s ago: executing program 34 (id=549): r0 = inotify_init1(0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) pipe2(&(0x7f0000001440)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) splice(r5, 0x0, r4, 0x0, 0x3, 0x0) fcntl$setpipe(r3, 0x4, 0xfffffffffffff000) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000003c40)={0x0, 0x0, &(0x7f0000003c00)={&(0x7f0000003300)={0x28, 0x0, 0x1, 0x70bd25, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x0, 0x67}}}}}, 0x28}, 0x1, 0x0, 0x0, 0xc000}, 0x40000) accept(r6, &(0x7f0000000000)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x80) ppoll(&(0x7f0000000340)=[{r0, 0x4018}], 0x1, &(0x7f0000000400)={0x0, 0x989680}, 0x0, 0x0) 13m44.255288842s ago: executing program 7 (id=731): socket(0x15, 0x5, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) close(0x3) 13m42.772562935s ago: executing program 7 (id=734): syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000740)={'wlan1\x00', 0x0}) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x4041) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REGISTER_FRAME(r6, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000c80)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000003a00000008000300", @ANYRES32=r4, @ANYBLOB="05005b"], 0x24}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000140)={0x58, r1, 0x1, 0x70bd2d, 0x25dfdbff, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_FRAME={0x3c, 0x33, @deauth={{{0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1}, {0x1}, @broadcast, @device_a, @initial, {0x0, 0x4c}, @value=@ver_80211n={0x0, 0x0, 0x2, 0x0, 0x0, 0x1}}, 0x1b, @val={0x8c, 0x18, {0x1fe, "3bf9d27a3fa9", @long="f877cc31de9038e5b85b2ccfde685c3b"}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x80c0}, 0x0) 13m41.059850542s ago: executing program 7 (id=740): write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000140)=ANY=[@ANYRESDEC], 0x27) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000600)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020148100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000001000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x1f00, 0x2, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000010000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000600000085000000030000009500000000000000"], 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000c80)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008001500b7040000000000008500000058", @ANYRES32=r1, @ANYRESOCT, @ANYBLOB="7b56b318cc300e8a85e13533c796b71ffcd09e1a52e6e40e47aeaa210a588aedf3c7e24a8f525a9d43cc15cb51853433d8ae9808ce6a78f33a5fb433ed14bfc50159399b7a356efc3606d9dd3acc3862b0ee6471ef5a69abf330863fb6115083a4c72e336d9d311c8dcbb656a4e7ae699638a447531481a4b07ab375cfa27448c9cfb803990513def352a8e13dc60018bb9f660449d7805fb00a846f03bae2261a90489a591236f3ab049d5729e232e5a704933133ef503574c97f9cc89d209020d5ac1e9cff6c4f95d8b61902513f292343b11bc341a50337fbb3635f888345008f8f0f7a4229e626aeaea92e2a2a261df6a856"], 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='rxrpc_recvmsg\x00', r2}, 0x18) r3 = socket$kcm(0x21, 0x2, 0x2) recvmsg$kcm(r3, &(0x7f0000001a80)={0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) 13m38.65059908s ago: executing program 7 (id=745): bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) add_key$fscrypt_provisioning(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f00000006c0)={0xffff, 0x0, 0x0, 0x4001, 0x2}) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000100)='./bus\x00', 0x1001a, &(0x7f0000000580)={[{@user_xattr}, {@resuid={'resuid', 0x3d, 0xee01}}, {@min_batch_time={'min_batch_time', 0x3d, 0x4c3b8}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x2000000}}, {@data_journal}, {@i_version}]}, 0x1, 0x43e, &(0x7f0000000bc0)="$eJzs3EtvG0UcAPD/rpP0TUIpjz6AQEFEPJImLdADFxBIXJCQ4FCOIUmrUrdBTZBoVUFAiCuqxB1xROITcIILAk5IXPkAqFKFcmnhZLT2bmI7dhqnThzq30/admZ3nJm/d8ae3ckmgL41mv2TROyPiD8jYriWbSwwWvvv9vK1mX+Wr80kUam883dSLXdr+dpMUbR43b48M5ZGpF8kcbRFvQtXrl6YLpfnLuf5icWLH04sXLn6wvmL0+fmzs1dmjp9+tTJyZdfmnqxK3Fmbbp15JP5Y4fffO/6WzNnrr//6/dJEX9THF0yut7BpyuVLlfXWwfq0slADxtCR0oRkZ2uwer4H45SrJ684Xjj8542DthSlUqlsq/94aUKcA9LomnH7uYdwL2p+KLPrn+LbZumHjvCzVdrF0BZ3LfzrXZkINK8zGDT9W03jUbEmaV/v8m22Jr7EAAADX7M5j/Pt5r/pfFQXbn78rWhkYi4PyIORsQDEXEoIh6MqJZ9OCIe6bD+5kWStfOf9MamAtugbP73Sr621Tj/K2Z/MVLKcweq8Q8mZ8+X507k78lYDO7K8pPr1PHT63981e5Y/fwv27L6i7lg3o4bA7saXzM7vTh9NzHXu/lZxJGBVvEnKysBSUQcjogjm6zj/LPfHWt37M7xr6ML60yVbyOeqZ3/pWiKv5Csvz45sTvKcycmil6x1m+/f/l2u/rvKv4uyM7/3pb9fyX+kaR+vXahs5+/6w7HN9v/h5J3q+mhfN/H04uLlycjhi40dorq/qm1+aJ8Fv/Y8dbj/2CsvhNHIyLrxI9GxGMR8Xje9ici4smIOL5OjL+89tQHm49/a2Xxz3Z0/lcTQ9G8p3WidOHnHxoqHekk/uz8n6qmxvI9G/n820i7Ou/NAAAA8P+URsT+SNLxlXSajo/Xfl/+UOxNy/MLi8+dnf/o0mztGYGRGEyLO13DdfdDJ/PL+iI/1ZQ/md83/rq0p5ofn5kvz/Y6eOhz+9qM/8xfpV63DthynteC/mX8Q/8y/qF/Gf/Qv1qM/z29aAew/Vp9/3/ag3YA269p/Fv2gz7i+h/6l/EP/cv4h760sCfaPRtf/AWAjT1IL9FniUh3RDO2LVEZ3hHN2LZErz+ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuuO/AAAA///gg99Z") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0) mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc11, 0x0) mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x887008, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r1, &(0x7f0000004100)={0x2020}, 0x2020) 13m36.589294622s ago: executing program 7 (id=749): sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x90}, 0x4) socket$inet_smc(0x2b, 0x1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000300)='sched_switch\x00'}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r3, &(0x7f0000000040)={0x1f, @none}, 0x8) 13m34.614128112s ago: executing program 7 (id=756): syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) socket(0x10, 0x3, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[0x0], 0x1}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$packet(0x11, 0x2, 0x300) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x0) r2 = socket$phonet_pipe(0x23, 0x5, 0x2) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{}, 0x0, &(0x7f0000000200)=r2}, 0x20) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r1], &(0x7f0000000180), &(0x7f0000000200), &(0x7f00000001c0)=[0x7fffffff]}) 13m34.176856749s ago: executing program 35 (id=756): syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) socket(0x10, 0x3, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[0x0], 0x1}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$packet(0x11, 0x2, 0x300) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x0) r2 = socket$phonet_pipe(0x23, 0x5, 0x2) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{}, 0x0, &(0x7f0000000200)=r2}, 0x20) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r1], &(0x7f0000000180), &(0x7f0000000200), &(0x7f00000001c0)=[0x7fffffff]}) 4m29.406361072s ago: executing program 4 (id=2121): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000740)=0x2) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r4, 0xffffffffffffffff, 0x5, 0x0, 0x0, @void, @value}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r4}, &(0x7f00000006c0), &(0x7f0000000700)=r3}, 0x20) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) close_range(r5, 0xffffffffffffffff, 0x0) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$dupfd(r6, 0x0, r6) syz_mount_image$ext4(&(0x7f0000000880)='ext4\x00', &(0x7f00000003c0)='./file1\x00', 0x21000e, &(0x7f0000000380), 0xde, 0x531, &(0x7f0000001240)="$eJzs3c9vHFcdAPDvjL3BaVzsAodSqT9Eg5IIshvXtLU4tEUgbpVA5R4se2NZWWcj77qNrQo54g9AQggqceLEBYkbFyTUPwEhVaIHbggQCEEKBw7AoJmdTZ1l1t6o+6OxPx/p7b558+P73sQ78+ZHZgI4s56LiNciYi4irkTEUlmelikOeymf7oN7b2/kKS9+429JJGVZRJG970I520Lvq1Jn/+DmeqvV3C2HG92d243O/sHV7Z31reZW89bq6spLay+vvbh2bSztzNv1ytf+9MPv/fTrr/zqi2/9/vpfLn8nr/RXy/H9do1Psfbi/eKzlq+L++YjYne8wWZmrmxPbdYVAQBgJHkv9VMR8bmi/78Uc0VvrjDYpVuYfu0AAACAccheXYx/JxEZAAAAcGq9GhGLkaT18l6AxUjTer13D+9n4rG01e50v3CjvXdrMx8XsRy19MZ2q3mtvKd2OWpJPrxS5D8cfmFgeDUinoiIHyydL4brG+3W5qxPfgAAAMAZcWHg+P+fS73jfwAAAOCUWZ51BQAAAICJG3b8n4w2GQAAAPAIcGAPAAAAp9o3Xn89T1n//debb+7v3Wy/eXWz2blZ39nbqG+0d2/Xt9rtreKZfTvHLasWEa12+/aXIvbuNLrNTrfR2T+4vtPeu9W9vu39gQAAADArTzz77vtJRBx++XyRcufyj7khM7hXAE6N9GEm/uPk6gFM37Dd/AjOjbMewPTNjzBNMspEwKPncNYVAGbtgUd9VOzvj96888A5g19Prk4AAMB4Xfps9fX/+fJ+fuD0eqjr/8Cp8hGu/wOPOJf24eyqPVQP4O4EawLMSnLC+KEP76i6/l95Z3CWnbgsAABgohaL9GxaL68FLkaa1usRjxf/1b+W3NhuNa9FxCcj4rdLtU/kwyvFnMmJxwwAAAAAAAAAAAAAAAAAAAAAAAAAQE+WJZEBAAAAp1pE+uekfP/XpaWLi4PnB84l/1qK8pVeb/34jR/dWe92d1fy8r/fL+++U5a/MIszGAAAAHAWzR87tn+c3j+OBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBx+uDe2xv9NM24f/1KRCxXxZ+PheJ7IWoR8dg/kpg/Ml8SEXNjiH94NyKerIqf5NWK5bIWg/HTiDg/nfhPZ1lWGf/CGOLDWfZuvv15rer3l8ZzxXf173++TB/VA9u/c784Mia9v/2bG7L9e3zEGE+99/PG0Ph3I56ar97+9OMnQ+I/X7XAipXy7W8dHPxfYW/hkf0k4lLl/id5IFaju3O70dk/uLq9s77V3GreWl1deWnt5bUX1641bmy3muVnZRu///Qv/ztQ9J+sp2h/DIm/fEL7L+aZ2pHCbDBMGey9O/c+3cvWBhZRxL/8fPXf35PHxM//Jj5f7gfy8Zf6+cNe/qhnfvabZyorVsbfHNL+k/79Lw9b6IAr3/zuH0acFACYgs7+wc31Vqu5O/HMO1mWTSvW6JlIR5246C5OdY1NN9Pv3U0sxMLHpaVTzlwcz3Ku/C5iWnUex5ktAADg4+bDTv+sawIAAAAAAAAAAAAAAAAAAABnV2c/0kk/Tmww5uFsmgoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcKz/BQAA//99qdiK") execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x1000) 4m29.018095748s ago: executing program 4 (id=2124): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x3c}}, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x1ff) ioctl$VIDIOC_QUERYMENU(0xffffffffffffffff, 0xc02c5625, &(0x7f0000000180)={0x8000, 0xc5fb, @value=0x3}) add_key$user(&(0x7f00000001c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000080)="bc5dfc7fbbbc5b", 0x7, 0xfffffffffffffffe) add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, 0x0, &(0x7f00000000c0)=""/83, 0x53, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 4m27.884051256s ago: executing program 4 (id=2128): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r3, 0x0, 0x0, 0x20000841, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @empty}, 0x1c) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) open(&(0x7f00000003c0)='./file0\x00', 0x10241, 0x0) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="6c00000002060104db406e3e0004000200000000100003006269746d61703a706f72740005000400000000000900020073797a32000000000500050000006c000500010006000000240007800800"], 0x6c}}, 0x0) r5 = add_key(&(0x7f0000000240)='cifs.spnego\x00', &(0x7f0000000200)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) setreuid(0xffffffffffffffff, 0xee00) keyctl$setperm(0x5, r5, 0x220c) add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0xfffffe00, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x52ba, 0xffffffffffffffff) add_key$fscrypt_v1(&(0x7f0000000400), &(0x7f0000000440)={'fscrypt:', @desc3}, &(0x7f0000000480)={0x0, "6035ae1e0fe721441705322225930e6c1e3e2a51a92fd796bc34d7cf6e0236805b4377f7ab1a9b01c103a4c6a7ef54e6763fd7264c39ea00c508ba6062696138"}, 0x48, 0xfffffffffffffffe) 4m21.87183246s ago: executing program 4 (id=2137): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x11, 0x3, 0x0, &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd600a847500140600fe8000"/34, @ANYRES32=0x41424344], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_XEN_HVM_CONFIG(r1, 0x4038ae7a, &(0x7f0000000140)={0x100, 0x640, &(0x7f0000000240), 0x0}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10) ioctl$KVM_RUN(r3, 0xae80, 0x0) 4m17.172811663s ago: executing program 4 (id=2147): mkdir(&(0x7f0000000400)='./file0\x00', 0xfa) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0) tkill(0x0, 0x4000012) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_init_net_socket$netrom(0x6, 0x5, 0x0) mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), 0x2010042, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@getchain={0x24, 0x11, 0x43d, 0x70bd2b, 0x1, {0x0, 0x0, 0x0, 0x0, {0x0, 0x10}, {}, {0x8}}}, 0x24}, 0x1, 0x0, 0x0, 0x42051}, 0x0) r3 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r3, &(0x7f00000001c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) sendmsg(r3, &(0x7f00000000c0)={0x0, 0x9588, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0xfff2}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) 4m5.897322559s ago: executing program 4 (id=2170): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0e00000004000000080000000800000000000000", @ANYRES32, @ANYBLOB="0000000000000000000004000000000000009b", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) r1 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000000c0)=@o_path={&(0x7f0000000080)='./file0\x00', 0x0, 0x4000, r0}, 0x18) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000000)='siox_get_data\x00', r1, 0x0, 0x2c9}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000d40)=[{{0x0, 0x0, &(0x7f0000000100)}, 0x20000000}, {{&(0x7f0000000180)={0x2, 0x4e24, @multicast1}, 0x10, &(0x7f0000000340)}}], 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x18, 0x52, 0x109, 0x0, 0x0, {0x1c}, [@nested={0x4}]}, 0x18}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000004340)={0x6, 0xc, &(0x7f00000007c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x4}, {0x6, 0x0, 0xa}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x33}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x94) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000840), 0xffffffffffffffff) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_CHANNELS_SET(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x34, r7, 0x401, 0x0, 0x0, {}, [@ETHTOOL_A_CHANNELS_TX_COUNT={0x8, 0x7, 0x2}, @ETHTOOL_A_CHANNELS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bond\x00'}]}]}, 0x34}}, 0x0) sendmsg$nl_generic(r6, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x20000000) 3m50.178138824s ago: executing program 36 (id=2170): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0e00000004000000080000000800000000000000", @ANYRES32, @ANYBLOB="0000000000000000000004000000000000009b", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) r1 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000000c0)=@o_path={&(0x7f0000000080)='./file0\x00', 0x0, 0x4000, r0}, 0x18) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000000)='siox_get_data\x00', r1, 0x0, 0x2c9}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000d40)=[{{0x0, 0x0, &(0x7f0000000100)}, 0x20000000}, {{&(0x7f0000000180)={0x2, 0x4e24, @multicast1}, 0x10, &(0x7f0000000340)}}], 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x18, 0x52, 0x109, 0x0, 0x0, {0x1c}, [@nested={0x4}]}, 0x18}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000004340)={0x6, 0xc, &(0x7f00000007c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x4}, {0x6, 0x0, 0xa}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x33}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x94) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000840), 0xffffffffffffffff) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_CHANNELS_SET(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x34, r7, 0x401, 0x0, 0x0, {}, [@ETHTOOL_A_CHANNELS_TX_COUNT={0x8, 0x7, 0x2}, @ETHTOOL_A_CHANNELS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bond\x00'}]}]}, 0x34}}, 0x0) sendmsg$nl_generic(r6, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x20000000) 19.558042067s ago: executing program 5 (id=2614): syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000100)='./file2\x00', 0x214018, &(0x7f00000014c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRESHEX=0x0, @ANYBLOB=',uid=', @ANYRES32, @ANYBLOB="2c756d61736b3d30303030303030303030303030303030303030303030352c626172726965722c6e6c733d6d616363726f617469616e2c6e6f626172726965722c747970653dc46eaf112c747970653da52e32f02c706172743d3078303030303030303030303030303030302c706172743d3078303030303030303030303030303130312c00"], 0xfc, 0x6e4, &(0x7f0000000c80)="$eJzs3c1vHGcdB/Dv7K7fUtE4bdIWVImoEQURkfhFKQQJJSCEfKhQBAckbiZxGiubtLJdcCME4f3aQ/+A9pAbJyTuQeUMFwRHi1MlRC+cfFs0s7Prje111nESx/D5VLPzzDzvv52Z3dnUmgD/txbOpnU/RRbOvrlebm/cm29v3JufqLPbScp0I2l1VyluJ8XHyeV0l3y23FmXL4b188Hyxe/9/T8bn3S3WvVSlW/srPfzTpIvjD6Lu/WS00ma9XqnsW3bE8nkw9u7OrS9fit9u8+/6OeUATvTCxwcts4Od/dTfej5DhwdRb7xmd32TyfH0v2YrD7n6qtD4+mO7vHb11UOAAAADtnCv0/N7af8VL0+vpnNrB/523gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4Wi6lev5/mt1VtTR66dMpes//H6/3pU4fafcPewAAAAAAAAAAsMPYA1vjSSZ6G5d2r/H5zWxmPc/3tjtF9W/+r1UbJ6vX5/JuVrOUlZzLehazlrWsZDbJ9GBn64trayuzI9Sc27Xm3IPjao424cnRigEAAAAAAADA/7xfZmHr3/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBZUCTN7qpaTvbS02m0kkwmGS/L3U3+2ksfEcVuO+8//XEAAADAgUw+Qp3jm9nMep7vbXeK6p7/pep+eTLv5nbWspy1tLOUa/U9dHnX39i4N9/euDd/q1wOPPSqxXR/e9i951eqElO5nuVqz7lcrQZzLY2qZumfSW71xrRzXL/4tGz7UtdPRhzZtXpddvZ+71eEiQNP+DGYTlqNjPUjMlONrXsQnBiMws5IfPPTYY1e7q5a23vKYE+zafR/+TnZ7aFMPjTml0ac2bF6Xc7nt8N+uXncJrc6vTu0UD8SjVSRmBs4+l7aO+bJF//4+/dvtG/fvHF99exTmdKTtP2YmB+IxMsjROIHz2wkWntnN7bvmKl2nuptfvRcku/nbE7nSlaynB9nMWtZSlHPdLE+nsvX6b0jdfmBrStDBtA3Xr8vzbpcf0xZyHd2HdPpfLtKLea1qu7zWU6Rt3MtS3mj+m8us/lqLuRCLg68w6eGjruaW3XWN/Z31p/5Up2YSvK7en3YuheFMq4nBuI6eM2drvK29owNROmFvd/dndfGh0+59bk6Ufbxqz2PhqdteyRmByLx4t6R+KhTvq62b99cubH4zi6frp1irFr/7UzS6XT3vV7nlUfcbx7+9edPB53fQwxcx8rj5YVM1leSExnrDq3Zy3uxf5Wp4jU+WO9kP+/BT9zxTJbnc6PbU/dM/e7QM3W8/g63s6W5Ku/lXfPmq7xXBvIGv28lb6fd/z4EwDPs2JePjU/9a+ovUx9O/XrqxtSbk9+a+NrEq+MZ+/PY11szzdcbrxZ/yIf52db9PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8OhW37tzc7HdXlrZPdFoDs0akkjnzs3F3pN8Rq2V1aJ+ks6++jqsRP+RP8/IeJ5Iotixp5zx4+mi9+Sj/dWa2XlEXT7MQP1jv7UyOTDl5tDCx+pE53g3SvvqYnr7kZkMKTzRDWZzyHlav0WP8nBR4Eg4v3brnfOr7935yvKtxbeW3lq6PXbhwsWZixfemD9/fbm9NNN9PexRAk/C1vd2AAAAAAAAAAAA4KgY8e8KrvzwR9X/IfhIfy9x2HMEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjraFs2ndT5HZmXMz5fbGvfl2ufTSWyVbSRqNpPhpUnycXE53yfRAc8Wwfj5YvthM8slWW61e+cYe9ToTI83ibr3kdJJmvT6AB9q7euD2iv4My4Cd6QUODtt/AwAA//9+fOo3") socket$packet(0x11, 0x2, 0x300) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x15d74000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) add_key(&(0x7f0000000040)='asymmetric\x00', 0x0, &(0x7f0000000300)="303e3002a000a4fbe22e00d190c937dc6914243b0402d6dcb70ad80851956fe6727ae888746b02cee670a5882a0ad79716584e6b04b7b62edac751478af9c62f", 0x40, 0xfffffffffffffffc) r3 = socket$inet6(0xa, 0x80002, 0x0) sendmmsg$inet6(r3, &(0x7f0000000c00)=[{{&(0x7f0000000180)={0xa, 0x4e23, 0x7, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x3}, 0x1c, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB], 0x40}}], 0x1, 0x0) r4 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r4, 0x400, 0x0) mmap(&(0x7f000023b000/0x3000)=nil, 0x3000, 0x1000006, 0x1010, 0xffffffffffffffff, 0x4bdbd000) openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r5, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2c}}, 0x10) connect$inet(r5, &(0x7f0000000280)={0x2, 0x4, @multicast1}, 0x10) sendmmsg$inet(r5, &(0x7f0000004540)=[{{0x0, 0x0, &(0x7f00000012c0)=[{&(0x7f0000001100)="15b26f226e2966667482d50903b0a8d92ccd9e69d5cc4cb3d467a670b237a9225fb56c0f7ea725dee27c4bb43bb50c6748c83b71d59f0537405dfab648c096607340fac939a2efd31cbe2f8ca29c409e87ea0974b7bceff9afef5d07d691575f5115f2f961ad488e3386036913e98181a6034febaab853a3e928b9035b0e3a8e1cb393c70f6d0448970e0af2476f8b923ee09c19deca55d58f70e8eeff55dda6381cb96afe97196c0af0a8fd450a1447a1a521e2c211fb84cbcf4aebd31298972ec6bea1764fbde5500fa30c5f2459cff4d7f123ab94cfd5762d586ec7a28abc2f8c9e608f8f964b96ecb0883d60d444f317834a3d734cb304051a60d1a084a84da8f9a23a1b9d4951c0a81985c63ae193f40e9deb358b2f08553324fd6086be9e70e5061568abefebcda50e70f4dab2e4dc0cf6d85aced044d7005326922886194895267165f7f592036ebe11dcf1cad98f5cda766eaea90fb4cb5e793525126c7594f8599055192d63a81d3cd26aadd50983f1c3f1d4655c1b5f59e80f733e3abc4792b760729fd26298ef15141cf76cc4", 0x192}, {&(0x7f0000000d80)="7d68e6de85f9b0cbc9d710267f321ec64eab043ecad9af7e01e9463218ec45924a99867163e468d36a682fadd749caa325e685d75559a87139e02fae7271be8f55671cfd32a09896278d1941370174720838039d0989bc3394b8a4c4f4a30f0496be313d6d60fe47966c634a3ee1f659e8ef310647725bda0130d5de5028220a4cf5fc808a75694738ee26cb21302b4bba4265b845a5d5dce706d9820c6936b122f9658446d74a9016b94424971dd443a6907eb5c73b6b200e92b23f2c36a214729b0bc231511e4c", 0xc8}, {&(0x7f0000000380)="73fd71361e8d6c80ae1bc9953e2a4aeac7a314273066fc7f65a51969b46df1774bb0be94ccd4824f2d57ad2cd37242b1258402395481f9f07e067652e52aa8ccefcd0962ba0c48757b68d493f3ad702e65d4daa7dfc1605a173185472ae12470eea64c70ef4e64793b8a830447de0f423bef3964934eef4243cac42939ba6fa68d821b9373b5f3e2c26e7ca75ed8fb3203aef3a6637cecdd0251532b99537e02f604058f50e66c8a657d59beeed127695475f082d3d2b9790181fc987ad000ac00887d1506be89f388ecb405660b4ea196ee8f5a92b12ec43bbf49567db613d478ebe2358364f7600bf4f80ef4b2756fb13416c4fa22880cc96a03f07888575aedb001d5a74bb2f906797912b5ac080a0a3d361425f1a92ab03bbe65d5dcb235f43b5ad1162a16ebdc647baac013bf076945126cdd5a080853976a97ad55184601102fbb8df86b21aa8162858d74465c5fb7dc766602a3567f6eaf441f85ec50ca7fb3a4fdb450d1420531da25d01a412958a5e3895c59542238cf8e188e7fb5641eb24a5f1819bf8d2e9dd6c1d0e93564d723e311db9cd268bb1e477036e822b135cdbaf40f812aa7db01d22c829ab01ae24997dae96ddeed49e62d285701d5419e3f94a8b95790cf5a296ed15bffae1f71470c6a6eda872528844a2df42590d898630263cab5cccec57b7cea365ad8c91bfbe7cb419635ce6bf340a56115c0ad922b6fade9538e543bc5def2a85d35ab16d20c219c4733837be2c14ba4d3d32c3a6882ce6857626f55109b4cdcb634425d710bf3108f9b31b4af0cc17a58e49e871a56126dd8bed08e038ba64008587237b3442d28032e52fc9fae1a5784ba59d0edfa03d38352724903ed6f6970b3f4dfa6e40bf933b6765c6ee648174765f1e8ec71b80cac86abd065a3005b40a43a665707cc590997c5048183006a9dd8026d39def05950183b3d4f12f4e1644ef78cddac7c5569985c2c232bb350f28857675339e53f63a868704d2e0b38993dc57a02d3e297fc9a5b9384622841018c303a05bac25d509df5a2d0e3232927283fcc3ec67e4fa7b71d22f1", 0x2fb}], 0x3}}], 0x1, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f00000001c0), 0x86783, 0x0) 19.248467123s ago: executing program 0 (id=2615): setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x46, &(0x7f0000000040)=0x9, 0x4) bind$inet6(0xffffffffffffffff, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(0xffffffffffffffff, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0) r0 = socket$inet_smc(0x2b, 0x1, 0x0) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r1, 0x8008330e, &(0x7f00000000c0)) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x84, @loopback, 0x0, 0x0, 'fo\x00'}, 0x2c) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, &(0x7f0000000100)={0x1, 0x6}, 0x8) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendto$inet(r2, &(0x7f0000000080)="0b76b11264816c7c796aacb988cb7b59ab11e3e67e482a453b497562", 0x1c, 0x0, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) r4 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000000)={0x7fff, 0x8, 0x100}) r5 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) r6 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r6, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb}) ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r5, 0xc00464b4, &(0x7f0000000400)={r7}) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x46, 0x0, 0x0) r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='loginuid\x00') pwritev(r8, &(0x7f0000002a00)=[{&(0x7f0000002540)="5e373e8ade5e", 0x6}], 0x1, 0x1, 0x1) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 19.142591614s ago: executing program 9 (id=2616): r0 = syz_open_dev$radio(&(0x7f0000000000), 0x0, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000240)=0x0) mount$9p_rdma(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0), 0x18011, &(0x7f0000000300)=ANY=[@ANYBLOB='trans=rdma,port=0x0000000000004e22,timeout=0x0000000000000005,posixacl,ui', @ANYRESDEC=r1, @ANYBLOB="2c6f62000000000000000000000000022c736d61636b66736861743d9623285c23252c636f6e740778743d737461666628f2232f6d61636b66737472616e736d7574653d2c00"]) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x20, &(0x7f0000000200)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x10000, 0x0, 0x1, 0x1, 0x41fd, 0x49ee}, 0x20) setsockopt$inet6_int(r5, 0x29, 0x1000000000021, &(0x7f0000000180)=0x1, 0x23) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000280)='/proc/sys/net/ipv4/vs/sync_threshold\x00', 0x2, 0x0) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000440), 0x40, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r6, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x80044940, 0x0) ioctl$VIDIOC_S_HW_FREQ_SEEK(r0, 0x40305652, &(0x7f00000004c0)={0x0, 0x1, 0xffff, 0x0, 0x6, 0x4, 0xfffffffd}) 18.166084249s ago: executing program 0 (id=2617): r0 = socket$inet_udplite(0x2, 0x2, 0x88) socket$inet_tcp(0x2, 0x1, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r3 = dup(r2) bind$bt_l2cap(r3, &(0x7f0000000080), 0xe) listen(r2, 0x9) accept4$vsock_stream(r3, 0x0, 0x0, 0x80000) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'tunl0\x00'}) clock_gettime(0x0, 0x0) pselect6(0x40, &(0x7f0000000140)={0x3, 0x8db, 0x1, 0x6, 0x9, 0x2, 0x8, 0x3f}, &(0x7f0000000300)={0x4, 0x8000000000000000, 0xaead, 0x8001, 0x8, 0x3, 0x4, 0xd3}, &(0x7f0000000340)={0x8, 0x8, 0x8000, 0x2, 0x5f45, 0x5, 0xa064, 0x4}, &(0x7f00000003c0), 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = openat2(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', &(0x7f00000004c0)={0x101000, 0x90}, 0x18) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x0, &(0x7f0000000380)}) ioctl$FIONREAD(0xffffffffffffffff, 0x541b, 0x0) sendmsg$nl_route(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=@newlink={0x40, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x6, 0x0, 0x0, 0xffffff81}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @wireguard={{0xe}, {0x4}}}, @IFLA_NET_NS_FD={0x8, 0x1c, r5}]}, 0x40}}, 0x0) r6 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCRSCLRRT(r6, 0x89e4) ioctl$sock_x25_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000001c0)={@remote={'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x1}, 0x8, 'netpci0\x00'}) 17.619862409s ago: executing program 9 (id=2620): r0 = syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc", 0x8) r6 = accept4(r5, 0x0, 0x0, 0x0) sendmmsg$alg(r6, &(0x7f0000004e00)=[{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000001c0)="550bbbec", 0x4}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x40}], 0x30}], 0x1, 0x0) recvmsg$can_bcm(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)=""/88, 0x58}], 0x1}, 0x10000) ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r0, 0xc2604110, &(0x7f0000000400)={0x2000000, [[0x0, 0x101, 0x294b, 0x0, 0x81, 0x4, 0x23ffffc, 0x1000000], [0x18e3, 0x80000000, 0x4, 0x0, 0xffd, 0x0, 0x0, 0x9f], [0xf7, 0x3b6f, 0x0, 0x4, 0x0, 0x7ffffffd, 0xf9ec, 0xfffffffc]], '\x00', [{0xa3, 0x200000}, {}, {}, {0x0, 0xfffffffe}, {0xffffffff}, {0x81}, {0x0, 0x1980000}, {}, {}, {}, {0x0, 0x20000}], '\x00', 0x24, 0x0, 0x0, 0x0, 0x0, 0x2}) openat$mice(0xffffffffffffff9c, &(0x7f0000000080), 0x80000) r7 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000240), 0x88002, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r7, 0xc004500a, &(0x7f0000000040)=0x13) ioctl$SNDCTL_DSP_GETFMTS(r7, 0x8004500b, 0x0) 16.387222909s ago: executing program 5 (id=2621): bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB], &(0x7f0000281ffc)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000) connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={0x0}, 0x18) r3 = getpid() r4 = syz_pidfd_open(r3, 0x0) setns(r4, 0x24020000) fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0) 16.386376098s ago: executing program 0 (id=2622): r0 = syz_open_dev$radio(&(0x7f0000000000), 0x0, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000240)=0x0) mount$9p_rdma(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0), 0x18011, &(0x7f0000000300)=ANY=[@ANYBLOB='trans=rdma,port=0x0000000000004e22,timeout=0x0000000000000005,posixacl,ui', @ANYRESDEC=r1, @ANYBLOB="2c6f62000000000000000000000000022c736d61636b66736861743d9623285c23252c636f6e740778743d737461666628f2232f6d61636b66737472616e736d7574653d2c00"]) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x20, &(0x7f0000000200)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x10000, 0x0, 0x1, 0x1, 0x41fd, 0x49ee}, 0x20) setsockopt$inet6_int(r5, 0x29, 0x1000000000021, &(0x7f0000000180)=0x1, 0x23) connect$inet6(r5, &(0x7f0000000000)={0xa, 0x0, 0x80380000, @mcast1}, 0x1c) r6 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000280)='/proc/sys/net/ipv4/vs/sync_threshold\x00', 0x2, 0x0) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000440), 0x40, 0x0) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x80044940, 0x0) ioctl$VIDIOC_S_HW_FREQ_SEEK(r0, 0x40305652, &(0x7f00000004c0)={0x0, 0x1, 0xffff, 0x0, 0x6, 0x4, 0xfffffffd}) 11.068685333s ago: executing program 9 (id=2625): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_procfs(r0, 0x0) open(0x0, 0x80ff, 0x88) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_type(r3, &(0x7f00000001c0), 0x2, 0x0) mkdirat$cgroup(r3, &(0x7f0000000300)='syz1\x00', 0x1ff) mkdirat$cgroup(r3, &(0x7f0000001e40)='syz0\x00', 0x1ff) write$cgroup_type(r4, &(0x7f0000000280), 0x9) 10.892085326s ago: executing program 5 (id=2627): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, 0x0) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r1}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = open(0x0, 0x14927e, 0x2) fdatasync(r3) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) ioctl$sock_SIOCBRDELBR(r2, 0x89a2, &(0x7f0000000000)='bridge0\x00') syz_emit_ethernet(0x2a, &(0x7f00000002c0)={@link_local, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @dev={0xac, 0x14, 0x14, 0x22}}, @address_request={0x11, 0x0, 0x0, 0x1}}}}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000240)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4c0000001000010400"/20, @ANYRES32=r6, @ANYBLOB="000000000000000024001280110001006272696467655f736c617665000000000c0005800500190003"], 0x4c}}, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00'}) sendmsg$nl_route(r7, 0x0, 0x0) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r9}, 0x10) socket$inet6_udp(0xa, 0x2, 0x0) mknodat(0xffffffffffffff9c, 0x0, 0x8000, 0x0) r10 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x2, 0x0) ioctl$BINDER_GET_NODE_INFO_FOR_REF(r10, 0xc018620c, 0x0) 10.558920871s ago: executing program 5 (id=2628): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_procfs(r0, 0x0) open(0x0, 0x80ff, 0x88) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_type(r3, &(0x7f00000001c0), 0x2, 0x0) mkdirat$cgroup(r3, &(0x7f0000000300)='syz1\x00', 0x1ff) mkdirat$cgroup(r3, &(0x7f0000001e40)='syz0\x00', 0x1ff) write$cgroup_type(r4, &(0x7f0000000280), 0x9) 8.956070057s ago: executing program 8 (id=2631): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000001000000e27f00000100000000000000", @ANYRES32], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000005700)={{r3, 0xffffffffffffffff}, &(0x7f0000005680), &(0x7f00000056c0)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r6, &(0x7f00000001c0)={0x20000004}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(0xffffffffffffffff, &(0x7f0000006940)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000003c0)=""/6, 0x6}], 0x1}, 0x3}], 0x1, 0x2, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$sock(r8, &(0x7f00000044c0), 0x4000000000001c0, 0x0) recvfrom(r9, &(0x7f0000000040)=""/60, 0x3c, 0x40, 0x0, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"}) 7.307605733s ago: executing program 8 (id=2633): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = syz_open_dev$mouse(&(0x7f0000000000), 0x9, 0x40000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="180100000000a9174c20e0a776bc0000850000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$inet(0xa, 0x1, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000020323000000000000000000000000000800010001"], 0x1c}}, 0x0) sendmsg$NFQNL_MSG_CONFIG(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x14, 0x2, 0x3, 0x801, 0x0, 0x0, {0x7, 0x0, 0x10}}, 0x14}}, 0x0) setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000480)=@mangle={'mangle\x00', 0x44, 0x6, 0x418, 0x2b0, 0x2b0, 0x2b0, 0x138, 0x98, 0x380, 0x380, 0x380, 0x380, 0x380, 0x6, 0x0, {[{{@ip={@broadcast, @multicast1=0xe0007600, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @local, 0x0, 0x0, 'batadv_slave_1\x00', 'veth1_virt_wifi\x00', {}, {}, 0x6}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @local}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'vlan1\x00', 'nr0\x00'}, 0x0, 0xb0, 0xd8, 0x0, {}, [@common=@unspec=@connlimit={{0x40}}]}, @ECN={0x28}}, {{@ip={@loopback, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'veth1_to_team\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @empty}}}, {{@ip={@broadcast, @empty, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xd0, 0x0, {}, [@common=@unspec=@mac={{0x30}, {@multicast}}]}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @loopback}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x478) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSIGACCEPT(r5, 0x5607, 0x3) ioctl$VT_ACTIVATE(r5, 0x5606, 0x4) ioctl$USBDEVFS_FREE_STREAMS(r0, 0x8008551d, &(0x7f00000000c0)=ANY=[@ANYBLOB="28b800005b4cf5943da0bf6687"]) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_CAPBSET_READ(0x17, 0x80000000000000) r6 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r6, 0x107, 0xf, &(0x7f0000000000)=0xe80, 0x4) sendto$packet(r6, &(0x7f0000000180)="3f030e00030000002b001e0089e9aaa92be0c2310f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548", 0x36, 0x0, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x4, 0x0, 0x6, @random="3690f13519fc"}, 0x14) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000fbff000000000000001d8500000007000000850000002a000000"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 6.538028865s ago: executing program 5 (id=2634): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./bus\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000018bbdecde39739fcd1df176dde746ec834120600000000003b814e50a959736d6572462abc30ef5b65c70f73ecea54b5e5bea9836c319f653557e79a002208ce996dda659bd5ba0f4ce5c2080002223dc60000000000000044cd0a1e3686873600000000005493b4b81d5b9fa9b40fe4d76afc3a989c6d60044e89eb96e44d01a1034e3797ffa86870b82939f41ffa0f3d726f085663c29cbdc4c766a7eb77cc36160191acf5ae7469c82ab4145b595b987d75912a0fcd1c061835294cc0c618aba204f8adaa20c80108d356cd88cc86177056b06e7068c40f807d9e539f8f5b64a8ee0725aa8d00000000007cb6020d90ea79b8027cf75964dd86c2ed2b5e75779677aa8c76b848dd03dab190b5f02ec52830a17b01eaae1c3df076000000000000000000000000000083a48a6b926c668b9b90195018ea3619f9d80a0b894e212178e1a19909d764666264fa29e2c055fd7f8e67c2acfb75f0a8d41692f4542a575ee42ed94a0014fba44985cca9df12fe93bfaccf0122a6e7e593613ac0111701b125cc6799c43aa4ff708dc4a00a6decad26f0378072a571da000000b1a6bdf03fd56697e348b5b494f6fddb9f56142a47a40ef81690a7eca421bd0ad198afa58ce69d61c29deaa93c0efea0df04f20020ee84075b4e1a2ad43d1be1138de4668e7b6137545708790c501f1ed7f6a571d500000000000000"], 0x25, 0x5586, &(0x7f00000079c0)="$eJzs3EtvG2UXAOAzTtP71y9CLNh1pAopkWqrTi+CFQVacRGtKi4LVuDYruXW9kSx44SsumCJWPBPEEisWPIbWMASdogFiB0SyDMTaNoGSuM4avs80vjMHL8+874jK9KZiRzAU2sh/e2XJE7FsYiYi4iTSeT7SblF3Im4XIx9LiJOR0Tlri0p838lDkfE8Yg4NSle1EzKtz47Oz5z8ec3f/362yOHTnz+1XcHunDgQD0fEf3VYn+jX8SsU8RbZb4x7uaxf2FcxtUdNfpZkd9or+QVNhrb4xp5PN8pxmer68NJvNlrNCex072Z51cHxQmH4852nckH0luNtfy41V7JY3eY5bGzVZx3c6v427Y1HBV1WmW9j/LyMRptxyLf3mwX61m9ncfmYFTmi7pZq705ieMylqeLZtZr5fNYecSL/Bh4qztY30zH7bVhNxukF2v1F2r1S9X6WtZqj9oXqo1+69KFdLHTmwyrjtqN/uVOlnV67Voz6y+li51ms1qvp4tX2ivdxiCt12vna+eqF5fKvbPpa9ffS3utdHESX+kO1kfd3jC9ma2lxSeW0uXa+ReX0jP19J1rN9Ibb1+9eu3Gux9cef/6y9feeLUcdN+00sXlc8vL1fq56nJ96Sla/8flpP/D+pMHp3/4fm+XDQq7fMEA2N19/X/c2/+H/h+Yur30//3b5fH+9P/xMP1/TLP/n7RU+v9/738rB9D/zof+fx/XD3vyaP3/4anPAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAmftx/ovX852F4vhEmf9fmXqmPE4iohIRfzzAXBzeUXOurDO/y/j5e+bwTRJ5hck5jpTb8Yi4XG6//3+/rwIAAAA8ub68c/rTolsvXhYOekLMUnHTpnLywynVSyJifuGnKVWrTF6enVKx/Pt9KDanVC2/gXV0SsWKW26HplXtocztCEfvCkkRKjOdDgAAMBM7O4HZdiEAAADM0if/+O5LM5sHM5bE9qPM7WfB+X/e//1A8NiO9wAAAIDHUHLQEwAAAAD2Xd7/+/0/AAAAeLIVv/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf7JzP7lpA1EcgJ8Nhv5VUdV9r9IdHKNH6LLLwgF6CY5Ar9ALcAYiZZEjRBBhT5CcgBSJMU7Q90m2M+Po5xlg88bSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXbqpVrN/f77/PTdnuztPntkAAAAAx2yq1az+Y9K0P6b+z6nra2oXEVFGxLHafRCjVuYg5VQn/r96Mob/EXXCvn+cjg8R8SMd91+6/hQAAADgeq0Xy2lTrTentARw2++ouJBm0ab89DNTXhER1eQuU1q5P33LFFb/vofxO1NavYD1LlNYs+Q2PH5vlOshbYPW5XEm8/pLrFtlN88FAAD61K4ETlQhAAAAXIFffQ+AS3he2heH0+E947i5pBeC71stAAAA4A0q+h4AAAAA0Lm6/n9N+/8V9v8DAACA7Jr9/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOjSplrN1ovl9NT9+Qtztrvz5JsRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLA/7ygQAmEQBnvXdyZz/8NKg4bGJlUgfPyNwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJvf/eX/xNQ4k8y9NpaeR5K1U2Pr1Ng7N47+ML5+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxf68pEAIBEEUzBn/O+n7H1YS9AwiREDDo4paNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwRb/75f/E1DiTzJ02lo5HkrWrxtZVY+9B4+jBePs3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxb799EZRhgEAf3anu1DUWKtpYtVgwkEvUhYEuRqjaTz4EUyassXqIgo9CGnEXryZnrkYPRpjoqm3fgfONOGCNw491MSTh5r5V2bbFRqUmUJ/v+Td99nZ4f23E9Jn3lkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABKm+/Gq+0iTtKXiTwuj93eWp5P641ddWp99c50WtK4VfO4nwCvVd8cn2puIAAAABweSZnfR8TdztpsWrcnsvy/U56T5vw/PJfHZT6/O+/f2Fo+Wnw0Xeb/v/9276WdjiaSrJ+00YXFQf/U3qGMPaYpHnjPP/SMsWzls3svSfaFtD9ceXGzk61n67tbt97vZuGROkYLADyKk2VdBOXfQ2nda3JgABwaY5XEu8z/k4lmxwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQh82VeKaMWxExPXY/Tm1sLc+Pqr9ZvTO9XpRzN2+uVttMm+hExMLioH+qxrkcXOVqXv9sbjDoX7l6re7geESM+OjG/v55Ugz/X8/pRsTQkRMvj2jn4330taudPUFxeUa9aziezu+hJ7eGjrT2LPh727kmLoC6gnbx/TyOLsZr/96Hg/La+/9brvm/IwAAnnqdoqSZ6N3O2mx6rDUZsf3jcP7/RiWOobx/+0Z+JH+/Xsn/731y7na1r2r+36tpfk+CmaVLX8xcvXb9rcVLcxf7F/ufv326907vzPmzZ8/PZPdKZhai7Y4JAAAA/0G3KNX8vz25d///WCWOB+z/51vCef7/5fe9r6t9JfL/ke5v+jU9EgAAgMOouxO98Ppff7ZGnNHqduOruaWlK738def96fy11uE+oiNFqeb/yWTTowIAAADqsLnSGtr/v1CJ4wH7/9Xn/5/96ZVfqm0mETEecTki+ifnLw8u1DedA62OHypnHXWbnikAAABNGS9Kdf+/kz3/39555KEdEW+eiPi7+A1/7DP/Tz749udqX9Xn/8/UOsuDpz2Vr0dWT0WMTTU9IgAAAJ5mR4uSJvt/dNZmP/312Eddz/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1O2fAAAA//+FVSwP") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff}) connect$unix(r2, &(0x7f00000003c0)=@abs, 0x6e) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f0000000200)={[{@quota}, {@oldalloc}, {@barrier_val={'barrier', 0x3d, 0x3}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@block_validity}, {@jqfmt_vfsv1}]}, 0x3, 0x434, &(0x7f0000000940)="$eJzs289vFFUcAPDvzLZFKNiK+IOCWkVj44+WFlQOXjSaeNDERA94rG0hlYUaWhMhjVZj8GhIvBuPJv4FnvRi1JOJV70bEmJ6AT2tmd2ZdrvdLW3ZdtH9fJKB92be5n2/O/N238zrBtC1hrN/koj9EfF7RAzUqmsbDNf+u7m8OPX38uJUEpXKW38l1XY3lheniqbF6/rzykgakX6WxJEm/c5funxuslyeuZjXxxbOvz82f+nys7PnJ8/OnJ25MHHq1MkT4y88P/FcW/LMYrox9NHc0cOvvXP1janTV9/9+dukyL8hjzYZ3ujgE5VKm7vrrAN15aSng4GwJaWIyE5Xb3X8D0QpVk/eQLz6aUeDA3ZUpVKp9Lc+vFQB/seS6HQEQGcUX/TZ/W+x7dLU445w/aXaDVCW9818qx3piTRv09twf9tOwxFxeumfr7ItduY5BADAGt9n859nms3/0ri/rt3d+drQYETcExEHI+LeiDgUEfdFVNs+EBEPbrH/xkWS9fOf9Nq2EtukbP73Yr62tXb+V8z+YrCU1w5U8+9NzsyWZ47n78lI9O7J6uMb9PHDK7990epY/fwv27L+i7lgHse1nj1rXzM9uTB5OznXu/5JxFBPs/yTlZWAJCIOR8TQNvuYfeqbo62O3Tr/DbRhnanydcSTtfO/FA35F5KN1yfH7oryzPGx4qpY75dfr7zZqv/byr8NsvO/r+n1v5L/YFK/Xju/9T6u/PF5y3ua7V7/fcnb1XJfvu/DyYWFi+MRfcnrtaDr90+svraoF+2z/EeONR//B2P1nTgSEdlF/FBEPBwRj+SxPxoRj0XEsQ3y/+nlx9/bfv47K8t/ekvnf7XQF417mhdK5378bk2ng1vJPzv/J6ulkXzPZj7/NhPX9q5mAAAA+O9JI2J/JOnoSjlNR0drfy9/KPal5bn5hafPzH1wYbr2G4HB6E2LJ10Ddc9Dx/Pb+qI+0VA/kT83/rK0t1ofnZorT3c6eehy/S3Gf+bPUqejA3ac32tB9zL+oXsZ/9C9jH/oXk3G/95OxAHsvmbf/x93IA5g9zWMf8t+0EXc/0P3Mv6hexn/0JXm98atfySvoLCuEOkdEYbCDhU6/ckEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQHv8GAAD//5LX5s8=") r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) pwrite64(r3, &(0x7f0000000140)='2', 0x1, 0x8000c61) fallocate(r3, 0x3, 0x5000000, 0x8000c62) 6.537655786s ago: executing program 6 (id=2635): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000018c0)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}, 0x58) socketpair$tipc(0x1e, 0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000011c0)={&(0x7f0000001040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x1000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) accept4(r0, 0x0, 0x0, 0x0) 6.381522488s ago: executing program 8 (id=2636): prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) memfd_create(0x0, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) r3 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0x7) openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000580)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0) ioctl$TCSETA(r3, 0x8910, 0x0) r4 = eventfd(0xc) ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x1, r4}) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[], 0x50) r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) close(r3) write$RDMA_USER_CM_CMD_MIGRATE_ID(0xffffffffffffffff, 0x0, 0x0) write$RDMA_USER_CM_CMD_INIT_QP_ATTR(r5, &(0x7f0000000080)={0xb, 0x10, 0xfa00, {0x0, 0xffffffffffffffff, 0x3}}, 0x18) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000180), 0x2002) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r0, 0xc0a85322, &(0x7f00000002c0)) syz_emit_ethernet(0x0, 0x0, 0x0) syz_emit_ethernet(0xc0, &(0x7f0000001600)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x2d}, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @val={@void, {0x8100, 0x4}}, {@ipv6={0x86dd, @gre_packet={0x6, 0x6, "49981d", 0x86, 0x2f, 0xff, @ipv4={'\x00', '\xff\xff', @private=0xa010102}, @private1, {[@hopopts={0x2b}, @routing={0x6, 0x0, 0x0, 0x1b}, @routing={0x2c, 0x0, 0x1}, @dstopts={0x5e, 0x0, '\x00', [@generic={0x1}]}], {{0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x880b, 0xb, 0x0, [0x9], "47e6b5091dbafb02fcc5fb"}, {0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800, [], "720d61a16a23138b1d0623"}, {0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x86dd, [0x3ff]}, {0x8, 0x88be, 0x3, {{0x0, 0x1, 0xf, 0x2, 0x0, 0x0, 0x2, 0x2}, 0x1, {0x8000}}}, {0x8, 0x22eb, 0x2, {{0x0, 0x2, 0xff, 0x3, 0x0, 0x1, 0x3, 0x8}, 0x2, {0x1f, 0x3ff8, 0x0, 0x10, 0x0, 0x1, 0x1}}}, {0x8, 0x6558, 0x3}}}}}}}, 0x0) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0, 0x4000}) 5.830578497s ago: executing program 0 (id=2637): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmmsg$inet(0xffffffffffffffff, &(0x7f00000017c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @remote, @rand_addr=0x64010100}}}], 0x20}}], 0x1, 0x40) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r0, 0x0) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r2 = syz_open_dev$vcsa(0x0, 0x5, 0x400) sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, 0x0, 0x0) accept$inet6(r0, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) syz_mount_image$udf(&(0x7f0000000f00), &(0x7f00000000c0)='./file0\x00', 0xa00000, &(0x7f0000000000)={[{@lastblock={'lastblock', 0x3d, 0x6}}, {@iocharset={'iocharset', 0x3d, 'utf8'}}, {@utf8}, {@unhide}, {@adinicb}, {@shortad}, {@volume={'volume', 0x3d, 0x6}}, {@iocharset={'iocharset', 0x3d, 'cp865'}}, {@dmode={'dmode', 0x3d, 0x4}}]}, 0x1, 0xc43, &(0x7f00000010c0)="$eJzs3U9sHNd9B/DfGy3FldxWTOwqThoHm7ZIZcZy9S+mYhXuqqbZBpBlIhRzC8CVSKkLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBAhQIWMzsW3FJkbYskhIlfz429Z2deW/mvZn1jCzozQsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIOL3Xrl46nTaZsOhh9AYAOCBuDz21VNntnv+AwCPrSs7/f8/AAAAAAAAAAAAAABwUKQo4slIMXd5LU1Unzvql9p9t26PD49sX+1IqmoeqsqXP/XTZ86e+9ILQ+e7eak98wH199pn4rWxKxcbL8/enJufWliYmmyMz7SvzU5O3fMedlt/q8HqBDRuvn5r8vr1hcaZ589u2nx74P3+J44PXBh69uQz3bLjwyMjYxtF6r3la/fdkI6dRngcjiJORornvvfT1IqIInZ/LuoP9tpvdaTqxGDVifHhkaoj0+3WzGK5cbR7IoqIRk+lZvccbX8totb3QPuws2bEUtn8ssGDZffG5lrzravTU43R1vxie7E9OzOaOq0t+9OIIs6niOWIWO2/e3d9UUQtUnzn2Fq6mt/6UZ2HL1YDg3duR7GPfbwHZTsbfRHLxSNwzQ6w/iji1Ujxs3dOxLV8n6nuNV+IeLXMH0S8VeZLEan8YpyLeG+b7xGPploU8efl9b+wliar+0H3vnLpa42vzFyf7Snbva98xOfDXXeKh/R8OLIlH4wDfm+qRxGt6o6/lu7/NzsAAAAAAAAAAAAAAAAA7LUjUcSnI8Ur//ZH1bjiqMalH7sw9PsDv9w7ZvzpD9lPWfb5iFgq7m1M7uE8MHA0jab0kMcSf5zVo4g/zuP/vvWwGwMAAAAAAAAAAAAAAAAAAPCxVsRPIsWL755Iy9E7p3h75kbjSuvqdGdW2O7cv90509fX19cbqZPNnBM5l3Iu51zJuZozilw/ZzPnRM6lnMs5V3Ku5oxDuX7OZs6JnEs5l3Ou5FzNGbVcP2cz50TOpZzLOVdyruaMAzJ3LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA46SIIn4RKb79jbUUKSKaERPRyZX+h906AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDUn4r4fqRo/EHzzrpaRKTq344T5S/nonm4zE9Gc6jMl6J5MWerylrzWw+h/exOXyrix5Giv/72nQuer39f59Odr0G89c2NT5+pdfJQd+PA+/1PHD92YWjkc0/vtJy2a8DgpfbMrduN8eGRkbGe1bV89E/2rBvIxy32putExMIbb77emp6emr//hfIrsIvqj9BCqn1cemqhWojagWjGw+n7JvWHdYNiX5XP//cixW+/++/dB37n+V+PX+p8uvOEj5//ycbz/8WtO7rH539ta738/C+f6ds9/5/sWfdi/t1IXy2ivnhzru94RH3hjTdPtm+2bkzdmJo5d+rUl4eGvnz2VN/hiPr19vRUz9KenC4AAAAAAAAAAAAAAACABycV8buRovXjtdSIiNvVeK2BC0PPnnzmUByqxlttGrf92tiVi42XZ2/OzU8tLExNNsZn2tdmJ6fu9XD1arjX+PDIvnTmQx3Z5/Yfqb88O/fGfPvGHy5uu/1o/eLVhcX51rXtN8eRKCKavWsGqwaPD49UjZ5ut2aqqqPbDqb/6PpSEf8RKa6da6TP53V5/P/WEf6bxv8vbd3RHo7//9zRjfF/n+gpWh4zpSJ+Hil+6y+ejs9X7Twad52zXO5vIsXg+c/mcnG4LNdtQ+e9Ap2RgWXZ/4kU//CLzWW74yGf3Ch7+iOd3EdAef2PRYrv/9l349fzus3vf9j++h/duqN9ev/DUz3rjm56X8Guu06+/icjxUtPvh2/Ua35vw98/0f33RsnOoU33s+xT9f/V3vWDeTj/uZedR4AAAAAAAAAAOAR1peK+NtI8cORWnohr7uXv/83uXVH+/T3vz7Vs25yb+Yr+tCFXZ9UAAAAADgg+lIRP4kUNxbfvjOGevP4757xn7+zMf5zOG3ZWv05369U7w3Yyz//6zWQjzux+24DAAAAAAAAAAAAAAAAAADAgZJSES/k+dQnqvH8kzvOp74SKV75r+dyuXS8LNedB36g+rV+eXbm5MXp6dl6LLauTk81xuZa16bKuk9FirW//myuW1Tzq3fnm+/M8b4xF/t8pBj5u27Zzlzs3bnJn9ooe7os+4lI8Z9/v7lsnpo6zx1dlT1Tlv2rSPH1f9q+7PGNsmfLst+NFD/6eqNb9mhZtvt+1E9tlH3+2myxD1cFAAAAAAAAAAAAAAAAAACAj5u+VMSfRor/vrl8Zyx/nv+/r+dj5a1v9sz3v8Xtap7/gWr+/52W72f+/+q9Aks7HRUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB5PKYp4M1LMXV5LK/3l5476pfbMrdvjwyPbVzuSqpqHqvLlT/30mbPnvvTC0PlufnD9vfbpeG3sysXGy7M35+anFhamJhvjM+1rs5NT97yH3dbfarA6AY2br9+avH59oXHm+bObNt8eeL//ieMDF4aePflMt+z48MjIWE+ZWt99H/0uaYf1h6OIv4wUz33vp+mH/RFF7P5cfMh3Z78dqToxWHVifHik6sh0uzWzWG4c7Z6IIqLRU6nZPUcP4FrsSjNiqWx+2eDBsntjc6351tXpqcZoa36xvdienRlNndaW/WlEEedTxHJErPbfvbu+KOL1SPGdY2vpn/sjDnXPwxcvj3311Jmd21HsYx/vQdnORl/EcvEIXLMDrD+K+MdI8bN3TsS/9EfUovMTX4h4tcwfRLwVneudyi/GuYj3tvke8WiqRRH/W17/C2vpnf7yftC9r1z6WuMrM9dne8p27yuP/PPhQTrg96Z6FPGj6o6/lv7Vf9cAAAAAAAAAAAAAAAAAB0gRvxYpXnz3RKrGB98ZU9yeudG40ro63RnW1x371x0zvb6+vt5InWzmnMi5lHM550rO1ZxR5Po5m2XW19cn8uelnMs5V3Ku5oxDuX7OZs6JnEs5l3Ou5FzNGbVcP2cz50TOpZzLOVdyruaMAzJ2DwAAAAAAAAAAAAAAAAAAeLwU1T8pvv2NtbTe35lfeiI6uWI+0Mfe/wcAAP//dsP5HA==") truncate(0x0, 0x1bfc) r5 = openat(0xffffffffffffff9c, 0x0, 0x105042, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x6, 0x11, r5, 0x0) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000004c0)={0x30, r4, 0x1, 0x70bd2c, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0x1c}}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}]}]}, 0x30}}, 0x0) 4.670170945s ago: executing program 8 (id=2638): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x800053, 0x0, 0xfc, 0x0, &(0x7f00000000c0)) unlinkat(0xffffffffffffff9c, &(0x7f0000000080)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) close(0x3) syz_open_dev$usbfs(0x0, 0x400077, 0x6b4380) ioctl$EXT4_IOC_GET_ES_CACHE(r1, 0xc020660b, 0x0) r3 = syz_open_dev$loop(&(0x7f0000001580), 0x8, 0x8080) ioctl$BLKREPORTZONE(r3, 0xc0101282, 0x0) r4 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)="ae", 0x1, 0xffffffffffffffff) keyctl$read(0x2, r4, &(0x7f00000000c0)=""/4096, 0x1000) keyctl$read(0xb, r4, 0x0, 0x0) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/partitions\x00', 0x0, 0x0) r6 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) setresgid(0xee00, 0xee01, 0x0) setuid(0xee00) sendfile(r6, r5, 0x0, 0x23b) 4.669988376s ago: executing program 6 (id=2639): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000018c0)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000001c0)=ANY=[], 0xfffffe2b}}, 0x2200c840) 4.659566426s ago: executing program 9 (id=2640): syz_open_dev$vim2m(&(0x7f0000000540), 0x2, 0x2) r0 = socket(0x2c, 0x3, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) r3 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r3, 0x0, 0x0) dup2(r3, r3) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x80001d00c0d1) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000004640)={&(0x7f0000000540)=@newqdisc={0x78, 0x24, 0xf0b, 0x3fff4, 0xffffffff, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}, {0xc}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x0, 0xffffffff, 0x0, 0x0, 0xffffffff}, 0x22000, 0x0, 0x5, 0x8, 0x101, 0x43, 0xfe, 0x7, 0x0, 0x0, {0x8, 0x6, 0xfffffff9}}}}]}, 0x78}}, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r7 = socket(0x400000000010, 0x3, 0x0) r8 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r9, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4012}, 0x20000010) sendmsg$nl_route_sched(r7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=@newtfilter={0x5c, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r9, {0x8, 0x7}, {}, {0xa, 0xfff3}}, [@filter_kind_options=@f_flower={{0xb}, {0x2c, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS_MASK={0x10, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0xc, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5, 0x1, 0x2}]}]}, @TCA_FLOWER_KEY_ENC_OPTS={0x18, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x14, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5, 0x1, 0x1}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX={0x8, 0x2, 0x100c}]}]}]}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x22044028}, 0x0) 4.599417346s ago: executing program 5 (id=2641): r0 = socket(0x10, 0x3, 0x0) getsockopt$CAN_RAW_FILTER(r0, 0x65, 0x1, &(0x7f0000000140)=[{}, {}, {}, {}, {}, {}], 0x0) syz_mount_image$minix(&(0x7f0000000100), &(0x7f00000066c0)='./file0\x00', 0x1810002, &(0x7f0000000840)=ANY=[@ANYBLOB="002ecbc55fe6d6100837adda58fa7d10ab54aee93b992510be054d731ab7da7e75676e729a84f3b6a90100db5e477dbfee9ea3db9e2cdf0af3e9f7718732aaccc2158ad1dc498162eb5e87e3ec955164b6a97fb2a48d7a569258274a727cb0c7227e8f51529264e568b34e6f7ee018b3562d8fdd26e153b3a5dd539457cf51acadebb83ab2b09862ea8ac241fca01893c02becc286b2b17bd8c515b3dd02562333f6a7273bc91c9841bf3cb673bc8942336c5cebffbb08f82ba108af50c8dabb9628fc8e59c207395f370146898f1f3400f50f5e0566363558fe2c744cbebda08fe49b21e9431d1cf655282fcbb938b0d78d5e36b5e6b7d1c01f8b6423066333a94bb51f311c1d70dc272c6528d8057273e9bffbc8747d7c8a65b368828d39c69fc42125281702192328142ebb5b396e66db522ca6f2ae2ca64ab0d9d3f0eeb890d6b5a376ab004afb2ccc83293222ce378ef0e8d88e873ee168d615985aaabc293ce789dd163747e965405c11730f23faf8053fb37e93d5a54cdce54c1ce09598258ec5892938c5a16cf0c548695c973b45a0bc95feff28efd824744057c5da581fe9215d1a9e358a9da84b4ceb0f586c2ddbabbe2347dd728b8e05ecf90b4c7c9861ce1af7709c9babcdc2bd2175a8496a48942dc2755a5ed6296745ec0810e42050e657b2c0965d423077136da0140677053c8ce91d0000000000000000000000f81a60f8321a29d95e555edc5822e904e5b3821224bb704efb9aea0f736fa06f46b1023fc644c7879a6315e96f6695f65fef95d6dbf22d80c068a20fc98bad02dbeb3c9f478063d2f2f8fd5e8af7a5d5937e5626c71efa3369e99787e78597c01acfa3b273102993abd03263ae4115a65254d32c517eddeb58bbc458d025fdc566906ac145a9db74f46d10805e6c7560f6740cf29445f6aec71365f8dd27032c6413f342d8e76782bdc2d96870cf7e84d15838c48aa6af77086acec169846791fbb50b0f648adbc6f405", @ANYRES32, @ANYRES64=0x0, @ANYRES8, @ANYRESHEX, @ANYRES16, @ANYRES32=0x0, @ANYRESOCT, @ANYRES32, @ANYBLOB="0805c250a09347cb0bca3b9f8a8755b3945d3396e6eb14eb64426210d11830f13cb571b8967902d058a39cf86287f14c080fcb8d529bfcda2a3722d8dc8ebe2c29476750ec92bf56619454329e748b3549ba625812d4422958b334db652bd2b9492784354250a06d9b3f22846434889dbea72d8f13aa590030f83b62254e87e4230846ce6bd18bc79e73a1a1fa67571c3ba78979ed9dfc3410b95c51ce90bcca297c2a6995b236c39c5ec957cf8717fa28a560525b50a3a689d2bc34038bc078356614f0c584b2ae572c025c4d8414161f1100073f6fee746c008cefce574d1c1e0333b07febbd41add7375c604f3c34b6606013a8172cea655aa6580601b3668ac91df25f684745c94ad9ffc15548d32a8608c5acb60bc437052b2dd51eea8957d673499f6f685feefb2332976ce89829d1cd967d7dd29336387ff12a", @ANYRES16=0x0], 0x1, 0x1cd, &(0x7f0000002180)="$eJzs282O0lAYxvGnBdqZ8ftr48rEhW6kypDo7JwL8AbcTWbqhFjUiBuIibLxPrwMd96JNwCJXkFNSwkUaSltaEH+v2Sm75z06TmTzNs5JSAAe+tm+N2QoUZY+b7/5YGk168k1VOjVikLBLAxvjFp+iTW8uGD9BSA3VD7vXzcTmzwH9PC5C4A7LLxaS3cB/w0pF9/Pp+Poq9Gxv3D+NSUatEPc3lLOsiUHxrh8X5dGs3lbcUvYHxN2L98n+QfKZ4/zLr+aP6jhfzRqmDwyBQYmuHh8cN4/oqkq5KuSbou6Ub0rHVL0u0l818szH8v4/qBIoK/vmZsJFPbxvPNlBPs9HzQPW86nvt0rVlnGlH+Wc68FeVbBfPHOfN2lG+ev/cuEs96mfPqQDrzn/5fz8r+TzR7+bBI/9cL9j+wz3r9wdszz3M/rl+YuVIU+1JMN5LBSHCbXp36VvmayysOt2MZyUXFNyYAG+d86n5wev3Bk0737NK9dN+12icv2set9vMTJ9yXO0V25wC22eyffrbz098SBAAAAAAAAAAAAAAAqnBH0t2qFwEAAACgFGV8nKjq3xEAAAAAAAAAAAAAAAAAAAD4X/wNAAD//7bVPAk=") syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000000)='./file0/file0\x00', 0x2008804, &(0x7f0000000740)=ANY=[@ANYBLOB='shortname=lower,uni_xlate=1,utf8=1,iocharset=cp865,utf8=0,rodir,rodir,shortname=win95,check=strict,codepage=775,uid=', @ANYRES16=0x0, @ANYBLOB="2c757466383d302c73686f72746e618fd5af6e0d6d653d39352c736a6f72746e616d653d6c6f7764722c6e6f6e756d3461696c3d302c73686f72746e616d653d6d697865642c726f6469722c00000000"], 0x1, 0x276, &(0x7f00000003c0)="$eJzs3UFqG1cYB/BvLMmW2oW06KoUPNAuujJ2T2BTXCg1FFq0aLtoTS1DsYTBBkGTEMWrnCAnyHmyCblADpCQXbwwmSDPSFbCyEaJbJnk99vo8d77z/vezCCtZvTPN72DvcPj/ZN7z6NeT2JpMzbjNIlWLMXIgyj17GV5PwBwy51mWbzKciulM2pTktWlay0MALg2k7//i64FALgZv//x5y9bOzvbv6VpPaL3sN9OIv/Mx7f247/oRifWoxlnEdlY3v7p553tqKZDrfiuN+i3h8ne30+K42+9iDjPb0QzWuX5jTQ3kR/027X4olh/sxudXx9HM74qz/9Qko/2cnz/7UT9a9GMp//GYXRjr6htlL+/kaY/Zo9e3/1r2DvMJ4N+e2U8r5hdudELAwAAAAAAAAAAAAAAAAAAAADAJ20tHWu9+/6dytn5+Nq08Tw/7f1Ag4n386ynaZol+fyLfDW+rkZ1kXsHAAAAAAAAAAAAAAAAAACA2+L4/zsHu91u52iujdFj/SVD8Waea63OmopKUVo3iZhtrVqRvHpyZcZdNIb1dI6SaszvEiTjnsbk0Grkaw17GnljouejV6/HeWN0dx3sJnFFql52k8yhkZXcfpWpqeX3exrFDkomNy5ZffnLD6o5a04ZSiKiNj6Zlx+nNt9zeFPfQAAAAAAAAAAAAAAAAAAAwMjFQ78lgycLKAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFuDi//9naAyK8LQ5WWXYqEbRs+AtAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8Bl4GwAA//95LWni") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{}, &(0x7f0000000540), &(0x7f0000000580)}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={0xffffffffffffffff, &(0x7f0000000780)}, 0x20) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000006c0)={0x30, r5, 0x1, 0x0, 0x2, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_OURS={0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x800}, 0x24000814) sendmsg$ETHTOOL_MSG_RINGS_SET(r0, &(0x7f0000000380)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000300)={0x14, r5, 0x20, 0x70bd29, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4081}, 0x40000000) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.stat\x00', 0x275a, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c00000002035a0000b8030000000000000000000800010001000000"], 0x1c}}, 0x0) sendmsg$NFQNL_MSG_CONFIG(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {0x0, 0x0, 0x10}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0) 4.38434465s ago: executing program 6 (id=2642): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xcc, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xb3, &(0x7f0000000140)=""/179, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f0000002540)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000500)='sys_exit\x00'}, 0x10) modify_ldt$write(0x1, &(0x7f00000000c0)={0x40, 0x20000000}, 0x10) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff, 0x3c, 0x0, @void}, 0x10) r3 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0) ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000000000)=0x1000) mmap$dsp(&(0x7f0000ff9000/0x2000)=nil, 0x2000, 0x100000f, 0x11, r3, 0x0) ioctl$SNDCTL_DSP_SPEED(r3, 0xc0045002, 0x0) ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000000000)=0x4000) socket$nl_route(0x10, 0x3, 0x0) 3.507487834s ago: executing program 8 (id=2643): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) ptrace$setsig(0x4203, 0x0, 0xfffffffffffffff9, &(0x7f00000003c0)={0x9, 0x2, 0x7ff}) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000780)={&(0x7f0000000340), 0x0, &(0x7f00000006c0)="6e0c8559bdc3aa7a04d75beef282a2c56012b532f37745bf579446c381ccb12e45853f15a01abbcea46c60fb3d5e4964aeb416015e889f222ec5ee7bab365676834eb77a462cd3ee1f2366ae0c8fbca0ca019f4fd350c54bcdec02e96cbe03f86bf80b085e07e621c0c17c4751698b1648b180d59e13d524d785658173ea0a6983c0c21d", &(0x7f0000000440)="bc8c706ffe0ad7da9b80", 0x80000001, 0x1}, 0x38) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0) r3 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000580)={@map, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[], 0x48) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYBLOB, @ANYRES32, @ANYRES32, @ANYBLOB, @ANYRES64=r4], 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000004c0)={0xffffffffffffffff, 0xe0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, &(0x7f0000000380)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xa9, &(0x7f00000003c0), 0x0, 0x0, 0x0, 0x0, 0x0, 0x26, 0x8, 0x8, &(0x7f0000000480)}}, 0x10) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSETMODE(r5, 0x4b3a, 0x1) ioctl$TCXONC(r5, 0x4b3a, 0x0) 3.492330224s ago: executing program 0 (id=2644): bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000100)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) setsockopt$CAIFSO_REQ_PARAM(0xffffffffffffffff, 0x116, 0x80, &(0x7f0000000040), 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, 0x0, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = syz_open_dev$vbi(&(0x7f0000002100), 0x1, 0x2) write(r4, &(0x7f0000000280), 0x0) ioctl$VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f0000000000)={0x7, @pix_mp={0x6, 0x401, 0x47504a4d, 0x2, 0x8, [{0x9, 0x2}, {0x7, 0x200008}, {0x4, 0xf533}, {0x54b, 0x80000001}, {0x7, 0x8}, {0x3, 0x401}, {0x8, 0x8b9}, {0x6, 0x3}], 0x5, 0x8, 0x0, 0x1}}) syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x101c08a, &(0x7f0000000380)={[{@utf8no}, {@iocharset={'iocharset', 0x3d, 'iso8859-1'}}, {@fat=@fmask}, {@uni_xlate}, {@uni_xlateno}, {@rodir}, {@shortname_mixed}, {@uni_xlateno}, {@utf8no}, {@utf8}, {@shortname_win95}, {@rodir}, {@fat=@nfs_nostale_ro}, {@rodir}, {@utf8}, {@shortname_winnt}, {}]}, 0x6, 0x2c3, &(0x7f0000000900)="$eJzs3T+LHGUcB/Df7M3OrlrsFlYiOKCFVciltdlDEhCvMmyhFnqYC8jtItzBgX9wTWVrY2HhKxAEX4iN70CwFeyMEHhkZmeyu5dlcxuyJyafT5MnzzzfeX7Ps8PdXHHPffzq9OROGXfvffV79PtZdEYxivtZDKMTrW9ixei7AAD+z+6nFH+luW1yWUT0d1cWALBDl/v+ny+av1xJWQDADt1+/4N3Dw4Pb75Xlv24Nf32fFz9ZF/9O79+cDc+jUkcx/UYxIOI+kWhG/XbQtW8lVKa5WVlGG9MZ+fjKjn96Nfm/gd/RtT5/RjEsO56+LZR5985vLlfzi3lZ1UdLzbzj6r8jRjEyw/DK/kba/IxLuLN15fqvxaD+O2T+CwmcacuYpH/er8s307f//3lh1V5VT6bnY979biFtHfFHw0AAAAAAAAAAAAAAAAAAAAAAM+wa83ZOb2oz++puprzd/YeVP/pRtkarp7PM89n7Y2WzwdKKc1S/Nier3O9LMvUDFzk83glXz5YEAAAAAAAAAAAAAAAAAAAAJ5fZ59/cXI0mRyfPpVGexpAHhH/3I540vuMlnpei82De82cR5NJp2mujsmXe2KvHZNFbCyjWsST7kYeW639hUdqbho//bzt7P3Hj+mun+tpNtqn6+QoW7+HvWh7+s1G/VBELMYUccm5ios9aTC/T9rqIyjWXhpsvfbipbox2zAmsk2FvfXHfOeanuziKop6V9fGu01jKX7h2bjU8xz9efzRrxWZ0zoAAAAAAAAAAAAAAAAAAGCnFr/9u+bivY3RTurtrCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuFKLv/+/RWPWhI9Pz/LHDC7i9Ow/XiIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPgX8DAAD//x0KWZ8=") r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r6 = fanotify_init(0xf00, 0x0) fanotify_mark(r6, 0x105, 0x5000003a, r5, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001240)={&(0x7f0000000000)='percpu_alloc_percpu\x00'}, 0x10) 2.156379746s ago: executing program 8 (id=2645): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_procfs(r0, 0x0) open(0x0, 0x80ff, 0x88) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_type(r3, &(0x7f00000001c0), 0x2, 0x0) mkdirat$cgroup(r3, &(0x7f0000000300)='syz1\x00', 0x1ff) mkdirat$cgroup(r3, &(0x7f0000001e40)='syz0\x00', 0x1ff) write$cgroup_type(r4, &(0x7f0000000280), 0x9) 2.058331837s ago: executing program 6 (id=2646): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={0x0}}, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10) socket$kcm(0x2, 0xa, 0x2) socket$inet_mptcp(0x2, 0x1, 0x106) socket$xdp(0x2c, 0x3, 0x0) r1 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = socket$unix(0x1, 0x2, 0x0) bind$unix(r2, 0x0, 0x0) sendmsg$NL80211_CMD_STOP_AP(r1, 0x0, 0x8084) socket$inet6_sctp(0xa, 0x1, 0x84) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xa004}, 0x4) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000040)={0x3, 0x3}, 0x4) r4 = syz_init_net_socket$x25(0x9, 0x5, 0x0) r5 = syz_init_net_socket$x25(0x9, 0x5, 0x0) bind$x25(r5, &(0x7f0000000e00), 0x12) bind$x25(r4, &(0x7f0000000080), 0x12) r6 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r6, 0x8914, &(0x7f0000000700)={'bond0\x00'}) r7 = landlock_create_ruleset(&(0x7f00000002c0)={0x2001}, 0x18, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r7, 0x1, &(0x7f0000000340)={0x2000}, 0x0) 1.761482752s ago: executing program 6 (id=2647): r0 = syz_open_dev$radio(&(0x7f0000000000), 0x0, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000240)=0x0) mount$9p_rdma(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0), 0x18011, &(0x7f0000000300)=ANY=[@ANYBLOB='trans=rdma,port=0x0000000000004e22,timeout=0x0000000000000005,posixacl,ui', @ANYRESDEC=r1, @ANYBLOB="2c6f62000000000000000000000000022c736d61636b66736861743d9623285c23252c636f6e740778743d737461666628f2232f6d61636b66737472616e736d7574653d2c00"]) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x20, &(0x7f0000000200)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x10000, 0x0, 0x1, 0x1, 0x41fd, 0x49ee}, 0x20) setsockopt$inet6_int(r5, 0x29, 0x1000000000021, &(0x7f0000000180)=0x1, 0x23) connect$inet6(r5, &(0x7f0000000000)={0xa, 0x0, 0x80380000, @mcast1}, 0x1c) r6 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000280)='/proc/sys/net/ipv4/vs/sync_threshold\x00', 0x2, 0x0) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000440), 0x40, 0x0) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x80044940, 0x0) ioctl$VIDIOC_S_HW_FREQ_SEEK(r0, 0x40305652, &(0x7f00000004c0)={0x0, 0x1, 0xffff, 0x0, 0x6, 0x4, 0xfffffffd}) 1.654575564s ago: executing program 9 (id=2648): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) bind$802154_raw(0xffffffffffffffff, 0x0, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0xc) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x10480, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x10b000, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]}) chdir(&(0x7f00000001c0)='./bus\x00') utime(&(0x7f0000000000)='./file0\x00', 0x0) rmdir(&(0x7f0000000380)='./file0/../file0\x00') 1.25424322s ago: executing program 0 (id=2649): openat$sequencer(0xffffffffffffff9c, &(0x7f0000000140), 0x101002, 0x0) openat$sequencer(0xffffffffffffff9c, 0x0, 0x8042, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x4) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) syz_clone3(&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, {0x25}, 0x0, 0x0, 0x0, 0x0}, 0x58) pread64(0xffffffffffffffff, &(0x7f0000001240)=""/102400, 0x19000, 0x1000000000) socket$nl_route(0x10, 0x3, 0x0) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) clock_adjtime(0x2, 0x0) ioctl$AUTOFS_IOC_FAIL(r2, 0x4c80, 0x7000000) socket$can_raw(0x1d, 0x3, 0x1) socket(0x10, 0x3, 0x0) r3 = open(&(0x7f0000000000)='./file0\x00', 0x80140, 0x0) clock_nanosleep(0xfffffff2, 0x225c17d03, &(0x7f0000000400), 0x0) fcntl$setsig(r3, 0xa, 0x21) fcntl$setlease(r3, 0x400, 0x1) open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) 37.003949ms ago: executing program 9 (id=2650): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_procfs(r0, 0x0) open(0x0, 0x80ff, 0x88) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_type(r3, &(0x7f00000001c0), 0x2, 0x0) mkdirat$cgroup(r3, &(0x7f0000000300)='syz1\x00', 0x1ff) mkdirat$cgroup(r3, &(0x7f0000001e40)='syz0\x00', 0x1ff) write$cgroup_type(r4, &(0x7f0000000280), 0x9) 0s ago: executing program 6 (id=2651): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) r1 = socket$l2tp6(0xa, 0x2, 0x73) socket$nl_route(0x10, 0x3, 0x0) bind$l2tp6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x20) syz_emit_ethernet(0x46, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0) recvmmsg$unix(r1, &(0x7f0000003900)=[{{0x0, 0x0, &(0x7f0000001540)}}], 0x1, 0x10002, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r2, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r3 = socket$inet6(0xa, 0x3, 0x7) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[], 0x660}, 0x1, 0x0, 0x0, 0x8000}, 0x0) unshare(0x400) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) r6 = dup(r5) sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="580000000206030000000000fffff000000000000900020073797a32000000000500040000000000050005000200000012000300686173683a6e65742c706f727400000005000100070000000c0007800800124009"], 0x58}}, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r6, 0x40605346, &(0x7f00000001c0)={0x9, 0x1, {0x2, 0x883f08aa4773d550, 0x6047, 0x1, 0x6}, 0xb8}) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x1e}, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x20}, {0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x4, 0x2}, {}, 0x0, 0x6e6bb9, 0x1}, {{@in=@broadcast, 0xfffffffc, 0x32}, 0x0, @in=@empty, 0x0, 0x0, 0x2, 0x7, 0x200}}, 0xe8) sendmmsg(r3, &(0x7f0000000480), 0x2e9, 0x0) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r7, &(0x7f0000000180)={0x0, 0x80ff, &(0x7f0000000340)={&(0x7f0000000000)=@newsa={0x138, 0x10, 0x633, 0x0, 0x80000000, {{@in=@multicast2, @in6=@dev={0xfe, 0x80, '\x00', 0xfd}, 0x0, 0x0, 0x0, 0x0, 0xa}, {@in6=@loopback={0xffffffffffffff80}, 0x4d2, 0x32}, @in=@local, {}, {0x5, 0x0, 0x0, 0x5}, {}, 0x2, 0x0, 0x2, 0x4}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) kernel console output (not intermixed with test programs): syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9aa3fbd169 code=0x7ffc0000 [ 364.272792][ T26] audit: type=1326 audit(1744361500.299:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7553 comm="syz.4.755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9aa3fbd169 code=0x7ffc0000 [ 364.364752][ T26] audit: type=1326 audit(1744361500.299:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7553 comm="syz.4.755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9aa3fbd169 code=0x7ffc0000 [ 364.389224][ T7559] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 364.459271][ T26] audit: type=1326 audit(1744361500.299:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7553 comm="syz.4.755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=73 compat=0 ip=0x7f9aa3fbd169 code=0x7ffc0000 [ 364.573044][ T26] audit: type=1326 audit(1744361500.299:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7553 comm="syz.4.755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9aa3fbd169 code=0x7ffc0000 [ 364.606677][ T26] audit: type=1326 audit(1744361500.299:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7553 comm="syz.4.755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=292 compat=0 ip=0x7f9aa3fbd169 code=0x7ffc0000 [ 364.735537][ T26] audit: type=1326 audit(1744361500.299:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7553 comm="syz.4.755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9aa3fbd169 code=0x7ffc0000 [ 364.833632][ T7571] chnl_net:caif_netlink_parms(): no params data found [ 364.986144][ T7571] bridge0: port 1(bridge_slave_0) entered blocking state [ 364.999455][ T7571] bridge0: port 1(bridge_slave_0) entered disabled state [ 365.008922][ T7571] device bridge_slave_0 entered promiscuous mode [ 365.018030][ T7571] bridge0: port 2(bridge_slave_1) entered blocking state [ 365.040437][ T7571] bridge0: port 2(bridge_slave_1) entered disabled state [ 365.049253][ T7571] device bridge_slave_1 entered promiscuous mode [ 365.121751][ T7571] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 365.159047][ T7571] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 365.228719][ T7571] team0: Port device team_slave_0 added [ 365.246140][ T7571] team0: Port device team_slave_1 added [ 365.284285][ T7571] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 365.299895][ T7571] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 365.334568][ T7571] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 365.350096][ T7571] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 365.363594][ T7571] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 365.398219][ T7571] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 365.452691][ T7571] device hsr_slave_0 entered promiscuous mode [ 365.468840][ T7571] device hsr_slave_1 entered promiscuous mode [ 365.488157][ T7571] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 365.496484][ T7571] Cannot create hsr debugfs directory [ 365.766954][ T7571] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 365.777565][ T7571] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 365.794753][ T7571] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 365.825945][ T7571] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 365.983220][ T7571] 8021q: adding VLAN 0 to HW filter on device bond0 [ 366.007510][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 366.024438][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 366.041989][ T7571] 8021q: adding VLAN 0 to HW filter on device team0 [ 366.069424][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 366.087532][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 366.096452][ T4265] bridge0: port 1(bridge_slave_0) entered blocking state [ 366.103680][ T4265] bridge0: port 1(bridge_slave_0) entered forwarding state [ 366.148634][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 366.157869][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 366.184394][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 366.197826][ T4265] bridge0: port 2(bridge_slave_1) entered blocking state [ 366.205011][ T4265] bridge0: port 2(bridge_slave_1) entered forwarding state [ 366.221448][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 366.236917][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 366.247584][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 366.266290][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 366.287132][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 366.304256][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 366.321044][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 366.337658][ T7571] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 366.370522][ T7571] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 366.394157][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 366.409694][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 366.428893][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 366.451373][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 366.460040][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 366.664586][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 366.680974][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 366.694671][ T7571] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 366.701835][ T4820] Bluetooth: hci3: command 0x0409 tx timeout [ 366.758452][ T144] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 366.825429][ T144] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 366.882225][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 366.893071][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 366.927721][ T144] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 366.954318][ T7571] device veth0_vlan entered promiscuous mode [ 366.977571][ T144] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 366.998021][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 367.008285][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 367.029107][ T7571] device veth1_vlan entered promiscuous mode [ 367.040131][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 367.049490][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 367.063212][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 367.107288][ T7571] device veth0_macvtap entered promiscuous mode [ 367.116099][ T4662] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 367.124541][ T4662] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 367.133768][ T4662] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 367.147271][ T4662] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 367.161213][ T7571] device veth1_macvtap entered promiscuous mode [ 367.217948][ T7571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 367.228620][ T7571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 367.239177][ T7571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 367.249782][ T7571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 367.260208][ T7571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 367.271394][ T7571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 367.282436][ T7571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 367.293191][ T7571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 367.305239][ T7571] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 367.319216][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 367.327979][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 367.337057][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 367.361206][ T7571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 367.372790][ T7571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 367.385718][ T7571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 367.398357][ T7571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 367.409483][ T7571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 367.420342][ T7571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 367.430175][ T7571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 367.441097][ T7571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 367.452433][ T7571] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 367.464083][ T7571] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 367.473802][ T7571] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 367.483415][ T7571] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 367.492980][ T7571] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 367.507140][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 367.517543][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 367.649303][ T4647] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 367.676946][ T4647] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 367.707051][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 367.723435][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 367.741729][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 367.769950][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 368.183541][ T7666] loop4: detected capacity change from 0 to 512 [ 368.825892][ T4242] Bluetooth: hci3: command 0x041b tx timeout [ 370.733788][ T7666] EXT4-fs (loop4): 1 orphan inode deleted [ 370.790561][ T7666] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 370.865252][ T7666] ext4 filesystem being mounted at /166/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 370.940435][ T4242] Bluetooth: hci3: command 0x040f tx timeout [ 371.102565][ T6086] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 371.112424][ T144] device hsr_slave_0 left promiscuous mode [ 371.125627][ T144] device hsr_slave_1 left promiscuous mode [ 371.133257][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 371.141639][ T144] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 371.149770][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 371.357162][ T144] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 371.425681][ T144] device bridge_slave_1 left promiscuous mode [ 371.448232][ T144] bridge0: port 2(bridge_slave_1) entered disabled state [ 371.482995][ T144] device bridge_slave_0 left promiscuous mode [ 371.490759][ T6086] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 371.517833][ T6086] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 371.529046][ T144] bridge0: port 1(bridge_slave_0) entered disabled state [ 371.569532][ T6086] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 371.589782][ T6086] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 371.654833][ T7702] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 371.663329][ T144] device veth1_macvtap left promiscuous mode [ 371.669385][ T144] device veth0_macvtap left promiscuous mode [ 371.698551][ T144] device veth1_vlan left promiscuous mode [ 371.705671][ T144] device veth0_vlan left promiscuous mode [ 372.595337][ T6086] usb 7-1: USB disconnect, device number 3 [ 372.826543][ T7734] loop4: detected capacity change from 0 to 256 [ 373.149887][ T7734] exfat: Deprecated parameter 'utf8' [ 373.155622][ T7734] exfat: Deprecated parameter 'namecase' [ 373.161460][ T7734] exfat: Deprecated parameter 'utf8' [ 373.268256][ T7734] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d) [ 373.326191][ T4242] Bluetooth: hci3: command 0x0419 tx timeout [ 373.342196][ T7733] attempt to access beyond end of device [ 373.342196][ T7733] loop4: rw=524288, want=34359738496, limit=256 [ 373.354206][ T7733] attempt to access beyond end of device [ 373.354206][ T7733] loop4: rw=0, want=34359738496, limit=256 [ 373.367773][ T26] kauditd_printk_skb: 6 callbacks suppressed [ 373.367789][ T26] audit: type=1800 audit(1744361509.709:257): pid=7733 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.765" name="file1" dev="loop4" ino=1048628 res=0 errno=0 [ 375.846641][ T144] team0 (unregistering): Port device team_slave_1 removed [ 375.879645][ T144] team0 (unregistering): Port device team_slave_0 removed [ 375.912629][ T144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 375.935351][ T144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 375.971911][ T7765] kvm [7763]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc2 data 0xcf [ 375.991301][ T7765] kvm [7763]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc2 data 0x2d [ 376.022827][ T7765] kvm [7763]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc2 data 0x85 [ 376.128699][ T144] bond0 (unregistering): Released all slaves [ 376.583208][ T7774] syz.0.784 sent an empty control message without MSG_MORE. [ 382.482494][ T7831] delete_channel: no stack [ 382.642952][ T7840] xt_hashlimit: max too large, truncated to 1048576 [ 382.654347][ T7840] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 382.818009][ T7816] loop4: detected capacity change from 0 to 8192 [ 383.724614][ T1428] ieee802154 phy0 wpan0: encryption failed: -22 [ 383.731305][ T1428] ieee802154 phy1 wpan1: encryption failed: -22 [ 385.844232][ T7870] loop8: detected capacity change from 0 to 512 [ 385.909138][ T7870] EXT4-fs (loop8): Ignoring removed nobh option [ 385.927061][ T6089] Bluetooth: hci2: command 0x0406 tx timeout [ 385.941014][ T7870] EXT4-fs (loop8): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 386.058003][ T7853] team0 (unregistering): Port device team_slave_0 removed [ 386.125152][ T7853] team0 (unregistering): Port device team_slave_1 removed [ 386.272443][ T7870] EXT4-fs error (device loop8): ext4_free_branches:1030: inode #11: comm syz.8.806: invalid indirect mapped block 256 (level 2) [ 386.579861][ T7870] EXT4-fs (loop8): 2 truncates cleaned up [ 386.696212][ T7870] EXT4-fs (loop8): mounted filesystem without journal. Opts: nobh,auto_da_alloc,delalloc,nojournal_checksum,dioread_nolock,bsdgroups,,errors=continue. Quota mode: writeback. [ 388.204262][ T26] audit: type=1326 audit(1744361524.539:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7886 comm="syz.6.809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4c0636169 code=0x7ffc0000 [ 388.392137][ T26] audit: type=1326 audit(1744361524.589:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7886 comm="syz.6.809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4c0636169 code=0x7ffc0000 [ 388.576564][ T26] audit: type=1326 audit(1744361524.649:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7886 comm="syz.6.809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7fc4c0636169 code=0x7ffc0000 [ 388.599136][ C1] vkms_vblank_simulate: vblank timer overrun [ 388.715600][ T26] audit: type=1326 audit(1744361524.649:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7886 comm="syz.6.809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4c0636169 code=0x7ffc0000 [ 388.737906][ T26] audit: type=1326 audit(1744361524.649:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7886 comm="syz.6.809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4c0636169 code=0x7ffc0000 [ 388.991588][ T26] audit: type=1326 audit(1744361524.659:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7886 comm="syz.6.809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc4c0636169 code=0x7ffc0000 [ 390.268576][ T26] audit: type=1326 audit(1744361524.659:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7886 comm="syz.6.809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4c0636169 code=0x7ffc0000 [ 391.091845][ T26] audit: type=1326 audit(1744361524.659:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7886 comm="syz.6.809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4c0636169 code=0x7ffc0000 [ 391.130445][ T26] audit: type=1326 audit(1744361524.659:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7886 comm="syz.6.809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc4c0634ad0 code=0x7ffc0000 [ 391.256214][ T26] audit: type=1326 audit(1744361524.659:267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7886 comm="syz.6.809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4c0636169 code=0x7ffc0000 [ 391.391632][ T7929] loop4: detected capacity change from 0 to 128 [ 394.783865][ T4662] attempt to access beyond end of device [ 394.783865][ T4662] loop4: rw=1, want=1041, limit=128 [ 395.290587][ T7977] loop4: detected capacity change from 0 to 512 [ 395.504970][ T7977] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,min_batch_time=0x000000000000002f,dioread_lock,,errors=continue. Quota mode: writeback. [ 396.520737][ T7977] ext4 filesystem being mounted at /177/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 396.558483][ T7990] loop5: detected capacity change from 0 to 128 [ 396.774722][ T26] kauditd_printk_skb: 20 callbacks suppressed [ 396.774739][ T26] audit: type=1800 audit(1744361533.039:288): pid=7977 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.829" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 396.823836][ T7990] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 397.186985][ T7990] ext4 filesystem being mounted at /125/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 402.234254][ T8029] kvm [8026]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc2 data 0xcf [ 402.314894][ T8029] kvm [8026]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc2 data 0x2d [ 402.383590][ T8029] kvm [8026]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc2 data 0x85 [ 402.504324][ T8050] loop0: detected capacity change from 0 to 2048 [ 402.582198][ T8050] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 406.186990][ T8086] loop8: detected capacity change from 0 to 128 [ 406.525718][ T8079] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 406.833866][ T8086] EXT4-fs (loop8): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 406.860424][ T8079] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 406.941503][ T8086] ext4 filesystem being mounted at /17/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 407.890135][ T8103] loop4: detected capacity change from 0 to 16 [ 408.024714][ T8103] erofs: (device loop4): mounted with root inode @ nid 36. [ 408.275114][ T4170] erofs: (device loop4): z_erofs_lz4_decompress: failed to decompress -26 in[46, 4050] out[9000] [ 408.317886][ T8103] erofs: (device loop4): z_erofs_lz4_decompress: failed to decompress -26 in[46, 4050] out[8192] [ 408.714457][ T26] audit: type=1800 audit(1744361544.679:289): pid=8103 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.857" name="file2" dev="loop4" ino=89 res=0 errno=0 [ 410.324700][ T8135] loop8: detected capacity change from 0 to 256 [ 410.511640][ T8135] exfat: Deprecated parameter 'namecase' [ 410.517440][ T8135] exfat: Deprecated parameter 'utf8' [ 411.594132][ T8135] exfat: Deprecated parameter 'namecase' [ 412.334824][ T8135] exFAT-fs (loop8): failed to load upcase table (idx : 0x00011f41, chksum : 0xe1a8932d, utbl_chksum : 0xe619d30d) [ 413.177849][ T8160] hub 2-0:1.0: USB hub found [ 413.191986][ T8160] hub 2-0:1.0: 1 port detected [ 415.148641][ T8162] netlink: 'syz.5.869': attribute type 4 has an invalid length. [ 415.364919][ T8172] netlink: 4 bytes leftover after parsing attributes in process `syz.4.870'. [ 415.982458][ T8184] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 415.985260][ T8173] loop6: detected capacity change from 0 to 4096 [ 416.297135][ T8173] ntfs: (device loop6): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 416.487648][ T8173] ntfs: (device loop6): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 416.778859][ T8173] ntfs: (device loop6): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 417.015224][ T8173] ntfs: (device loop6): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 417.241864][ T8173] ntfs: (device loop6): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 417.377545][ T8173] ntfs: volume version 3.1. [ 417.391710][ T8173] ntfs: (device loop6): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty. [ 417.425940][ T8173] ntfs: (device loop6): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 417.448458][ T8197] overlayfs: failed to resolve './file1': -2 [ 417.482966][ T8173] ntfs: (device loop6): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 417.510383][ T8173] ntfs: (device loop6): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 418.261082][ T8173] ntfs: (device loop6): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk. [ 425.905330][ T8266] delete_channel: no stack [ 426.400661][ T8283] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 426.407924][ T8283] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 426.414713][ T8283] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 426.421192][ T8283] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 426.427750][ T8283] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 426.434277][ T8283] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 426.440863][ T8283] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 426.447515][ T8283] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 426.454184][ T8283] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 426.460606][ T8283] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 427.875070][ T8294] netlink: 'syz.6.898': attribute type 10 has an invalid length. [ 428.284959][ T8294] device syz_tun entered promiscuous mode [ 428.336177][ T8294] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 428.519006][ T8312] loop6: detected capacity change from 0 to 128 [ 428.613243][ T8316] loop8: detected capacity change from 0 to 256 [ 428.721344][ T8316] exfat: Deprecated parameter 'utf8' [ 428.868830][ T8316] exFAT-fs (loop8): failed to load upcase table (idx : 0x00011e5d, chksum : 0x63a11b78, utbl_chksum : 0xe619d30d) [ 428.921260][ T8319] ufs: You didn't specify the type of your ufs filesystem [ 428.921260][ T8319] [ 428.921260][ T8319] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ... [ 428.921260][ T8319] [ 428.921260][ T8319] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old [ 428.958211][ T8319] ufs: ufstype=old is supported read-only [ 429.504346][ T8319] ufs: ufs_fill_super(): bad magic number [ 430.173637][ T154] attempt to access beyond end of device [ 430.173637][ T154] loop6: rw=1, want=969, limit=128 [ 431.860678][ T8349] netlink: 4 bytes leftover after parsing attributes in process `syz.4.910'. [ 431.924457][ T8349] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 432.555259][ T8349] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 433.365398][ T8356] loop5: detected capacity change from 0 to 4096 [ 434.541328][ T8385] netlink: 4 bytes leftover after parsing attributes in process `syz.4.919'. [ 434.633061][ T8385] device bond_slave_0 entered promiscuous mode [ 434.640026][ T8385] device bond_slave_1 entered promiscuous mode [ 434.699174][ T8385] device macvtap1 entered promiscuous mode [ 434.733865][ T8385] device bond0 entered promiscuous mode [ 434.792292][ T8385] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 434.988768][ T8391] device bond0 left promiscuous mode [ 435.006182][ T8391] device bond_slave_0 left promiscuous mode [ 435.012675][ T8391] device bond_slave_1 left promiscuous mode [ 435.124854][ T8356] ntfs3: loop5: failed to convert name for inode 1e. [ 438.517818][ T8434] loop8: detected capacity change from 0 to 2048 [ 438.989461][ T8434] EXT4-fs (loop8): mounted filesystem without journal. Opts: dioread_nolock,minixdf,nolazytime,bsddf,journal_ioprio=0x0000000000000003,bsddf,,errors=continue. Quota mode: none. [ 439.276140][ T8434] ext4 filesystem being mounted at /36/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 445.131464][ T8530] loop0: detected capacity change from 0 to 2048 [ 445.910322][ T1428] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.916672][ T1428] ieee802154 phy1 wpan1: encryption failed: -22 [ 446.244865][ T8530] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_nolock,minixdf,nolazytime,bsddf,journal_ioprio=0x0000000000000003,bsddf,,errors=continue. Quota mode: none. [ 448.179959][ T8530] ext4 filesystem being mounted at /208/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 452.676119][ T8624] loop4: detected capacity change from 0 to 128 [ 454.081487][ T8624] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 454.191122][ T8624] ext4 filesystem being mounted at /209/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 457.363702][ T8703] loop4: detected capacity change from 0 to 40427 [ 457.603256][ T8703] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 457.611226][ T8703] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 457.695042][ T8703] F2FS-fs (loop4): invalid crc value [ 457.835860][ T8703] F2FS-fs (loop4): Found nat_bits in checkpoint [ 457.975966][ T8703] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 457.983253][ T8703] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 458.385734][ T8722] attempt to access beyond end of device [ 458.385734][ T8722] loop4: rw=2049, want=78344, limit=40427 [ 461.428622][ T8760] loop8: detected capacity change from 0 to 512 [ 461.679521][ T8760] EXT4-fs (loop8): 1 orphan inode deleted [ 461.894360][ T8760] EXT4-fs (loop8): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 462.203298][ T8760] ext4 filesystem being mounted at /48/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 463.984005][ T6087] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 464.451224][ T6087] usb 1-1: config 127 has an invalid interface number: 143 but max is 0 [ 464.544662][ T6087] usb 1-1: config 127 has an invalid descriptor of length 0, skipping remainder of the config [ 464.806215][ T6087] usb 1-1: config 127 has no interface number 0 [ 464.844468][ T6087] usb 1-1: config 127 interface 143 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 64 [ 464.945027][ T6087] usb 1-1: config 127 interface 143 altsetting 0 endpoint 0xA has invalid maxpacket 1032, setting to 1024 [ 464.957311][ T8801] net_ratelimit: 1052 callbacks suppressed [ 464.957335][ T8801] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 465.010314][ T6087] usb 1-1: config 127 interface 143 altsetting 0 endpoint 0xD has invalid maxpacket 520, setting to 64 [ 465.050381][ T6087] usb 1-1: config 127 interface 143 altsetting 0 bulk endpoint 0xF has invalid maxpacket 8 [ 465.080307][ T6087] usb 1-1: config 127 interface 143 altsetting 0 has a duplicate endpoint with address 0x1, skipping [ 465.116550][ T6087] usb 1-1: config 127 interface 143 altsetting 0 bulk endpoint 0xC has invalid maxpacket 8 [ 465.142269][ T6087] usb 1-1: config 127 interface 143 altsetting 0 has 7 endpoint descriptors, different from the interface descriptor's value: 9 [ 465.180371][ T6087] usb 1-1: Dual-Role OTG device on HNP port [ 465.230535][ T6087] usb 1-1: New USB device found, idVendor=1b3d, idProduct=0185, bcdDevice=b5.52 [ 465.250207][ T6087] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 465.280403][ T4653] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 465.330796][ T8777] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 465.339383][ T8777] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 465.341240][ T8811] loop4: detected capacity change from 0 to 64 [ 465.386058][ T8777] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 465.403816][ T8777] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 465.431919][ T6087] ftdi_sio 1-1:127.143: FTDI USB Serial Device converter detected [ 465.463288][ T6087] usb 1-1: Detected FT-X [ 465.520425][ T4653] usb 9-1: Using ep0 maxpacket: 32 [ 465.643369][ T4653] usb 9-1: config 0 has an invalid interface number: 67 but max is 0 [ 465.662136][ T4653] usb 9-1: config 0 has no interface number 0 [ 465.860579][ T4653] usb 9-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 465.869712][ T4653] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 466.119354][ T4653] usb 9-1: Product: syz [ 467.353081][ T4653] usb 9-1: Manufacturer: syz [ 467.357736][ T4653] usb 9-1: SerialNumber: syz [ 467.387004][ T26] kauditd_printk_skb: 4 callbacks suppressed [ 467.387020][ T26] audit: type=1326 audit(1744361603.719:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8845 comm="syz.6.1018" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc4c0636169 code=0x0 [ 467.415177][ C1] vkms_vblank_simulate: vblank timer overrun [ 467.433209][ T8849] loop4: detected capacity change from 0 to 16 [ 467.444775][ T4653] usb 9-1: config 0 descriptor?? [ 467.491795][ T4653] smsc95xx v2.0.0 [ 467.630779][ T6087] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 467.660471][ T6087] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 467.685904][ T8849] erofs: (device loop4): mounted with root inode @ nid 36. [ 467.686391][ T6087] ftdi_sio 1-1:127.143: GPIO initialisation failed: -71 [ 468.202905][ T8857] erofs: (device loop4): erofs_readdir: invalid de[0].nameoff 0 @ nid 36 [ 469.057907][ T6087] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 469.078450][ T6087] usb 1-1: USB disconnect, device number 3 [ 469.092108][ T6087] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 469.131448][ T6087] ftdi_sio 1-1:127.143: device disconnected [ 469.201616][ T4653] smsc95xx 9-1:0.67 (unnamed net_device) (uninitialized): EEPROM read operation timeout [ 469.319571][ T8867] IPVS: length: 205 != 24 [ 469.429222][ T4653] smsc95xx 9-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 469.468177][ T4653] smsc95xx: probe of 9-1:0.67 failed with error -71 [ 469.496023][ T4653] usb 9-1: USB disconnect, device number 2 [ 471.040329][ T8886] loop4: detected capacity change from 0 to 764 [ 471.089714][ T8879] delete_channel: no stack [ 473.517735][ T8905] loop4: detected capacity change from 0 to 128 [ 474.393358][ T8905] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 474.420093][ T8920] loop0: detected capacity change from 0 to 16 [ 474.463703][ T8905] ext4 filesystem being mounted at /222/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 474.495837][ C1] vkms_vblank_simulate: vblank timer overrun [ 474.745812][ T8920] erofs: (device loop0): mounted with root inode @ nid 36. [ 479.077479][ T8975] xt_CT: You must specify a L4 protocol and not use inversions on it [ 487.517331][ T9049] netlink: 64985 bytes leftover after parsing attributes in process `syz.0.1059'. [ 488.447367][ T9056] loop4: detected capacity change from 0 to 128 [ 489.461590][ T9077] loop0: detected capacity change from 0 to 512 [ 489.473176][ T9079] netlink: 28 bytes leftover after parsing attributes in process `syz.8.1062'. [ 491.337637][ T9077] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 491.433026][ T9077] EXT4-fs (loop0): 1 truncate cleaned up [ 491.440423][ T9077] EXT4-fs (loop0): mounted filesystem without journal. Opts: min_batch_time=0x0000000000000200,,errors=continue. Quota mode: none. [ 491.894563][ T4244] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 492.812660][ T9107] device wg2 entered promiscuous mode [ 492.818115][ T26] audit: type=1804 audit(1744361629.149:291): pid=9116 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.1073" name="/newroot/165/file1" dev="fuse" ino=1 res=1 errno=0 [ 492.867357][ T26] audit: type=1800 audit(1744361629.149:292): pid=9116 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1073" name="/" dev="fuse" ino=1 res=0 errno=0 [ 492.937792][ T9125] loop8: detected capacity change from 0 to 128 [ 495.600980][ T4244] usb 5-1: device descriptor read/all, error -71 [ 501.848204][ T9214] loop8: detected capacity change from 0 to 512 [ 501.985608][ T9215] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1100'. [ 502.328609][ T9214] EXT4-fs (loop8): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000004739,inode_readahead_blks=0x0000000000000800,norecovery,,errors=continue. Quota mode: writeback. [ 502.400334][ T6087] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 502.426554][ T9214] ext4 filesystem being mounted at /65/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 502.820973][ T6087] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 503.396204][ T6087] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 503.406270][ T6087] usb 6-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75 [ 503.416024][ T6087] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 503.430210][ T6087] usb 6-1: config 0 descriptor?? [ 503.460439][ T6087] usb 6-1: can't set config #0, error -71 [ 503.489704][ T6087] usb 6-1: USB disconnect, device number 6 [ 504.260513][ T9239] kvm [9236]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc1 data 0x4000 [ 504.316841][ T9239] kvm [9236]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc2 data 0x4000 [ 504.364300][ T9239] kvm [9236]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc2 data 0x4000 [ 506.607846][ T1428] ieee802154 phy0 wpan0: encryption failed: -22 [ 506.619954][ T1428] ieee802154 phy1 wpan1: encryption failed: -22 [ 512.959386][ T4170] Bluetooth: hci3: link tx timeout [ 512.965225][ T4170] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 515.287863][ T9370] loop5: detected capacity change from 0 to 16 [ 515.588493][ T4820] Bluetooth: hci3: command 0x0406 tx timeout [ 515.645494][ T9370] erofs: (device loop5): mounted with root inode @ nid 36. [ 516.313163][ T4170] erofs: (device loop5): z_erofs_lz4_decompress: failed to decompress -26 in[46, 4050] out[9000] [ 516.339492][ T9385] erofs: (device loop5): z_erofs_lz4_decompress: failed to decompress -26 in[46, 4050] out[8192] [ 516.378697][ T26] audit: type=1800 audit(1744361652.699:293): pid=9385 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.1132" name="file2" dev="loop5" ino=89 res=0 errno=0 [ 518.071960][ T9405] device wg2 entered promiscuous mode [ 520.223476][ T9435] exFAT-fs (nbd8): mounting with "discard" option, but the device does not support discard [ 520.587871][ T1092] block nbd8: Attempted send on invalid socket [ 520.594862][ T1092] blk_update_request: I/O error, dev nbd8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 520.608882][ T9435] exFAT-fs (nbd8): unable to read boot sector [ 520.615010][ T9435] exFAT-fs (nbd8): failed to read boot sector [ 520.621265][ T9435] exFAT-fs (nbd8): failed to recognize exfat type [ 520.779344][ T9438] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1148'. [ 520.946505][ T9440] loop8: detected capacity change from 0 to 16 [ 521.122341][ T9440] erofs: (device loop8): mounted with root inode @ nid 36. [ 521.145829][ T9446] loop0: detected capacity change from 0 to 1024 [ 521.360676][ T4170] erofs: (device loop8): z_erofs_lz4_decompress: failed to decompress -26 in[46, 4050] out[9000] [ 521.409552][ T9451] erofs: (device loop8): z_erofs_lz4_decompress: failed to decompress -26 in[46, 4050] out[8192] [ 521.785405][ T26] audit: type=1800 audit(1744361657.769:294): pid=9451 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.8.1151" name="file2" dev="loop8" ino=89 res=0 errno=0 [ 523.751586][ T9474] pit: kvm: requested 1676 ns i8254 timer period limited to 200000 ns [ 526.753435][ T9535] pit: kvm: requested 1676 ns i8254 timer period limited to 200000 ns [ 530.625064][ T9580] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1182'. [ 541.620373][ T9704] lo speed is unknown, defaulting to 1000 [ 541.626577][ T9704] lo speed is unknown, defaulting to 1000 [ 541.635852][ T9704] lo speed is unknown, defaulting to 1000 [ 541.688617][ T9704] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 541.837175][ T9704] lo speed is unknown, defaulting to 1000 [ 541.849851][ T9704] lo speed is unknown, defaulting to 1000 [ 541.862422][ T9704] lo speed is unknown, defaulting to 1000 [ 541.874837][ T9704] lo speed is unknown, defaulting to 1000 [ 541.887111][ T9704] lo speed is unknown, defaulting to 1000 [ 543.387794][ T9742] loop8: detected capacity change from 0 to 512 [ 543.942030][ T9747] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1224'. [ 545.144631][ T9742] EXT4-fs error (device loop8): ext4_orphan_get:1401: inode #15: comm syz.8.1223: casefold flag without casefold feature [ 545.353768][ T9742] EXT4-fs error (device loop8): ext4_orphan_get:1406: comm syz.8.1223: couldn't read orphan inode 15 (err -117) [ 545.427965][ T9742] EXT4-fs (loop8): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 546.554255][ T9776] loop5: detected capacity change from 0 to 1024 [ 551.590348][ T9833] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 551.640509][ T9833] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 554.010801][ T9856] loop8: detected capacity change from 0 to 1024 [ 554.228396][ T9856] EXT4-fs (loop8): Ignoring removed nobh option [ 554.256505][ T9856] EXT4-fs (loop8): Ignoring removed bh option [ 554.609888][ T9856] EXT4-fs (loop8): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 555.085782][ T9856] EXT4-fs (loop8): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,barrier,nouid32,max_dir_size_kb=0x00000000004007b1,noblock_validity,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback. [ 555.435121][ T9856] 9pnet: p9_errstr2errno: server reported unknown error 1844674407370955161 [ 556.564260][ T9900] loop8: detected capacity change from 0 to 256 [ 556.651305][ T9900] exfat: Unknown parameter 'ÿÿ00000000000000000000' [ 557.680991][ T9911] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 557.729379][ T9915] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 563.408621][ T9969] netlink: 72 bytes leftover after parsing attributes in process `syz.6.1277'. [ 564.238749][T10012] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1282'. [ 565.491315][T10026] gfs2: path_lookup on /dev/net/tun returned error -2 [ 566.532382][T10031] binder: 10028:10031 ioctl c0306201 200000000680 returned -14 [ 566.687872][T10037] lo speed is unknown, defaulting to 1000 [ 567.878346][T10046] loop8: detected capacity change from 0 to 2048 [ 568.043901][ T1428] ieee802154 phy0 wpan0: encryption failed: -22 [ 568.050276][ T1428] ieee802154 phy1 wpan1: encryption failed: -22 [ 568.070825][T10046] EXT4-fs (loop8): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 568.115501][T10060] loop0: detected capacity change from 0 to 2048 [ 568.316521][T10060] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 568.753716][T10060] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 568.956636][T10060] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 569.049114][T10060] UDF-fs: Scanning with blocksize 512 failed [ 569.191296][T10060] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 570.196527][T10060] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1296'. [ 570.511513][T10072] pci 0000:00:05.0: vgaarb: changed VGA decodes: olddecodes=none,decodes=none:owns=io+mem [ 575.065390][T10140] loop0: detected capacity change from 0 to 512 [ 575.233284][T10140] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 575.244032][T10140] EXT4-fs (loop0): group descriptors corrupted! [ 579.205997][T10166] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 579.233075][T10166] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 590.392644][T10280] netlink: 52 bytes leftover after parsing attributes in process `syz.5.1345'. [ 594.889957][T10320] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 594.925088][T10320] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 597.670446][ T26] audit: type=1400 audit(1744361733.979:295): apparmor="DENIED" operation="setprocattr" info="fscreate" error=-22 profile="unconfined" pid=10363 comm="syz.4.1362" [ 598.427330][T10377] loop4: detected capacity change from 0 to 2048 [ 599.528385][T10377] EXT4-fs (loop4): mounted filesystem without journal. Opts: min_batch_time=0x000000000000000d,mb_optimize_scan=0x0000000000000001,noblock_validity,,errors=continue. Quota mode: none. [ 599.579254][T10399] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 600.227134][T10410] loop5: detected capacity change from 0 to 40427 [ 600.241407][T10416] fuse: Unknown parameter '0000000000000000000000000000000000000000' [ 600.773575][T10376] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 600.792448][T10376] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 16 with error 28 [ 600.805316][T10376] EXT4-fs (loop4): This should not happen!! Data will be lost [ 600.805316][T10376] [ 600.815058][T10376] EXT4-fs (loop4): Total free blocks count 0 [ 600.821130][T10376] EXT4-fs (loop4): Free/Dirty block details [ 600.827143][T10376] EXT4-fs (loop4): free_blocks=66060288 [ 600.832868][T10376] EXT4-fs (loop4): dirty_blocks=16 [ 600.838112][T10376] EXT4-fs (loop4): Block reservation details [ 600.844354][T10376] EXT4-fs (loop4): i_reserved_data_blocks=1 [ 600.993525][T10410] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12 [ 601.001560][T10410] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 601.013462][T10410] F2FS-fs (loop5): invalid crc value [ 601.104840][T10410] F2FS-fs (loop5): Found nat_bits in checkpoint [ 601.192314][T10410] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 601.199408][T10410] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 603.757663][T10464] loop0: detected capacity change from 0 to 1024 [ 608.829104][T10464] fscrypt: Error allocating hmac(sha512): -2 [ 608.835719][T10464] EXT4-fs (loop0): Error processing option "test_dummy_encryption" [-2] [ 609.449670][T10495] netlink: 71 bytes leftover after parsing attributes in process `syz.0.1390'. [ 610.019280][T10515] lo speed is unknown, defaulting to 1000 [ 615.300447][T10552] loop5: detected capacity change from 0 to 47 [ 615.419571][T10556] loop8: detected capacity change from 0 to 40427 [ 617.172027][T10552] netlink: 'syz.5.1406': attribute type 21 has an invalid length. [ 617.240567][T10556] F2FS-fs (loop8): Invalid log_blocksize (268), supports only 12 [ 617.248626][T10556] F2FS-fs (loop8): Can't find valid F2FS filesystem in 1th superblock [ 617.261868][T10556] F2FS-fs (loop8): invalid crc value [ 617.434911][T10556] F2FS-fs (loop8): Found nat_bits in checkpoint [ 618.411739][T10556] F2FS-fs (loop8): Try to recover 1th superblock, ret: 0 [ 618.418862][T10556] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5 [ 618.525180][T10583] loop4: detected capacity change from 0 to 128 [ 618.934972][T10593] netlink: 32 bytes leftover after parsing attributes in process `syz.6.1417'. [ 619.130002][T10593] netlink: 48 bytes leftover after parsing attributes in process `syz.6.1417'. [ 619.776186][T10593] netlink: 48 bytes leftover after parsing attributes in process `syz.6.1417'. [ 622.166603][T10622] batman_adv: batadv0: Adding interface: dummy0 [ 622.190327][T10622] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. If you experience problems getting traffic through try increasing the MTU to 1560. [ 622.217030][T10622] batman_adv: batadv0: Interface activated: dummy0 [ 622.334655][T10624] batadv0: mtu less than device minimum [ 622.351964][T10624] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0) [ 622.365233][T10624] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0) [ 622.377726][T10624] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0) [ 622.390126][T10624] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0) [ 622.402609][T10624] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0) [ 622.415080][T10624] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0) [ 622.427455][T10624] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0) [ 622.439872][T10624] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0) [ 622.452512][T10624] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0) [ 622.502254][T10627] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 622.517827][T10627] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 623.435463][T10641] loop4: detected capacity change from 0 to 40427 [ 623.485386][T10641] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 623.493349][T10641] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 623.513667][T10641] F2FS-fs (loop4): invalid crc value [ 624.056015][T10641] F2FS-fs (loop4): Found nat_bits in checkpoint [ 624.166620][T10641] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 624.173790][T10641] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 625.358696][T10669] io-wq is not configured for unbound workers [ 627.423566][T10704] loop8: detected capacity change from 0 to 2048 [ 628.688347][T10724] loop4: detected capacity change from 0 to 1024 [ 628.956779][T10704] EXT4-fs (loop8): mounted filesystem without journal. Opts: min_batch_time=0x000000000000000d,mb_optimize_scan=0x0000000000000001,noblock_validity,,errors=continue. Quota mode: none. [ 629.489796][ T1428] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.496246][ T1428] ieee802154 phy1 wpan1: encryption failed: -22 [ 629.909136][T10747] fuse: Unknown parameter '0000000000000000000000000000000000000000' [ 630.612350][T10703] EXT4-fs error (device loop8): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 630.627097][T10703] EXT4-fs (loop8): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 16 with error 28 [ 630.639428][T10703] EXT4-fs (loop8): This should not happen!! Data will be lost [ 630.639428][T10703] [ 630.649253][T10703] EXT4-fs (loop8): Total free blocks count 0 [ 630.655303][T10703] EXT4-fs (loop8): Free/Dirty block details [ 630.661259][T10703] EXT4-fs (loop8): free_blocks=66060288 [ 630.666828][T10703] EXT4-fs (loop8): dirty_blocks=16 [ 630.672079][T10703] EXT4-fs (loop8): Block reservation details [ 630.678077][T10703] EXT4-fs (loop8): i_reserved_data_blocks=1 [ 631.481891][T10724] fscrypt: Error allocating hmac(sha512): -2 [ 631.487940][T10724] EXT4-fs (loop4): Error processing option "test_dummy_encryption" [-2] [ 634.542483][T10786] loop4: detected capacity change from 0 to 47 [ 635.935334][T10786] netlink: 'syz.4.1457': attribute type 21 has an invalid length. [ 636.358719][T10801] minix_free_block (loop4:20): bit already cleared [ 636.393705][T10801] minix_free_block (loop4:21): bit already cleared [ 636.427836][T10801] minix_free_block (loop4:19): bit already cleared [ 636.863888][T10814] loop5: detected capacity change from 0 to 512 [ 637.076806][T10816] lo speed is unknown, defaulting to 1000 [ 638.019603][T10814] EXT4-fs error (device loop5): ext4_validate_block_bitmap:429: comm syz.5.1463: bg 0: block 5: invalid block bitmap [ 638.144721][T10814] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6183: Corrupt filesystem [ 638.200510][T10814] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #11: comm syz.5.1463: invalid indirect mapped block 3 (level 2) [ 638.278069][T10829] 8021q: adding VLAN 0 to HW filter on device bond0 [ 638.296532][T10814] EXT4-fs (loop5): 1 orphan inode deleted [ 638.324631][T10814] EXT4-fs (loop5): 1 truncate cleaned up [ 638.318858][T10829] bond0: (slave rose0): Enslaving as an active interface with an up link [ 638.377205][T10814] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 638.390462][ T4287] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 638.418706][T10840] loop0: detected capacity change from 0 to 512 [ 638.628200][T10840] EXT4-fs (loop0): Ignoring removed nobh option [ 638.659377][T10840] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 639.112295][T10840] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.1468: invalid indirect mapped block 256 (level 2) [ 639.251533][T10848] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1469'. [ 639.290971][T10840] EXT4-fs (loop0): 2 truncates cleaned up [ 639.300244][T10840] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobh,auto_da_alloc,data_err=ignore,nojournal_checksum,dioread_nolock,bsdgroups,,errors=continue. Quota mode: writeback. [ 640.250370][ T26] audit: type=1800 audit(1744361776.459:296): pid=10856 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1468" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 640.493091][T10862] loop8: detected capacity change from 0 to 1024 [ 640.774228][T10862] EXT4-fs (loop8): Quota format mount options ignored when QUOTA feature is enabled [ 640.908563][T10876] x_tables: duplicate underflow at hook 2 [ 641.076343][T10862] EXT4-fs (loop8): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 641.442133][T10862] EXT4-fs (loop8): ext4_check_descriptors: Checksum for group 0 failed (53380!=20869) [ 641.516137][T10862] EXT4-fs (loop8): mounted filesystem without journal. Opts: sysvgroups,noquota,auto_da_alloc=0x0000000000000006,usrjquota=,norecovery,errors=remount-ro,min_batch_time=0x0000000000000005,jqfmt=vfsv1,. Quota mode: writeback. [ 647.650559][T10934] loop8: detected capacity change from 0 to 128 [ 648.026387][T10940] loop4: detected capacity change from 0 to 1024 [ 653.460830][T10999] loop5: detected capacity change from 0 to 128 [ 656.187767][T11016] MPTCP: kernel_bind error, err=-98 [ 660.276184][T11061] loop8: detected capacity change from 0 to 512 [ 661.317679][T11061] EXT4-fs (loop8): 1 orphan inode deleted [ 661.348856][T11061] EXT4-fs (loop8): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 661.424220][T11061] ext4 filesystem being mounted at /151/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 668.416370][T11139] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 668.477267][T11154] Illegal XDP return value 4294967274, expect packet loss! [ 668.497659][T11139] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 668.685070][T11166] loop8: detected capacity change from 0 to 1024 [ 673.440877][T11218] netlink: 'syz.0.1547': attribute type 10 has an invalid length. [ 673.611167][T11218] device syz_tun entered promiscuous mode [ 673.659955][T11218] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 674.651867][ T26] audit: type=1326 audit(1744361810.977:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11228 comm="syz.6.1549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4c0636169 code=0x7ffc0000 [ 675.286171][ T26] audit: type=1326 audit(1744361810.977:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11228 comm="syz.6.1549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc4c0636169 code=0x7ffc0000 [ 675.766208][ T26] audit: type=1326 audit(1744361810.977:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11228 comm="syz.6.1549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4c0636169 code=0x7ffc0000 [ 675.789093][ T26] audit: type=1326 audit(1744361810.977:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11228 comm="syz.6.1549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc4c0636169 code=0x7ffc0000 [ 675.816122][ T26] audit: type=1326 audit(1744361810.977:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11228 comm="syz.6.1549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4c0636169 code=0x7ffc0000 [ 676.224472][ T26] audit: type=1326 audit(1744361810.987:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11228 comm="syz.6.1549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fc4c0636169 code=0x7ffc0000 [ 677.417583][ T26] audit: type=1326 audit(1744361810.987:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11228 comm="syz.6.1549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4c0636169 code=0x7ffc0000 [ 677.640645][ T6086] Bluetooth: hci3: command 0x0406 tx timeout [ 677.842595][ T26] audit: type=1326 audit(1744361810.987:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11228 comm="syz.6.1549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc4c0636169 code=0x7ffc0000 [ 678.553765][ T26] audit: type=1326 audit(1744361810.987:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11228 comm="syz.6.1549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4c0636169 code=0x7ffc0000 [ 678.755659][ T26] audit: type=1326 audit(1744361810.987:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11228 comm="syz.6.1549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc4c0636169 code=0x7ffc0000 [ 679.160380][T11280] xt_CHECKSUM: unsupported CHECKSUM operation 68 [ 682.054469][T11300] loop4: detected capacity change from 0 to 512 [ 682.290687][T11300] EXT4-fs error (device loop4): ext4_orphan_get:1401: inode #15: comm syz.4.1566: casefold flag without casefold feature [ 683.089167][T11300] EXT4-fs error (device loop4): ext4_orphan_get:1406: comm syz.4.1566: couldn't read orphan inode 15 (err -117) [ 683.152849][T11300] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 687.041662][T11354] netlink: 'syz.4.1577': attribute type 9 has an invalid length. [ 687.136437][T11354] loop4: detected capacity change from 0 to 1024 [ 688.428950][T11354] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 689.568406][T11403] IPv6: ADDRCONF(NETDEV_CHANGE): syz_tun: link becomes ready [ 689.580811][T11403] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 689.597916][T11403] IPv6: ADDRCONF(NETDEV_CHANGE): dummy0: link becomes ready [ 689.610986][T11403] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 689.620002][T11403] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 690.667497][T11416] loop5: detected capacity change from 0 to 2048 [ 690.940868][ T1428] ieee802154 phy0 wpan0: encryption failed: -22 [ 690.949686][ T1428] ieee802154 phy1 wpan1: encryption failed: -22 [ 691.542229][T11416] UDF-fs: bad mount option "anchor=00000000002147483649" or missing value [ 691.558959][T11420] loop8: detected capacity change from 0 to 2048 [ 692.555273][T11420] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 693.417864][T11432] loop4: detected capacity change from 0 to 512 [ 693.846796][T11432] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,auto_da_alloc,minixdf,,errors=continue. Quota mode: writeback. [ 693.915923][T11432] ext4 filesystem being mounted at /333/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 694.509007][T11449] tipc: Started in network mode [ 694.514077][T11449] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 694.523150][T11449] tipc: Enabling of bearer rejected, failed to enable media [ 697.742012][T11475] loop8: detected capacity change from 0 to 24 [ 697.889591][T11475] MTD: Attempt to mount non-MTD device "/dev/loop8" [ 697.945313][T11475] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 700.004586][T11507] loop0: detected capacity change from 0 to 16 [ 700.725111][T11503] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 700.745514][T11507] erofs: (device loop0): erofs_fc_fill_super: rootino(nid 36) is not a directory(i_mode 125300) [ 700.800481][T11503] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 702.644107][T11539] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1623'. [ 702.653942][T11539] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1623'. [ 702.663317][T11539] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1623'. [ 703.736413][T11538] loop0: detected capacity change from 0 to 1024 [ 704.047831][T11550] loop4: detected capacity change from 0 to 4096 [ 704.278604][T11550] NILFS (loop4): invalid segment: Checksum error in segment payload [ 704.287525][T11550] NILFS (loop4): trying rollback from an earlier position [ 704.414380][T11550] NILFS (loop4): recovery complete [ 704.444979][T11538] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 704.548603][T11556] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 704.842790][T11561] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 705.206603][ T26] kauditd_printk_skb: 2 callbacks suppressed [ 705.206620][ T26] audit: type=1800 audit(1744361841.527:309): pid=11550 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1627" name="file1" dev="loop4" ino=12 res=0 errno=0 [ 705.287700][ T26] audit: type=1800 audit(1744361841.577:310): pid=11550 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1627" name="file1" dev="loop4" ino=12 res=0 errno=0 [ 707.045532][T11582] loop0: detected capacity change from 0 to 2048 [ 707.794013][T11582] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 711.412995][T11606] loop8: detected capacity change from 0 to 1024 [ 713.770809][ T4287] hfsplus: b-tree write err: -5, ino 4 [ 715.715551][T11646] Cannot find del_set index 4 as target [ 715.757124][T11646] syz.0.1652 uses old SIOCAX25GETINFO [ 718.414632][T11669] ipt_CLUSTERIP: no config found for 127.0.0.1, need 'new' [ 720.390415][ T26] audit: type=1326 audit(1744361856.727:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11687 comm="syz.0.1663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc564be3169 code=0x7ffc0000 [ 720.441638][T11690] loop0: detected capacity change from 0 to 128 [ 720.931423][ T26] audit: type=1326 audit(1744361856.737:312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11687 comm="syz.0.1663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fc564be3169 code=0x7ffc0000 [ 720.966756][ T26] audit: type=1326 audit(1744361856.737:313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11687 comm="syz.0.1663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc564be3169 code=0x7ffc0000 [ 721.018327][T11690] tipc: Started in network mode [ 721.048898][T11690] tipc: Node identity 4, cluster identity 4711 [ 721.106378][T11690] tipc: Node number set to 4 [ 721.186131][ T26] audit: type=1326 audit(1744361856.737:314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11687 comm="syz.0.1663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fc564be3169 code=0x7ffc0000 [ 721.251378][ T26] audit: type=1326 audit(1744361856.737:315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11687 comm="syz.0.1663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc564be3169 code=0x7ffc0000 [ 721.331222][ T26] audit: type=1326 audit(1744361856.737:316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11687 comm="syz.0.1663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc564be1ad0 code=0x7ffc0000 [ 721.354541][ T26] audit: type=1326 audit(1744361856.737:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11687 comm="syz.0.1663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fc564be4997 code=0x7ffc0000 [ 721.792353][ T26] audit: type=1326 audit(1744361856.737:318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11687 comm="syz.0.1663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc564be3169 code=0x7ffc0000 [ 722.426073][ T26] audit: type=1326 audit(1744361856.737:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11687 comm="syz.0.1663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fc564be4997 code=0x7ffc0000 [ 722.711193][ T26] audit: type=1326 audit(1744361856.737:320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11687 comm="syz.0.1663" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fc564be1dca code=0x7ffc0000 [ 726.678055][T11740] lo speed is unknown, defaulting to 1000 [ 731.263541][T11758] netlink: 'syz.8.1684': attribute type 10 has an invalid length. [ 731.310868][T11758] device syz_tun entered promiscuous mode [ 731.324459][T11767] loop5: detected capacity change from 0 to 1024 [ 731.589046][T11758] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 731.643010][T11767] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 732.980948][T11803] loop0: detected capacity change from 0 to 512 [ 734.098046][T11765] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 734.113798][T11765] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 32 with error 28 [ 734.126275][T11765] EXT4-fs (loop5): This should not happen!! Data will be lost [ 734.126275][T11765] [ 734.136341][T11765] EXT4-fs (loop5): Total free blocks count 0 [ 734.142670][T11765] EXT4-fs (loop5): Free/Dirty block details [ 734.148767][T11765] EXT4-fs (loop5): free_blocks=68451041280 [ 734.154775][T11765] EXT4-fs (loop5): dirty_blocks=32 [ 734.159920][T11765] EXT4-fs (loop5): Block reservation details [ 734.166113][T11765] EXT4-fs (loop5): i_reserved_data_blocks=2 [ 734.392677][T11803] EXT4-fs (loop0): 1 orphan inode deleted [ 734.398569][T11803] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 734.436379][T11808] lo speed is unknown, defaulting to 1000 [ 734.676231][T11803] ext4 filesystem being mounted at /353/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 736.369152][T11824] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 736.377649][T11824] usb usb1: Process 11824 (syz.8.1696) called USBDEVFS_CLEAR_HALT for active endpoint 0x81 [ 738.283359][T11852] lo speed is unknown, defaulting to 1000 [ 742.180401][T11882] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 742.180401][T11882] The task syz.0.1710 (11882) triggered the difference, watch for misbehavior. [ 745.274729][T11913] loop5: detected capacity change from 0 to 2048 [ 746.091308][T11913] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 752.631097][ T1428] ieee802154 phy0 wpan0: encryption failed: -22 [ 752.637439][ T1428] ieee802154 phy1 wpan1: encryption failed: -22 [ 752.930336][ T26] kauditd_printk_skb: 48 callbacks suppressed [ 752.930354][ T26] audit: type=1326 audit(1744361889.257:369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11994 comm="syz.5.1745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7ea008169 code=0x7ffc0000 [ 753.670223][ T26] audit: type=1326 audit(1744361889.347:370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11994 comm="syz.5.1745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fe7ea008169 code=0x7ffc0000 [ 753.670269][ T26] audit: type=1326 audit(1744361889.347:371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11994 comm="syz.5.1745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7ea008169 code=0x7ffc0000 [ 753.670306][ T26] audit: type=1326 audit(1744361889.347:372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11994 comm="syz.5.1745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7ea008169 code=0x7ffc0000 [ 753.670343][ T26] audit: type=1326 audit(1744361889.447:373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11994 comm="syz.5.1745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fe7ea008169 code=0x7ffc0000 [ 753.670378][ T26] audit: type=1326 audit(1744361889.987:374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11994 comm="syz.5.1745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7ea008169 code=0x7ffc0000 [ 753.670414][ T26] audit: type=1326 audit(1744361889.987:375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11994 comm="syz.5.1745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7ea008169 code=0x7ffc0000 [ 753.670450][ T26] audit: type=1326 audit(1744361889.997:376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11994 comm="syz.5.1745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7fe7ea008169 code=0x7ffc0000 [ 753.670485][ T26] audit: type=1326 audit(1744361889.997:377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11994 comm="syz.5.1745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7ea008169 code=0x7ffc0000 [ 753.670520][ T26] audit: type=1326 audit(1744361889.997:378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11994 comm="syz.5.1745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=199 compat=0 ip=0x7fe7ea008169 code=0x7ffc0000 [ 753.706042][T11996] loop5: detected capacity change from 0 to 128 [ 753.758431][T12003] loop4: detected capacity change from 0 to 1024 [ 756.374547][T12003] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 757.718581][T12028] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 757.908595][T12002] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 757.923746][T12002] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 32 with error 28 [ 757.936262][T12002] EXT4-fs (loop4): This should not happen!! Data will be lost [ 757.936262][T12002] [ 757.945950][T12002] EXT4-fs (loop4): Total free blocks count 0 [ 757.951963][T12002] EXT4-fs (loop4): Free/Dirty block details [ 757.957875][T12002] EXT4-fs (loop4): free_blocks=68451041280 [ 757.963916][T12002] EXT4-fs (loop4): dirty_blocks=32 [ 757.969031][T12002] EXT4-fs (loop4): Block reservation details [ 757.975063][T12002] EXT4-fs (loop4): i_reserved_data_blocks=2 [ 760.504843][T12061] loop5: detected capacity change from 0 to 40427 [ 760.567358][T12061] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12 [ 760.575299][T12061] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 760.592664][T12061] F2FS-fs (loop5): invalid crc value [ 760.664366][T12061] F2FS-fs (loop5): Found nat_bits in checkpoint [ 760.755931][T12061] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 760.763357][T12061] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 762.759646][T12082] loop4: detected capacity change from 0 to 1024 [ 763.455187][T12082] EXT4-fs (loop4): Ignoring removed orlov option [ 763.456903][ T4990] attempt to access beyond end of device [ 763.456903][ T4990] loop5: rw=2049, want=40968, limit=40427 [ 763.461641][T12082] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option [ 763.667482][T12082] EXT4-fs (loop4): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 763.689861][ C0] vkms_vblank_simulate: vblank timer overrun [ 764.346268][T12099] loop0: detected capacity change from 0 to 256 [ 764.576685][T12099] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 765.628880][T12105] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 767.283787][T12134] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 771.338270][T12171] x_tables: duplicate underflow at hook 2 [ 776.311156][T12209] loop4: detected capacity change from 0 to 40427 [ 776.326303][T12213] netlink: 'syz.8.1803': attribute type 9 has an invalid length. [ 776.490291][T12213] loop8: detected capacity change from 0 to 1024 [ 776.518558][T12209] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 776.526539][T12209] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 776.558694][T12209] F2FS-fs (loop4): invalid crc value [ 776.726495][T12209] F2FS-fs (loop4): Found nat_bits in checkpoint [ 776.828763][T12209] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 776.836027][T12209] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 777.183741][T12213] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 779.553490][ T4178] attempt to access beyond end of device [ 779.553490][ T4178] loop4: rw=2049, want=40968, limit=40427 [ 779.913254][T12245] loop5: detected capacity change from 0 to 2048 [ 780.028108][T12247] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1810'. [ 780.301393][T12245] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 781.976547][T12253] blk_update_request: I/O error, dev loop17, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 781.988764][T12253] F2FS-fs (loop17): Unable to read 1th superblock [ 781.995557][T12253] blk_update_request: I/O error, dev loop17, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 782.006640][T12253] F2FS-fs (loop17): Unable to read 2th superblock [ 783.383855][T12267] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1818'. [ 786.045273][T12289] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1824'. [ 786.215063][T12295] netlink: 'syz.0.1826': attribute type 7 has an invalid length. [ 786.225518][T12295] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1826'. [ 786.281926][T12301] netlink: 44 bytes leftover after parsing attributes in process `syz.5.1825'. [ 789.653621][T12331] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1834'. [ 791.332534][T12351] loop4: detected capacity change from 0 to 1024 [ 791.457891][T12351] EXT4-fs (loop4): Quota format mount options ignored when QUOTA feature is enabled [ 791.496621][T12351] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 791.548383][T12351] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (53380!=20869) [ 792.992049][T12351] EXT4-fs (loop4): mounted filesystem without journal. Opts: sysvgroups,noquota,auto_da_alloc=0x0000000000000006,usrjquota=,norecovery,errors=remount-ro,min_batch_time=0x0000000000000005,jqfmt=vfsv1,. Quota mode: writeback. [ 793.041452][T12357] loop8: detected capacity change from 0 to 2048 [ 793.180390][T12357] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 793.314752][T12373] loop5: detected capacity change from 0 to 2048 [ 793.917460][T12373] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 801.034349][T12438] device macsec0 entered promiscuous mode [ 803.057438][T12442] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 803.074098][T12440] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 803.204526][T12442] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 803.220297][T12440] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 804.976169][T12471] loop5: detected capacity change from 0 to 512 [ 805.177451][T12471] EXT4-fs (loop5): 1 orphan inode deleted [ 805.188805][T12471] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 806.042325][T12471] ext4 filesystem being mounted at /309/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 806.885834][T12493] loop0: detected capacity change from 0 to 2048 [ 806.926490][T12494] loop8: detected capacity change from 0 to 1024 [ 807.113626][T12494] EXT4-fs (loop8): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 807.155311][T12494] EXT4-fs (loop8): ext4_check_descriptors: Checksum for group 0 failed (14919!=20869) [ 807.768817][T12494] EXT4-fs (loop8): invalid journal inode [ 807.780249][T12494] EXT4-fs (loop8): can't get journal size [ 808.021845][T12494] EXT4-fs error (device loop8): ext4_protect_reserved_inode:182: inode #3: comm syz.8.1878: blocks 2-2 from inode overlap system zone [ 808.066691][T12494] EXT4-fs (loop8): failed to initialize system zone (-117) [ 808.069477][T12493] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 808.076108][T12494] EXT4-fs (loop8): mount failed [ 813.381751][T12557] loop5: detected capacity change from 0 to 1024 [ 813.568608][T12557] EXT4-fs (loop5): Ignoring removed orlov option [ 813.575227][T12557] EXT4-fs (loop5): Ignoring removed nomblk_io_submit option [ 813.806216][ T1428] ieee802154 phy0 wpan0: encryption failed: -22 [ 813.815818][ T1428] ieee802154 phy1 wpan1: encryption failed: -22 [ 814.048245][T12557] EXT4-fs (loop5): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 814.954363][T12570] tipc: New replicast peer: 255.255.255.255 [ 814.961504][T12570] tipc: Enabled bearer , priority 10 [ 816.540552][T12593] loop4: detected capacity change from 0 to 128 [ 817.851003][T12605] loop8: detected capacity change from 0 to 256 [ 820.319277][T12623] lo speed is unknown, defaulting to 1000 [ 826.687081][T12673] lo speed is unknown, defaulting to 1000 [ 833.762135][T12742] xt_CT: No such helper "snmp" [ 838.309728][T12787] loop8: detected capacity change from 0 to 2048 [ 838.409399][T12787] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 838.714027][T12793] loop5: detected capacity change from 0 to 2048 [ 839.031420][T12793] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 842.900988][T12827] loop5: detected capacity change from 0 to 4096 [ 842.983340][T12827] NILFS (loop5): invalid segment: Checksum error in segment payload [ 842.991513][T12827] NILFS (loop5): trying rollback from an earlier position [ 843.020972][T12827] NILFS (loop5): recovery complete [ 843.152123][T12834] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 843.193137][ T26] kauditd_printk_skb: 52 callbacks suppressed [ 843.193153][ T26] audit: type=1800 audit(1744361979.527:431): pid=12827 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1960" name="file1" dev="loop5" ino=12 res=0 errno=0 [ 843.266214][T12837] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 843.281174][T12837] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 843.290152][T12837] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 843.298910][T12837] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 843.307810][T12837] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 843.316465][T12837] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 843.325957][T12837] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 843.340181][T12837] IPv6: ADDRCONF(NETDEV_CHANGE): syz_tun: link becomes ready [ 843.358485][T12837] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 843.367625][T12837] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 844.020603][ T26] audit: type=1800 audit(1744361979.557:432): pid=12827 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1960" name="file1" dev="loop5" ino=12 res=0 errno=0 [ 844.762172][T12854] loop4: detected capacity change from 0 to 2048 [ 846.500983][T12854] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 851.545624][T12925] loop0: detected capacity change from 0 to 1024 [ 851.729338][T12925] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 851.767400][T12925] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (14919!=20869) [ 851.804330][T12925] EXT4-fs (loop0): invalid journal inode [ 852.348318][T12925] EXT4-fs (loop0): can't get journal size [ 852.371420][T12925] EXT4-fs error (device loop0): ext4_protect_reserved_inode:182: inode #3: comm syz.0.1982: blocks 2-2 from inode overlap system zone [ 852.394035][T12925] EXT4-fs (loop0): failed to initialize system zone (-117) [ 852.525705][T12925] EXT4-fs (loop0): mount failed [ 852.584108][T12943] netlink: 'syz.6.1993': attribute type 10 has an invalid length. [ 855.410879][T12974] netlink: 'syz.0.2001': attribute type 1 has an invalid length. [ 855.448844][T12974] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2001'. [ 856.826344][T13004] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 857.616217][T12998] loop8: detected capacity change from 0 to 32768 [ 861.298107][T13042] tipc: Started in network mode [ 861.303160][T13042] tipc: Node identity 4, cluster identity 4711 [ 861.309404][T13042] tipc: Node number set to 4 [ 862.241879][T13047] loop5: detected capacity change from 0 to 1024 [ 864.890028][T13047] fscrypt: Error allocating hmac(sha512): -2 [ 866.411153][T13047] EXT4-fs (loop5): Error processing option "test_dummy_encryption" [-2] [ 874.852979][T13178] loop4: detected capacity change from 0 to 512 [ 875.323358][ T1428] ieee802154 phy0 wpan0: encryption failed: -22 [ 875.335305][ T1428] ieee802154 phy1 wpan1: encryption failed: -22 [ 875.995557][T13178] EXT4-fs (loop4): Unrecognized mount option "subj_role=" or missing value [ 878.149561][T13201] loop5: detected capacity change from 0 to 32768 [ 878.949946][T13203] netlink: 20 bytes leftover after parsing attributes in process `syz.8.2062'. [ 879.979681][T13218] lo speed is unknown, defaulting to 1000 [ 881.104307][T13221] loop0: detected capacity change from 0 to 40427 [ 881.154401][T13221] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 881.162242][T13221] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 881.176528][T13221] F2FS-fs (loop0): invalid crc value [ 881.486664][T13221] F2FS-fs (loop0): Found nat_bits in checkpoint [ 881.720464][T13221] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 881.727714][T13221] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 883.801033][ T4169] attempt to access beyond end of device [ 883.801033][ T4169] loop0: rw=2049, want=40968, limit=40427 [ 884.888762][T13256] loop5: detected capacity change from 0 to 2048 [ 885.246326][T13260] loop4: detected capacity change from 0 to 32768 [ 886.495337][T13256] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 890.788574][T13311] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 890.815563][T13311] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 891.226254][T13327] loop8: detected capacity change from 0 to 256 [ 891.371078][T13327] FAT-fs (loop8): Unrecognized mount option "shortname=mihed" or missing value [ 894.735805][T13341] SET target dimension over the limit! [ 895.191741][T13345] loop0: detected capacity change from 0 to 8 [ 895.413401][T13344] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 895.469885][T13345] squashfs image failed sanity check [ 895.490460][T13344] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 895.518922][T13349] netlink: 'syz.6.2098': attribute type 10 has an invalid length. [ 895.592403][T13345] loop0: detected capacity change from 0 to 256 [ 895.759190][T13345] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 895.792584][T13352] loop8: detected capacity change from 0 to 8 [ 895.868586][T13352] squashfs image failed sanity check [ 897.402749][T13352] loop8: detected capacity change from 0 to 256 [ 898.060746][T13362] dlm: no locking on control device [ 898.071866][T13352] FAT-fs (loop8): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 898.821292][T13371] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 898.864449][T13371] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 900.955632][T13396] loop8: detected capacity change from 0 to 1024 [ 900.967262][T13391] delete_channel: no stack [ 901.034310][T13399] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2110'. [ 903.883826][T13396] fscrypt: Error allocating hmac(sha512): -2 [ 903.883863][T13396] EXT4-fs (loop8): Error processing option "test_dummy_encryption" [-2] [ 904.774870][T13421] loop0: detected capacity change from 0 to 40427 [ 904.941710][T13421] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 904.949846][T13421] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 904.961324][T13421] F2FS-fs (loop0): invalid crc value [ 905.218145][T13421] F2FS-fs (loop0): Found nat_bits in checkpoint [ 906.079189][T13421] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 906.086544][T13421] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 908.345299][T13451] loop4: detected capacity change from 0 to 512 [ 908.954448][T13451] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 908.999197][T13451] EXT4-fs (loop4): warning: checktime reached, running e2fsck is recommended [ 909.012602][T13451] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c01c, mo2=0002] [ 909.020785][T13451] System zones: 0-2, 18-18, 34-34 [ 909.060634][T13451] EXT4-fs warning (device loop4): ext4_update_dynamic_rev:1062: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 909.087468][T13451] EXT4-fs (loop4): 1 truncate cleaned up [ 909.093317][T13451] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 909.408760][T13461] loop8: detected capacity change from 0 to 16 [ 909.451251][T13461] MTD: Attempt to mount non-MTD device "/dev/loop8" [ 909.509582][T13466] loop5: detected capacity change from 0 to 256 [ 909.634596][T13466] FAT-fs (loop5): Unrecognized mount option "shortname=mihed" or missing value [ 910.767343][T13478] loop0: detected capacity change from 0 to 40427 [ 910.859213][T13478] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 910.867085][T13478] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 910.894488][T13478] F2FS-fs (loop0): invalid crc value [ 911.022309][T13478] F2FS-fs (loop0): Found nat_bits in checkpoint [ 911.076061][T13478] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 911.083696][T13478] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 911.420925][T13489] loop8: detected capacity change from 0 to 8192 [ 912.071741][ T26] audit: type=1800 audit(1744362048.377:433): pid=13492 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.2130" name="file1" dev="loop8" ino=1048640 res=0 errno=0 [ 919.698666][T13546] Invalid ELF header type: 0 != 1 [ 919.726521][T13546] 9pnet: Insufficient options for proto=fd [ 920.472624][T13552] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2143'. [ 920.483648][T13552] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2143'. [ 921.418921][T13562] autofs4:pid:13562:autofs_fill_super: called with bogus options [ 922.284275][T13573] autofs4:pid:13573:autofs_fill_super: called with bogus options [ 923.613684][T13577] loop5: detected capacity change from 0 to 2048 [ 923.839279][T13586] loop0: detected capacity change from 0 to 256 [ 927.694656][T13610] netlink: 256 bytes leftover after parsing attributes in process `syz.0.2155'. [ 927.703840][T13610] netlink: 72 bytes leftover after parsing attributes in process `syz.0.2155'. [ 928.484853][T13619] xt_TCPMSS: Only works on TCP SYN packets [ 929.370891][T13623] autofs4:pid:13623:autofs_fill_super: called with bogus options [ 932.250976][T13641] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2166'. [ 932.578472][T13645] loop5: detected capacity change from 0 to 512 [ 933.268500][ T26] audit: type=1326 audit(1744362069.597:434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13649 comm="syz.8.2171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcad4547169 code=0x7ffc0000 [ 933.291389][ T26] audit: type=1326 audit(1744362069.597:435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13649 comm="syz.8.2171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcad4547169 code=0x7ffc0000 [ 933.314064][ T26] audit: type=1326 audit(1744362069.597:436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13649 comm="syz.8.2171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fcad4547169 code=0x7ffc0000 [ 933.321554][T13645] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended [ 933.359986][ T26] audit: type=1326 audit(1744362069.597:437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13649 comm="syz.8.2171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcad4547169 code=0x7ffc0000 [ 933.398250][ T26] audit: type=1326 audit(1744362069.597:438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13649 comm="syz.8.2171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcad4547169 code=0x7ffc0000 [ 933.430402][T13645] EXT4-fs (loop5): warning: checktime reached, running e2fsck is recommended [ 933.443818][T13645] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c01c, mo2=0002] [ 933.452006][T13645] System zones: 0-2, 18-18, 34-34 [ 933.495513][ T26] audit: type=1326 audit(1744362069.597:439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13649 comm="syz.8.2171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fcad4547169 code=0x7ffc0000 [ 933.532696][ T26] audit: type=1326 audit(1744362069.597:440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13649 comm="syz.8.2171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcad4547169 code=0x7ffc0000 [ 933.604551][T13645] EXT4-fs warning (device loop5): ext4_update_dynamic_rev:1062: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 933.623678][ T26] audit: type=1326 audit(1744362069.597:441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13649 comm="syz.8.2171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcad4547169 code=0x7ffc0000 [ 933.724826][ T26] audit: type=1326 audit(1744362069.597:442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13649 comm="syz.8.2171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7fcad4547169 code=0x7ffc0000 [ 933.763216][ T26] audit: type=1326 audit(1744362069.597:443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13649 comm="syz.8.2171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcad4547169 code=0x7ffc0000 [ 933.815562][T13645] EXT4-fs (loop5): 1 truncate cleaned up [ 933.821415][T13645] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 936.872581][ T1428] ieee802154 phy0 wpan0: encryption failed: -22 [ 936.879095][ T1428] ieee802154 phy1 wpan1: encryption failed: -22 [ 938.935461][T13708] loop0: detected capacity change from 0 to 256 [ 940.360613][ T26] kauditd_printk_skb: 35 callbacks suppressed [ 940.360629][ T26] audit: type=1800 audit(1744362076.697:479): pid=13711 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2186" name="bus" dev="loop0" ino=1048641 res=0 errno=0 [ 942.078117][T13730] loop0: detected capacity change from 0 to 512 [ 942.209530][T13730] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 942.360689][T13730] EXT4-fs (loop0): warning: checktime reached, running e2fsck is recommended [ 942.379797][T13730] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c01c, mo2=0002] [ 942.388467][T13730] System zones: 0-2, 18-18, 34-34 [ 942.469539][T13730] EXT4-fs warning (device loop0): ext4_update_dynamic_rev:1062: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 942.500296][T13730] EXT4-fs (loop0): 1 truncate cleaned up [ 942.506379][T13730] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 948.055105][T13765] bridge0: port 1(bridge_slave_0) entered disabled state [ 948.141340][T13769] device bridge_slave_1 left promiscuous mode [ 948.173385][T13769] bridge0: port 2(bridge_slave_1) entered disabled state [ 948.398404][T13769] device bridge_slave_0 left promiscuous mode [ 948.515490][T13769] bridge0: port 1(bridge_slave_0) entered disabled state [ 948.600706][T13776] loop0: detected capacity change from 0 to 2048 [ 949.132922][T13776] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 951.911561][ T6087] Bluetooth: hci4: command 0x0409 tx timeout [ 952.498296][T13814] loop8: detected capacity change from 0 to 128 [ 952.714878][T13814] EXT4-fs (loop8): mounted filesystem without journal. Opts: lazytime,,errors=continue. Quota mode: none. [ 952.892023][T13814] ext4 filesystem being mounted at /291/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 953.167629][T13781] lo speed is unknown, defaulting to 1000 [ 953.656994][ T4287] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 954.112692][ T2238] Bluetooth: hci4: command 0x041b tx timeout [ 954.825303][ T4287] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 955.721906][ T4287] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 956.064729][T13857] xt_NFQUEUE: number of total queues is 0 [ 956.086990][ T4287] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 956.303943][T13781] chnl_net:caif_netlink_parms(): no params data found [ 956.317096][T13857] RDS: rds_bind could not find a transport for ::ffff:100.1.1.2, load rds_tcp or rds_rdma? [ 956.549283][ T2238] Bluetooth: hci4: command 0x040f tx timeout [ 957.849691][T13866] loop8: detected capacity change from 0 to 2048 [ 957.975167][T13866] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 958.581142][T13781] bridge0: port 1(bridge_slave_0) entered blocking state [ 958.731978][T13781] bridge0: port 1(bridge_slave_0) entered disabled state [ 958.775774][T13781] device bridge_slave_0 entered promiscuous mode [ 958.811484][T13781] bridge0: port 2(bridge_slave_1) entered blocking state [ 958.822045][T13781] bridge0: port 2(bridge_slave_1) entered disabled state [ 959.931696][T13781] device bridge_slave_1 entered promiscuous mode [ 960.132676][ T6086] Bluetooth: hci4: command 0x0419 tx timeout [ 960.383131][ T4287] tipc: Left network mode [ 961.536999][T13901] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(6) [ 961.544389][T13901] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 961.553661][T13901] vhci_hcd vhci_hcd.0: Device attached [ 961.840330][T13889] usb 43-1: new low-speed USB device number 2 using vhci_hcd [ 962.752839][T13781] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 962.811434][T13781] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 963.655482][T13781] team0: Port device team_slave_0 added [ 963.665381][T13781] team0: Port device team_slave_1 added [ 964.782457][T13781] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 964.820842][T13781] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 965.000156][T13781] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 965.052492][T13781] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 965.059709][T13781] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 965.087053][T13781] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 965.725651][T13781] device hsr_slave_0 entered promiscuous mode [ 965.779305][T13781] device hsr_slave_1 entered promiscuous mode [ 965.909501][T13781] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 966.415157][T13781] Cannot create hsr debugfs directory [ 967.063116][T13781] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 967.097054][T13781] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 967.139067][T13781] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 968.186807][T13781] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 969.524078][T13992] xt_TCPMSS: Only works on TCP SYN packets [ 971.020776][ T4287] device hsr_slave_0 left promiscuous mode [ 971.150160][ T4287] device hsr_slave_1 left promiscuous mode [ 971.184584][ T4287] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 971.207144][ T4287] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 971.293839][ T4287] device veth1_macvtap left promiscuous mode [ 971.402088][ T4287] device veth0_macvtap left promiscuous mode [ 971.522354][ T4287] device veth1_vlan left promiscuous mode [ 971.667811][ T4287] device veth0_vlan left promiscuous mode [ 974.075273][ T4287] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 974.132549][ T4287] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 975.060692][ T4287] bond0 (unregistering): Released all slaves [ 975.250325][T13781] 8021q: adding VLAN 0 to HW filter on device bond0 [ 975.277734][ T5429] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 975.341619][ T5429] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 975.486021][T13781] 8021q: adding VLAN 0 to HW filter on device team0 [ 975.556468][ T9135] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 975.586483][ T9135] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 975.626733][ T9135] bridge0: port 1(bridge_slave_0) entered blocking state [ 975.633931][ T9135] bridge0: port 1(bridge_slave_0) entered forwarding state [ 975.835587][T13781] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 975.846417][T13781] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 976.412141][ T9135] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 976.420664][ T9135] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 976.429779][ T9135] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 976.481100][ T9135] bridge0: port 2(bridge_slave_1) entered blocking state [ 976.488250][ T9135] bridge0: port 2(bridge_slave_1) entered forwarding state [ 976.688744][ T9135] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 976.739514][ T9135] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 976.756732][ T9135] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 977.690442][ T9135] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 977.995054][ T9135] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 978.052346][ T9135] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 978.109668][ T9135] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 978.157895][ T9135] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 978.201301][ T9135] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 978.251453][ T9135] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 978.260521][ T9135] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 978.269416][ T9135] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 978.335346][T13781] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 978.426255][ T9135] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 978.455132][ T9135] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 978.864819][T14104] loop5: detected capacity change from 0 to 256 [ 979.781082][T14104] exfat: Deprecated parameter 'namecase' [ 979.787732][T14104] exfat: Deprecated parameter 'utf8' [ 979.836569][T14104] exfat: Deprecated parameter 'namecase' [ 979.897542][T14104] exFAT-fs (loop5): failed to load upcase table (idx : 0x00011f41, chksum : 0xe1a8932d, utbl_chksum : 0xe619d30d) [ 980.986108][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 981.057132][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 981.174659][T14130] loop8: detected capacity change from 0 to 128 [ 981.212072][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 981.256647][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 981.310445][T14130] FAT-fs (loop8): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 981.362008][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 981.373412][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 981.408169][T13781] device veth0_vlan entered promiscuous mode [ 981.488510][T13781] device veth1_vlan entered promiscuous mode [ 981.603020][ T9135] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 981.647497][ T9135] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 981.746623][ T9135] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 982.032662][ T9135] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 982.362533][T13781] device veth0_macvtap entered promiscuous mode [ 982.385212][T13781] device veth1_macvtap entered promiscuous mode [ 982.407067][T13781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 983.151520][T13781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 983.192348][T13781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 983.263113][T13781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 983.291889][T13781] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 983.374315][ T9135] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 983.401348][ T9135] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 983.607788][T13781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 983.660459][T13781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 983.816559][T13781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 983.951347][T13781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 984.536113][T13781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 984.577544][T13781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 984.655814][T13781] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 984.671197][ T5429] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 984.721013][ T5429] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 984.775216][T13781] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 984.794928][T13781] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 984.815189][T13781] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 984.834840][T13781] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 985.303377][T14168] loop5: detected capacity change from 0 to 4096 [ 985.326975][ T9135] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 985.353945][T14168] ntfs: (device loop5): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 985.406424][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 985.547123][ T9135] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 985.760506][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 985.818917][ T4652] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 986.099640][ T4652] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 986.403521][T14168] ntfs: volume version 3.1. [ 986.906643][T14177] loop8: detected capacity change from 0 to 128 [ 987.630179][T14177] VFS: Found a Xenix FS (block size = 512) on device loop8 [ 987.691595][ T5429] attempt to access beyond end of device [ 987.691595][ T5429] loop8: rw=1048577, want=2066843071, limit=128 [ 987.740592][ T5429] buffer_io_error: 998 callbacks suppressed [ 987.740612][ T5429] Buffer I/O error on dev loop8, logical block 2066843070, lost async page write [ 988.118927][ T26] audit: type=1800 audit(1744362124.447:480): pid=14183 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.2283" name="file1" dev="loop5" ino=67 res=0 errno=0 [ 988.260677][ T7571] sysv_free_block: trying to free block not in datazone [ 988.269470][ T7571] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 992.295406][T14222] loop8: detected capacity change from 0 to 40427 [ 992.357677][T14222] F2FS-fs (loop8): Invalid log_blocksize (268), supports only 12 [ 992.366160][T14222] F2FS-fs (loop8): Can't find valid F2FS filesystem in 1th superblock [ 993.541979][T14222] F2FS-fs (loop8): invalid crc value [ 993.547392][T14222] F2FS-fs (loop8): Failed to start F2FS issue_checkpoint_thread (-12) [ 994.871331][T14243] netlink: 165 bytes leftover after parsing attributes in process `syz.5.2294'. [ 997.815567][T14266] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 998.610936][ T1428] ieee802154 phy0 wpan0: encryption failed: -22 [ 998.617381][ T1428] ieee802154 phy1 wpan1: encryption failed: -22 [ 998.752325][T14265] IPv6: ADDRCONF(NETDEV_CHANGE): rose9: link becomes ready [ 998.820656][T14273] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 998.941554][T14280] loop8: detected capacity change from 0 to 2048 [ 999.055168][T14280] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1002.608521][T14314] netlink: 'syz.6.2313': attribute type 10 has an invalid length. [ 1004.584818][T14342] loop8: detected capacity change from 0 to 2048 [ 1004.614631][T14337] loop0: detected capacity change from 0 to 40427 [ 1004.856378][T14337] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 1004.864331][T14337] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 1004.990210][T14337] F2FS-fs (loop0): invalid crc value [ 1005.218723][T14342] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1005.879981][T14337] F2FS-fs (loop0): Found nat_bits in checkpoint [ 1005.935135][T14337] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 1005.942326][T14337] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 1008.832224][T14360] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1012.750070][T14381] netlink: 20 bytes leftover after parsing attributes in process `syz.9.2329'. [ 1014.410171][ T9119] usb 9-1: new high-speed USB device number 3 using dummy_hcd [ 1017.050273][ T9119] usb 9-1: string descriptor 0 read error: -71 [ 1017.056667][ T9119] usb 9-1: New USB device found, idVendor=0f11, idProduct=2000, bcdDevice=61.d7 [ 1017.068293][T14426] loop0: detected capacity change from 0 to 2048 [ 1017.113726][ T9119] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1017.132384][ T9119] usb 9-1: config 0 descriptor?? [ 1017.150340][ T9119] usb 9-1: can't set config #0, error -71 [ 1017.157550][ T9119] usb 9-1: USB disconnect, device number 3 [ 1018.224066][T14426] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1018.552493][T14452] netlink: 'syz.9.2342': attribute type 10 has an invalid length. [ 1018.725988][T14452] device syz_tun entered promiscuous mode [ 1019.777137][T14452] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 1020.265184][T14471] loop9: detected capacity change from 0 to 40427 [ 1020.953849][T14471] F2FS-fs (loop9): Invalid log_blocksize (268), supports only 12 [ 1020.961851][T14471] F2FS-fs (loop9): Can't find valid F2FS filesystem in 1th superblock [ 1020.974419][T14471] F2FS-fs (loop9): invalid crc value [ 1021.084404][T14471] F2FS-fs (loop9): Found nat_bits in checkpoint [ 1021.234442][T14471] F2FS-fs (loop9): Try to recover 1th superblock, ret: 0 [ 1021.241831][T14471] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5 [ 1021.513695][T14486] loop8: detected capacity change from 0 to 256 [ 1022.131371][T14486] exfat: Deprecated parameter 'namecase' [ 1022.140128][T14486] exfat: Deprecated parameter 'utf8' [ 1022.145887][T14486] exfat: Deprecated parameter 'namecase' [ 1022.472856][T14486] exFAT-fs (loop8): failed to load upcase table (idx : 0x00011f41, chksum : 0xe1a8932d, utbl_chksum : 0xe619d30d) [ 1024.602656][T14522] loop0: detected capacity change from 0 to 4096 [ 1024.761944][T14525] netlink: 'syz.5.2356': attribute type 10 has an invalid length. [ 1027.298133][T14561] loop5: detected capacity change from 0 to 512 [ 1027.311413][T14556] loop0: detected capacity change from 0 to 40427 [ 1027.337126][T14556] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 1027.345391][T14556] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 1027.372302][T14556] F2FS-fs (loop0): invalid crc value [ 1027.532277][T14556] F2FS-fs (loop0): Found nat_bits in checkpoint [ 1027.696577][T14561] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 41 vs 0 free clusters [ 1027.716568][T14556] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 1027.724357][T14556] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 1028.023193][T14561] EXT4-fs (loop5): Remounting filesystem read-only [ 1028.031868][T14561] EXT4-fs (loop5): 1 orphan inode deleted [ 1028.037765][T14561] EXT4-fs (loop5): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,nodelalloc,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,delalloc,noload,. Quota mode: writeback. [ 1028.058917][ C0] vkms_vblank_simulate: vblank timer overrun [ 1028.104249][T14561] ext4 filesystem being mounted at /398/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 1030.919872][T14603] netlink: 'syz.9.2369': attribute type 10 has an invalid length. [ 1031.816790][T14609] C: renamed from lo [ 1031.866030][T14609] net_ratelimit: 10 callbacks suppressed [ 1031.866050][T14609] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 1032.079276][T14618] loop8: detected capacity change from 0 to 512 [ 1034.696149][T14618] EXT4-fs error (device loop8): ext4_xattr_inode_iget:404: comm syz.8.2371: inode #1: comm syz.8.2371: iget: illegal inode # [ 1035.408033][T14618] EXT4-fs error (device loop8): ext4_xattr_inode_iget:409: comm syz.8.2371: error while reading EA inode 1 err=-117 [ 1035.507572][T14618] EXT4-fs error (device loop8): ext4_xattr_inode_iget:404: comm syz.8.2371: inode #1: comm syz.8.2371: iget: illegal inode # [ 1035.560142][T14618] EXT4-fs error (device loop8): ext4_xattr_inode_iget:409: comm syz.8.2371: error while reading EA inode 1 err=-117 [ 1035.614357][T14618] EXT4-fs (loop8): 1 orphan inode deleted [ 1035.655987][T14618] EXT4-fs (loop8): mounted filesystem without journal. Opts: usrjquota=,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000005c,minixdf,resgid=0x0000000000000000,grpquota,usrjquota=,journal_dev=0x0000000000000dcc,,errors=continue. Quota mode: writeback. [ 1037.477019][T14684] netlink: 'syz.9.2383': attribute type 10 has an invalid length. [ 1047.982670][T14791] loop8: detected capacity change from 0 to 64 [ 1048.824556][T14809] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2411'. [ 1049.841792][T14818] loop8: detected capacity change from 0 to 1024 [ 1050.779195][T14818] EXT4-fs (loop8): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1051.964320][T14815] EXT4-fs error (device loop8): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 1051.980588][T14815] EXT4-fs (loop8): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 32 with error 28 [ 1051.993023][T14815] EXT4-fs (loop8): This should not happen!! Data will be lost [ 1051.993023][T14815] [ 1052.002739][T14815] EXT4-fs (loop8): Total free blocks count 0 [ 1052.008741][T14815] EXT4-fs (loop8): Free/Dirty block details [ 1052.014709][T14815] EXT4-fs (loop8): free_blocks=68451041280 [ 1052.020571][T14815] EXT4-fs (loop8): dirty_blocks=32 [ 1052.025722][T14815] EXT4-fs (loop8): Block reservation details [ 1052.031770][T14815] EXT4-fs (loop8): i_reserved_data_blocks=2 [ 1052.056122][T14828] loop0: detected capacity change from 0 to 4096 [ 1052.178053][T14828] ntfs: (device loop0): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 1052.364795][T14828] ntfs: volume version 3.1. [ 1053.865628][ T26] audit: type=1800 audit(1744362190.197:481): pid=14871 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2415" name="file1" dev="loop0" ino=67 res=0 errno=0 [ 1054.268244][T14877] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2422'. [ 1059.875349][T14917] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2430'. [ 1059.890595][ T1428] ieee802154 phy0 wpan0: encryption failed: -22 [ 1059.897034][ T1428] ieee802154 phy1 wpan1: encryption failed: -22 [ 1063.556635][T14955] loop5: detected capacity change from 0 to 512 [ 1063.713370][T14955] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: comm syz.5.2438: inode #1: comm syz.5.2438: iget: illegal inode # [ 1063.784296][T14955] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz.5.2438: error while reading EA inode 1 err=-117 [ 1063.859783][T14955] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: comm syz.5.2438: inode #1: comm syz.5.2438: iget: illegal inode # [ 1063.937745][T14955] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz.5.2438: error while reading EA inode 1 err=-117 [ 1064.002114][T14955] EXT4-fs (loop5): 1 orphan inode deleted [ 1064.032127][T14955] EXT4-fs (loop5): mounted filesystem without journal. Opts: usrjquota=,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000005c,minixdf,resgid=0x0000000000000000,grpquota,usrjquota=,journal_dev=0x0000000000000dcc,,errors=continue. Quota mode: writeback. [ 1065.334013][T14972] C speed is unknown, defaulting to 1000 [ 1066.167265][T14979] loop5: detected capacity change from 0 to 2048 [ 1066.350427][T14979] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1067.473330][T15008] loop8: detected capacity change from 0 to 164 [ 1068.734707][T15015] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 1069.774966][T15019] loop9: detected capacity change from 0 to 64 [ 1073.497204][T15065] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2459'. [ 1075.002737][T15066] loop0: detected capacity change from 0 to 2048 [ 1075.728418][T15066] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1079.719814][T15111] loop0: detected capacity change from 0 to 2048 [ 1079.959668][T15111] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1080.024863][T15113] loop9: detected capacity change from 0 to 40427 [ 1080.087631][T15113] F2FS-fs (loop9): Invalid log_blocksize (268), supports only 12 [ 1080.095660][T15113] F2FS-fs (loop9): Can't find valid F2FS filesystem in 1th superblock [ 1080.107486][T15113] F2FS-fs (loop9): invalid crc value [ 1080.154912][T15113] F2FS-fs (loop9): Found nat_bits in checkpoint [ 1080.203719][T15113] F2FS-fs (loop9): Try to recover 1th superblock, ret: 0 [ 1080.211005][T15113] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5 [ 1081.711766][T13787] Bluetooth: hci4: link tx timeout [ 1081.810322][T13787] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 1083.008305][T13781] attempt to access beyond end of device [ 1083.008305][T13781] loop9: rw=2049, want=40968, limit=40427 [ 1085.700190][T10106] Bluetooth: hci4: command 0x0406 tx timeout [ 1089.886658][T15175] loop9: detected capacity change from 0 to 512 [ 1089.936112][T15175] EXT4-fs (loop9): Ignoring removed orlov option [ 1089.996571][T15175] EXT4-fs error (device loop9): ext4_validate_block_bitmap:438: comm syz.9.2475: bg 0: block 411: padding at end of block bitmap is not set [ 1090.020619][T15175] EXT4-fs error (device loop9): ext4_xattr_inode_iget:404: comm syz.9.2475: inode #1: comm syz.9.2475: iget: illegal inode # [ 1090.040358][T15175] EXT4-fs error (device loop9): ext4_xattr_inode_iget:409: comm syz.9.2475: error while reading EA inode 1 err=-117 [ 1090.071873][T15175] EXT4-fs (loop9): 1 orphan inode deleted [ 1090.077651][T15175] EXT4-fs (loop9): mounted filesystem without journal. Opts: orlov,nombcache,debug_want_extra_isize=0x000000000000005c,grpquota,barrier,usrjquota=,jqfmt=vfsold,minixdf,,errors=continue. Quota mode: writeback. [ 1095.414042][T15208] sg_write: data in/out 2031668/2 bytes for SCSI command 0x26-- guessing data in; [ 1095.414042][T15208] program syz.8.2489 not setting count and/or reply_len properly [ 1101.321614][T15249] loop9: detected capacity change from 0 to 512 [ 1101.628450][T15253] loop0: detected capacity change from 0 to 128 [ 1101.657156][T15249] EXT4-fs (loop9): EXT4-fs: inode_readahead_blks must be 0 or a power of 2 smaller than 2^31 [ 1102.730698][T15259] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 1107.334720][T15280] delete_channel: no stack [ 1107.927457][T15292] loop0: detected capacity change from 0 to 40427 [ 1107.990576][T15292] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 1107.998353][T15292] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 1108.009627][T15292] F2FS-fs (loop0): invalid crc value [ 1108.121047][T15292] F2FS-fs (loop0): Found nat_bits in checkpoint [ 1108.219345][T15292] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 1108.226525][T15292] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 1108.250641][T15296] loop9: detected capacity change from 0 to 40427 [ 1108.348140][T15296] F2FS-fs (loop9): Invalid log_blocksize (268), supports only 12 [ 1108.356070][T15296] F2FS-fs (loop9): Can't find valid F2FS filesystem in 1th superblock [ 1110.005783][T15296] F2FS-fs (loop9): invalid crc value [ 1110.167559][ T4169] attempt to access beyond end of device [ 1110.167559][ T4169] loop0: rw=2049, want=40968, limit=40427 [ 1110.181456][T15296] F2FS-fs (loop9): Found nat_bits in checkpoint [ 1110.902265][T15296] F2FS-fs (loop9): Try to recover 1th superblock, ret: 0 [ 1110.909539][T15296] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5 [ 1112.483844][T15331] loop0: detected capacity change from 0 to 32768 [ 1112.610128][T15335] loop8: detected capacity change from 0 to 2048 [ 1112.777592][T15335] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1113.250198][T15345] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1113.259634][T15345] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1117.469812][T15374] loop9: detected capacity change from 0 to 512 [ 1117.852937][T15374] EXT4-fs (loop9): Test dummy encryption mode enabled [ 1117.878403][T15374] EXT4-fs (loop9): Test dummy encryption mode enabled [ 1118.251120][T15374] EXT4-fs error (device loop9): ext4_find_inline_data_nolock:163: inode #12: comm syz.9.2532: inline data xattr refers to an external xattr inode [ 1118.280364][T15374] EXT4-fs (loop9): Remounting filesystem read-only [ 1118.510983][T15374] EXT4-fs error (device loop9): ext4_orphan_get:1406: comm syz.9.2532: couldn't read orphan inode 12 (err -117) [ 1118.991416][T15374] EXT4-fs (loop9): Remounting filesystem read-only [ 1119.029400][T15374] EXT4-fs (loop9): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000004,init_itable=0x0000000000000000,nolazytime,grpid,prjquota,usrjquota=,lazytime,errors=remount-ro,test_dummy_encryption,test_dummy_encryption,. Quota mode: writeback. [ 1120.168197][T15405] loop9: detected capacity change from 0 to 40427 [ 1120.241392][T15405] F2FS-fs (loop9): Invalid log_blocksize (268), supports only 12 [ 1120.249664][T15405] F2FS-fs (loop9): Can't find valid F2FS filesystem in 1th superblock [ 1120.283910][T15405] F2FS-fs (loop9): invalid crc value [ 1120.348583][T15405] F2FS-fs (loop9): Found nat_bits in checkpoint [ 1120.413590][T15405] F2FS-fs (loop9): Try to recover 1th superblock, ret: 0 [ 1120.420784][T15405] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5 [ 1120.909861][T13781] attempt to access beyond end of device [ 1120.909861][T13781] loop9: rw=2049, want=40968, limit=40427 [ 1121.014317][T15420] loop5: detected capacity change from 0 to 256 [ 1121.060445][ T1428] ieee802154 phy0 wpan0: encryption failed: -22 [ 1121.066931][ T1428] ieee802154 phy1 wpan1: encryption failed: -22 [ 1121.102086][T15417] loop8: detected capacity change from 0 to 256 [ 1121.133100][T15420] exFAT-fs (loop5): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 1121.570465][T15425] loop0: detected capacity change from 0 to 2048 [ 1127.009878][T15450] bridge0: port 3(gretap0) entered blocking state [ 1127.016949][T15450] bridge0: port 3(gretap0) entered disabled state [ 1127.052053][T15450] device gretap0 entered promiscuous mode [ 1127.138167][T15450] bridge0: port 3(gretap0) entered blocking state [ 1127.145147][T15450] bridge0: port 3(gretap0) entered forwarding state [ 1128.984201][T15463] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2556'. [ 1134.658942][T15514] sg_write: data in/out 2031668/2 bytes for SCSI command 0x26-- guessing data in; [ 1134.658942][T15514] program syz.9.2569 not setting count and/or reply_len properly [ 1140.279848][T15545] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 1141.960823][T15545] cramfs: wrong magic [ 1142.969471][T15571] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2581'. [ 1142.978805][T15571] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2581'. [ 1146.856197][T15600] xt_TPROXY: Can be used only with -p tcp or -p udp [ 1146.931900][T15611] sp0: Synchronizing with TNC [ 1146.972879][T15609] [U] è [ 1153.490744][T15647] loop8: detected capacity change from 0 to 40427 [ 1153.509586][T15647] F2FS-fs (loop8): Invalid log_blocksize (268), supports only 12 [ 1153.517788][T15647] F2FS-fs (loop8): Can't find valid F2FS filesystem in 1th superblock [ 1153.660603][T15647] F2FS-fs (loop8): invalid crc value [ 1154.094456][T15647] F2FS-fs (loop8): Found nat_bits in checkpoint [ 1154.564266][T15647] F2FS-fs (loop8): Try to recover 1th superblock, ret: 0 [ 1154.571635][T15647] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5 [ 1158.846592][T15690] loop5: detected capacity change from 0 to 1024 [ 1159.709668][T15700] loop8: detected capacity change from 0 to 40427 [ 1159.912367][T15700] F2FS-fs (loop8): Invalid log_blocksize (268), supports only 12 [ 1159.921113][T15700] F2FS-fs (loop8): Can't find valid F2FS filesystem in 1th superblock [ 1159.990558][T15700] F2FS-fs (loop8): invalid crc value [ 1160.142114][T15700] F2FS-fs (loop8): Found nat_bits in checkpoint [ 1160.405612][T15700] F2FS-fs (loop8): Try to recover 1th superblock, ret: 0 [ 1160.412929][T15700] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5 [ 1167.020689][ T7571] attempt to access beyond end of device [ 1167.020689][ T7571] loop8: rw=2049, want=40968, limit=40427 [ 1167.516274][T15739] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2627'. [ 1167.585820][T15739] binder: 15738:15739 ioctl c018620c 0 returned -14 [ 1169.150110][T15758] overlayfs: failed to resolve './file0': -2 [ 1170.716166][T15767] C speed is unknown, defaulting to 1000 [ 1171.107252][T15773] xt_TPROXY: Can be used only with -p tcp or -p udp [ 1172.090577][T15778] loop5: detected capacity change from 0 to 40427 [ 1172.494461][T15778] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12 [ 1172.502432][T15778] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 1172.921293][T15778] F2FS-fs (loop5): invalid crc value [ 1173.096386][T15783] sp0: Synchronizing with TNC [ 1173.180677][T15782] [U] è [ 1173.212292][T15778] F2FS-fs (loop5): Found nat_bits in checkpoint [ 1173.258421][T15789] loop0: detected capacity change from 0 to 2048 [ 1173.273937][T15778] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 1173.281187][T15778] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 1173.496310][T15789] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1173.691625][ T4990] attempt to access beyond end of device [ 1173.691625][ T4990] loop5: rw=2049, want=40968, limit=40427 [ 1176.457014][T15818] loop0: detected capacity change from 0 to 256 [ 1178.256637][ T27] INFO: task kworker/1:3:13889 blocked for more than 144 seconds. [ 1178.290286][ T27] Not tainted 5.15.180-syzkaller #0 [ 1178.296216][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1178.309323][ T27] task:kworker/1:3 state:D stack:25560 pid:13889 ppid: 2 flags:0x00004000 [ 1178.327204][ T27] Workqueue: usb_hub_wq hub_event [ 1178.400758][ T27] Call Trace: [ 1178.432752][ T27] [ 1178.482149][ T27] __schedule+0x12c4/0x45b0 [ 1178.496982][ T27] ? do_raw_spin_lock+0x14a/0x370 [ 1178.526057][ T27] ? mark_lock+0x98/0x340 [ 1178.584288][ T27] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 1178.636424][ T27] ? release_firmware_map_entry+0x190/0x190 [ 1178.722554][T15841] loop5: detected capacity change from 0 to 64 [ 1178.732470][ T27] ? do_raw_spin_unlock+0x137/0x8b0 [ 1178.765343][ T27] ? _raw_spin_unlock_irq+0x1f/0x40 [ 1178.810666][ T27] ? lockdep_hardirqs_on+0x94/0x130 [ 1178.848071][ T27] schedule+0x11b/0x1f0 [ 1178.852455][ T27] usb_kill_urb+0x1c9/0x300 [ 1178.857097][ T27] ? usb_unlink_urb+0xa0/0xa0 [ 1178.862060][ T27] ? _raw_spin_lock_irq+0xdb/0x110 [ 1178.867288][ T27] ? init_wait_entry+0xd0/0xd0 [ 1178.872294][ T27] ? do_raw_spin_unlock+0x137/0x8b0 [ 1178.877816][ T27] ? _raw_spin_unlock_irq+0x1f/0x40 [ 1178.922525][ T27] usb_start_wait_urb+0x1ac/0x510 [ 1178.951243][ T27] ? usb_api_blocking_completion+0xa0/0xa0 [ 1178.957658][ T27] usb_control_msg+0x2ad/0x4c0 [ 1178.974516][ T27] ? usb_anchor_empty+0x40/0x40 [ 1178.994147][ T27] ? hub_port_init+0x2de/0x28c0 [ 1179.018394][ T27] hub_port_init+0xb44/0x28c0 [ 1179.046465][ T27] ? lockdep_hardirqs_on+0x94/0x130 [ 1179.071119][ T27] ? hub_event+0x28cd/0x54c0 [ 1179.075819][ T27] hub_event+0x28ed/0x54c0 [ 1179.080518][ T27] ? led_work+0x700/0x700 [ 1179.084930][ T27] ? read_lock_is_recursive+0x10/0x10 [ 1179.099281][ T27] ? preempt_schedule+0xd9/0xe0 [ 1179.111825][ T27] ? memblock_double_array+0x631/0x650 [ 1179.118174][ T27] ? lockdep_hardirqs_on+0x94/0x130 [ 1179.130021][ T27] ? asm_sysvec_reschedule_ipi+0x16/0x20 [ 1179.135844][ T27] ? preempt_schedule_thunk+0x16/0x18 [ 1179.146111][ T27] process_one_work+0x8a1/0x10c0 [ 1179.154246][ T27] ? worker_detach_from_pool+0x260/0x260 [ 1179.167175][ T27] ? _raw_spin_lock_irqsave+0x120/0x120 [ 1179.175515][ T27] ? kthread_data+0x4e/0xc0 [ 1179.187478][ T27] ? wq_worker_running+0x97/0x170 [ 1179.194894][ T27] worker_thread+0xaca/0x1280 [ 1179.199675][ T27] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 1179.210644][ T27] kthread+0x3f6/0x4f0 [ 1179.229556][ T27] ? rcu_lock_release+0x20/0x20 [ 1179.266285][ T27] ? kthread_blkcg+0xd0/0xd0 [ 1179.295059][ T27] ret_from_fork+0x1f/0x30 [ 1179.321088][ T27] [ 1179.340218][ T27] [ 1179.340218][ T27] Showing all locks held in the system: [ 1179.469384][ T27] 1 lock held by khungtaskd/27: [ 1179.494026][ T27] #0: ffffffff8cb1f560 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30 [ 1179.558812][ T27] 3 locks held by kworker/u4:3/155: [ 1179.583836][ T27] 2 locks held by getty/3937: [ 1179.588571][ T27] #0: ffff88802c562098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 [ 1179.598642][ T27] #1: ffffc90002cd62e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6af/0x1db0 [ 1179.609391][ T27] 5 locks held by kworker/1:3/13889: [ 1179.614762][ T27] #0: ffff888141de3d38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 1179.627830][ T27] #1: ffffc9000340fd20 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 1179.639234][ T27] #2: ffff8880255b8220 (&dev->mutex){....}-{3:3}, at: hub_event+0x208/0x54c0 [ 1179.648290][ T27] #3: ffff8880255bb5c0 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_event+0x2238/0x54c0 [ 1179.948509][ T27] #4: ffff888022b77068 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_event+0x2260/0x54c0 [ 1180.003612][ T27] 2 locks held by kworker/u4:2/14271: [ 1180.032310][ T27] #0: ffff8880b8e3a318 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xa8/0x140 [ 1180.099190][ T27] #1: ffffc900034efd20 ((work_completion)(&(&bat_priv->nc.work)->work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 1180.168335][ T27] [ 1180.180822][ T27] ============================================= [ 1180.180822][ T27] [ 1180.229174][ T27] NMI backtrace for cpu 1 [ 1180.233583][ T27] CPU: 1 PID: 27 Comm: khungtaskd Not tainted 5.15.180-syzkaller #0 [ 1180.241588][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1180.251741][ T27] Call Trace: [ 1180.255029][ T27] [ 1180.257970][ T27] dump_stack_lvl+0x1e3/0x2d0 [ 1180.262681][ T27] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 1180.268349][ T27] ? panic+0x860/0x860 [ 1180.272432][ T27] ? nmi_cpu_backtrace+0x23b/0x4a0 [ 1180.277569][ T27] nmi_cpu_backtrace+0x46a/0x4a0 [ 1180.282524][ T27] ? __wake_up_klogd+0xd5/0x100 [ 1180.287429][ T27] ? nmi_trigger_cpumask_backtrace+0x2a0/0x2a0 [ 1180.293613][ T27] ? _printk+0xd1/0x120 [ 1180.297796][ T27] ? panic+0x860/0x860 [ 1180.301878][ T27] ? __wake_up_klogd+0xcc/0x100 [ 1180.306751][ T27] ? panic+0x860/0x860 [ 1180.310837][ T27] ? __rcu_read_unlock+0x92/0x100 [ 1180.315883][ T27] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 1180.321974][ T27] nmi_trigger_cpumask_backtrace+0x181/0x2a0 [ 1180.327976][ T27] watchdog+0xe72/0xeb0 [ 1180.332155][ T27] kthread+0x3f6/0x4f0 [ 1180.336236][ T27] ? hungtask_pm_notify+0x50/0x50 [ 1180.341273][ T27] ? kthread_blkcg+0xd0/0xd0 [ 1180.345877][ T27] ret_from_fork+0x1f/0x30 [ 1180.350326][ T27] [ 1180.353715][ T27] Sending NMI from CPU 1 to CPUs 0: [ 1180.358945][ C0] NMI backtrace for cpu 0 [ 1180.358957][ C0] CPU: 0 PID: 155 Comm: kworker/u4:3 Not tainted 5.15.180-syzkaller #0 [ 1180.358975][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1180.358987][ C0] Workqueue: netns cleanup_net [ 1180.359007][ C0] RIP: 0010:rcu_is_watching+0x22/0xa0 [ 1180.359028][ C0] Code: 0f 1f 84 00 00 00 00 00 41 57 41 56 53 65 ff 05 5c 21 97 7e e8 8f e4 d4 08 89 c3 83 f8 08 73 72 49 bf 00 00 00 00 00 fc ff df <4c> 8d 34 dd 10 f8 5c 8c 4c 89 f0 48 c1 e8 03 42 80 3c 38 00 74 08 [ 1180.359043][ C0] RSP: 0018:ffffc90001f978a0 EFLAGS: 00000293 [ 1180.359056][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8162e2bc [ 1180.359067][ C0] RDX: 0000000000000000 RSI: ffffffff8af9fc60 RDI: ffffffff8af9fc20 [ 1180.359079][ C0] RBP: ffffc90001f97a20 R08: dffffc0000000000 R09: fffffbfff1c154de [ 1180.359092][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff920003f2f20 [ 1180.359104][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: dffffc0000000000 [ 1180.359116][ C0] FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 1180.359131][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1180.359142][ C0] CR2: 000000110c3a5a90 CR3: 000000000c88e000 CR4: 00000000003506f0 [ 1180.359157][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1180.359167][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1180.359178][ C0] Call Trace: [ 1180.359183][ C0] [ 1180.359190][ C0] lock_acquire+0xdd/0x4f0 [ 1180.359216][ C0] ? read_lock_is_recursive+0x10/0x10 [ 1180.359236][ C0] ? __might_sleep+0xc0/0xc0 [ 1180.359260][ C0] rcu_lock_acquire+0x2a/0x30 [ 1180.359279][ C0] ? rcu_lock_acquire+0x5/0x30 [ 1180.359295][ C0] inet_twsk_purge+0x129/0x9e0 [ 1180.359319][ C0] ? __inet_twsk_schedule+0x130/0x130 [ 1180.359337][ C0] ? iput+0x6f5/0x8b0 [ 1180.359355][ C0] ? dccp_v4_exit_net+0x80/0x80 [ 1180.359374][ C0] cleanup_net+0x886/0xc90 [ 1180.359394][ C0] ? ops_free_list+0x340/0x340 [ 1180.359418][ C0] process_one_work+0x8a1/0x10c0 [ 1180.359445][ C0] ? worker_detach_from_pool+0x260/0x260 [ 1180.359467][ C0] ? _raw_spin_lock_irqsave+0x120/0x120 [ 1180.359484][ C0] ? kthread_data+0x4e/0xc0 [ 1180.359502][ C0] ? wq_worker_running+0x97/0x170 [ 1180.359520][ C0] worker_thread+0xaca/0x1280 [ 1180.359551][ C0] kthread+0x3f6/0x4f0 [ 1180.359567][ C0] ? rcu_lock_release+0x20/0x20 [ 1180.359584][ C0] ? kthread_blkcg+0xd0/0xd0 [ 1180.359601][ C0] ret_from_fork+0x1f/0x30 [ 1180.359626][ C0] [ 1180.588596][ T27] Kernel panic - not syncing: hung_task: blocked tasks [ 1180.614102][ T27] CPU: 1 PID: 27 Comm: khungtaskd Not tainted 5.15.180-syzkaller #0 [ 1180.622105][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1180.632181][ T27] Call Trace: [ 1180.635513][ T27] [ 1180.638451][ T27] dump_stack_lvl+0x1e3/0x2d0 [ 1180.643166][ T27] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 1180.649075][ T27] ? panic+0x860/0x860 [ 1180.653205][ T27] panic+0x318/0x860 [ 1180.657116][ T27] ? schedule_preempt_disabled+0x20/0x20 [ 1180.662769][ T27] ? nmi_trigger_cpumask_backtrace+0x221/0x2a0 [ 1180.668935][ T27] ? fb_is_primary_device+0xd0/0xd0 [ 1180.674265][ T27] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 1180.680351][ T27] ? nmi_trigger_cpumask_backtrace+0x221/0x2a0 [ 1180.686514][ T27] ? nmi_trigger_cpumask_backtrace+0x281/0x2a0 [ 1180.692681][ T27] ? nmi_trigger_cpumask_backtrace+0x286/0x2a0 [ 1180.698867][ T27] watchdog+0xeb0/0xeb0 [ 1180.703050][ T27] kthread+0x3f6/0x4f0 [ 1180.707136][ T27] ? hungtask_pm_notify+0x50/0x50 [ 1180.712277][ T27] ? kthread_blkcg+0xd0/0xd0 [ 1180.716881][ T27] ret_from_fork+0x1f/0x30 [ 1180.721320][ T27] [ 1180.724555][ T27] Kernel Offset: disabled [ 1180.728899][ T27] Rebooting in 86400 seconds..