last executing test programs: 39.76597659s ago: executing program 3 (id=523): r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000400)=@newqdisc={0x3c, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8}, {0x10, 0x2, [@TCA_RED_FLAGS={0xc}]}}]}, 0x3c}}, 0x0) 39.565563559s ago: executing program 3 (id=526): r0 = fsopen(&(0x7f0000000080)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) symlinkat(&(0x7f0000000140)='.\x00', r1, &(0x7f00000000c0)='./file0\x00') r2 = openat(r1, &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x0) gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r3 = openat$cgroup_ro(r2, &(0x7f00000001c0)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000240), 0x208e24b) 37.772425362s ago: executing program 3 (id=537): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000000)='./file1\x00', 0x810, &(0x7f0000000300)={[{@nossd_spread}, {@nodatacow}, {@enospc_debug}, {@ssd_spread}, {@nodatasum}, {@autodefrag}, {@user_subvol_rm}, {@max_inline={'max_inline', 0x3d, [0x6d, 0x33, 0x78, 0x39, 0x65, 0x36]}}]}, 0x1, 0x50f3, &(0x7f000000a2c0)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734fVCUoXQKNkkNY6beL22gUQtVdaUqhEpzbqhoCqi2NhrsnjBjm1KjEJkbCIaIShtkJIPRRhFUc0HqBWISAoIFymOUHlEVEUBBAqtIQoipSQRaYIUqtl7z+ydc3cefqzx0t9P8s6Z+Z/nnYfn3HvnXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/h4Feu+dtm8Ud/e96zL1w8fsWetRe/et15pz4ZwsTM4x1ZuKP/xtvHf373uffseWD1HfcdPv+jvXm5PB4Gqn868zs3xFoPLw7h/o4QutPAisEs0JPfH4z1vW8whFPCbKBWYrI/K5E2HL7fF8K+MBuoVfW9vhAGC4ELn3rk4Zuridv6QlgaQqikbTxfydroSwNn9GaB/jSwtTsL/OqtTC3w3c4sAMcsvhlqL/oDE/UZhucu1+D113PcOvb2SofXFRPDjfP9bO08d6qgN31g4pietlJ1zIvS2+Ogd9sCeLeVtvOtnrbiF6n8G8pbs6FK6Nw0uXnD1dM74yOdYXS0q1FN8/Q8P/P6lzYeSXrBvA5jB4aPy+vwlieW3t21/ILH71ux9OX9H9v7yrF280eFTVpMz7dKyF9zC+Z5jMZ9niyAt1/pW9KIL10hhM2f/73PNIuX5v/Dzef/8eUcbzvrcsda3xzK5ubxkcGYeG0om5sDAADAgrEQ9ppuHX3oE83qK83/R9o7/h8P+eeT+Wy0B0MYn0nsXRLCaTOPZ4G7YnOXLQnhgzOpifrA2iRwMIT3ziSW16pKSiyKJUaSwE+G8sB4EjgUAxNJ4FsxcGsSuCEGDiSBjTFwMAmcGwNhqn4cvz+Uj6PtQF8MrM824oF4FsIvhmJrybZ6rlYVAADAcZLPDnvq7xbOdTjWDHF6eaCvVYZ4BnbDDJWkhnQGW5tWNayhu1UNna1qqI17d/Phl2ruaFVz6TSMjvoMt//ybz4bmijN/8eaz/8rc3Sko3T8P4R1M39j7s48Ml2Lr5+oywAAAAAcg4H/ffGbzeKl+f94e+f/x30iXYXM4bG4G2LLkhDG6gNZtX9YDmRHvQfyAAAAACwEtePxtWPhU/ltdop2Op8u5584wvzxwP/4nPl7Dz64vll/S/P/ifbO/++vv806cSj24mtLQlhUCPwg9rIamDESAz/+ZH0gH/+huAFuilXlJybUqropllgfA2NJYF+jEj+slTitPpA/WbXG99bGMZWXKAQAAADghIu7A+Jx+Xj+/4d+s/qaZuVK8//1R3b+/8w8uHR6//RACCu7Q+hKfxjwWH+2MGAMDHbkiYf6s7q60qqu7w/hnOrA0qpezNf/707XGHyqL6sqBk770P7Xz6gmvtkXwspi4OnP3XlWNbEzCdQa/8u+ED5QHW3a+HcWZY33pI1/fVEI7y8EalVdtiiEamO9aVWPVPLrGKRV/XMlhHcVArWqzq6EsCsAsEDF/0o3FR/csevaLRumpye3z2Mi7sPvC5unpidHN26d3lRp0KdNSZ/rljG6vjymdq9881y+RNFF964bbCdd+53gWLGtfD9+6cTB/H78LtQzM87VPXV316RD/siHy02EwjepRkPunOch9xcrmX0SS/XH/L1hICy6esfk9tEvbti5c/uq7G+72Vdnf+NhpmxbrUq3Vf9cfWvj5dFwtazE0W6rZcVKVu68ctvKHbuuXTF15YbLJy+fvGrV2avHzhxbM/bxM1dWRzWW/W0x1GVzVZ0M9a072xzXcRzq6d2FSk7Ep4aEhMRCS2wdWNb0/+TS/H9b8/l//NSJn/z5+gyNjv8Px8P82eOzh/nXx8C+do//Dzc6ml87MWAkCeyOgd0O8wMAAPDOECf5cW9m3Cv90+XfeblZudL8f3d7v/8/Tuv/15auP7/RMv/LY4mxRuv/p8v819b/391o/f90mf/a+v/73ob1/6+uBZJN8gvr/wMAAO8EJ279/5bL+6cXCChlaLm8f3qBgFKGlsv4t3uBgCNe///5//yr/w5NlOb/t7Y3/7dwPwAAAJw8vvxn1/xOs3hp/r+vvfn/iV//LzQ6/3+kUWCi0cKA1v8DAABggWq0/t/wjf2XNitXmv8faG/+H0+76KzLHWt9cyhb0y6ka9q9NlT7yQAAAAAsDJ1hdLSnzbx1K6OuPfo2n8mXAm2WLnrxTw4f2fn/B9ub/9f9LuOWJ5be3bX8gsffvG/F0pf3f2zvK7PH/wEAAID50+5+CQAAAAAAAAAAAAAA4O334n/sWdMsXvr9f1g383ij3//H6/7F3xe8uy53rLX1+n/5/Qs/fc+umSULHxsK4cPFwJY9W04J+bX5lxUDD1+y/D3VxJ60xIMvnPtSNXFpGvjUilPfqCbOSQLr4yKJ700D8aqKbyxOAnF5xX9PA3F7HEgDvXngq4uzcXSk2+qng9m26ki31bODISwpBGrb6v7BrI2OdIC3JYHaAL+QBuIA/zwPdKa9umcg61UMDMaidwxkvQIA4KQVvwX2hM1T05Nj8St8vD29u/42qluy7PpytR1tNv9cvjTZRfeuG2wn3ZV+F5291nhPqFSHsKr0dbWYpWNmlMenlhab7t0NhtxqtbfOBuVSR7rpehuPqC8b0ejGrdObeloOfE3rLKu7W2ZZVZrsFLN0zmzSNmppoy9tjKjNbdNGl+P9zjA62pXk+oMYHA51Wr0i2v29fnGdv0avgmKeqw7v/VWz+krz/+H25v+V4rjeyC8GsDteWe/vlljmHwAAAObXV9f++hvx32dvfPTpZnlL8/+R9ub/cQ9Wfig429txMF7/f++SEGYurT+cBe6KzV22JIQPzqQmYonsgvrnxxJjWeCuuMNkeSyxfqK+qkUxcCAJ/GQoDxxMAodiIN9LsT/ku3L+fiiEs2ZS6+pLbIslhpPAZ2JgJAmMxsBYElgcA+NJ4NXFeWAiCfxbDISp+m117+J8WwEAAByJfJ7VU383pPO8A92tMnS0ytDfKkNnqwyVVhkajSLe/3bM0JOcvNJRyNST1tqX1FLKEC+Gf8T9KmUIP6zPmRYsNR3PP6idb9BRn+GBT3RXQhOl+f9Ye/P//vrbrPVDcf4/e/2/LPCD2L2vxVPHR2Lgx5+sD+Q7Bg7Fye5Ntaom8hL5pP2mWGI8BkaSwLYYGE8C69flgX3vqQ/kM+1a43trjU/lJQoBAAAAOOHiDoK4mybO/+/Y8ZWBZuVK8//x9ub/sb2BYmM3xFoPLw7h/o7Z3tQCKwazQNyPMRh/Hv++wRBOKezgqJWY7M9K9CYNh+/3Zb9Q702r+l5f9uODeP/Cpx55+OZq4ra+EJYW9r7U2ni+krXRlwbO6M0C/Wlga3cWiHt+aoHvdmYBOGa1vYLxBZWf6lIzPHe5Bq+/d8o1QdPhlfaBzpFvrt9czZfSDtd8n2rNkT1tTfffctyU3h4HvdsW4rtt2Lut+EUq/4by1myoEjo3TW7ecPX0zvhI8ZesJfP0PBd/pdpO+ji8DncffW9bq6QdGEs+PsbmLjf367AjVnfLE0vv7lp+weP3rVj68v6P7X2l7W40EH8o/Mh1/zr4o8LmnW+VkL/mFtznyYTPk4X438CIpy2EsO7Vr9/ULF6a/0+0N//vTm5n/DpuzB1LQvhIYeM+Fjf/Hy/JPgcLgexT8l3lQHbI/b+GGn5yAgAAwPFW291R218wld9mJ4Sn8+Ry/okjzB/3V4zPmb/dfvf/9SVLm8VL8//1zef/i5JuOv7v+D/zxPH/OZ3su6IXpQ/sPqZd0aXqmBeO/8/pZH+3Of4/J8f/Hf+fi+P/LTj+P6eT/WkrfUva5ktXCOHlP3ro2Wbx0vx/W3vzf+v/zb1oX239v/WN1v/b1mj9v93W/wMAAOZVg4Xm0nleafW+UoZ09b5ShpYLBLZcYtD6f0e8/t9Lpz//m9BEaf6/u735f3w5DBRbXyjr/42sa1DVrTGwzcKAAAAAnIwa7SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7fXAP/zPpmbxR3973rMvXDx+xZ61F7963XmnPhnC1MzjHVm4o//G28d/fve59+x5YPUd9x0+/6OVvFxPfvu7dbljrW8OhbCv8MhgTLw2VL0zG7jw0/fs6q4mHhsK4cPFwJY9W06pJr41FMKyYuDhS5a/p5rYk5Z48IVzX6omLk0Dn1px6hvVxDl5oCPt7j8uzrrbkXb35sUhLCkEat29YnF9VbU2/jQPdKZt/NNg1kYMDMai3xjM2oiB6VhialEIK7tD6EqrerSSVdWVVvUvlayqrrSqL1dCOCeE0J1W9UJvVlV3OvIne7OqYuC0D+1//YxqYl9vCCuLgac/d+dZ1cQXkkCt8b/oDeED1ZdM2vi3e7LGe9LGb+sJ4f0hhN60xC+7sxK9aYkXu0N4VyFQa/zz3SHsCrwjxA+fuk+0Hbuu3bJhenpy+zwmevO2+sLmqenJ0Y1bpzdVkj410lFIv3X90Y/9ude/tLF6e9G96wbbSXfn5Xpmury6p+7umpO997Ff/cVKZp+PUv0xf28YCIuu3jG5ffSLG3bu3L4q+9tu9tXZ3648mm2rVQtlWy0rVrJy55XbVu7Yde2KqSs3XD55+eRVq85ePXbm2Jqxj5+5sjqqsezv8RjqnSd+qKd3Fyo5ER8AEhISCy3RWffpNnayf5CXvujPdrQnVGY+oEvTimKWjplRHo9Brz3KER/N95SWI1pVmjiUsqyeI8v19VnWlCYTs7X0ZVlmvteVJofFxjpnNmm83xlGR7sabYfh+rvFzfuzY9i8z+Sbrt00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/HDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwA8cCAAAAAML8rcPo2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEsBAAD//+erI4o=") sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r2, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x4884}, 0x81b9b9ad1adc91af) socket$nl_netfilter(0x10, 0x3, 0xc) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x4) socket$kcm(0x10, 0x0, 0x0) close(0xffffffffffffffff) socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(0xffffffffffffffff, 0x0) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) 36.254042324s ago: executing program 3 (id=545): socket$inet_tcp(0x2, 0x1, 0x0) syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x800700, &(0x7f00000000c0)={[{@jqfmt_vfsv1}, {@bsdgroups}, {@errors_remount}, {@user_xattr}, {@bsdgroups}, {@block_validity}, {@stripe={'stripe', 0x3d, 0x5}}]}, 0x2, 0x44a, &(0x7f0000000400)="$eJzs281vFOUfAPDvzLbl9+OtFfEFRK0SY+NLSwsqBy8aTTxgNNEDHuu2EMJCDa2JECLVGLyYGBI9G48m/gXevBj1ZOJV74aEKBfQU83MzsDuslsobHcr+/kkA8+z82yf57vPPDPPzLMbwMAaz/5JIrZGxG8RMVrPNhcYr/939fLZ6t+Xz1aTWFl5688kL3fl8tlqWbR835YiM5FGpJ8kRSXNFk+fOT5bq82fKvJTSyfem1o8febZYydmj84fnT85c/Dggf3TLzw/81xX4sziurL7w4U9u15758Lr1cMX3v3p26y9W4v9jXF0y3gW+F8rudZ9T3S7sj7b1pBOhvrYENakEhFZdw3n4380KnG980bj1Y/72jhgXWXXpk2ddy+vAHexJPrdAqA/ygt9dv9bbj2aemwIl16q3wBlcV8ttvqeoUiLMsMt97fdNB4Rh5f/+SrbYp2eQwAANPqs+uWheKbd/C+N+xvKbS/WUMYi4p6I2BER90bEzoi4LyIv+0BEPLjG+luXhm6c/6QXbyuwW5TN/14s1raa53/l7C/GKkVuWx7/cHLkWG1+X/GZTMTwpiw/vUod37/y6+ed9jXO/7Itq7+cCxbtuDjU8oBubnZpNp+UdsGljyJ2D7WLP7m2EpBExK6I2L22P729TBx76ps9nQrdPP5VdGGdaeXriCfr/b8cLfGXktXXJ6f+F7X5fVPlUXGjn385/2an+u8o/i7I+n9z8/HfWmQsaVyvXVx7Hed//7TjPc3tHv8jydv5+WikeO2D2aWlU9MRI8mhPN/0+sz195b5snwW/8Te9uN/R/GeLP6HIiI7iB+OiEci4tGi7Y9FxOMRsXeV+H98ufO+jdD/c23Pf9eO/5b+X3uicvyH7zrVf2v9fyBPTRSv5Oe/m7jVBt7JZwcAAAD/FWn+HfgknbyWTtPJyfp3+HfG5rS2sLj09JGF90/O1b8rPxbDafmka7Theeh0slz8xXp+pnhWXO7fXzw3/qLy/zw/WV2ozfU5dhh0WzqM/8wflX63Dlh37dbRZkb60BCg51rHf9qcPfdGLxsD9JTfa8Pgusn4T3vVDqD3XP9hcLUb/+da8tYC4O7k+g+Dy/iHwWX8w+Ay/mEg3cnv+iUGORHphmiGxDol+n1mAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6I5/AwAA///K8u7c") syz_open_dev$loop(&(0x7f00000001c0), 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x1269, r0) mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='tracefs\x00', 0x0, 0x0) mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x2204c3b, &(0x7f0000000300)=ANY=[@ANYBLOB='gid=', @ANYRESHEX=0x0]) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x220080e, &(0x7f0000000900), 0x1, 0x4e6, &(0x7f0000001400)="$eJzs3U1vW0sZAODXzpeTm3uTe+kCENBSCgVVdRK3jaouoKwQQpUQXYLUhsSNothxFDulCV2k/wGJSqxgyQ9g3RV7Ngh2bMoCiY8I1FRiYXSOT1I3tZvQfDiKn0c6OmdmHL8zdc9M/brxBNC3LkXEVkQMR8TDiJjI6nPZEXdbR/K4V9tP53e2n87notm8/89c2p7URdvPJD7KnrMQET/6XsRPc+/GrW9sLs9VKuW1rDzVqK5O1Tc2ry9V5xbLi+WVUml2Znb69o1bpWMb68XqcHb15Zd/2PrWz5NujWc17eM4Tq2hD+3FSQxGxA9OIlgPDGTjGe51R/gg+Yj4LCIup/f/RAykryYAcJ41mxPRnGgvAwDnXT7NgeXyxSwXMB75fLHYyuFdiLF8pVZvXHtUW19ZaOXKJmMo/2ipUp7OcoWTMZRLyjPp9ZtyaV/5RkR8GhG/GBlNy8X5WmWhl//wAYA+9tG+9f8/I631HwA45wq97gAAcOqs/wDQf6z/ANB/rP8A0H+s/wDQf6z/ANB/rP8A0Fd+eO9ecjR3su+/Xni8sb5ce3x9oVxfLlbX54vztbXV4mKttph+Z0/1oOer1GqrMzdj/cnkt1frjan6xuaDam19pfEg/V7vB+WhUxkVAPA+n1588edcRGzdGU2PaNvLwVoN51u+1x0Aemag1x0AesZuX9C/jvAeX3oAzokOW/S+pRARo/srm81m8+S6BJywq1+Q/4d+1Zb/97+Aoc/I/0P/kv+H/tVs5g67538c9oEAwNkmxw90+fz/s+z82+zDgZ8s7H/E85PsFQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJxtu/v/FrO9wMcjny8WIz6OiMkYyj1aqpSnI+KTiPjTyNBIUp7pcZ8BgKPK/y2X7f91deLK+P7W4dzrkfQcET/71f1fPplrNNb+mNT/a6++8TyrL/Wi/wDAQXbX6fTc9kb+1fbT+d3jNPvz9+9GRKEVf2d7OHb24g/GYHouxFBEjP07l5Vbcm25i6PYehYRn+80/lyMpzmQ1s6n++MnsT8+1fj5t+Ln07bWOfmz+Nwx9AX6zYtk/rnb6f7Lx6X03Pn+L6Qz1NFl81/yVPM76Rz4Jv7u/DfQZf67dNgYN3///dbV6LttzyK+OBixG3unbf7ZjZ/rEv/KIeP/5UtfudytrfnriKvROX57rKlGdXWqvrF5fak6t1heLK+USrMzs9O3b9wqTaU56qnuq8E/7lz7pFtbMv6xLvELB4z/64cc/2/++/DHX31P/G9+rVP8fFx4T/xkTfzGIePPjf2u0K0tib/QZfwHvf7XDhn/5V8339k2HADonfrG5vJcpVJec+Hi7F8kf2XPQDc6XnzntGINx//1U83mB8XqNmMcR9YNOAv2bvqIeN3rzgAAAAAAAAAAAAAAAB2dxm8s9XqMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnF//CwAA///77dI4") socket$nl_netfilter(0x10, 0x3, 0xc) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x802) write$evdev(r1, &(0x7f0000000000), 0x100000008) ioctl$EVIOCGABS2F(r1, 0x8018456f, 0x0) syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x2, &(0x7f0000000000)={[{@noblock_validity}, {@dioread_nolock}, {@errors_remount}, {@minixdf}, {@jqfmt_vfsv0}, {@usrjquota, 0x2e}], [], 0x22}, 0x84, 0x451, &(0x7f0000000480)="$eJzs20tvG1UUAOAz46bvklDKow/AUBARj6RJC3TBBgRSN0hIsCjLkKZVqdugJki0qmhAqCxRfwGwROIXsIINAlYgtrBHSBXqhsICDRp7nBrHDnbs1Gn9fdIk986Mfc/xzLXvzLUDGFrl/E8SsTMifomI0YgoNe9Qrv27cf3S7F/XL80mkWWv/5HkD4s/r1+are+aFP93FJXxNCL9KIn9LdpduHDxzEylMne+qE8unn1ncuHCxWdOn505NXdq7tz00aNHDk89/9z0s33Jc1ce67735w/sPfbm1Vdnj1996/sv83h3Ftsb86gZ67nNcpSXX5Nmj/f87BvLroZysmmAgdCVvK/nh2uk2v9HoxQ3D95ovPLhQIMD1lWWZdmWFWuXRwBLGXAHS2LQEQCDUf+gz69/68stHH4M3LUXaxdAed43iqW2ZVOkxT4jTde3/VSOiONLf3+aL9HyPgQAQH99nY9/nm41/kvjvob97irmhsYi4u6I2B0R90TEnoi4N6K67/0R8UCX7Zeb6ivHPz9tW1NiHcrHfy8Uc1v/Hf/VR38xVipqu6r5jyQnT1fmDhWvyXiMbMnrU6u08c3LP3/Sblvj+C9f8vbrY8Eijt83Nd2gOzGzONNLzo2ufVC9B3h5Zf7J8kxAEhF7I2LfGp5/a0ScfvKLA+22/3/+q+jDPFP2ecQTteO/FE351yWrz09Obo3K3KHJ+lmx0g8/XnmtXfs95d8H+fHf3vL8X85/LGmcr13ovo0rv37c9ppmref/5uSNanlzse69mcXF81MRm5Olleunbz62Xq/vn+c/frB1/98d8c9nxeP2R0R+Ej8YEQ9FxMNF7I9ExKMRcXCV/L976bG3157/+srzP9HV8e++UDrz7Vft2u/s+B+plsaLNZ28/3UaYC+vHQAAANwu0up34JN0YrmcphMTte/w74ntaWV+YfGpk/PvnjtR+678WIyk9Ttdow33Q6eKe8P1+nRT/XD1vnGWZdm2an1idr6yXnPqQGd2tOn/ud9Kg44OWHddzaO1+0UbcFvye00YXvo/DC/9H4aX/g/Dq1X/vxxxYwChALeYz38YXvo/DC/9H4aX/g9DqZff9a9W2H1svZ75TiuUNkYYXRci3RBhrK2QbowwaoUtEdHpzpfjVgU26HcmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/vg3AAD//zLQ7Dk=") syz_mount_image$fuse(&(0x7f0000000040), &(0x7f00000000c0)='.\x00', 0x84406d, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'lo\x00'}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, 0x0}, 0x0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) 31.9612532s ago: executing program 3 (id=558): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) splice(r0, 0xfffffffffffffffc, r1, 0x0, 0x20, 0x0) 31.473182726s ago: executing program 3 (id=563): r0 = syz_open_dev$vim2m(&(0x7f0000000140), 0x200000003, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f00000001c0)={0x8, 0x1, 0x0, "9e3961c6a5efca2c7582ec9fb400"}) 17.633299528s ago: executing program 0 (id=614): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f0000000440)={0x1c8, 0x3, 0x1, 0x201, 0x0, 0x0, {}, [@CTA_FILTER={0x3c, 0x19, 0x0, 0x1, [@CTA_FILTER_ORIG_FLAGS={0x8}, @CTA_FILTER_ORIG_FLAGS={0x8}, @CTA_FILTER_ORIG_FLAGS={0x8}, @CTA_FILTER_REPLY_FLAGS={0x6}, @CTA_FILTER_REPLY_FLAGS={0x8}, @CTA_FILTER_ORIG_FLAGS={0x8}, @CTA_FILTER_REPLY_FLAGS={0x8}]}, @CTA_PROTOINFO={0x10, 0x4, 0x0, 0x1, @CTA_PROTOINFO_TCP={0xc, 0x1, 0x0, 0x1, [@CTA_PROTOINFO_TCP_WSCALE_ORIGINAL={0x5}]}}, @CTA_TUPLE_MASTER={0xffffffffffffff22}, @CTA_LABELS={0x18, 0x16, 0x1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}, @CTA_TUPLE_ORIG={0x54, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @private}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv6={{0x0, 0x3, @loopback}, {0x0, 0x4, @remote}}}, @CTA_TUPLE_ZONE={0x6}]}, @CTA_NAT_DST={0x68, 0xd, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @loopback}, @CTA_NAT_PROTO={0x34, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x6}, @CTA_PROTONAT_PORT_MAX={0x6}, @CTA_PROTONAT_PORT_MAX={0x6}, @CTA_PROTONAT_PORT_MIN={0x6}, @CTA_PROTONAT_PORT_MIN={0x6}, @CTA_PROTONAT_PORT_MIN={0x6}]}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @local}, @CTA_NAT_V6_MINIP={0x14, 0x4, @rand_addr=' \x01\x00'}]}, @CTA_SEQ_ADJ_REPLY={0x3c, 0x10, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8}, @CTA_SEQADJ_CORRECTION_POS={0x8}, @CTA_SEQADJ_CORRECTION_POS={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8}]}, @CTA_LABELS={0xc, 0x16, 0x1, 0x0, [0x0, 0x0]}, @CTA_NAT_SRC={0x48, 0x6, 0x0, 0x1, [@CTA_NAT_PROTO={0x44, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x6}, @CTA_PROTONAT_PORT_MAX={0x6}, @CTA_PROTONAT_PORT_MAX={0x6}, @CTA_PROTONAT_PORT_MAX={0x6}, @CTA_PROTONAT_PORT_MAX={0x6}, @CTA_PROTONAT_PORT_MIN={0x6}, @CTA_PROTONAT_PORT_MAX={0x6}, @CTA_PROTONAT_PORT_MIN={0x6}]}]}]}, 0x1c8}}, 0x0) 17.399487548s ago: executing program 0 (id=616): r0 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x2c, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=@newtfilter={0x58, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {}, {0xf}}, [@filter_kind_options=@f_matchall={{0xd}, {0x24, 0x2, [@TCA_MATCHALL_ACT={0x0, 0x2, [@m_connmark={0x0, 0x0, 0x0, 0x0, {{}, {0x0, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS]}, {0x0, 0x6, "f397d76f195ac9ee93081756f52a6ae0ec23942407daeda741340d51abd9aaa9d3e8c85bbf480f09dbe1e69f5927c2fec087101e25d34c6a7f411843e8170d33db5c74d6da8daa1adb2c5e5ae4a239ec4ee6072f1e49e58b6bace608f301543efc0354cfaefce20e439eee26e5bd700c45577c00711c5b8fadb1716f27751a903cf37de50a69a34a3c2250d59ea54fa8fdf9fd7c0f6e0e0821be4de8963dc20056aeb1971f72f944b9fb6836ada38778c2a28abf0b75810a4f5ae8e3a30ee549ef77aae0383b0d2212b8aaa1179e2e65967cebf4723e76d3ad97"}, {0x0, 0x7, {0x1, 0x1}}, {0x0, 0x8, {0x0, 0x2}}}}, @m_xt={0x0, 0x0, 0x0, 0x0, {{}, {0x0, 0x2, 0x0, 0x1, [@TCA_IPT_HOOK, @TCA_IPT_HOOK, @TCA_IPT_TARG={0x0, 0x6, {0x0, 'mangle\x00', 0x0, 0x0, "eb5c5850e8acfec1ad2564c9de4dbcff131ef06a36f4e5ca184721572de341ce5303e036164bde3b7ff09ee94818ac799f647ffa7b6cb3b8a5e8a71d616ced164a"}}, @TCA_IPT_INDEX]}, {0x0, 0x6, "e3f2f4ef9dd78f9a3211d6c4ccbb1a6694480f9ccbc10a00dab1bdb110a91ec640354f15404dccd3ffdcccaad121f93e299e10f25d76cb834076f38b5f0ff58123939d00ef65134cfec522ea3daeda06250599b99f47803e18b80f5f9ad3689a326d3ec9524b810c31c699fe6feef168ea81ba7db13eea"}, {0x0, 0x7, {0x1, 0x1}}, {0x0, 0x8, {0x1, 0x2}}}}]}, @TCA_MATCHALL_CLASSID={0x8}, @TCA_MATCHALL_FLAGS, @TCA_MATCHALL_CLASSID={0x8}]}}]}, 0x58}, 0x1, 0x0, 0x0, 0x44}, 0x24000000) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 14.593528283s ago: executing program 0 (id=624): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet6_int(r0, 0x29, 0x1f, &(0x7f0000000100)=0x1, 0x4) 14.457569733s ago: executing program 0 (id=627): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000001c0)={'batadv_slave_1\x00'}) sendmsg$nl_route(r0, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f00000000c0)={'veth1_to_bridge\x00', &(0x7f0000000000)=@ethtool_rxfh_indir={0x38}}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000001240), r5) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r6], 0x48}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000240)=ANY=[@ANYBLOB="611563000000000061138c0000000000bfa000000000000007050000080013002d15010000000000950017b8000000006916000000000000bf67000000000000350607000fff07206706000002000000160300000ee6fe5fbf500000000000000f650000000000006507f9ff01000000070700004ddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703cac4f6f3be4b369289aa6812b8e007e733a9a4f19de57b9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03cc86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67ab93716d20000009f0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f674629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253887a5ad103649afa17690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000007b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40446d7074be86a912a5ac00f7ffffffffffffff000000000000c1eb2d91fb79ea00000000000000bb0d0000000000000000001fe4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba90000000000000000fffb0000000082fb0d3cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b00631d22a11dc3c693962895496d4f6e9cc54db6c7205a6b068fff496d2da7d6327f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809f905f12f6106f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3f00004d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad0fceee5f339550130a497c37758537650fe6db89da3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3116dbc7e2bf2402275fd7a55733360040855ed5d1c0d634fc5fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff139604faf0453b65586f65c7943d54b52f06c870edf0c5d644b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a57ff52f657a67463d7db0825e9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca871073f6bd61dc18402cde8bf777b2eaa45c940aabc86b94f8cbde4d470667bee722a6a2af483ad0d3415ed0f9db009acaba9eaea93f3b563ab9000000ff000000000077a99fb5b0a43749ca477c9c7ca20bd428d8f77bb920ad0db4c1da671bfad7f109b776476a54939e621232cd115ba9f37057ad891fea2353f3ad9c042c64a5ecf80f4e4cf927ae39347c22822375c26edf2754695c16780429e03759691adb63553e9c4561528ded5f35bb20e98b2e6d01dbfcde82608359c50881324524db0dbe21efba4f0fc338f4b0b11cb028d1063b3bacaab92fb7f9d2971440f873ec261d54c1570adef8004c91896fcd74c9e03dfd9a781210c0346ed1b02a44c64adad8a3f238a8ddf7207c45057c02e922b942f15ddcfbfb00"/1752], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffd2}, 0x48) sendmsg$nl_route_sched(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0), 0x38}}, 0x0) socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)=@newqdisc={0xf8, 0x28, 0xf09, 0x0, 0x0, {0x0, 0x0, 0x0, r6}, [@qdisc_kind_options=@q_taprio={{0xb}, {0xc0, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x2}, @TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x0, [0x9]}}, @TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME={0xc}]}}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x4}]}, 0xf8}}, 0x0) r7 = syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x400e, &(0x7f00000001c0)={[{@i_version}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@lazytime}, {@block_validity}, {@quota}]}, 0x1, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV") r8 = creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r9 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r9, 0x0) syz_mount_image$udf(&(0x7f0000000180), &(0x7f00000002c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', 0x400, &(0x7f0000000d80)=ANY=[@ANYBLOB='nostrict,umask=00000000000000000000010,unhide,longad,utf8,lastblock=00000000000000002304,anchor=18446744073709551615,gid=', @ANYRESDEC=0x0, @ANYBLOB=',gid=forget,uid=forget,noadinicb,shortad,iocharset=ascii,lastblock=00000000000000000009,iocharset=cp950,fileset=00000000000000000001,undelete,anchor=00000000000000000006,partition=00000000000000000008,anchor=00000000000008421375,session=00000000000000000001,anchor=00000000000000000005,gid=', @ANYRESDEC=0x0, @ANYBLOB="83338f47e5f6c59d", @ANYRESHEX, @ANYRES8=r7, @ANYRESDEC=0x0, @ANYBLOB="2c736d61636b66736465663d233f9d1abf59c53229ddd780b162f44a0e44f3436d598025e596d23078a3e733e07b480ad2f41c3ccd7956530c3be5c0d1833ad4954140d857bb924e0f613fe32a0c1461263f77581d8ed8b341959c53a341493644534a4b27223d1faac6bf7df530d100a57452b6a3abc826bb0f0b82809ca1e13376959935f589115abe267b25f42757304b4d6c7ffaec13f3079a4658933152fe693cc762ce82776b4003c4ac3d9d3478da3da1f79ad788d3b25f59422ba668e32c00"], 0x9, 0xc26, &(0x7f0000001e80)="$eJzs3U9sHNd9B/DfG5HiUm4rJnYUu42LTRukMmO5+hdTsQp3VdNsA8gyEYq5BeCKpNSFKZIgqUY20oLppYceAhRFDzkRaI0CKRoYTRH0yLQukFx8KHLqiWhhIyh6YIsAOQUMZvatuKRISxFJibI/H5v67s6+N/PevPWMLOjNCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAg4g9evXT6THrUrQAAHqYrY185fdb9HwA+Vq76/38AAAAAAAAAAAAAADjsUhTxZKSYv7KeJqr3bbXLrd5bt8eHR3au1p+qmkeq8uVP7czZc+e/+OLQhU5ebs1+SP399ky8Pnb1Uv2VuZvzC9OLi9NT9fHZ1uTc1PR972Gv9bcbrE5A/eYbt6auX1+sn33h3JaPbw980PfEiYGLQ8+derZTdnx4ZGRss0jtgY+9g91meByNIk5Fiue/+5PUjIgi9n4uag937LfrrzoxWHVifHik6shMqzm7VH442jkRRUS9q1Kjc452Hovo6X2ofdhdI2K5bH7Z4MGye2PzzYXmtZnp+mhzYam11JqbHU3t1pb9qUcRF1LESkSs9d29u94ooidSfPv4eroWEUc65+EL1cTg3dtRHFwXd2jmXcp21nsjVorHYMwOsb4o4rVI8dN3T8Zkec7yT3w+4rUyvx/xdpkvR6Tyi3E+4v37GSAeCz1RxF+W439xPU1V14POdeXyV+tfnr0+11W2c135Je8Pd10pHtH9oX9bPhyH/NpUiyKa1RV/PT34b3YAAAAAAAAAAAAAAAAA2G/9UcQzkeLV//iTal5xVPPSj18c+sOBX+2eM/70PfZTln0hIpaL+5uTezRPDBxNoykd4FxiPlwtivjTPP/vm4+6MQAAAAAAAAAAAAAAAAAAAB9rRfw4Urz03sm0Et1rirdmb9SvNq/NtFeF7az921kzfWNjY6Oe2tnIOZFzOedKztWcazmjyPVzNnJO5FzOuZJzNedazjiS6+ds5JzIuZxzJedqzrWc0ZPr52zknMi5nHMl52rOtZxxSNbuBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4KCmiiJ9Him99fT1FiohGxES0c7XvUbcOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACj1pSK+Fynqf9S4s60nIlL1b9vJ8pfz0Tha5iejMVTmy9G4lLNZZU/jm4+g/exNbyriR5Gir/bOnQHP49/bfnfnaxBvf2Pz3a/3tPNI58OBD/qeOHH84tDIbz692+u0UwMGL7dmb92ujw+PjIx1be7JR/9k17aBfNxif7pORCy++dYbzZmZ6YUHf1F+BfZQ3QsvDuuL6DkUzXg0fedjoLz/vx8pfve9/+zc8Dv3/19pv7tzh4+f/dnm/f+l7Tu6z/t/z/Z697j/P9m17aX8u5Henoja0s353hMRtcU33zrVutm8MX1jevb86dNfGhr60rnTvUcjatdbM9Ndr/bldAEAAAAAAAAAAAAAAAA8PKmI348UzR+tp3pE3K7maw1cHHru1LNH4kg132rLvO3Xx65eqr8yd3N+YXpxcXqqPj7bmpybmr7fw9Wq6V7jwyMH0pl76j/g9vfXXpmbf3OhdeOPl3b8/Fjt0rXFpYXm5M4fR38UEY3uLYNVg8eHR6pGz7Sas1XV0R0n0//yelMR/xUpJs/X02fztjz/b/sM/y3z/5e37+iA5v9/omtbecyUivhZpPidv3o6Plu181jcdc5yub+LFIMXPpPLxdGyXKcN7ecKtGcGlmX/L1L808+3lu3Mh3xys+yZ+z6xj4ly/I9Hiu/9xXfit/K2rc9/2Hn8j23f0QGN/1Nd245teV7BnrtOHv9TkeLlJ9+J387bPuz5H51nb5zMhe88n+OAxv9TXdsG8nE/tz9dBwAAAAAAAAAAeKz1piL+PlL8YKQnvZi3df/9r+XP7fz3/6a27+iA/v7Xp7u2Te3PekX3fLEPpxUAAAAADoXeVMSPI8WNpXfuzKHeOv+7a/7n723O/xxO2z6t/pzv16rnBuznn/91G8jHndh7twEAAAAAAAAAAAAAAAAAAOBQSamIF/N66hPVfP6pXddTX40Ur/7P87lcOlGW66wDP1D9WrsyN3vq0szM3GRzqXltZro+Nt+cnC7rPhUp1v/2M7luUa2v3llvvr3G++Za7AuRYuQfOmXba7F31iZ/arPsmbLsJyLFf//j1rKddaw/tVn2bFn2byLF1/5l57InNsueK8t+J1L88Gv1TtljZdnO81E/vVn2hcm54gBGBQAAAAAAAAAAAAAAAAAAgI+b3lTEn0eK/725cmcuf17/v7frbeXtb3St97/N7Wqd/4Fq/f/dXj/I+v/VcwWWdzsqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8NKUo4q1IMX9lPa32le/bapdbs7dujw+P7FytP1U1j1Tly5/ambPnzn/xxaELnfzw+vvtmXh97Oql+itzN+cXphcXp6fq47Otybmp6fvew17rbzdYnYD6zTduTV2/vlg/+8K5LR/fHvig74kTAxeHnjv1bKfs+PDIyFhXmZ7eBz76XdIu249GEX8dKZ7/7k/SD/oiitj7ubjHd+eg9VedGKw6MT48UnVkptWcXSo/HO2ciCKi3lWp0TlHD2Es9qQRsVw2v2zwYNm9sfnmQvPazHR9tLmw1Fpqzc2OpnZry/7Uo4gLKWIlItb67t5dbxTxRqT49vH19K99EUc65+ELV8a+cvrs7u0oDrCP96FsZ703YqV4DMbsEOuLIv45Uvz03ZPxb30RPdH+ic9HvFbm9yPejvZ4p/KLcT7i/R2+RzyeeqKI/y/H/+J6erevvB50riuXv1r/8uz1ua6ynevKY39/eJgO+bWpFkX8sLrir6d/9981AAAAAAAAAAAAAAAAwCFSxG9EipfeO5mq+cF35hS3Zm/UrzavzbSn9XXm/nXmTG9sbGzUUzsbOSdyLudcybmacy1nFLl+zkaZtY2Nifx+OedKztWcaznjSK6fs5FzIudyzpWcqznXckZPrp+zkXMi53LOlZyrOddyxiGZuwcAAAAAAAAAAAAAAAAAAHy0FNU/Kb719fW00ddeX3oi2rlqPdCPvF8EAAD//3BQ/AU=") write$FUSE_NOTIFY_INVAL_INODE(r8, &(0x7f0000000240)={0x28}, 0x28) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x2800715, &(0x7f0000000280)={[{@usrjquota}, {@user_xattr}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x22}}, {@errors_remount}, {@mblk_io_submit}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x8}}, {@usrjquota}, {@delalloc}, {@nodiscard}]}, 0xee, 0x43a, &(0x7f00000008c0)="$eJzs281vFOUfAPDvzLbl9wOhFRGlglbR2PjS0oLKwYtGEw+amOgBj7UtpLJQQ2sipNFqDB4NiXfj0cS/wJNejHoy8ap3Q0K0MQE91czsTNku3dKXXRbZzyeZ9Hl2nunzfHfm2XnmeXYD6FpDEdEbEXdFxK8R0R8RSWOBodqfa0sLk38vLUwmsbz8xh9JXu7q0sJkWbQ8bleRGU4j0k+S2sEN5s5fOD1RrU6fK/Kj82feHZ07f+HpmTMTp6ZPTZ8dP3782NGx554df6YlcWZxXR38YPbggVfeuvTa5IlLb//4ddbe/Ydq++vjaJWhLPA/l3ON+x5rdWUdtrsunfR0sCFsSiUistOV5v2/Pypx/eT1x8sfd7RxQFtl96YdzXcvLgN3sCQ63QKgM8obffb8W263aOhxW7jyQu0BKIv7WrHV9vTkz0RRzI+0y1BEnFj854tsizbNQwAA1Ps2G/88tdb4L439deX2FGsoAxFxd0TsjYh7ImJfRNwbkZe9LyLu32T9jUtDN45/0stbCmyDsvHf88Xa1urxXzn6i4FKkdudx9+bnJypTh8p3pPh6N2R5cfWqeO7l375rNm++vFftmX1l2PBoh2Xexom6KYm5idaNSi98lHEYM9a8ScrKwFJRByIiMHN/es9ZWLmia8ONit08/jX0YJ1puUvIx6vnf/FaIi/lKy/Pjn6v6hOHxktr4ob/fTzxdeb1b+t+FsgO/87V1//DSX6/0rq12vnNl/Hxd8+bfpMs9Xrvy95M1+z7itee39ifv7cWERf8mqeX/X6+PVjy3xZPot/+PDa/X9vcUwW/wMRkV3EhyLiwYh4qGj7wxHxSEQcXif+H1589J2tx99eWfxTa37+rVz/A6vP/+YTldPff9Os/o2d/2N5arh4Jf/8u4mNNnA77x0AAAD8V6T5d/+TdGQlnaYjI7Xv8O+LnWl1dm7+yZOz752dqv1GYCB603Kmq79uPnQsWSz+Yy0/XswVl/uPFvPGn1f+n+dHJmerUx2OHbrdrib9P/N7pdOtA9rO77WgezX2/7RD7QBuPfd/6F76P3Qv/R+611r9/8OGvLUAuDO5/0P30v+he+n/0L30f+hK2/ldv0Q3JyK9LZoh0aZEpz+ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWuPfAAAA//8t1+6d") r10 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) open_by_handle_at(r10, &(0x7f0000000240)=@reiserfs_2={0x4b, 0x2, {0xb}}, 0x0) 13.412132954s ago: executing program 0 (id=636): r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r0, 0xc008551c, &(0x7f0000000000)={0x2}) 13.154132865s ago: executing program 1 (id=637): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.time\x00', 0x26e1, 0x0) close(r0) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7020000000d0200bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000be000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c46088000000008000"/686], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x3a, 0x10, &(0x7f0000000340), 0xd58495bc, 0x0, 0xffffffffffffffff, 0xffffffffffffff5b}, 0x42) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000011c0)={r0, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) mknod$loop(&(0x7f0000000400)='./file0\x00', 0x0, 0x1) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', &(0x7f0000000600), 0x0, 0x0) 12.780129754s ago: executing program 1 (id=639): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0}) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, &(0x7f0000000180)={{@my=0x0}, 0x0, 0x1}) ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r0, 0x7b1, &(0x7f0000000140)={0x0, 0x6}) 12.525322543s ago: executing program 1 (id=641): r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=@newqdisc={0x3c, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_RAW={0x8}]}}]}, 0x3c}}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, 0x0, 0x0) r4 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4) bpf$PROG_LOAD(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r6 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r6, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001f80)=ANY=[@ANYBLOB="b702000009000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2e6405000000000065060400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000002c3f2cc2b7956244cef7baf48e6d2885a09a87507ebfc75b5b0f4e4309ebcdac5f7a860c008cbdd3b4c3b7f28754860c9c781f6410457253e89ad528d985636a86ec0f68f59cd1159a2c2e85d726859a919cc9548a349980d1ccdce27f94bc074c27f81078545c146a0857153b7b8f00034debae58a4ab415b0d7ff0575cc272cd3d7e8d974927676468ff2d86e0ffac94792ed9cf6b40b3cf252a47c05ae8a70d57cc3e067d1867b54d24e20000000000000020009ebf84d3b042d6e432cd080e3b57239f0127473e6ba922aff649609d40b47ec331ccba3cf96f9483ff19a6471bf5abc742d9cbcfb964b11b31034694a6aad86cf08a6c7b2235dc99de9aa3e6b77c7a2877261ed32da90864987f30926c9013eec3b86836ae50447aa5a79f40c235000000453302712c3d8fc4e2b61adb0695e800000000d4f4e91f0000002c33df424d1bafe5725c8a404724f8a4f1cda7997b65954f74097560b91da309b887af2485c2d9ab09b523000000000000000bf7b2ff4602aec1eea200000064881c5630521a08e051374cf05c921a06fb7818000000009dc8d95e0e5b365d10e1004dae58b3b5b89709b0ff47b200000000004000cbef88811dc8c1b27ac7d9a6bb70f60eb9c01dd2fc79b85e4d961498f3a80131d21d856177a2189f45d011ef1da5c6d57bb8fd387ccea9c3899a914e47e82f040000009d81003f927355408f87264797d3fa970949793b94329d580500d1f91c0d22587e05a61e3d8576ca168e88d7a9af95b04a37c27bfffab9abbb31fa8c0080258cfa6d3f166e695f3c56490aeef464d9965d70a50f1282619344f223548e750339643adac1322c87ca253ff2fb1882760d6feab16bacdf83c11816dbe959ebc5ec479c8319f73e2249eab0486b110702a481d3b51976a52303056e800b4ae5acc2dfae60ab958e9f3ef9b4aaa4e8d6166f636a65eb1d672bf2000000cda8462cc9b16624998be65683321e970000000009b8e20762c1bf4a3eb6769f2b23e842bacd9c685edea0ffa3e975424f8ede49e61a4de808a38ba3512d64dc71867df4eee3f1ff791cf7c9862f98b45852e4b2f78721b978a2df2f2a29a387c6f0576b36038f819286eca99a6a434811cf2a117d775fe986a49fb82cf5f15972d5ab18f1045384501adabb20f7b0e15ff47f1744e2341b59034959a1289ba6e243668e6735305707e3de7652bfc5b60c76deff43a1d6fd6a4180ab723735abbeffe7f2ec3a0bb86f9eddfc0f3d1d503d7a54b49e1ae6c5aa620d27e91aa0aa0ed6fcacfc91fbb4c256409e54daefbb107c381fa729ff5f3907d93430da178d685d7730f5e129438a5214f722096d2986334c2576bef69145d3fbd78a9059e454474f92e65828b018174a9f4738b8c71fbdeac26ab95e02f9a847182766964976b1fccdb9f35721e43e33883cf16ed1343fb7429eb395123b0a4262b7023c22039b9002589a378ed4c6267965af78b861bd025312538cec97966b8973d4e299d9802264d06e40ae118e1d242d1128dcedeb44030df12ef68f78215d65f96eb55db8cbcb060008000d988374f85451a694ffe38a1d03916ff10dc82b31c98d42e1a1bda1290de1a499a5a385b31112a48ba3e6d6849914c1788a7aca37177cc341fff44fec5c5e0abae01c439a1b0311e074e81ae9993b5b3459553e4ece78d4c1501c70f5d81e0725d5b273755c0000000000000000aa4234ff82182952a76233d18e7d49638aeb04e7a9e9e7eafb7c255372795d2d192a0a33cab0f5bf2e93e0544fcdf2df2bc6ce96e5a11993d54f97a23754ac828674dbb93c0ad345715be4a13678b01edf76d8a923655800a2c88cce004505ab45d8f5f88aa887bbce5c18970428516f6099bdbb2cd7a2356397f1a0a23e662e2a6c4834400cbaa41c3c574e6e6aefb7a68da5ec1ae49f968bbe0e0bf9878516f553639f5b4828e92019b61f5874be1c7cdd9482df50bc24b8a1fa10d291390eb84e26a2e8dbeaa45604b05a116c1210a7540bf81005044273f5a8ffc538db289350eb248e483bd8920efcf30a798c2b636243e0a37262ca47dfeefa753ba528f7ba77e825051ce69b4475d7d714ba0c636e6ae9f710411d30ef424aeaabe057c7df6ff8f767bcd9012e1047c686f5ccb76ab3a5df53cbc22ba7ea8f6a8e220bb4d83de1e4dc19d6c1be841503850803bc2c2d5e0e34270a7f1cca0c6c53a8e5f891f7a793a70da62d6d88fbb90d220acc687931b42d6be83ab870da3c0a567f5e65ec0457f4ad2a4ec0b671b36388afd5520a8483a4b11f7d02a409315f0f9e59f47668d68a74838d6976e12fd45200014041dffacbf60892ec8bd7560686f137a806d3dfaba900b47cac62f828342fff009adb5b2251461a1b9d6ba625b8fe04e69a1a4be2696f0000000086e172932e03000000000000005942e1b9d6dc28ab8e19e1111dd893e801015642faf21eef40d6e7de3ef62c4bc5ff17e7aeb2841098f845d1cc9ec4eee79c298fb0ba939b13707044e2e9cc0d350438c1c8c6bb9a38c6ac5ca0d9cf1f3d6915f25cb26edfc28b3079b97df32601240e454db103fb0c4a143673a3f160d3a7b83ecd0509ce9eba0c7bf7843799b1b56a234f9eaab8a3f14f1472bb6aaeb8ac9ee4054605558ab31f339f6a4caf2ee2fd01f34dca3300000000000000000000000000000000f59f8e6e00000000c44130098d833a24000000000095e6f945ba9a941cef5e70b8c152321e24b5b29bcf374dcf5a29a35d76e6e2bf8df95462690a4fc9ec8129e92b6ebb4b40a992a75d3c595426ae40d0bfc87db24d856359079b29b3c374d081c300b2cfaa596d24e800ef8e2201f2fb7a9946f89f9f31f7cbd603fd7f8898c70b5c65f2e28f22e1a79a6af3a54861b07f124642e98389557affbdede09b5566a4a1ee73b20846810030a754acddcdafe3ceeeebc0b5f2fedfe7d198e3067f3dbac9441a9ab8409cbbb7e15b9ae3944097de34de2001c8533a3766e6e4c4c4702ccb932a27a3962814cd6aa8fc684beeaa3932efae3a9052be8eec1e95f6ad8d41dd34829503ba4b66e27154cb6e34aa13450522df1723130b6fe347c93f00e40e293c98d849a33f773c743728992f40faccd5c23130a1c6bfd6fc661bca1598137ddd1090ded672f5a48a40cab3f640c8241a364cbdd3f188eec7da7bccafbd5bf28a46f0eecc6b550471b0b0770c6a5a411c0e0b19e15a461e7c6833ba936e214b013f2819ec6572a43b5cd32b11d7e4f8dcf8f7820a17b7b2ee6178a03351dd25091e46bfd82a3979b9cad109fd6217cd52aa81bdabd50826a674bd16b8f7e6aed12a305366599f5f029a7b24558c027518c669760500002f1c19d16a6f391906000000cc0bbbfb8c698ecc137d96711100e0108d3bd2afed0b279ebf0527552a9331e646c424b14ffbb815622bfd2f635855bed1b164d0a56bd104be069854111c5b26ec3c652b5f0a6b9676dae987ec23456ba05a4dfb15321ef6b76e7e547a688c67ab531cfc784c9f940d9fb0464a6cce635e14b80dc5c1c64e75e6bd5355d84f8df272f18f58c570e7afd83ee77f157c146aa747b728969aeb4aba1d8f9de1b3fb8ab6ea50e884c2ea98e6400bf0c5ae2887cd1da0e57ccfdf5eca2b455247efcc13102846c0a85f20c80007c0ce6efce627b95b8ad3003385de97101678fb2163ecea6e70a77a6fbc089e31a5ccece932229b8f79faa6863d6857c3d9a9710f9f8ad16eeb8342278f311cbc226498028234d21466892983378fe64acbb44f694cd78e43c74aa75505cb1c91b189f8f89f233a05f5cd4e173a373178557843dd705268f74a9e5429945503195aefd6706b584d8408c9652b3fe68500747f7ee8375fa559c3ad195d3795df1a8364cd13acc3256ee4634c73eeb6954d0fcf09ab84df0b8900e0c6fea2ccb600ae7a4b128cae19df160e7c207b89132d1d5bdc9ffc79f0549b82df521817651d5fead5128205b92ccdccc69407ab556217af277af911dbd456dfc43dd061b6c91485dcc208cf0b3d0bf851de413f5de5ec015e296914afab6411109355e027ce04990d9aae251b9deb11b7db45b9f15b7b55d8fdbedd9e6cf891205694f02be8b9ea8ecd41308a0e1b93ae3435bfa88b440b1f701b4d0fc49c82193f27f8023b630ea97edbf3bf421a0a1a2b4ac7bb30bcd1cdd172c0df37408fd6827bb03e8742fc1c7a2befd1299928c5f79e846a8dc7ca648d960a759e6711b69776896a9656d59af6d44bc5348229fa84ae78af8421a22c4b4c17a3d24a4a0104000000000000d77cc4eef51c2b417c8c7458ddd7dd9d1a863bf0a9e1a30a19020490038017a5c7e474c83302a2c2b5c976dacf3dda7191c757f208000000000000005f7ed983f65723fbb36b9b51abb0dbcd335700000000000000000000000000000086666201251aa4f139d0485ffcf89f01639fd1579a3802f720a0215c720a97071f5065a23642a58275dbca444b00e2e5835185d5d5b2796eb0fe32cf3b0633f58ecc7648c3c6efe82f93a3008052416512eea30ea9472e0b456a652883c0907323cf03be193a05008cdef7a98a1671a1918df310dc4bfd61c3db4819ab1c57b348a8ff1ed36364a20fe846f1cd086058d139ce528425b31c5d08b433562ffb318c1285011f9b78b2401989384311101e452f54661ecdb2514a6ae50dbdd422de0f0f8c670000000000390be79688f80c47314cb1b14afcaa5d23f9032e0ec51f45f447d6a7c798fcf7e60e2180e289410801e4f03a0e140f388f25b92da1025d8409e171a2336ed71cca86eb4658fe06df286e0e20276b0618eeffd05774f15686cd9d3182ca2fec863875f305fed6baf48a594db12582a38cfdffffffffffffff0cf8d920517835fe7d09cfcb624f6931f1cc6f6b71f58de9ddc38e0c43992f6bc57a718d0cfd197b5324b4e05ef1caa96db3ae1f2f2e5791faba2ebbe1a6faf21f2748fb1fb6743c3ca8af4e6b02518c9b7fdc1b5721eb1c3ed98db25536f74ac7861afc94544e52dcb5c60460a05802e3b437ac977bfa26b887a2443e8d559c58187f004eb82b07937df6e96f77ed551926bec4e0188fae10a35d1c5f1768ac6be829bea46f1babc3d74adc31ca71bdab9079e4288881b434484eadde9da6b81802842abd462d546c59d87acc014f81d3414759bda12d2a2c6bc1bfa807bd3101eb227184a61107b6d0618e2a3b842671e084ac3f0ff94dc48b51601247318ab4d1c5106458000000000008000000000000cfee0107e6c2fe8639d926829fdbbd86bf591a8c3c235d8939af9d923f648165881a6c29997234406400b3b1c321cc158dbe17123eace30000000000009ea77cb4d3ca892600000000796de6ae4ae40bdf9a6e8c5dc29562262af9cd54e8e3ecc7e3c8cba0ecc791683496c4e5c1a5729714d9f9031f49b400cd2667b4ea6df54809615a4f973f93e6ccec72f16ff998e29ed99df733680a9d5cea57f99cc139b6ea9014f3000000000000000000000000000000000000feeab45a4046a622b0dceb413e4e39b7317e92cbed46b41ab5115bfb542c933783d750852dfdc6656aaf15e10615a88821f2f1bc53969b52d6852755e7681ad5beda80b38ccd34116b99f50b4fdd967b3f20f260455412b67563e40e323bde9d673fceda0ad6981565c8a183d928903b4f4472dde41b6dcd75314c31e704dfcb222c8359fe88944f852242270c932abfaeece0843d708f5cd25b2a63ae1e79723c1c3c013836b47da0a35d0f34c070000000000000422ae2c148d444dd437a7d2f5e575009bc2d17a199802409329dae8baa58d3de63ad45328a9d4dc1ace543dfe11913c6c6413f8f7a15657d012fea460bb4656a20df1ba26932b0ef49f8ea88d7b4c1289314ba789661640f1b5d7cbae103fa95b0035f1e8e866307d4796eab0992704f9e00be4b1af8dfa9e94ad74e607ea9d7d7a95ed5a15429426abbed8d2c657018305c6f9e5159a5453f958991a908ff4cb2e8cbccb1d3c8daf754e4b01b2edd023e5bfdf293bd28fc1f8885f6edd5a715df4d180247feb08e9e2e5126c48be6098e711f0d86de5d76fdccae34eef9197c32ab4e6fcb52eb9ce18fdb621a75913a97254d783778203ec0bd1a8859683e1d01da4e81fb73bb3b358340a0310bf5ae17b917208da607fd7b125cf99fd3e9056f5184df7570ede94b736ae354b5b8ae2cc473b455f2f86d47c69027676bf1141f316b0f278f1692406572ee82766f8e5ff1cfec2a7a6cab7d0f2582a877c9bd4ca81089373f738d02e6bb4d3df30ac0f041e51ad36e1ff140812baf54b80635cc80963c8f69fa4506f7a30c99d3e538cc0aeafcad86ead38ed949aa3c204aea50e5e0039f01b82595b7dc921a8acc1f76340f060cc9a3acad3451c17dc9b5ca5d10a0cb1708592d1900a046f33761d50895febd9fd58cb132989766cf7c252daac259576ec218e3857e6fa97fe445d1fab51d87302a4bb28a4cfe462ee4849cc6832650188ca187d85509d8beccf9d9cf752368985804195b9fd2faf1aff8248f3981bd55cbbf514cd8365fee72cc7af053e5388ceadadb967ef735181df6a90cab13f58f6d563c9ab4ad37297aecffd8446cb2b14ec36a99af8393e3760d5970ba1debdcbccd54012c559ee2797ff962328aa6a252c0756e396ce4d52937546675203bdf1d6b120acac576523f8b1daa922188bf61536312f90dba92fb380c3c6fb5f9883a2c4dd99a1bac9b7cb25ff2ef9bd58ff97ddfdd2d4bcc371ee82245b57cd91a7fa3479cd339f54a5c422b753cd42d441ea881d46e419312db1f0cccced13468a188df7ab4840b9961e2a8b5202c9d9b00ee912572eea15d13abdf3b21ad680c88a513021c1d3a7b30d64960c03a01364b2324966bd89d917b15dcb4f8cbacfe05ddcc213d14189edcd9f8b828ebaaab4f56470d3abef47b6d88dc438c9b0a253c26c386464754e76c0d7bfbc1dfa7248982ec26bd725eb623bb12f96e63eb5d1a0030e58a6653247c986c7ca9f15fd84d5eb1cd5ee35c4f464dc1a789b06c6c7074fc927680eac8546b2aee2f8867d6bf36b88a99ff67c7b2dd68ae3380622653efcad276a0f4b446091b80653014e67629dfde0091c7f090a22b5c427d03ddbc"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r7, 0x20e, 0xe40, 0xfd000004, &(0x7f00000004c0)="b9180bb76003070c009e40f086dd1fff310000003c0020010010ac14142ee0080001c699da153f0ae0e6e380f60115f683317585d7472ce0ab4439f0f570ff155bc5f73ba3f8bb99a6e8ded1ce485cf058105cd981b42493481cd659416a2e10c9119664f36eb00b333c20c9ec0c222d644bdcb178c1cc53d6960fbb842d6a33dfcde3a1e1848135214baf139753866cadcbe3ce52505e992818cc452bee339d9ab076f484020eaa348a21d7911e4c44905256ec2cc54cca47a198b00c10aff62a4bed43a2ebcad92743fb22c593f28fd4bb7c703cde9cae0569d4c8d9a823f2c12863f7a6c0cf88ed22aae4f6f084508833b61429a25773eedf63dd9f33d430f2a0a30a7761db16fe0f743b95ded898c28aac1256ce2751b3d738899b8b19d9052b7f13ff94", 0x0, 0x31, 0x6000000000000000, 0xfffffffffffffe7e, 0x1d4}, 0x28) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r8, &(0x7f0000000180)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0) r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={0x0, r10}, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$IOCTL_START_ACCEL_DEV(r4, 0x40096102, 0x0) syz_emit_ethernet(0x46, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x0) socket$kcm(0x21, 0x0, 0xa) 11.544220612s ago: executing program 1 (id=646): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00'}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r0, r1, 0x2, 0x2}, 0x10) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00'}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r2, r3, 0x2, 0x2}, 0x10) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000280)={@cgroup=r4, 0x2, 0x1, 0x0, &(0x7f0000000180)=[0x0], 0x1, 0x0, 0x0, 0x0, 0x0}, 0x40) 11.223701448s ago: executing program 1 (id=649): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1}, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r4}, 0x10) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bf"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000080)='9p_protocol_dump\x00', r5}, 0x10) r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/rcu_expedited', 0x0, 0x0) pread64(r6, &(0x7f0000000080)=""/75, 0x4b, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r9 = dup(r8) mount$9p_fd(0x20000000, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000440)={'trans=fd,', {'rfdno', 0x3d, r7}, 0x2c, {'wfdno', 0x3d, r9}}) 10.792958366s ago: executing program 0 (id=652): r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r0, 0x402, 0x8000002d) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) writev(r1, &(0x7f0000000000)=[{&(0x7f0000000cc0)="e1", 0x5603d}], 0x1) mknod(&(0x7f0000000080)='./bus\x00', 0x1000, 0x0) r2 = open(&(0x7f00000002c0)='./bus\x00', 0x60102, 0x0) fcntl$setstatus(r2, 0x4, 0x6800) r3 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) tee(r3, r4, 0x3, 0x0) 9.13235295s ago: executing program 1 (id=654): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r0, &(0x7f00000010c0)="a7", 0x1, 0x0, &(0x7f0000000040)={0xa, 0x0, 0x0, @private2}, 0x1c) sendto$inet6(r0, &(0x7f0000000000)="9d", 0x1, 0x0, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @private2}, 0x1c) shutdown(r0, 0x1) getsockopt$bt_hci(r0, 0x84, 0x9, &(0x7f0000002140)=""/4092, &(0x7f0000001080)=0xffc) 9.113062878s ago: executing program 5 (id=655): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000002100), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f0000002240)={0x0, 0x0, &(0x7f0000002200)={&(0x7f0000002180)={0x2c, r1, 0xa29, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MGMT_SUBTYPE={0x5, 0x29, 0xc}, @NL80211_ATTR_REASON_CODE={0x6}]}, 0x2c}}, 0x0) 8.586934184s ago: executing program 5 (id=657): r0 = socket$inet_tcp(0x2, 0x1, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0xd, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018210000", @ANYRES32=r1, @ANYBLOB="0000000002000000b70500000800000085000000a500000095"], &(0x7f0000000300)='GPL\x00', 0x4, 0x1002, &(0x7f00000014c0)=""/4098, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe65}, 0x90) 8.327932353s ago: executing program 5 (id=658): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c000000020605003200000000000000010000000d000300686173683a6e657400000000090002001f007a3200000000050004000000000014000780080012400000000005001500b854207e05000500020000000500010006"], 0x5c}}, 0x0) 8.140695322s ago: executing program 5 (id=659): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000280)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x8086, &(0x7f0000000140), 0x1, 0x49d, &(0x7f00000007c0)="$eJzs3c9vFFUcAPDvTH8gP1sVURC0isbGHy0tqBy8aDTxoImJHvBY24LIQg2tiRAi1Rg8GhLvxqOJf4E3L0Y9GBNvRhOPhoQoMQE9rZlftl26ZVvabmE/n2TYeTNvee/bmTfz9r3ONoCONZD9k0Rsi4hfI6KvSC7MMFC8XLtybvyfK+fGk6jXX/8zyfNdvXJuvMpavW9rmRhMI9KPk7KQhabPnD0xVqtNni7TwzP188PTZ84+dfzk2LHJY5OnRg8fPnRw5NlnRp9elTizuK7u+WBq7+6X37z46viRi299/1VW3137iv3z41iO2SX2DWSB/1XPNe57dCWFbWDb560n3W2sCMvSFRHZ4erJ239fdMXcweuLlz5qa+WANZXdmzY13z1bB25jSbS7BkB7VDf67PNvtaxT12NDuPx8xPgvRfzXyqXY0x1pmadnDcsfiIgjs/9+ni1xE+MQAACtyvs2Ty7W/0tjV/5azOrsKOdQ+iPizoi4KyLujoidEXFPRJ733oi4r3hzva/F8hunhq7v/6SXbirAG8j6f8+Vc1vVUszplL2/NPq7ytT2PP6e5Ojx2uSB8mcyGD2bsvTIEmV88+LPnzZu21y+zu//ZUtWftUXLF3qbhigmxibGVutTunlDyP2dC+Mv9iT/D8TkJ0BuyNiz/L+6x3VyvHHv9zbLFML8Te3CvNM9S8iHiuO/2w0xF9J8vnJk+82mZ8cviNqkweGq7Piej/8dOG1ZuXfVPyrIDv+Wxae/w05+v5OivnanqjVJk9PL7+MC7990vQzzY3jTy81DlBn539v8kY+Z/3j28W298dmZk6PRPQmr+Tp3pi3fXTuvVW6yp/FP7h/sfM/za9xUR7/+yMiO4n3RcQDEfFgWfeHIuLhiNi/RPzfvfDIOyuPf21l8U/E4u2/1J/Mn6+fPnO2+tnObVl6pevEt18nTcpv5fh3bzqUz7MPllvy698NtFKvlZ3NAAAAcOtJI2JbJOlQ+YF/W6Tp0FDxO/w7Y0tam5qeeeLo1HunJopnBPqjJ61GuvrmjYeOJNVvwhfp0XKsuNp/sBw3/qxrc54eGp+qTbQ3dOh4W+faf3ktKNp/5o+udtcOWHOe14LO1dj+0zbVA1h/7v/QuRZp/5vbUQ9g/a38/r/EVwcAt4TF2v/5hrS5ALg9Xd/+f1/kK+sqvWtdHWAdGf+DzqX9Q+fS/qEjLXgk/tT2Vh+bt9LxK5FuiGp08Er15yfmtlSD9q29vXvJr8lo73UJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgtfwXAAD//54j7Dc=") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x30, 0x0, 0x0, 0xfffffffe}]}) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000001ac0)=[{{0xfffffffffffffffc, 0x0, &(0x7f0000001600)=[{&(0x7f00000000c0)='j', 0x1}], 0x1, 0xfffffffffffffffd}}], 0x1, 0x8010) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x56}}, 0x0) setsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, &(0x7f00000001c0)=0x2, 0x4) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0) r3 = eventfd(0x0) ioctl$VHOST_SET_VRING_BASE(r2, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f}) ioctl$VHOST_SET_LOG_FD(r2, 0x4004af07, &(0x7f0000000240)=r3) bind$alg(r1, &(0x7f0000000500)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes256\x00'}, 0x58) r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r4) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6}]}) mount$cgroup(0x20000000, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r4) ptrace(0x420e, r4) ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f00000005c0)={0x1, r3}) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000980)) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x1) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x8b}}, 0x0) ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000580)={0x0, r3}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.kill\x00', 0x275a, 0x0) ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f00000002c0)={0x2, 0x0, [{0x0, 0x24, &(0x7f0000000200)=""/36}, {0x0, 0x1013, &(0x7f0000003640)=""/4115}]}) 6.377882484s ago: executing program 5 (id=664): madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) munmap(&(0x7f00001a2000/0x1000)=nil, 0x1000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f00000009c0)='net/tcp6\x00') bpf$PROG_LOAD(0x5, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x50032, 0xffffffffffffffff, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, 0x0) gettid() timer_settime(0x0, 0x0, 0x0, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7b, 0x4) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000100), 0x4) sendto$inet(r1, 0x0, 0x0, 0x11, 0x0, 0x0) recvmsg(r1, &(0x7f0000001500)={0x0, 0xa, &(0x7f0000002200)=[{&(0x7f00000035c0)=""/4106, 0x200045ca}], 0x1, 0x0, 0x46, 0x407006}, 0x104) syz_usb_connect(0x0, 0x57, 0x0, 0x0) migrate_pages(0x0, 0x4, &(0x7f0000000040)=0x200000007f, &(0x7f0000000300)=0xa) 5.649772871s ago: executing program 4 (id=667): bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0xd, &(0x7f0000000000)=ANY=[@ANYBLOB="180200000000000000f2ffffff000000850000006100000018110000", @ANYRESHEX=0x0], &(0x7f0000000080)='GPL\x00', 0x8000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200}, 0x90) socket$inet6(0xa, 0x2, 0x0) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="040e04000f"], 0x7) r0 = landlock_create_ruleset(&(0x7f00000000c0)={0x8118}, 0x10, 0x0) landlock_restrict_self(r0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETQUEUE(r1, 0x80811501, 0x0) syz_emit_vhci(&(0x7f00000003c0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x3, 0x1, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_conn_param_update_req={{0x12, 0x8, 0x8}, {0xfffd, 0x395, 0x1, 0x2}}}}, 0x15) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e1f0a0000050000000000fc00ff00d87a970000100010000037ab7d818c7880beaf95677040357bab7d7a05c1bb0aa6aebef67ce4b0"], 0x22) syz_emit_vhci(0x0, 0x1b) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="041d0440c90000"], 0x7) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)={0x74, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x38, 0x1, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @mcast1}}}]}, @CTA_TUPLE_REPLY={0x20, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}]}, 0x74}, 0x1, 0x0, 0x0, 0x80}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x38, 0x3, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x38}}, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='freezer.parent_freezing\x00', 0x275a, 0x0) copy_file_range(r4, 0x0, r4, &(0x7f00000001c0), 0x0, 0x0) write$binfmt_script(r4, &(0x7f0000000400), 0x208e24b) syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x101c08a, &(0x7f0000000900)=ANY=[@ANYBLOB="73686f72746e616d653d6d697865642c757466383d312c666d61736b3d30303030303030303030303030303030303030303036362c756e695f786c6174653d312c756e695f786c6174653d302c666d61736b3d30303030303030303030303030303030303030353634352c73686f72746e616d653d6c6f7765722c756e695f786c6174653d302c757466383d312c636865636b3d7374726963742c757466383d302c616c6c6f775f7574696d653d30303030303030303030303030303030303030303030372c726f6469722c666c7573682c6e66733d6e6f7374616c655f726f2c726f6469722c636865636b3d72656c320f65642c0062a843f741d9955c354779505474c7d6532f4d01e2eaf809f305305f99f81a701a5f51771d7f265b50663185c313edbe7f481caf3f9cfce8"], 0x6, 0x2b8, &(0x7f0000000640)="$eJzs3U9rK1UYB+B30mQSdZEsXInggC5cXW7v1k2K3AtiV16yUBdabAvSBKGFgn8wduXWjQsXfgJB8IO48RsIbgV3ViiMzGSmSdqYJtJUvH2eTd+eOb+Zd6aHdrro6Ycvj472szg8++LX6HSSaPSjH+dJ9KIRta9iTv+bAAD+z87zPP7IJ9bJJRHR2VxbAMAGrfbzvzktf7qTtgCADXr67ntv7+zuPn4nyzrxZPT16aD4zb74ODm+cxgfxzAO4mF04yKifFFoRfm2UJRP8jwfN7NCL14bjU8HRXL0wc/V+Xd+jyjz29GNXjl0+bZR5t/afbydTczkx0Ufz1fX7xf5R9GNFy/Dc/lHC/IxSOP1V2f6fxDd+OWj+CSGsV82Mc1/uZ1lb+bf/vn5+0V7RT4Znw7a5bypfOuOvzQAAAAAAAAAAAAAAAAAAAAAADzDHlR757Sj3L+nGKr239m6KD5pRVbrze/PM8kn9Ylm9wfK83ycx/f1/joPsyzLq4nTfDNeas5uLAgAAAAAAAAAAAAAAAAAAAD318mnnx3tDYcHx7dS1LsBNCPir6cR//Y8/ZmRV2L55HZ1zb3hsFGV83OasyOxVc9JIpa2UdzELT2Wm4rnrvVcFT/8uO4JOzfPaS2+1m0W9eo62ksWP8N21COdapF8l0ZM56Sx4rXSfzqUxzrLL114qLv2vacvlMV4yZxIljX2xm+TJ1eNJFfvIi2f6sJ4qypm4lfWxkrrOTqT+PXvFYndOgAAAAAAAAAAAAAAAAAAYKOmf/274ODZ0mgjb2+sLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4U9P//79GMa7CK0xO4/jkP75FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7oG/AwAA//83x1yS") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000340), &(0x7f0000000380)=0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0) syz_emit_vhci(&(0x7f0000000140)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x1, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_ecred_conn_req={{0x17, 0x3, 0xa}, {0x24, 0xa, 0x9985, 0x0, [0x6]}}}}, 0x17) syz_emit_vhci(0x0, 0xf) readahead(r4, 0x0, 0x5) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x9, 0x0, 0x2016}}}, 0x7) syz_emit_vhci(&(0x7f0000000240)=@HCI_EVENT_PKT={0x4, @hci_ev_simple_pair_complete={{0x36, 0x7}, {0x81, @none}}}, 0xa) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f0000001680)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000f0ffffff7a0af0ff0000002079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000010000006a0af2fe0000000085000000a3000000b700000000000000950001000000000000e154cd8445974b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87881c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f85db47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5b787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa99dac06b57479321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f37f3e2c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ac59dda0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c958559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7b9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b9243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d00000020000000ef19349ee7f31abc11c800000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fb4735efbf3411718d6ee7aebf9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da2022f23daec61854f640f701db0276652f6c74f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7e58ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec780f535e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab5009c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eee46eb20c20bb82aa31771cd379ec83554cea5e6539d85b980e358d81f2f2653c4d9818708e27c89b552d7fcd116bce9c764c714c9402c21d181aac59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4100000000000000749efd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b66b6a6f732a91f0e2e9120be61e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000002157a3609b6fd9843ee19ec647249a9375de5858818f3c2432e6ced4380217ac51a84a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8a6c769f952283a1f4e3842edb3d42c8ebc62887aa46e820a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f7f05b47d3e519f1634e8fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd809269f816fa748b20ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3a4a426a996d503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f9289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f05714a1d3ef29acd4d49b62339c10c2ec0dac4728288e78980c1184d8223edbccbf9258b7374e79a1f8bf3fb73c8c6dbb7bbdfc399847a11921f97eba0ea14c4fed9a71eedb97c02461792e3a49dac16c60c3fcaab222025d78963c3ac899fa8b73f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc30935455f6de5b64bcdfaf8ac04ce96c421e5dbc85e168d3559ab13df98163e39e4065e65a2f43412535d6f7c09830f3a086535bd07820e690d2755768612bb7330a8b285f2585892eaff1889a61ee0c2a6d1831d41805707bb43991d40feb5dd0700"/2726], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000040), 0x4d}, 0x90) 5.229582513s ago: executing program 4 (id=669): r0 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000680)=@newqdisc={0x24}, 0x24}}, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000010c0)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000006c0)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0x6}, {}, {0xffff}}, [@filter_kind_options=@f_fw={{0x7}, {0xc, 0x2, [@TCA_FW_MASK={0x8}]}}]}, 0x38}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 5.018086304s ago: executing program 5 (id=670): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000406c256d0000000000000109022400010921"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001840)=[{0x0}], 0x1, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$wireguard(0x0, 0xffffffffffffffff) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) dup(0xffffffffffffffff) r2 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0xa382) r3 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc9\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\xa4(V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93i|\xc0\x00\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\xb5\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000140)=@raw={'raw\x00', 0x8, 0x3, 0x498, 0x320, 0xa, 0x148, 0x368, 0x60, 0x400, 0x2a8, 0x2a8, 0x400, 0x2a8, 0x3, 0x0, {[{{@ip={@multicast2, @multicast2, 0x0, 0x0, 'bridge0\x00', 'rose0\x00'}, 0x0, 0x2f8, 0x368, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'veth1_to_team\x00', {0x0, 0x0, 0x2, 0x0, 0x0, 0xffffffff, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x1, 0x0, 0x6, './file0\x00'}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x2, 0x0, "f2f7b9f28413d9d8ad470ad2b60c45cb4ea6e7bf902bdc2ff8a9304d9f655c746adc0bdc773506378bc2d27efd6abb05175089830cc46186074d7de46d5af300"}}}, {{@ip={@empty, @empty, 0x0, 0x0, 'syzkaller0\x00', 'veth0_to_team\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@MARK={0x28}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x4f8) 2.45422083s ago: executing program 2 (id=675): sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x0, @private1}, 0x1c) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f00000001c0)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) 2.282112374s ago: executing program 2 (id=676): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000002000000000000000000018190000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r0}, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="9feb0100180000000000000018000000180000000a000000080000000100000f05000000010000000000000003000000005f0000000000002e"], &(0x7f0000000040)=""/249, 0x3a, 0xf9, 0x6}, 0x20) 2.16862693s ago: executing program 2 (id=677): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000080)='./bus\x00', 0x1000, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x1, 0x0) open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) vmsplice(r1, &(0x7f0000000400)=[{&(0x7f00000012c0)="15", 0x1}], 0x1, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) tee(r0, r2, 0x3, 0x0) 1.965845644s ago: executing program 2 (id=678): mkdir(&(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0x9360, 0x0) 1.78858849s ago: executing program 2 (id=679): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000980)={&(0x7f0000000940)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) unshare(0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=@newlink={0x48, 0x10, 0x49920d862a921d1b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_IPTUN_COLLECT_METADATA={0x4}, @IFLA_IPTUN_PROTO={0x5, 0x9, 0x4}]}}}, @IFLA_MTU={0x8, 0x4, 0xfff}]}, 0x48}}, 0x0) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000540)={{r0}, &(0x7f00000004c0), &(0x7f0000000500)='%-5lx \x00'}, 0x20) r3 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x4) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) r4 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$RTC_ALM_READ(r4, 0x4024700a, 0xffffffffffffffff) socket$netlink(0x10, 0x3, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r3) 1.185978265s ago: executing program 4 (id=680): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x5, 0xe3, 0x400, 0x1}, 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000006c0)={{r0, 0xffffffffffffffff}, &(0x7f0000000140), &(0x7f0000000680)='%pB \x00'}, 0x20) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095000000000000005b1ba5e4fac480149dc857daad520eb385b370399b4343b74e340c5888cefb12a2140659809598301f251ac8e4762dfa063dbe548af3185e6f663cae67bec5ee985c87d37489adac7cc32277c585ccd976b94153406e6348000e53578a18c2fd56ae0587227b1da21e766c549d0a1dd6dd332ab0c8a0b7d296434d63d7767d13ab55a0e43293b5b774c2efe89e8683ae9363b111b070577ad7b5e95e109c9301bfa3c5428f49f2bea5a95aaf512c7f2f429f6276870efe06def6bf6c8dda648ae9c84282eb4d72f169a98a651160653ed6f8bb3f7ff31a7c2cfaa3a5634cdb1f70833810c1326021c5ccaa85dd1d9f5f7c5ebfcdc0eec42eef7635b7ec5a423d17110db830a181467605b9bf8b"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r5}, 0x10) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.io_wait_time_recursive\x00', 0x7a05, 0x1700) write$cgroup_type(r6, &(0x7f0000000000), 0x248800) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000001c0)={r1, &(0x7f0000003340), 0x0}, 0x20) 0s ago: executing program 4 (id=681): unshare(0x22020600) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.swap.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$SO_TIMESTAMP(r1, 0x1, 0x41, &(0x7f0000000000), 0x4) kernel console output (not intermixed with test programs): evsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 167.047796][ T5772] x_tables: duplicate underflow at hook 3 [ 167.362999][ T1052] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 167.463848][ T1052] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 167.639271][ T5783] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 167.825039][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 167.838972][ T2538] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 167.871169][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 167.900552][ T2538] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 168.108003][ T5783] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 168.160309][ T1052] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 168.204229][ T1052] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 168.528155][ T5811] loop5: detected capacity change from 0 to 16 [ 168.634827][ T5814] futex_wake_op: syz.3.83 tries to shift op by 32; fix this program [ 168.797101][ T5811] erofs: (device loop5): erofs_read_superblock: blkszbits 0 isn't supported [ 169.013419][ T5818] syz.4.52 uses obsolete (PF_INET,SOCK_PACKET) [ 169.818047][ T5825] loop2: detected capacity change from 0 to 256 [ 170.119327][ T5830] loop5: detected capacity change from 0 to 16 [ 170.156065][ T5830] erofs: Unknown parameter '' [ 171.115076][ T5839] loop1: detected capacity change from 0 to 64 [ 171.176115][ T8] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 171.233944][ T5839] Process accounting resumed [ 171.419573][ T8] usb 4-1: New USB device found, idVendor=6c06, idProduct=cc79, bcdDevice=7b.f7 [ 171.491769][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 171.655815][ T8] usb 4-1: Product: syz [ 171.662015][ T8] usb 4-1: Manufacturer: syz [ 171.667688][ T8] usb 4-1: SerialNumber: syz [ 173.196780][ T8] usb 4-1: config 0 descriptor?? [ 173.586745][ T8] usb 4-1: can't set config #0, error -71 [ 173.605477][ T5850] loop0: detected capacity change from 0 to 512 [ 173.661045][ T8] usb 4-1: USB disconnect, device number 3 [ 173.691691][ T5850] EXT4-fs: Mount option(s) incompatible with ext2 [ 174.843475][ T5872] loop3: detected capacity change from 0 to 128 [ 174.968066][ T5872] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 175.287042][ T5877] loop5: detected capacity change from 0 to 8 [ 175.315579][ T5872] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 177.329076][ T5877] SQUASHFS error: lzo decompression failed, data probably corrupt [ 177.337874][ T5877] SQUASHFS error: Failed to read block 0x28d: -5 [ 177.347995][ T5877] SQUASHFS error: Unable to read metadata cache entry [28b] [ 177.377218][ T5877] SQUASHFS error: Unable to read inode 0x11f [ 178.465469][ T5898] loop1: detected capacity change from 0 to 2048 [ 178.581873][ T5902] loop5: detected capacity change from 0 to 512 [ 178.647381][ T5898] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 178.683344][ T5902] EXT4-fs (loop5): external journal device major/minor numbers have changed [ 178.723082][ T5907] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 178.763182][ T5898] ext4 filesystem being mounted at /6/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 179.244960][ T5902] block device autoloading is deprecated and will be removed. [ 179.748968][ T5902] syz.5.103: attempt to access beyond end of device [ 179.748968][ T5902] loop75: rw=0, sector=2, nr_sectors = 2 limit=0 [ 179.909547][ T5902] EXT4-fs (loop5): couldn't read superblock of external journal [ 180.080035][ T5499] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 16: comm syz-executor: path /6/file0: bad entry in directory: rec_len is smaller than minimal - offset=108, inode=646161, rec_len=0, size=4096 fake=0 [ 180.203430][ T5902] xt_hashlimit: max too large, truncated to 1048576 [ 180.637680][ T5499] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 181.114827][ T5940] netlink: 'syz.5.111': attribute type 4 has an invalid length. [ 182.798283][ T5948] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 182.990971][ T5944] loop1: detected capacity change from 0 to 2048 [ 183.093424][ T5944] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 183.144914][ T5944] NILFS (loop1): mounting unchecked fs [ 183.176251][ T5944] NILFS (loop1): recovery required for readonly filesystem [ 183.210047][ T5944] NILFS (loop1): write access will be enabled during recovery [ 183.278299][ T5237] udevd[5237]: incorrect nilfs2 checksum on /dev/loop1 [ 184.630970][ T5944] NILFS (loop1): recovery complete [ 185.885873][ T5275] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 186.484379][ T5275] usb 2-1: Using ep0 maxpacket: 8 [ 186.958352][ T5275] usb 2-1: config index 0 descriptor too short (expected 65535, got 27) [ 187.015876][ T5275] usb 2-1: config 255 has too many interfaces: 255, using maximum allowed: 32 [ 187.074895][ T5275] usb 2-1: config 255 has an invalid descriptor of length 0, skipping remainder of the config [ 187.093990][ T5974] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 187.385795][ T5275] usb 2-1: config 255 has 0 interfaces, different from the descriptor's value: 255 [ 188.479847][ T5275] usb 2-1: New USB device found, idVendor=077d, idProduct=04aa, bcdDevice=5b.d8 [ 188.543951][ T5275] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 188.619897][ T5275] usb 2-1: Product: syz [ 188.636783][ T5275] usb 2-1: Manufacturer: syz [ 188.678229][ T5275] usb 2-1: SerialNumber: syz [ 188.721197][ T6004] loop5: detected capacity change from 0 to 64 [ 189.322104][ T6001] Process accounting resumed [ 189.627706][ T6013] loop2: detected capacity change from 0 to 256 [ 189.686710][ T6013] msdos: Bad value for 'time_offset' [ 189.760994][ T6013] loop2: detected capacity change from 0 to 764 [ 189.984246][ T6013] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 190.910340][ T6026] loop4: detected capacity change from 0 to 4096 [ 190.989647][ T6026] NILFS (loop4): invalid segment: Checksum error in segment payload [ 190.998094][ T6026] NILFS (loop4): trying rollback from an earlier position [ 191.050911][ T6026] NILFS (loop4): recovery complete [ 191.089173][ T6029] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 191.227743][ T29] audit: type=1326 audit(1722635400.438:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6030 comm="syz.3.131" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fceec5779f9 code=0x0 [ 191.272777][ T6025] netlink: 8 bytes leftover after parsing attributes in process `syz.4.129'. [ 191.478489][ T6039] loop5: detected capacity change from 0 to 512 [ 191.529943][ T6039] EXT4-fs (loop5): Test dummy encryption mode enabled [ 191.616579][ T6039] EXT4-fs error (device loop5): ext4_xattr_ibody_find:2240: inode #12: comm syz.5.132: corrupted in-inode xattr: invalid ea_ino [ 191.754693][ T6039] EXT4-fs error (device loop5): ext4_orphan_get:1396: comm syz.5.132: couldn't read orphan inode 12 (err -117) [ 191.827897][ T6039] EXT4-fs (loop5): mounted filesystem 00000005-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 191.885751][ C1] hrtimer: interrupt took 687500 ns [ 192.492480][ T6049] netlink: 12 bytes leftover after parsing attributes in process `syz.5.132'. [ 192.645448][ T6049] EXT4-fs error (device loop5): ext4_add_entry:2435: inode #2: comm syz.5.132: Directory hole found for htree leaf block 0 [ 193.373071][ T5506] EXT4-fs (loop5): unmounting filesystem 00000005-0000-0000-0000-000000000000. [ 193.392342][ T46] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 193.426989][ T6059] netlink: 'syz.0.137': attribute type 2 has an invalid length. [ 193.506162][ T6059] netlink: 'syz.0.137': attribute type 1 has an invalid length. [ 193.660002][ T46] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 193.689435][ T46] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 193.739950][ T46] usb 4-1: config 0 descriptor?? [ 193.779517][ T5275] usb 2-1: can't set config #255, error -110 [ 193.980566][ T6068] netlink: 16 bytes leftover after parsing attributes in process `syz.2.139'. [ 194.028875][ T46] [drm] vendor descriptor length:e0 data:00 00 00 00 00 00 00 00 00 00 00 [ 194.252282][ T5275] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 194.334886][ T46] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor [ 194.505946][ T25] usb 2-1: USB disconnect, device number 5 [ 194.536271][ T5275] usb 6-1: Using ep0 maxpacket: 32 [ 194.626860][ T6078] loop4: detected capacity change from 0 to 64 [ 194.656153][ T5275] usb 6-1: config 0 has an invalid interface number: 250 but max is 2 [ 194.723384][ T5275] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 194.726923][ T6074] Process accounting resumed [ 194.738912][ T46] [drm] Initialized udl 0.0.1 for 4-1:0.0 on minor 2 [ 194.799370][ T5275] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 194.810139][ T46] [drm] Initialized udl on minor 2 [ 194.828963][ T5275] usb 6-1: config 0 has no interface number 0 [ 194.880966][ T6085] Bluetooth: MGMT ver 1.23 [ 194.887385][ T5275] usb 6-1: New USB device found, idVendor=0408, idProduct=3090, bcdDevice=a6.3f [ 194.947379][ T5275] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 195.023895][ T5275] usb 6-1: Product: syz [ 195.066050][ T46] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 1 failed err ffffffb9 [ 195.478163][ T5275] usb 6-1: Manufacturer: syz [ 195.757108][ T46] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 195.769460][ T25] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 195.796435][ T5275] usb 6-1: SerialNumber: syz [ 195.834356][ T5275] usb 6-1: config 0 descriptor?? [ 195.909796][ T25] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 195.939422][ T46] usb 4-1: USB disconnect, device number 4 [ 195.991249][ T25] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 197.565246][ T6111] loop1: detected capacity change from 0 to 512 [ 198.159140][ T5302] usb 6-1: USB disconnect, device number 6 [ 199.986552][ T6147] loop0: detected capacity change from 0 to 4096 [ 200.037347][ T6147] ntfs3: Bad value for 'uid' [ 200.055745][ T6147] ntfs3: Bad value for 'uid' [ 200.187131][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 200.193820][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 201.519789][ T6171] loop0: detected capacity change from 0 to 128 [ 202.525873][ T5275] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 202.846257][ T5275] usb 3-1: Using ep0 maxpacket: 16 [ 202.882949][ T5275] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 202.905928][ T6198] netlink: 'syz.4.174': attribute type 4 has an invalid length. [ 202.947112][ T5275] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 202.962249][ T6200] loop4: detected capacity change from 0 to 128 [ 202.969092][ T5275] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 202.999232][ T5275] usb 3-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice= 0.00 [ 203.039248][ T5275] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 203.065470][ T5275] usb 3-1: config 0 descriptor?? [ 203.163333][ T6200] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 203.216589][ T6200] ext4 filesystem being mounted at /17/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 203.444081][ T6198] syz.4.174 (pid 6198) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 203.553894][ T6198] fscrypt: key with description 'fscrypt:e8dab99234bb312e' has invalid payload [ 203.570961][ T6211] xt_bpf: check failed: parse error [ 203.634226][ T5275] shield 0003:0955:7214.0002: unknown main item tag 0x0 [ 203.679225][ T6198] fscrypt: key with description 'fscrypt:e8dab99234bb312e' has invalid payload [ 203.746501][ T5275] input: HID 0955:7214 Haptics as /devices/virtual/input/input6 [ 203.985241][ T5275] shield 0003:0955:7214.0002: Registered Thunderstrike controller [ 204.047736][ T5275] shield 0003:0955:7214.0002: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.2-1/input0 [ 204.181687][ T25] shield 0003:0955:7214.0002: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 204.222442][ T5275] usb 3-1: USB disconnect, device number 3 [ 204.229170][ T25] shield 0003:0955:7214.0002: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 204.241082][ T25] shield 0003:0955:7214.0002: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 204.253999][ T25] shield 0003:0955:7214.0002: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 204.317461][ T5503] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 204.347097][ T6216] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(9) [ 204.354786][ T6216] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 204.481521][ T6219] vhci_hcd: connection closed [ 204.504927][ T6216] vhci_hcd vhci_hcd.0: Device attached [ 204.604167][ T1120] vhci_hcd: stop threads [ 204.688310][ T1120] vhci_hcd: release socket [ 204.818350][ T1120] vhci_hcd: disconnect device [ 204.900434][ T6230] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 205.163431][ T6239] loop1: detected capacity change from 0 to 128 [ 205.316740][ T6239] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 205.378219][ T6239] UDF-fs: error (device loop1): udf_read_inode: (ino 93) failed !bh [ 205.430896][ T6239] UDF-fs: Scanning with blocksize 512 failed [ 205.506912][ T6239] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 205.531904][ T6248] loop3: detected capacity change from 0 to 1024 [ 205.591071][ T6239] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512 [ 205.623156][ T6239] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 205.631188][ T6248] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 205.672337][ T6239] UDF-fs: Scanning with blocksize 1024 failed [ 205.735883][ T6239] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 205.813133][ T6239] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512 [ 205.863694][ T6239] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 205.891669][ T6256] loop2: detected capacity change from 0 to 4096 [ 205.908830][ T6239] UDF-fs: Scanning with blocksize 2048 failed [ 205.972835][ T6239] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 206.046898][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 206.063553][ T6239] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512 [ 206.121551][ T6239] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 206.148443][ T6264] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 206.188246][ T5502] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 206.205898][ T6239] UDF-fs: Scanning with blocksize 4096 failed [ 206.212210][ T6239] UDF-fs: warning (device loop1): udf_fill_super: No partition found (1) [ 207.251535][ T6277] loop4: detected capacity change from 0 to 1024 [ 207.408754][ T6277] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 208.422658][ T6296] netlink: 'syz.2.198': attribute type 1 has an invalid length. [ 208.434847][ T6295] 9pnet_fd: Insufficient options for proto=fd [ 208.508746][ T6296] netlink: 'syz.2.198': attribute type 2 has an invalid length. [ 208.794063][ T5503] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 208.900605][ T6301] loop5: detected capacity change from 0 to 2048 [ 209.009560][ T6301] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 209.245755][ T29] audit: type=1804 audit(1722635418.438:5): pid=6301 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.202" name=2321200AA4496DB3B5D3CA0AB5712EC20BEDBBAA967A3FC364445174F357D949A074EEEACF10480BFEEA74EB6B53CF2CDFEB31E3F60E398F5963F6B5AF175A2E3B0F dev="loop5" ino=1318 res=1 errno=0 [ 209.615480][ T6284] loop0: detected capacity change from 0 to 32768 [ 209.673992][ T6283] loop1: detected capacity change from 0 to 32768 [ 209.742458][ T6284] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.197 (6284) [ 209.891731][ T6283] XFS (loop1): Mounting V5 filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 in no-recovery mode. Filesystem will be inconsistent. [ 210.143631][ T6330] loop5: detected capacity change from 0 to 2048 [ 210.154488][ T6284] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 210.190068][ T6283] XFS (loop1): Quotacheck needed: Please wait. [ 210.221963][ T6284] BTRFS info (device loop0): using sha256 (sha256-ni) checksum algorithm [ 210.245435][ T6330] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 210.275363][ T6284] BTRFS info (device loop0): using free-space-tree [ 210.410944][ T6284] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR [ 210.417708][ T6284] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR [ 210.445724][ T6284] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR [ 210.564399][ T5506] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 210.583228][ T6284] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR [ 210.583900][ T6284] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR [ 210.601328][ T6339] netlink: 64122 bytes leftover after parsing attributes in process `syz.4.210'. [ 210.694629][ T6284] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR [ 210.695521][ T6284] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR [ 210.756541][ T6339] evm: overlay not supported [ 210.769568][ T6283] XFS (loop1): Quotacheck: Done. [ 210.781018][ T6284] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR [ 210.781938][ T6284] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR [ 210.846685][ T6284] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR [ 210.892483][ T6284] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 210.968747][ T5499] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 210.981153][ T6284] BTRFS error (device loop0): open_ctree failed [ 211.238485][ T6360] warning: `syz.3.214' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 211.578998][ T5233] Bluetooth: hci0: unexpected event for opcode 0x0803 [ 211.672644][ T6315] loop2: detected capacity change from 0 to 32768 [ 212.374325][ T29] audit: type=1800 audit(1722635421.588:6): pid=6315 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.207" name="bus" dev="loop2" ino=7 res=0 errno=0 [ 212.511767][ T6376] loop0: detected capacity change from 0 to 256 [ 212.534371][ T5275] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 212.956018][ T5275] usb 5-1: Using ep0 maxpacket: 16 [ 213.173747][ T5275] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 213.296975][ T5275] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 213.338112][ T5275] usb 5-1: config 1 has no interface number 1 [ 213.348872][ T5275] usb 5-1: Duplicate descriptor for config 1 interface 0 altsetting 0, skipping [ 213.408099][ T6379] netlink: 'syz.5.219': attribute type 11 has an invalid length. [ 213.417041][ T5275] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 213.464568][ T5275] usb 5-1: config 1 interface 2 has no altsetting 0 [ 213.495187][ T5275] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 213.535423][ T5275] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 213.579842][ T5275] usb 5-1: Product: syz [ 213.584791][ T5275] usb 5-1: Manufacturer: syz [ 213.645726][ T5275] usb 5-1: SerialNumber: syz [ 213.968287][ T5275] usb 5-1: 2:1 : no or invalid class specific endpoint descriptor [ 214.013825][ T5275] usb 5-1: 2:1: invalid format type 0x1002 is detected, processed as PCM [ 214.128382][ T5275] usb 5-1: 2:1 : unsupported sample bitwidth 0 in 0 bytes [ 214.177181][ T5275] usb 5-1: selecting invalid altsetting 0 [ 214.248228][ T6381] loop1: detected capacity change from 0 to 8 [ 214.330622][ T6390] loop0: detected capacity change from 0 to 8 [ 214.387432][ T6381] SQUASHFS error: lzo decompression failed, data probably corrupt [ 214.426093][ T5275] usb 5-1: USB disconnect, device number 2 [ 214.438206][ T6390] SQUASHFS error: zlib decompression failed, data probably corrupt [ 214.444616][ T6391] mmap: syz.3.217 (6391) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 214.464794][ T6390] SQUASHFS error: Failed to read block 0x9b: -5 [ 214.475738][ T6390] SQUASHFS error: Unable to read metadata cache entry [99] [ 214.485042][ T6381] SQUASHFS error: Failed to read block 0x28d: -5 [ 214.485091][ T6390] SQUASHFS error: Unable to read inode 0x127 [ 214.508955][ T6381] SQUASHFS error: Unable to read metadata cache entry [28b] [ 214.533965][ T6381] SQUASHFS error: Unable to read inode 0x11f [ 214.536038][ T25] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 214.795975][ T25] usb 6-1: Using ep0 maxpacket: 32 [ 214.811426][ T25] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 214.891208][ T25] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 214.963471][ T25] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 215.010601][ T25] usb 6-1: Product: syz [ 215.015404][ T25] usb 6-1: Manufacturer: syz [ 215.061475][ T25] usb 6-1: SerialNumber: syz [ 215.071569][ T5237] udevd[5237]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 215.113311][ T25] usb 6-1: config 0 descriptor?? [ 215.152552][ T6388] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 215.623687][ T25] usb 6-1: USB disconnect, device number 7 [ 216.243865][ T6409] loop3: detected capacity change from 0 to 128 [ 216.643269][ T6409] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 216.756392][ T6414] fuse: Bad value for 'fd' [ 216.761616][ T6409] ext4 filesystem being mounted at /40/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 217.034113][ T5502] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 217.045793][ T25] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 217.116114][ T6417] loop1: detected capacity change from 0 to 1024 [ 217.138918][ T6417] EXT4-fs: Ignoring removed nomblk_io_submit option [ 217.204395][ T6417] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 217.335786][ T6424] capability: warning: `syz.5.236' uses 32-bit capabilities (legacy support in use) [ 217.407667][ T6417] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 219.057578][ T5499] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 220.637560][ T6468] loop3: detected capacity change from 0 to 256 [ 220.667067][ T6468] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 220.701474][ T6468] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 225.033212][ T6513] loop3: detected capacity change from 0 to 64 [ 225.205168][ T6517] loop1: detected capacity change from 0 to 2048 [ 225.248608][ T5287] kernel write not supported for file /amidi2 (pid: 5287 comm: kworker/0:5) [ 225.257446][ T6517] EXT4-fs: Ignoring removed mblk_io_submit option [ 225.365417][ T6517] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 226.858179][ T6537] loop3: detected capacity change from 0 to 2048 [ 227.658442][ T6524] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 234: padding at end of block bitmap is not set [ 227.776703][ T6537] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 227.852917][ T6524] EXT4-fs (loop1): Remounting filesystem read-only [ 228.089192][ T5502] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 228.127982][ T5499] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 228.189408][ T1052] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 228.384729][ T1052] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 228.511994][ T6556] loop1: detected capacity change from 0 to 1024 [ 228.590875][ T6556] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 228.748627][ T1052] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 228.911449][ T5499] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 229.120644][ T1052] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 229.194887][ T5228] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 229.207589][ T5228] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 229.226703][ T5228] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 229.241115][ T5228] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 229.250980][ T5228] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 229.262361][ T5228] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 229.299238][ T6581] loop4: detected capacity change from 0 to 4096 [ 229.327962][ T6575] veth3: entered allmulticast mode [ 229.378314][ T6581] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 229.631548][ C0] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 229.943172][ T5503] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 229.947527][ T6559] loop3: detected capacity change from 0 to 32768 [ 229.993990][ T1052] bridge_slave_1: left allmulticast mode [ 230.031720][ T1052] bridge_slave_1: left promiscuous mode [ 230.032062][ T1052] bridge0: port 2(bridge_slave_1) entered disabled state [ 230.046958][ T1052] bridge_slave_0: left allmulticast mode [ 230.060608][ T1052] bridge_slave_0: left promiscuous mode [ 230.070579][ T1052] bridge0: port 1(bridge_slave_0) entered disabled state [ 230.325727][ T5351] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 230.419247][ T6596] loop4: detected capacity change from 0 to 128 [ 230.438938][ T6596] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (16076!=39978) [ 230.462825][ T6596] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 ro without journal. Quota mode: none. [ 230.549123][ T5351] usb 3-1: Using ep0 maxpacket: 16 [ 230.566957][ T5351] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 230.578459][ T5351] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 230.594801][ T5351] usb 3-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00 [ 230.604559][ T5351] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 230.618636][ T5351] usb 3-1: config 0 descriptor?? [ 230.639808][ T5503] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 231.063053][ T6593] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 231.085167][ T6593] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 231.124189][ T5351] hid (null): unknown global tag 0xd [ 231.139622][ T5351] hid (null): unknown global tag 0xd [ 231.145472][ T5351] hid (null): report_id 40203 is invalid [ 231.152210][ T5351] hid (null): invalid report_size -1862471209 [ 231.162204][ T5351] hid (null): invalid report_size -1217885453 [ 231.168782][ T5351] hid (null): bogus close delimiter [ 231.174363][ T5351] hid (null): unknown global tag 0xc [ 231.180261][ T5351] hid (null): global environment stack overflow [ 231.308409][ T6608] sd 0:0:1:0: PR command failed: 1026 [ 231.310360][ T54] Bluetooth: hci1: command tx timeout [ 231.314437][ T6608] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 231.314498][ T6608] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 231.347662][ T5351] usb 3-1: string descriptor 0 read error: -71 [ 231.386158][ T5351] usb 3-1: Max retries (5) exceeded reading string descriptor 200 [ 231.400477][ T5351] letsketch 0003:6161:4D15.0003: probe with driver letsketch failed with error -32 [ 231.435199][ T5351] usb 3-1: USB disconnect, device number 4 [ 231.501873][ T1052] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 231.529886][ T1052] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 231.548722][ T1052] bond0 (unregistering): Released all slaves [ 231.622499][ T6605] tap0: tun_chr_ioctl cmd 1074025677 [ 231.633765][ T6605] tap0: linktype set to 512 [ 231.723400][ T6611] wg2: entered promiscuous mode [ 231.735513][ T6611] wg2: entered allmulticast mode [ 232.047029][ T6576] chnl_net:caif_netlink_parms(): no params data found [ 232.887914][ T6652] loop2: detected capacity change from 0 to 256 [ 232.967700][ T6652] exfat: Deprecated parameter 'utf8' [ 233.022130][ T6652] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 233.126610][ T6655] MTD: Couldn't look up 'mountinfo': -2 [ 233.262162][ T1052] hsr_slave_0: left promiscuous mode [ 233.325710][ T1052] hsr_slave_1: left promiscuous mode [ 233.374857][ T1052] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 233.391263][ T54] Bluetooth: hci1: command tx timeout [ 233.447792][ T1052] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 233.506746][ T1052] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 233.552935][ T1052] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 233.773078][ T6639] loop1: detected capacity change from 0 to 131072 [ 233.793587][ T6639] F2FS-fs (loop1): invalid crc value [ 233.817497][ T6639] F2FS-fs (loop1): Found nat_bits in checkpoint [ 233.925129][ T1052] veth1_macvtap: left promiscuous mode [ 233.942217][ T6639] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 233.955838][ T1052] veth0_macvtap: left promiscuous mode [ 233.978372][ T1052] veth1_vlan: left promiscuous mode [ 233.996341][ T1052] veth0_vlan: left promiscuous mode [ 234.034555][ T6667] loop5: detected capacity change from 0 to 4096 [ 234.049866][ T6667] ntfs3: loop5: Different NTFS sector size (4096) and media sector size (512). [ 235.061572][ T6676] loop5: detected capacity change from 0 to 40427 [ 235.081238][ T6676] F2FS-fs (loop5): invalid crc value [ 235.151603][ T1052] team0 (unregistering): Port device team_slave_1 removed [ 235.152705][ T6676] F2FS-fs (loop5): Found nat_bits in checkpoint [ 235.260932][ T1052] team0 (unregistering): Port device team_slave_0 removed [ 235.273493][ T6676] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e4 [ 235.460811][ T54] Bluetooth: hci1: command tx timeout [ 236.037972][ T6682] syz.5.323: attempt to access beyond end of device [ 236.037972][ T6682] loop5: rw=2049, sector=53248, nr_sectors = 8 limit=40427 [ 236.125262][ T29] audit: type=1804 audit(1722635445.208:7): pid=6682 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.323" name="/newroot/56/bus/cgroup.controllers" dev="loop5" ino=10 res=1 errno=0 [ 236.490912][ T5506] syz-executor: attempt to access beyond end of device [ 236.490912][ T5506] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 236.524951][ T5506] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 236.982371][ T6576] bridge0: port 1(bridge_slave_0) entered blocking state [ 236.999487][ T6576] bridge0: port 1(bridge_slave_0) entered disabled state [ 237.012648][ T6576] bridge_slave_0: entered allmulticast mode [ 237.027170][ T6576] bridge_slave_0: entered promiscuous mode [ 237.066656][ T6576] bridge0: port 2(bridge_slave_1) entered blocking state [ 237.073896][ T6576] bridge0: port 2(bridge_slave_1) entered disabled state [ 237.102990][ T6576] bridge_slave_1: entered allmulticast mode [ 237.114387][ T6576] bridge_slave_1: entered promiscuous mode [ 237.131444][ T6652] netlink: 16 bytes leftover after parsing attributes in process `syz.2.317'. [ 237.148411][ T6652] netlink: 92 bytes leftover after parsing attributes in process `syz.2.317'. [ 237.162991][ T6652] vlan0: entered allmulticast mode [ 237.168398][ T6652] veth0_vlan: entered allmulticast mode [ 237.190565][ T6672] tun0: tun_chr_ioctl cmd 1074025694 [ 237.216141][ T6639] netlink: 44 bytes leftover after parsing attributes in process `syz.1.313'. [ 237.536783][ T54] Bluetooth: hci1: command tx timeout [ 237.551129][ T6688] loop2: detected capacity change from 0 to 2048 [ 237.583316][ T6576] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 237.646499][ T6576] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 237.717225][ T6688] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 238.938806][ T6704] input: syz0 as /devices/virtual/input/input7 [ 238.967968][ T6705] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 239.064700][ T6576] team0: Port device team_slave_0 added [ 239.129977][ T6576] team0: Port device team_slave_1 added [ 239.138071][ T6705] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 15 with max blocks 1 with error 28 [ 239.241802][ T6705] EXT4-fs (loop2): This should not happen!! Data will be lost [ 239.241802][ T6705] [ 239.255387][ T6705] EXT4-fs (loop2): Total free blocks count 0 [ 239.265137][ T6705] EXT4-fs (loop2): Free/Dirty block details [ 239.285754][ T6705] EXT4-fs (loop2): free_blocks=2415919104 [ 239.291667][ T6705] EXT4-fs (loop2): dirty_blocks=16 [ 239.328602][ T6705] EXT4-fs (loop2): Block reservation details [ 239.334734][ T6705] EXT4-fs (loop2): i_reserved_data_blocks=1 [ 239.379071][ T6708] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 239.495380][ T6576] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 239.532889][ T6576] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 239.583836][ T6576] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 239.627648][ T6576] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 239.646390][ T6576] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 239.741904][ T6576] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 240.081823][ T6576] hsr_slave_0: entered promiscuous mode [ 240.093961][ T6576] hsr_slave_1: entered promiscuous mode [ 240.125745][ T6576] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 240.134076][ T6576] Cannot create hsr debugfs directory [ 240.265997][ T5240] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 240.401149][ T6730] loop1: detected capacity change from 0 to 512 [ 240.466454][ T5240] usb 3-1: Using ep0 maxpacket: 8 [ 240.482478][ T5240] usb 3-1: config 6 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 240.496006][ T6730] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2240: inode #15: comm syz.1.325: corrupted in-inode xattr: invalid ea_ino [ 240.511359][ T5240] usb 3-1: config 6 interface 0 altsetting 0 has an endpoint descriptor with address 0xEC, changing to 0x8C [ 240.527134][ T5240] usb 3-1: config 6 interface 0 altsetting 0 endpoint 0x8C has invalid wMaxPacketSize 0 [ 240.538064][ T5240] usb 3-1: config 6 interface 0 altsetting 0 bulk endpoint 0x8C has invalid maxpacket 0 [ 240.554424][ T5240] usb 3-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91 [ 240.565318][ T5240] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 240.574735][ T5240] usb 3-1: Product: syz [ 240.579504][ T5240] usb 3-1: Manufacturer: syz [ 240.585170][ T5240] usb 3-1: SerialNumber: syz [ 240.597170][ T6730] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.325: couldn't read orphan inode 15 (err -117) [ 240.600466][ T5240] hso 3-1:6.0: Can't find BULK OUT endpoint [ 240.658433][ T6730] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 240.889576][ T5351] usb 3-1: USB disconnect, device number 5 [ 240.939192][ T5499] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 241.130241][ T6725] loop5: detected capacity change from 0 to 32768 [ 241.181358][ T6725] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.339 (6725) [ 241.233520][ T6725] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 241.236761][ T6744] loop4: detected capacity change from 0 to 256 [ 241.254197][ T6725] BTRFS info (device loop5): using sha256 (sha256-ni) checksum algorithm [ 241.264239][ T6725] BTRFS info (device loop5): using free-space-tree [ 241.284066][ T6744] exfat: Deprecated parameter 'namecase' [ 241.291790][ T6744] exfat: Deprecated parameter 'utf8' [ 241.320887][ T6744] exfat: Deprecated parameter 'namecase' [ 241.384914][ T6744] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 241.553470][ T6576] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 241.876854][ T6576] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 242.937479][ T6576] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 242.969616][ T5506] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 243.037813][ T6576] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 243.587019][ T6781] netlink: 9 bytes leftover after parsing attributes in process `syz.2.354'. [ 244.502882][ T6781] gretap0: entered promiscuous mode [ 245.028372][ T29] audit: type=1326 audit(1722635454.228:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6783 comm="syz.1.355" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6bd95779f9 code=0x0 [ 245.715138][ T6576] 8021q: adding VLAN 0 to HW filter on device bond0 [ 245.843475][ T6576] 8021q: adding VLAN 0 to HW filter on device team0 [ 245.871967][ T6797] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 245.957029][ T5302] bridge0: port 1(bridge_slave_0) entered blocking state [ 245.964472][ T5302] bridge0: port 1(bridge_slave_0) entered forwarding state [ 246.054865][ T5302] bridge0: port 2(bridge_slave_1) entered blocking state [ 246.062684][ T5302] bridge0: port 2(bridge_slave_1) entered forwarding state [ 246.183318][ T6805] netlink: 'syz.5.353': attribute type 62 has an invalid length. [ 246.400314][ T6813] hub 1-0:1.0: USB hub found [ 246.433247][ T6813] hub 1-0:1.0: 1 port detected [ 246.700645][ T6821] ieee802154 phy0 wpan0: encryption failed: -22 [ 246.947845][ T5228] Bluetooth: hci8: Unable to find connection with handle 0x0000 [ 246.989637][ T6576] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 247.224812][ T6576] veth0_vlan: entered promiscuous mode [ 247.293131][ T6576] veth1_vlan: entered promiscuous mode [ 247.355194][ T6839] netlink: 8 bytes leftover after parsing attributes in process `syz.4.375'. [ 247.501438][ T6843] loop3: detected capacity change from 0 to 512 [ 247.516585][ T6576] veth0_macvtap: entered promiscuous mode [ 247.543985][ T6576] veth1_macvtap: entered promiscuous mode [ 247.577497][ T6843] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 247.705864][ T6843] ext4 filesystem being mounted at /69/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 247.738479][ T6576] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 247.846437][ T6576] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 247.903047][ T6576] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 247.943958][ T6576] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 248.008683][ T6576] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 248.083727][ T6576] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 248.103173][ T6576] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 248.139550][ T6576] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 248.164086][ T6576] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 248.189486][ T6576] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 248.218957][ T5502] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 248.242413][ T6576] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 248.324740][ T6576] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 248.378779][ T6861] loop2: detected capacity change from 0 to 8 [ 248.381577][ T6576] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 248.425990][ T6576] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 248.467024][ T6576] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 248.543078][ T6576] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 248.588912][ T6576] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 248.637660][ T6576] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 248.672957][ T6576] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 248.716909][ T6576] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 248.768751][ T6576] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 248.837380][ T6576] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 248.919756][ T6576] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 248.963002][ T6576] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 248.978143][ T6576] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 248.996914][ T6576] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 249.086234][ T6868] vlan2: entered promiscuous mode [ 249.096109][ T6868] macvtap0: entered promiscuous mode [ 249.207410][ T6868] macvtap0: left promiscuous mode [ 249.389657][ T6874] loop2: detected capacity change from 0 to 64 [ 249.938708][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 250.004980][ T6886] futex_wake_op: syz.5.390 tries to shift op by 36; fix this program [ 250.860862][ T6885] loop3: detected capacity change from 0 to 512 [ 250.877722][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 250.956196][ T6885] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 251.035869][ T6885] ext4 filesystem being mounted at /71/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 251.054120][ T2562] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 251.106025][ T2562] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 251.547123][ T5502] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 251.693321][ T6904] loop0: detected capacity change from 0 to 1024 [ 251.735039][ T6904] EXT4-fs: Ignoring removed orlov option [ 251.796626][ T6904] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 252.089906][ T6906] loop3: detected capacity change from 0 to 4096 [ 252.133171][ T6906] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512). [ 252.374997][ T6576] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 252.391793][ T46] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 252.478019][ T6896] loop2: detected capacity change from 0 to 32768 [ 252.570585][ T6896] XFS (loop2): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 252.595877][ T46] usb 2-1: Using ep0 maxpacket: 32 [ 252.616910][ T46] usb 2-1: config index 0 descriptor too short (expected 29220, got 36) [ 252.626301][ T46] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 252.635033][ T46] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 252.649616][ T46] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 252.662481][ T46] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 252.711340][ T46] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 252.802632][ T46] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 252.845292][ T46] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 252.891749][ T6896] XFS (loop2): Ending clean mount [ 252.918643][ T46] usb 2-1: config 0 descriptor?? [ 252.941218][ T5351] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 252.978054][ T6928] loop0: detected capacity change from 0 to 4096 [ 253.034773][ T6928] ntfs3: loop0: Different NTFS sector size (1024) and media sector size (512). [ 253.178679][ T5351] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 253.188963][ T46] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 6 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 253.200928][ T5351] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 253.239576][ T46] usb 2-1: USB disconnect, device number 6 [ 253.261951][ T5351] usb 5-1: config 0 descriptor?? [ 253.282003][ T46] usblp0: removed [ 253.358190][ T6896] syz.2.392 (6896) used greatest stack depth: 17392 bytes left [ 253.396036][ T54] Bluetooth: hci6: command 0x0406 tx timeout [ 253.402217][ T5228] Bluetooth: hci9: command 0x0406 tx timeout [ 253.402299][ T5228] Bluetooth: hci7: command 0x0406 tx timeout [ 253.464102][ T5498] XFS (loop2): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 253.541935][ T5351] [drm] vendor descriptor length:e0 data:00 00 00 00 00 00 00 00 00 00 00 [ 253.564503][ T5351] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor [ 253.580797][ T5351] [drm:udl_init] *ERROR* Selecting channel failed [ 253.680551][ T5351] [drm] Initialized udl 0.0.1 for 5-1:0.0 on minor 2 [ 253.688642][ T6938] netlink: 'syz.3.405': attribute type 10 has an invalid length. [ 253.697415][ T5351] [drm] Initialized udl on minor 2 [ 253.709136][ T6938] netlink: 132 bytes leftover after parsing attributes in process `syz.3.405'. [ 253.727485][ T5351] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 253.770677][ T5351] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 253.810322][ T25] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 253.818850][ T46] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 257.061601][ T5351] usb 5-1: USB disconnect, device number 3 [ 257.576092][ T25] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 258.576181][ T6958] netlink: 11 bytes leftover after parsing attributes in process `syz.1.409'. [ 258.625910][ T5351] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 259.128824][ T5351] usb 5-1: config 0 has an invalid interface number: 41 but max is 0 [ 259.475781][ T54] Bluetooth: hci8: command 0x0406 tx timeout [ 259.661022][ T5351] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 259.677775][ T5351] usb 5-1: config 0 has no interface number 0 [ 259.690361][ T5351] usb 5-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c [ 259.700384][ T5351] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 259.709452][ T5351] usb 5-1: Product: syz [ 259.714120][ T5351] usb 5-1: Manufacturer: syz [ 259.719810][ T5351] usb 5-1: SerialNumber: syz [ 259.730369][ T5351] usb 5-1: config 0 descriptor?? [ 259.736813][ T5288] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 259.792398][ T5351] ims_pcu 5-1:0.41: Missing CDC union descriptor [ 259.837705][ T5351] ims_pcu 5-1:0.41: probe with driver ims_pcu failed with error -22 [ 260.135875][ T6980] usb usb8: usbfs: process 6980 (syz.1.417) did not claim interface 0 before use [ 260.199612][ T29] audit: type=1326 audit(1722635469.418:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6979 comm="syz.1.417" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6bd95779f9 code=0x0 [ 260.228047][ T5288] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 260.242721][ T5288] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 260.253348][ T5288] usb 4-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 260.272911][ T5351] usb 5-1: USB disconnect, device number 4 [ 260.289302][ T5288] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 260.662998][ T5288] usb 4-1: config 0 descriptor?? [ 260.993846][ T1052] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 261.164282][ T1052] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 261.226935][ T5288] lg-g15 0003:046D:C222.0004: unknown main item tag 0x0 [ 261.256321][ T5288] lg-g15 0003:046D:C222.0004: unknown main item tag 0x0 [ 261.277291][ T5288] lg-g15 0003:046D:C222.0004: unknown main item tag 0x0 [ 261.284891][ T5288] lg-g15 0003:046D:C222.0004: unknown main item tag 0x0 [ 261.336107][ T5288] lg-g15 0003:046D:C222.0004: hidraw0: USB HID v0.00 Device [HID 046d:c222] on usb-dummy_hcd.3-1/input0 [ 261.489243][ T1052] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 261.551188][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 261.558052][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 261.606201][ T6963] loop3: detected capacity change from 0 to 128 [ 261.660147][ T7001] loop1: detected capacity change from 0 to 16 [ 261.744428][ T7001] erofs: (device loop1): erofs_read_inode: unsupported chunk format 7fff of nid 36 [ 261.757728][ T6963] FAT-fs (loop3): error, corrupted directory (invalid entries) [ 261.789406][ T1052] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 261.806100][ T6963] FAT-fs (loop3): Filesystem has been set read-only [ 261.844193][ T6963] FAT-fs (loop3): error, corrupted directory (invalid entries) [ 261.845532][ T7006] loop2: detected capacity change from 0 to 128 [ 261.876401][ T6963] FAT-fs (loop3): error, corrupted directory (invalid entries) [ 261.893619][ T6963] FAT-fs (loop3): error, corrupted directory (invalid entries) [ 261.916593][ T6963] FAT-fs (loop3): error, corrupted directory (invalid entries) [ 261.957949][ T7006] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 261.990298][ T5240] usb 4-1: USB disconnect, device number 5 [ 262.015867][ T7006] ext4 filesystem being mounted at /69/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 262.093294][ T5288] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 262.112497][ T7014] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 262.136539][ T5245] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 262.163759][ T5245] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 262.174430][ T5245] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 262.190483][ T5245] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 262.208695][ T5245] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 262.226304][ T5245] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 262.297609][ T7006] fscrypt (loop2, inode 12): Direct key flag not allowed with different contents and filenames modes [ 262.329304][ T5288] usb 2-1: Using ep0 maxpacket: 8 [ 262.400101][ T5288] usb 2-1: unable to get BOS descriptor or descriptor too short [ 262.412449][ T7021] netlink: 'syz.4.435': attribute type 4 has an invalid length. [ 262.425173][ T7017] 9pnet: p9_errstr2errno: server reported unknown error Í [ 262.453155][ T5288] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 262.474821][ T5288] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 262.505672][ T5498] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 262.508169][ T1052] bridge_slave_1: left allmulticast mode [ 262.518090][ T5288] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 262.548438][ T5288] usb 2-1: config 1 has no interface number 1 [ 262.552263][ T1052] bridge_slave_1: left promiscuous mode [ 262.555275][ T5288] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 262.572185][ T1052] bridge0: port 2(bridge_slave_1) entered disabled state [ 262.603118][ T5288] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x2 has invalid wMaxPacketSize 0 [ 262.612565][ T1052] bridge_slave_0: left allmulticast mode [ 262.625529][ T5288] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 262.645191][ T5288] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 262.667569][ T1052] bridge_slave_0: left promiscuous mode [ 262.676345][ T1052] bridge0: port 1(bridge_slave_0) entered disabled state [ 262.688230][ T5288] usb 2-1: Product: syz [ 262.692447][ T5288] usb 2-1: Manufacturer: syz [ 262.718361][ T5288] usb 2-1: SerialNumber: syz [ 262.746553][ T29] audit: type=1326 audit(1722635471.965:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7025 comm="syz.3.438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceec5779f9 code=0x7ffc0000 [ 262.784876][ T29] audit: type=1326 audit(1722635471.965:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7025 comm="syz.3.438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceec5779f9 code=0x7ffc0000 [ 262.862282][ T29] audit: type=1326 audit(1722635471.965:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7025 comm="syz.3.438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=27 compat=0 ip=0x7fceec5779f9 code=0x7ffc0000 [ 262.900456][ T7028] loop2: detected capacity change from 0 to 1024 [ 262.972971][ T29] audit: type=1326 audit(1722635471.965:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7025 comm="syz.3.438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceec5779f9 code=0x7ffc0000 [ 262.999657][ T5351] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 263.019500][ T29] audit: type=1326 audit(1722635471.965:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7025 comm="syz.3.438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceec5779f9 code=0x7ffc0000 [ 263.043438][ T7028] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 263.052996][ T29] audit: type=1326 audit(1722635471.965:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7025 comm="syz.3.438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fceec5779f9 code=0x7ffc0000 [ 263.101504][ T29] audit: type=1326 audit(1722635471.965:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7025 comm="syz.3.438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceec5779f9 code=0x7ffc0000 [ 263.182865][ T29] audit: type=1326 audit(1722635471.965:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7025 comm="syz.3.438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceec5779f9 code=0x7ffc0000 [ 263.257157][ T29] audit: type=1326 audit(1722635471.965:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7025 comm="syz.3.438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fceec5779f9 code=0x7ffc0000 [ 263.453833][ T5288] usb 2-1: USB disconnect, device number 8 [ 263.572207][ T5351] usb 1-1: Using ep0 maxpacket: 16 [ 264.306251][ T5351] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 264.336085][ T5245] Bluetooth: hci0: command tx timeout [ 264.490169][ T5351] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 264.506621][ T5498] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 264.511474][ T5351] usb 1-1: New USB device found, idVendor=1294, idProduct=1320, bcdDevice= 0.00 [ 264.531532][ T5351] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 264.543023][ T5351] usb 1-1: config 0 descriptor?? [ 264.977920][ T5351] hid-led 0003:1294:1320.0005: hidraw0: USB HID v0.00 Device [HID 1294:1320] on usb-dummy_hcd.0-1/input0 [ 265.013263][ T5351] hid-led 0003:1294:1320.0005: Riso Kagaku Webmail Notifier initialized [ 265.081723][ T1052] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 265.106496][ T1052] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 265.149872][ T1052] bond0 (unregistering): Released all slaves [ 265.159829][ T7049] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 265.187975][ T5351] usb 1-1: USB disconnect, device number 3 [ 265.209000][ T5288] leds riso_kagaku0:blue: Setting an LED's brightness failed (-38) [ 265.222526][ T7022] netlink: 'syz.4.435': attribute type 4 has an invalid length. [ 265.239996][ T5288] leds riso_kagaku0:green: Setting an LED's brightness failed (-38) [ 265.271761][ T7049] loop1: detected capacity change from 0 to 8 [ 265.272549][ T5288] leds riso_kagaku0:red: Setting an LED's brightness failed (-38) [ 265.303636][ T7049] squashfs: Unknown parameter '01777777777777777777777' [ 265.317393][ T936] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 265.351989][ T7030] netlink: 'syz.3.438': attribute type 10 has an invalid length. [ 265.397577][ T7030] 8021q: adding VLAN 0 to HW filter on device team0 [ 265.423620][ T7030] bond0: (slave team0): Enslaving as an active interface with an up link [ 265.440804][ T7031] netlink: 'syz.3.438': attribute type 10 has an invalid length. [ 265.458277][ T7031] bond0: (slave team0): Releasing backup interface [ 265.486126][ T7031] bridge0: port 3(team0) entered blocking state [ 265.493298][ T7031] bridge0: port 3(team0) entered disabled state [ 265.503780][ T7031] team0: entered allmulticast mode [ 265.509854][ T7031] team_slave_0: entered allmulticast mode [ 265.516097][ T7031] team_slave_1: entered allmulticast mode [ 265.524032][ T7031] team0: entered promiscuous mode [ 265.529314][ T7031] team_slave_0: entered promiscuous mode [ 265.535405][ T7031] team_slave_1: entered promiscuous mode [ 265.571787][ T936] usb 3-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 265.591665][ T936] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 265.620456][ T936] usb 3-1: Product: syz [ 265.625169][ T936] usb 3-1: Manufacturer: syz [ 265.634766][ T936] usb 3-1: SerialNumber: syz [ 265.663596][ T936] usb 3-1: config 0 descriptor?? [ 265.804915][ T7055] loop4: detected capacity change from 0 to 256 [ 265.897841][ T936] usb-storage 3-1:0.0: USB Mass Storage device detected [ 266.196551][ T5302] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 266.417571][ T5245] Bluetooth: hci0: command tx timeout [ 267.263931][ T5302] usb 5-1: config index 0 descriptor too short (expected 23569, got 27) [ 267.274924][ T5302] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 267.303780][ T5302] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 267.322591][ T5302] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 267.930121][ T5302] usb 5-1: config 0 descriptor?? [ 268.346638][ T1052] hsr_slave_0: left promiscuous mode [ 268.372741][ T1052] hsr_slave_1: left promiscuous mode [ 268.396795][ T25] usb 3-1: USB disconnect, device number 6 [ 268.436286][ T1052] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 268.443889][ T1052] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 268.473886][ T5302] rc_core: IR keymap rc-hauppauge not found [ 268.493118][ T5302] Registered IR keymap rc-empty [ 268.499072][ T5245] Bluetooth: hci0: command tx timeout [ 268.516059][ T1052] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 268.518376][ T5302] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0 [ 268.534038][ T1052] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 268.575965][ T5245] Bluetooth: hci8: unexpected event for opcode 0x0c56 [ 268.609636][ T5302] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input8 [ 268.660812][ T5302] usb 5-1: USB disconnect, device number 5 [ 268.694961][ T1052] veth1_macvtap: left promiscuous mode [ 268.711495][ T1052] veth0_macvtap: left promiscuous mode [ 268.721873][ T1052] veth1_vlan: left promiscuous mode [ 268.754113][ T1052] veth0_vlan: left promiscuous mode [ 268.883103][ T7059] loop0: detected capacity change from 0 to 32768 [ 268.906797][ T7059] BTRFS error: invalid value 0 for thread_pool [ 268.978568][ T7084] overlayfs: metacopy with no lower data found - abort lookup (/file1) [ 269.009592][ T7084] overlayfs: failed to look up (file1) for ino (-5) [ 269.509272][ T7093] loop3: detected capacity change from 0 to 128 [ 269.762952][ T7097] loop0: detected capacity change from 0 to 2048 [ 269.805792][ T7097] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 269.868222][ T7100] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 269.869050][ T7097] syz.0.457: attempt to access beyond end of device [ 269.869050][ T7097] loop0: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 269.952034][ T7102] loop4: detected capacity change from 0 to 64 [ 270.338901][ T7105] xt_bpf: check failed: parse error [ 270.379990][ T7105] syz.0.457: attempt to access beyond end of device [ 270.379990][ T7105] loop0: rw=0, sector=33554430, nr_sectors = 2 limit=2048 [ 271.209249][ T7105] NILFS (loop0): I/O error reading meta-data file (ino=6, block-offset=3) [ 271.218817][ T7105] NILFS (loop0): error -5 reading inode: ino=12 [ 271.260446][ T5245] Bluetooth: hci0: command tx timeout [ 271.284940][ T7108] syz.0.457: attempt to access beyond end of device [ 271.284940][ T7108] loop0: rw=0, sector=33554430, nr_sectors = 2 limit=2048 [ 271.388601][ T7108] NILFS (loop0): I/O error reading meta-data file (ino=6, block-offset=3) [ 271.397828][ T7108] NILFS (loop0): error -5 reading inode: ino=12 [ 271.417937][ T7105] syz.0.457: attempt to access beyond end of device [ 271.417937][ T7105] loop0: rw=0, sector=33554430, nr_sectors = 2 limit=2048 [ 271.432791][ T7105] NILFS (loop0): I/O error reading meta-data file (ino=6, block-offset=3) [ 271.443905][ T7105] NILFS (loop0): error -5 reading inode: ino=12 [ 271.539372][ T29] kauditd_printk_skb: 11 callbacks suppressed [ 271.539401][ T29] audit: type=1326 audit(2000000001.679:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7096 comm="syz.0.457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0235f779f9 code=0x7ffc0000 [ 271.667593][ T29] audit: type=1326 audit(2000000001.679:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7096 comm="syz.0.457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0235f779f9 code=0x7ffc0000 [ 271.807912][ T29] audit: type=1326 audit(2000000001.679:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7096 comm="syz.0.457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0235f779f9 code=0x7ffc0000 [ 271.880066][ T29] audit: type=1326 audit(2000000001.679:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7096 comm="syz.0.457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0235f779f9 code=0x7ffc0000 [ 271.961891][ T29] audit: type=1326 audit(2000000001.679:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7096 comm="syz.0.457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0235f779f9 code=0x7ffc0000 [ 272.034103][ T29] audit: type=1326 audit(2000000001.689:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7096 comm="syz.0.457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=90 compat=0 ip=0x7f0235f779f9 code=0x7ffc0000 [ 272.038363][ T7116] loop0: detected capacity change from 0 to 47 [ 272.085721][ T29] audit: type=1326 audit(2000000001.819:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7096 comm="syz.0.457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0235f779f9 code=0x7ffc0000 [ 272.142444][ T29] audit: type=1326 audit(2000000001.819:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7096 comm="syz.0.457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0235f779f9 code=0x7ffc0000 [ 272.562268][ T1052] team0 (unregistering): Port device team_slave_1 removed [ 272.619543][ T7120] loop0: detected capacity change from 0 to 128 [ 272.690482][ T1052] team0 (unregistering): Port device team_slave_0 removed [ 273.443628][ T7063] netlink: 'syz.1.447': attribute type 12 has an invalid length. [ 273.569634][ T7124] tap0: tun_chr_ioctl cmd 1074025677 [ 273.654545][ T7124] tap0: linktype set to 804 [ 273.756850][ T7127] netlink: 76 bytes leftover after parsing attributes in process `syz.4.467'. [ 273.809367][ T7013] chnl_net:caif_netlink_parms(): no params data found [ 274.245974][ T5302] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 274.283030][ T29] audit: type=1326 audit(2000000004.639:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7135 comm="syz.0.470" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0235f779f9 code=0x0 [ 274.323691][ T7145] syz.3.473[7145] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 274.323923][ T7145] syz.3.473[7145] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 274.371832][ T7013] bridge0: port 1(bridge_slave_0) entered blocking state [ 274.422210][ T7013] bridge0: port 1(bridge_slave_0) entered disabled state [ 274.439885][ T7013] bridge_slave_0: entered allmulticast mode [ 274.457758][ T7013] bridge_slave_0: entered promiscuous mode [ 274.481817][ T5302] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 274.495264][ T7013] bridge0: port 2(bridge_slave_1) entered blocking state [ 274.518827][ T5302] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 274.540328][ T7013] bridge0: port 2(bridge_slave_1) entered disabled state [ 274.564527][ T7013] bridge_slave_1: entered allmulticast mode [ 274.564650][ T5302] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice= 0.00 [ 274.590185][ T7013] bridge_slave_1: entered promiscuous mode [ 274.659953][ T5302] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 274.730603][ T5302] usb 3-1: config 0 descriptor?? [ 274.769848][ T7154] loop3: detected capacity change from 0 to 512 [ 274.776801][ T7152] loop1: detected capacity change from 0 to 1764 [ 274.799633][ T7013] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 274.807021][ T7154] EXT4-fs: Ignoring removed mblk_io_submit option [ 274.839682][ T7013] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 275.011339][ T7154] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b856c118, mo2=0002] [ 275.057059][ T7154] System zones: 1-12 [ 275.068970][ T7013] team0: Port device team_slave_0 added [ 275.103150][ T7154] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.476: corrupted in-inode xattr: e_value size too large [ 275.137742][ T7013] team0: Port device team_slave_1 added [ 275.145883][ T7154] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.476: couldn't read orphan inode 15 (err -117) [ 275.306636][ T7154] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 275.332995][ T7129] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 275.480231][ T7129] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 276.005038][ T7129] loop2: detected capacity change from 0 to 512 [ 276.143122][ T7129] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2240: inode #12: comm syz.2.466: corrupted in-inode xattr: invalid ea_ino [ 276.198921][ T7013] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 276.240641][ T7013] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 276.266855][ T7129] EXT4-fs (loop2): Remounting filesystem read-only [ 276.269294][ T7129] EXT4-fs (loop2): mounted filesystem 00000005-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 276.293489][ T7013] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 276.302977][ T5302] appleir 0003:05AC:8243.0006: report_id 0 is invalid [ 276.358333][ T5302] appleir 0003:05AC:8243.0006: item 0 0 1 8 parsing failed [ 276.405319][ T5302] appleir 0003:05AC:8243.0006: parse failed [ 276.438049][ T5302] appleir 0003:05AC:8243.0006: probe with driver appleir failed with error -22 [ 276.517376][ T5302] usb 3-1: USB disconnect, device number 7 [ 276.631304][ T7013] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 276.633827][ T7167] loop0: detected capacity change from 0 to 128 [ 276.639696][ T7150] loop4: detected capacity change from 0 to 32768 [ 276.652958][ T7013] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 276.780274][ T29] audit: type=1800 audit(2000000007.119:39): pid=7168 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.476" name="bus" dev="loop3" ino=18 res=0 errno=0 [ 277.174878][ T7150] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.474 (7150) [ 277.235715][ T7013] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 277.268874][ T7150] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 277.327007][ T7167] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 277.346477][ T7150] BTRFS info (device loop4): using sha256 (sha256-ni) checksum algorithm [ 277.381275][ T7150] BTRFS info (device loop4): using free-space-tree [ 277.408904][ T7167] ext4 filesystem being mounted at /21/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 277.453466][ T7150] workqueue: Failed to create a rescuer kthread for wq "btrfs-worker": -EINTR [ 277.458627][ T5502] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 277.466425][ T7150] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR [ 277.496425][ T7150] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR [ 277.576650][ T7150] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR [ 277.609306][ T7150] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR [ 277.640867][ T7150] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR [ 277.641875][ T5498] EXT4-fs (loop2): unmounting filesystem 00000005-0000-0000-0000-000000000000. [ 277.664039][ T7150] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR [ 277.685003][ T7150] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR [ 277.711430][ T7013] hsr_slave_0: entered promiscuous mode [ 277.750663][ T7150] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR [ 277.753062][ T7150] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR [ 277.792739][ T7150] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR [ 277.807794][ T6576] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 277.836621][ T7013] hsr_slave_1: entered promiscuous mode [ 277.865212][ T7150] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR [ 277.886207][ T7150] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 278.049731][ T7150] BTRFS error (device loop4): open_ctree failed [ 278.131799][ T7194] loop2: detected capacity change from 0 to 128 [ 278.276190][ T7194] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 278.302540][ T7194] ext4 filesystem being mounted at /79/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 278.350099][ T7202] loop1: detected capacity change from 0 to 1024 [ 278.657795][ T5351] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 278.986369][ T5351] usb 4-1: Using ep0 maxpacket: 8 [ 278.998534][ T5351] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 279.014248][ T5351] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84 [ 279.080694][ T5351] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 239, changing to 11 [ 279.135885][ T5351] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 9059, setting to 1024 [ 279.152647][ T5351] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 279.193179][ T5351] usb 4-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 279.205372][ T5351] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 279.214823][ T5351] usb 4-1: Product: syz [ 279.219374][ T5351] usb 4-1: Manufacturer: syz [ 279.224055][ T5351] usb 4-1: SerialNumber: syz [ 279.280029][ T5351] usb 4-1: config 0 descriptor?? [ 279.487956][ T5351] input: KB Gear Tablet as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input9 [ 279.528814][ C0] kbtab 4-1:0.0: kbtab_irq - usb_submit_urb failed with result -1 [ 279.752275][ C1] kbtab 4-1:0.0: kbtab_irq - usb_submit_urb failed with result -1 [ 279.796878][ T5498] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 279.853620][ T936] usb 4-1: USB disconnect, device number 6 [ 279.882093][ T7210] netlink: 24 bytes leftover after parsing attributes in process `syz.0.488'. [ 280.033830][ T7217] loop4: detected capacity change from 0 to 16 [ 280.083797][ T7217] erofs: (device loop4): mounted with root inode @ nid 36. [ 280.111492][ T7013] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 280.127231][ T7013] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 280.162427][ T7013] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 280.199497][ T7013] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 280.336984][ T5245] Bluetooth: hci0: command tx timeout [ 280.372745][ T7223] loop0: detected capacity change from 0 to 512 [ 280.592677][ T7230] loop2: detected capacity change from 0 to 128 [ 280.621774][ T7013] 8021q: adding VLAN 0 to HW filter on device bond0 [ 280.635349][ T7230] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 280.653781][ T7013] 8021q: adding VLAN 0 to HW filter on device team0 [ 280.679156][ T7230] ext4 filesystem being mounted at /82/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 280.751306][ T5351] bridge0: port 1(bridge_slave_0) entered blocking state [ 280.760428][ T5351] bridge0: port 1(bridge_slave_0) entered forwarding state [ 280.839799][ T5351] bridge0: port 2(bridge_slave_1) entered blocking state [ 280.847807][ T5351] bridge0: port 2(bridge_slave_1) entered forwarding state [ 281.961123][ T5498] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 282.101784][ T7242] loop4: detected capacity change from 0 to 1024 [ 282.117116][ T7013] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 282.127482][ T7242] EXT4-fs: Ignoring removed oldalloc option [ 282.161247][ T7242] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 282.205842][ T7242] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869) [ 282.277090][ T7242] EXT4-fs (loop4): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 282.327164][ T7242] EXT4-fs (loop4): can't mount with commit=65536, fs mounted w/o journal [ 282.410023][ T7257] loop2: detected capacity change from 0 to 64 [ 282.506708][ T7242] netlink: 4 bytes leftover after parsing attributes in process `syz.4.502'. [ 282.768830][ T7269] loop1: detected capacity change from 0 to 512 [ 282.830073][ T7013] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 282.851981][ T7270] loop3: detected capacity change from 0 to 2048 [ 282.881023][ T7269] EXT4-fs warning (device loop1): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 282.931756][ T7269] EXT4-fs warning (device loop1): dx_probe:881: Enable large directory feature to access it [ 282.944984][ T7269] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.508: Corrupt directory, running e2fsck is recommended [ 282.970131][ T7270] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 283.136959][ T7284] rdma_op ffff8880620751f0 conn xmit_rdma 0000000000000000 [ 283.166148][ T29] audit: type=1800 audit(2000000013.519:40): pid=7266 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.507" name="bus" dev="loop3" ino=18 res=0 errno=0 [ 283.195156][ T7269] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -2 [ 283.207187][ T7266] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 283.251744][ T7269] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2240: inode #15: comm syz.1.508: corrupted in-inode xattr: invalid ea_ino [ 283.295051][ T7269] EXT4-fs (loop1): Remounting filesystem read-only [ 283.333826][ T7266] EXT4-fs (loop3): Remounting filesystem read-only [ 283.367248][ T7269] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 286.268899][ T5502] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 286.319416][ T5499] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 286.457900][ T7306] netlink: 'syz.3.518': attribute type 10 has an invalid length. [ 286.592531][ T7306] team0: Device veth1_vlan failed to register rx_handler [ 286.606383][ T25] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 286.622381][ T7310] Process accounting resumed [ 286.672580][ T7312] loop4: detected capacity change from 0 to 8 [ 286.836236][ T25] usb 3-1: Using ep0 maxpacket: 32 [ 286.844268][ T25] usb 3-1: config 0 has an invalid interface number: 141 but max is 0 [ 286.867545][ T25] usb 3-1: config 0 has no interface number 0 [ 286.879335][ T7013] veth0_vlan: entered promiscuous mode [ 286.891847][ T25] usb 3-1: config 0 interface 141 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 286.902935][ T5240] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 286.938570][ T7013] veth1_vlan: entered promiscuous mode [ 286.944670][ T25] usb 3-1: config 0 interface 141 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0 [ 286.977066][ T25] usb 3-1: New USB device found, idVendor=0e6f, idProduct=582c, bcdDevice=31.68 [ 287.017872][ T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 287.041532][ T7013] veth0_macvtap: entered promiscuous mode [ 287.048856][ T25] usb 3-1: Product: syz [ 287.053191][ T25] usb 3-1: Manufacturer: syz [ 287.069207][ T25] usb 3-1: SerialNumber: syz [ 287.076121][ T5240] usb 2-1: Using ep0 maxpacket: 8 [ 287.080120][ T7013] veth1_macvtap: entered promiscuous mode [ 287.097526][ T25] usb 3-1: config 0 descriptor?? [ 287.100894][ T5240] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 287.156037][ T5240] usb 2-1: New USB device found, idVendor=046d, idProduct=c295, bcdDevice= 0.00 [ 287.172531][ T5240] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 287.186794][ T5240] usb 2-1: config 0 descriptor?? [ 287.197618][ T5240] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 287.214181][ T7013] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 287.226350][ T7013] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 287.238438][ T7013] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 287.249943][ T7013] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 287.262769][ T7013] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 287.274040][ T7013] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 287.285220][ T7013] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 287.318572][ T7013] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 287.341648][ T7013] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 287.347890][ T25] usb 3-1: USB disconnect, device number 8 [ 287.378179][ T7013] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 287.420901][ T7013] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 287.437892][ T7309] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 287.466453][ T7309] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 287.493917][ T7013] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 287.512031][ T5245] Bluetooth: hci7: Invalid handle: 0x756f > 0x0eff [ 287.546329][ T7013] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 287.558929][ T7013] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 287.604712][ T7013] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 287.675577][ T7013] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 287.708482][ T7013] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 287.740341][ T7013] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 287.768925][ T7013] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 287.804244][ T7013] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 287.823663][ T7013] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 287.853649][ T7013] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 287.920793][ T25] usb 2-1: USB disconnect, device number 9 [ 287.961868][ T7013] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 288.007320][ T7013] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 288.032494][ T7013] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 288.051250][ T7013] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 288.354051][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 288.405888][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 288.533677][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 288.578771][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 289.339993][ T7359] loop5: detected capacity change from 0 to 1024 [ 289.497429][ T7359] hfsplus: bad catalog entry type [ 289.565207][ T7356] loop3: detected capacity change from 0 to 32768 [ 289.584771][ T7356] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.537 (7356) [ 289.628922][ T7356] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 289.639728][ T7356] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 289.649016][ T7356] BTRFS info (device loop3): using free-space-tree [ 289.671628][ T62] hfsplus: b-tree write err: -5, ino 4 [ 289.726580][ T5351] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 290.346141][ T5351] usb 3-1: New USB device found, idVendor=0f11, idProduct=1000, bcdDevice= 0.7f [ 290.359492][ T5502] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 290.365778][ T5351] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 290.383127][ T5351] usb 3-1: config 0 descriptor?? [ 291.761302][ T7404] loop3: detected capacity change from 0 to 512 [ 292.062917][ T7404] EXT4-fs error (device loop3): ext4_xattr_inode_iget:436: comm syz.3.545: Parent and EA inode have the same ino 15 [ 292.104446][ T5351] usb 3-1: string descriptor 0 read error: -71 [ 292.111570][ T5351] ldusb 3-1:0.0: Interrupt in endpoint not found [ 292.122391][ T5351] usb 3-1: USB disconnect, device number 9 [ 292.586011][ T7404] EXT4-fs (loop3): Remounting filesystem read-only [ 292.592918][ T7404] EXT4-fs (loop3): 1 orphan inode deleted [ 292.892569][ T7404] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 293.289569][ T7412] snd_dummy snd_dummy.0: control 0:1:0:syz0:0 is already present [ 293.921168][ T7414] loop1: detected capacity change from 0 to 2048 [ 294.009636][ T7414] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 294.220164][ T7420] ext4: Unknown parameter '/dev/input/event#' [ 294.426948][ T7425] loop5: detected capacity change from 0 to 4096 [ 294.435899][ T7425] ntfs3: loop5: Different NTFS sector size (2048) and media sector size (512). [ 294.461208][ T7426] loop2: detected capacity change from 0 to 2048 [ 294.493303][ T7425] ntfs3: loop5: Mark volume as dirty due to NTFS errors [ 294.557110][ T7425] ntfs3: loop5: Failed to load $Extend (-22). [ 294.563649][ T7425] ntfs3: loop5: Failed to initialize $Extend. [ 294.606931][ T7426] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 294.672948][ T7426] ext4 filesystem being mounted at /90/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 294.860859][ T7437] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 294.960192][ T12] nci: nci_rx_work: unknown MT 0x6 [ 295.042945][ T5502] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 295.061574][ T7442] sp0: Synchronizing with TNC [ 295.226659][ T5498] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 295.352728][ T1052] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 295.529547][ T1052] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 295.813196][ T1052] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 296.199781][ T7457] netlink: 'syz.0.566': attribute type 11 has an invalid length. [ 296.209333][ T7457] netlink: 24 bytes leftover after parsing attributes in process `syz.0.566'. [ 296.235220][ T7457] loop0: detected capacity change from 0 to 512 [ 296.244076][ T7457] EXT4-fs: Ignoring removed i_version option [ 300.977641][ T7457] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 300.993467][ T7457] workqueue: Failed to create a rescuer kthread for wq "ext4-rsv-conversion": -EINTR [ 300.997431][ T7457] EXT4-fs: failed to create workqueue [ 301.014079][ T7457] EXT4-fs (loop0): mount failed [ 301.312586][ T7462] loop5: detected capacity change from 0 to 256 [ 301.319434][ T7464] netlink: 4 bytes leftover after parsing attributes in process `syz.1.571'. [ 301.362859][ T7462] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000001) [ 301.414221][ T7462] FAT-fs (loop5): Filesystem has been set read-only [ 301.422692][ T7464] netlink: 20 bytes leftover after parsing attributes in process `syz.1.571'. [ 301.446636][ T1052] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 301.456207][ T29] audit: type=1326 audit(2000000031.799:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7461 comm="syz.5.570" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2f0fd779f9 code=0x0 [ 301.547226][ T7473] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 0, id = 0 [ 301.592326][ T29] audit: type=1326 audit(2000000031.949:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7471 comm="syz.2.574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ee8f779f9 code=0x7ffc0000 [ 301.647065][ T5240] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 301.688751][ T29] audit: type=1326 audit(2000000031.949:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7471 comm="syz.2.574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ee8f779f9 code=0x7ffc0000 [ 301.785849][ T29] audit: type=1326 audit(2000000032.019:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7471 comm="syz.2.574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f0ee8f779f9 code=0x7ffc0000 [ 301.845346][ T29] audit: type=1326 audit(2000000032.019:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7471 comm="syz.2.574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ee8f779f9 code=0x7ffc0000 [ 301.857669][ T5240] usb 1-1: Using ep0 maxpacket: 16 [ 301.879069][ T5233] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 301.897819][ T5233] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 301.916127][ T5233] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 301.918144][ T29] audit: type=1326 audit(2000000032.019:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7471 comm="syz.2.574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ee8f779f9 code=0x7ffc0000 [ 301.937884][ T5240] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 301.962945][ T1052] team0: left allmulticast mode [ 301.970676][ T1052] team_slave_0: left allmulticast mode [ 301.978065][ T1052] team_slave_1: left allmulticast mode [ 301.984497][ T1052] team0: left promiscuous mode [ 301.989560][ T1052] team_slave_0: left promiscuous mode [ 301.995540][ T1052] team_slave_1: left promiscuous mode [ 302.001864][ T1052] bridge0: port 3(team0) entered disabled state [ 302.012541][ T5233] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 302.033822][ T5240] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 302.046367][ T29] audit: type=1326 audit(2000000032.029:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7471 comm="syz.2.574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0ee8f779f9 code=0x7ffc0000 [ 302.047669][ T5233] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 302.086191][ T5233] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 302.098770][ T5240] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 302.109222][ T5240] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 302.156945][ T5240] usb 1-1: config 0 descriptor?? [ 302.165009][ T29] audit: type=1326 audit(2000000032.029:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7471 comm="syz.2.574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ee8f779f9 code=0x7ffc0000 [ 302.238783][ T1052] bridge_slave_1: left allmulticast mode [ 302.244678][ T1052] bridge_slave_1: left promiscuous mode [ 302.257615][ T1052] bridge0: port 2(bridge_slave_1) entered disabled state [ 302.269729][ T29] audit: type=1326 audit(2000000032.029:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7471 comm="syz.2.574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ee8f779f9 code=0x7ffc0000 [ 302.324827][ T1052] bridge_slave_0: left allmulticast mode [ 302.331226][ T29] audit: type=1326 audit(2000000032.029:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7471 comm="syz.2.574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f0ee8f779f9 code=0x7ffc0000 [ 302.364931][ T1052] bridge_slave_0: left promiscuous mode [ 302.374005][ T1052] bridge0: port 1(bridge_slave_0) entered disabled state [ 302.627768][ T7466] loop0: detected capacity change from 0 to 1024 [ 302.661142][ T7466] hfsplus: unable to parse mount options [ 302.736618][ T5240] HID 045e:07da: Invalid code 65791 type 1 [ 302.768278][ T5240] HID 045e:07da: Invalid code 768 type 1 [ 302.789568][ T5240] HID 045e:07da: Invalid code 769 type 1 [ 302.816529][ T5240] HID 045e:07da: Invalid code 770 type 1 [ 302.834966][ T5240] HID 045e:07da: Invalid code 771 type 1 [ 302.860926][ T5240] HID 045e:07da: Invalid code 772 type 1 [ 302.877540][ T5240] HID 045e:07da: Invalid code 773 type 1 [ 302.889419][ T5240] HID 045e:07da: Invalid code 774 type 1 [ 302.910050][ T5240] HID 045e:07da: Invalid code 775 type 1 [ 302.922927][ T5240] HID 045e:07da: Invalid code 776 type 1 [ 302.973740][ T7466] loop0: detected capacity change from 0 to 1024 [ 302.984411][ T5240] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:045E:07DA.0007/input/input11 [ 303.068616][ T7466] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 303.167982][ T5240] microsoft 0003:045E:07DA.0007: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 303.212583][ T7500] Bluetooth: MGMT ver 1.23 [ 303.779768][ T5275] usb 1-1: USB disconnect, device number 4 [ 303.841312][ T6576] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 303.885723][ T7510] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 304.083815][ T1052] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 304.103619][ T7515] loop2: detected capacity change from 0 to 1024 [ 304.154942][ T1052] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 304.186988][ T5233] Bluetooth: hci2: command tx timeout [ 304.248351][ T1052] bond0 (unregistering): Released all slaves [ 304.497910][ T7517] cgroup: No subsys list or none specified [ 304.958957][ T7515] hfsplus: xattr searching failed [ 304.978096][ T7518] hfsplus: xattr searching failed [ 305.188317][ T5498] hfsplus: node 4:3 still has 1 user(s)! [ 305.305799][ T5233] Bluetooth: hci0: command tx timeout [ 305.427162][ T7524] loop2: detected capacity change from 0 to 4096 [ 305.444081][ T7524] ntfs3: loop2: Different NTFS sector size (1024) and media sector size (512). [ 305.902425][ T7539] loop0: detected capacity change from 0 to 4096 [ 305.985857][ T25] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 306.034957][ T7539] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 306.074167][ T1052] hsr_slave_0: left promiscuous mode [ 306.182488][ T7539] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 306.200243][ T1052] hsr_slave_1: left promiscuous mode [ 306.304510][ T7546] loop5: detected capacity change from 0 to 256 [ 306.339330][ T7539] ntfs3: loop0: Failed to load $Extend (-22). [ 306.345959][ T7539] ntfs3: loop0: Failed to initialize $Extend. [ 306.385822][ T5233] Bluetooth: hci2: command tx timeout [ 306.407249][ T7546] FAT-fs (loop5): bogus logical sector size 0 [ 306.413984][ T7546] FAT-fs (loop5): Can't find a valid FAT filesystem [ 306.640756][ T7549] loop5: detected capacity change from 0 to 1024 [ 306.681578][ T7549] EXT4-fs (loop5): mounting ext2 file system using the ext4 subsystem [ 306.698840][ T7549] EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 306.710774][ T7549] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (59422!=20869) [ 306.724357][ T7549] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 306.757957][ T7549] journal_load_superblock: Cannot read journal superblock [ 306.766160][ T7549] EXT4-fs (loop5): Could not load journal inode [ 306.916028][ T1052] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 306.921446][ T25] usb 2-1: Using ep0 maxpacket: 16 [ 306.955881][ T7545] loop2: detected capacity change from 0 to 4096 [ 306.974551][ T7545] ntfs3: loop2: Different NTFS sector size (1024) and media sector size (512). [ 306.988656][ T25] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=7b.55 [ 307.000783][ T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 307.009654][ T25] usb 2-1: Product: syz [ 307.012234][ T1052] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 307.014858][ T25] usb 2-1: Manufacturer: syz [ 307.027687][ T25] usb 2-1: SerialNumber: syz [ 307.074326][ T7545] ntfs3: loop2: $Secure::$SII is corrupted. [ 307.244135][ T1052] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 307.278183][ T25] usb 2-1: config 0 descriptor?? [ 307.293838][ T7545] ntfs3: loop2: Failed to initialize $Secure (-22). [ 307.308070][ T1052] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 307.365156][ T1052] veth1_macvtap: left promiscuous mode [ 307.369554][ T25] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 307.773937][ T1052] veth0_macvtap: left promiscuous mode [ 308.039350][ T12] usb 2-1: Failed to submit usb control message: -71 [ 308.061448][ T1052] veth0_vlan: left promiscuous mode [ 308.091906][ T12] usb 2-1: unable to send the bmi data to the device: -71 [ 308.153094][ T12] usb 2-1: unable to get target info from device [ 308.196860][ T12] usb 2-1: could not get target info (-71) [ 308.234171][ T25] usb 2-1: USB disconnect, device number 10 [ 308.243628][ T12] usb 2-1: could not probe fw (-71) [ 308.417745][ T5245] Bluetooth: hci2: command tx timeout [ 309.016666][ T25] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 309.069274][ T7585] netlink: 360 bytes leftover after parsing attributes in process `syz.0.614'. [ 309.092549][ T7585] netlink: 'syz.0.614': attribute type 2 has an invalid length. [ 309.216477][ T25] usb 3-1: Using ep0 maxpacket: 16 [ 309.247025][ T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 309.263804][ T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 309.315715][ T25] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 309.331663][ T25] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 309.338195][ T7588] loop5: detected capacity change from 0 to 1024 [ 309.361654][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 309.389365][ T25] usb 3-1: config 0 descriptor?? [ 309.452371][ T7588] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 309.620504][ T7013] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 309.791698][ T7583] loop1: detected capacity change from 0 to 32768 [ 309.830517][ T7583] BTRFS: device fsid 3a492a15-ac49-4ce6-945e-cef7a687c6c9 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.613 (7583) [ 309.854958][ T25] microsoft 0003:045E:07DA.0008: No inputs registered, leaving [ 309.876377][ T25] microsoft 0003:045E:07DA.0008: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 309.888895][ T25] microsoft 0003:045E:07DA.0008: no inputs found [ 309.891308][ T7583] BTRFS info (device loop1): first mount of filesystem 3a492a15-ac49-4ce6-945e-cef7a687c6c9 [ 309.903812][ T25] microsoft 0003:045E:07DA.0008: could not initialize ff, continuing anyway [ 309.921650][ T7583] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 309.937041][ T7583] BTRFS info (device loop1): using free-space-tree [ 309.993841][ T7595] netlink: 28 bytes leftover after parsing attributes in process `syz.5.618'. [ 310.021302][ T5288] usb 3-1: USB disconnect, device number 10 [ 310.154115][ T7612] loop5: detected capacity change from 0 to 1024 [ 310.240381][ T7612] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 310.414413][ T7013] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 310.496543][ T5233] Bluetooth: hci2: command tx timeout [ 310.540077][ T5499] BTRFS info (device loop1): last unmount of filesystem 3a492a15-ac49-4ce6-945e-cef7a687c6c9 [ 310.659064][ T1052] team0 (unregistering): Port device team_slave_1 removed [ 310.858895][ T1052] team0 (unregistering): Port device team_slave_0 removed [ 311.086314][ T5288] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 311.292720][ T5288] usb 3-1: New USB device found, idVendor=0582, idProduct=00c4, bcdDevice=ac.5f [ 311.310257][ T5288] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 311.325255][ T5288] usb 3-1: config 0 descriptor?? [ 311.574084][ T5288] usb 3-1: USB disconnect, device number 11 [ 311.870167][ T7589] netlink: 32 bytes leftover after parsing attributes in process `syz.0.616'. [ 312.173512][ T7630] loop5: detected capacity change from 0 to 128 [ 312.215524][ T7477] chnl_net:caif_netlink_parms(): no params data found [ 312.357886][ T7638] loop4: detected capacity change from 0 to 164 [ 312.493752][ T7639] netlink: 40 bytes leftover after parsing attributes in process `syz.0.627'. [ 312.521645][ T7633] loop0: detected capacity change from 0 to 512 [ 312.553510][ T7633] EXT4-fs: Ignoring removed i_version option [ 312.568757][ T7633] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 312.586106][ T5233] Bluetooth: hci2: command 0x0405 tx timeout [ 312.696859][ T7633] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2862: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 312.720968][ T7633] EXT4-fs (loop0): 1 truncate cleaned up [ 312.729290][ T7645] veth1_to_hsr: entered promiscuous mode [ 312.737439][ T7633] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 312.755112][ T7647] loop5: detected capacity change from 0 to 2048 [ 312.811223][ T7477] bridge0: port 1(bridge_slave_0) entered blocking state [ 312.824786][ T7477] bridge0: port 1(bridge_slave_0) entered disabled state [ 312.841765][ T7477] bridge_slave_0: entered allmulticast mode [ 312.849946][ T7477] bridge_slave_0: entered promiscuous mode [ 312.894152][ T7647] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 312.922964][ T7655] netlink: 'syz.2.633': attribute type 6 has an invalid length. [ 312.963694][ T7477] bridge0: port 2(bridge_slave_1) entered blocking state [ 312.988715][ T7477] bridge0: port 2(bridge_slave_1) entered disabled state [ 313.011105][ T7477] bridge_slave_1: entered allmulticast mode [ 313.038750][ T7477] bridge_slave_1: entered promiscuous mode [ 313.129115][ T7647] netlink: 10 bytes leftover after parsing attributes in process `syz.5.631'. [ 313.158177][ T7664] process 'syz.4.634' launched './file0' with NULL argv: empty string added [ 313.203764][ T6576] EXT4-fs error (device loop0): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /52/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 313.256137][ T7477] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 313.275195][ T6576] EXT4-fs error (device loop0): ext4_empty_dir:3126: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 313.283710][ T7657] loop4: detected capacity change from 0 to 2048 [ 313.357448][ T7477] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 313.374870][ T6576] EXT4-fs error (device loop0): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /52/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 313.381825][ T7668] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 313.421364][ T29] kauditd_printk_skb: 61 callbacks suppressed [ 313.421387][ T29] audit: type=1804 audit(2000000043.789:112): pid=7658 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.631" name="/newroot/27/file0/bus" dev="loop5" ino=18 res=1 errno=0 [ 313.466826][ T6576] EXT4-fs error (device loop0): ext4_empty_dir:3126: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 313.541677][ T6576] EXT4-fs error (device loop0): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /52/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 313.545814][ T7668] NILFS (loop4): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 313.594104][ T6576] EXT4-fs error (device loop0): ext4_empty_dir:3126: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 313.615793][ T7668] NILFS error (device loop4): nilfs_bmap_propagate: broken bmap (inode number=4) [ 313.622961][ T7477] team0: Port device team_slave_0 added [ 313.638790][ T6576] EXT4-fs error (device loop0): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /52/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 313.653761][ T7477] team0: Port device team_slave_1 added [ 313.668465][ T7668] Remounting filesystem read-only [ 313.675337][ T6576] EXT4-fs error (device loop0): ext4_empty_dir:3126: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 313.702496][ T2538] NILFS (loop4): discard dirty page: offset=4096, ino=6 [ 313.710101][ T2538] NILFS (loop4): discard dirty block: blocknr=39, size=1024 [ 313.728848][ T2538] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 313.782987][ T2538] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 313.805157][ T6576] EXT4-fs error (device loop0): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /52/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 313.831373][ T2538] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 313.857804][ T7477] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 313.877139][ T7477] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 313.884855][ T6576] EXT4-fs error (device loop0): ext4_empty_dir:3126: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 313.908170][ T7013] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 313.936389][ T2538] NILFS (loop4): discard dirty page: offset=0, ino=2 [ 313.944234][ T2538] NILFS (loop4): discard dirty block: blocknr=18, size=1024 [ 313.956093][ T2538] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 313.967763][ T7477] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 313.979031][ T2538] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 313.994683][ T7477] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 314.003250][ T2538] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 314.012894][ T7477] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 314.046267][ T2538] NILFS (loop4): discard dirty page: offset=0, ino=5 [ 314.054605][ T2538] NILFS (loop4): discard dirty block: blocknr=41, size=1024 [ 314.064720][ T2538] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 314.125872][ T2538] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 314.135103][ T2538] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 314.165900][ T7477] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 314.191069][ T2538] NILFS (loop4): discard dirty page: offset=0, ino=3 [ 314.216370][ T2538] NILFS (loop4): discard dirty block: blocknr=42, size=1024 [ 314.231157][ T2538] NILFS (loop4): discard dirty block: blocknr=43, size=1024 [ 314.238815][ T2538] NILFS (loop4): discard dirty block: blocknr=44, size=1024 [ 314.246446][ T2538] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 314.256364][ T2538] NILFS (loop4): discard dirty page: offset=196608, ino=3 [ 314.265507][ T2538] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 314.278836][ T2538] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 314.290961][ T2538] NILFS (loop4): discard dirty block: blocknr=49, size=1024 [ 314.302497][ T2538] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 314.315719][ T2538] NILFS (loop4): discard dirty page: offset=0, ino=4 [ 314.323078][ T2538] NILFS (loop4): discard dirty block: blocknr=40, size=1024 [ 314.331881][ T2538] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 314.342001][ T2538] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 314.351349][ T2538] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 314.410554][ T7681] QAT: failed to copy from user cfg_data. [ 314.544925][ T7657] NILFS (loop4): mounting fs with errors [ 314.569037][ T7657] NILFS error (device loop4): nilfs_bmap_lookup_at_level: broken bmap (inode number=6) [ 314.593431][ T7657] Remounting filesystem read-only [ 314.599548][ T7657] NILFS (loop4): error -5 reading inode: ino=18 [ 314.606993][ T7657] NILFS (loop4): cannot mark inode dirty (ino=18): error -5 loading inode block [ 314.748551][ T7659] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=2) [ 314.833607][ T7477] hsr_slave_0: entered promiscuous mode [ 314.869273][ T7657] NILFS error (device loop4): nilfs_bmap_lookup_at_level: broken bmap (inode number=6) [ 314.885860][ T7477] hsr_slave_1: entered promiscuous mode [ 314.932250][ T7477] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 314.943926][ T7477] Cannot create hsr debugfs directory [ 314.952411][ T7657] NILFS (loop4): error -5 reading inode: ino=18 [ 315.070708][ T7657] NILFS (loop4): cannot mark inode dirty (ino=18): error -5 loading inode block [ 315.081046][ T7687] loop2: detected capacity change from 0 to 256 [ 315.107319][ T7687] FAT-fs (loop2): Directory bread(block 64) failed [ 315.114115][ T7687] FAT-fs (loop2): Directory bread(block 65) failed [ 315.121873][ T7687] FAT-fs (loop2): Directory bread(block 66) failed [ 315.131433][ T7687] FAT-fs (loop2): Directory bread(block 67) failed [ 315.138937][ T7657] NILFS error (device loop4): nilfs_bmap_lookup_at_level: broken bmap (inode number=6) [ 315.159306][ T7687] FAT-fs (loop2): Directory bread(block 68) failed [ 315.193561][ T7657] NILFS (loop4): error -5 reading inode: ino=18 [ 315.201395][ T7687] FAT-fs (loop2): Directory bread(block 69) failed [ 315.218451][ T7687] FAT-fs (loop2): Directory bread(block 70) failed [ 315.225313][ T7687] FAT-fs (loop2): Directory bread(block 71) failed [ 315.235178][ T7657] NILFS (loop4): cannot mark inode dirty (ino=18): error -5 loading inode block [ 315.274099][ T7687] FAT-fs (loop2): Directory bread(block 72) failed [ 315.325316][ T7687] FAT-fs (loop2): Directory bread(block 73) failed [ 315.447907][ T5503] NILFS (loop4): disposed unprocessed dirty file(s) when stopping log writer [ 315.476287][ T5503] NILFS (loop4): discard dirty page: offset=0, ino=6 [ 315.502601][ T5503] NILFS (loop4): discard dirty block: blocknr=35, size=1024 [ 315.519822][ T5503] NILFS (loop4): discard dirty block: blocknr=36, size=1024 [ 315.527926][ T5503] NILFS (loop4): discard dirty block: blocknr=37, size=1024 [ 315.536618][ T5503] NILFS (loop4): discard dirty block: blocknr=38, size=1024 [ 315.548661][ T5503] NILFS (loop4): disposed unprocessed dirty file(s) when detaching log writer [ 315.564028][ T5503] NILFS (loop4): discard dirty page: offset=0, ino=18 [ 315.571346][ T5503] NILFS (loop4): discard dirty block: blocknr=0, size=1024 [ 315.580033][ T5503] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 315.594013][ T5503] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 315.610185][ T5503] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 315.635539][ T5503] NILFS (loop4): discard dirty page: offset=0, ino=3 [ 315.647318][ T5503] NILFS (loop4): discard dirty block: blocknr=42, size=1024 [ 315.656426][ T5503] NILFS (loop4): discard dirty block: blocknr=43, size=1024 [ 315.664886][ T5503] NILFS (loop4): discard dirty block: blocknr=44, size=1024 [ 315.680013][ T6576] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 315.715243][ T5503] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 315.738916][ T5503] NILFS (loop4): discard dirty page: offset=65536, ino=3 [ 315.747367][ T5503] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 315.766085][ T5503] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 315.775337][ T5503] NILFS (loop4): discard dirty block: blocknr=0, size=1024 [ 315.808741][ T5503] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 315.904662][ T7696] loop2: detected capacity change from 0 to 1024 [ 316.017825][ T7696] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 316.665914][ T8] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 317.195977][ T8] usb 5-1: Using ep0 maxpacket: 16 [ 317.213173][ T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 317.254371][ T1052] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 317.286026][ T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 317.322183][ T8] usb 5-1: New USB device found, idVendor=0419, idProduct=0001, bcdDevice= 0.00 [ 317.376023][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 317.433392][ T8] usb 5-1: config 0 descriptor?? [ 317.660302][ T5498] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 317.860530][ T1052] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 317.922101][ T8] samsung 0003:0419:0001.0009: report_id 0 is invalid [ 317.938312][ T8] samsung 0003:0419:0001.0009: item 0 0 1 8 parsing failed [ 317.966738][ T8] samsung 0003:0419:0001.0009: parse failed [ 317.982028][ T8] samsung 0003:0419:0001.0009: probe with driver samsung failed with error -22 [ 318.050237][ T1052] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 318.204329][ T8] usb 5-1: USB disconnect, device number 6 [ 318.311679][ T5233] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 318.322813][ T5233] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 318.327011][ T1052] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 318.344182][ T5233] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 318.360222][ T5233] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 318.370724][ T5233] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 318.379010][ T5233] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 318.427242][ T5245] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 318.440078][ T5245] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 318.450712][ T5245] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 318.470843][ T5245] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 318.480344][ T5245] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 318.498626][ T5245] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 318.693930][ T7722] loop5: detected capacity change from 0 to 512 [ 318.765389][ T7722] EXT4-fs error (device loop5): ext4_xattr_ibody_find:2240: inode #15: comm syz.5.659: corrupted in-inode xattr: e_name out of bounds [ 318.862054][ T7722] EXT4-fs error (device loop5): ext4_orphan_get:1396: comm syz.5.659: couldn't read orphan inode 15 (err -117) [ 318.918186][ T7722] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 318.989648][ T7722] EXT4-fs error (device loop5): ext4_add_entry:2435: inode #2: comm syz.5.659: Directory hole found for htree leaf block 0 [ 319.146438][ T29] audit: type=1326 audit(2000000049.509:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7721 comm="syz.5.659" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2f0fd779f9 code=0x0 [ 319.232825][ T7731] EXT4-fs error (device loop5): ext4_add_entry:2435: inode #2: comm syz.5.659: Directory hole found for htree leaf block 0 [ 319.438145][ T7736] loop4: detected capacity change from 0 to 128 [ 320.133055][ T1052] bridge_slave_1: left allmulticast mode [ 320.151728][ T1052] bridge_slave_1: left promiscuous mode [ 320.158586][ T1052] bridge0: port 2(bridge_slave_1) entered disabled state [ 320.187413][ T1052] bridge_slave_0: left allmulticast mode [ 320.206237][ T1052] bridge_slave_0: left promiscuous mode [ 320.212243][ T1052] bridge0: port 1(bridge_slave_0) entered disabled state [ 320.252369][ C1] TCP: request_sock_TCP: Possible SYN flooding on port [::ffff:0.0.0.0]:20002. Sending cookies. [ 320.417079][ T5233] Bluetooth: hci1: command tx timeout [ 320.592286][ T5233] Bluetooth: hci3: command tx timeout [ 321.021458][ T5233] Bluetooth: hci9: unexpected event for opcode 0x000f [ 321.052753][ T5233] Bluetooth: hci9: ACL packet for unknown connection handle 200 [ 321.067227][ T5233] Bluetooth: hci9: unexpected event 0x1d length: 4 < 5 [ 321.104829][ T1052] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 321.122319][ T1052] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 321.135057][ T1052] bond0 (unregistering): Released all slaves [ 321.162251][ T7477] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 321.305503][ T7477] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 321.358330][ T7477] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 321.409746][ T7477] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 321.541729][ T7730] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 321.802192][ T7715] chnl_net:caif_netlink_parms(): no params data found [ 321.869406][ T7752] loop2: detected capacity change from 0 to 32768 [ 321.933394][ T7752] XFS (loop2): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 322.032785][ T7752] XFS (loop2): Ending clean mount [ 322.061631][ T7752] XFS (loop2): Quotacheck needed: Please wait. [ 322.212245][ T7752] XFS (loop2): Quotacheck: Done. [ 322.299842][ T29] audit: type=1800 audit(2000000052.649:114): pid=7751 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.668" name="file1" dev="loop2" ino=5766 res=0 errno=0 [ 322.322677][ T1052] hsr_slave_0: left promiscuous mode [ 322.346554][ T1052] hsr_slave_1: left promiscuous mode [ 322.363952][ T1052] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 322.404923][ T1052] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 322.426190][ T1052] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 322.434717][ T1052] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 322.497212][ T5233] Bluetooth: hci1: command tx timeout [ 322.522051][ T1052] veth1_macvtap: left promiscuous mode [ 322.528581][ T1052] veth0_macvtap: left promiscuous mode [ 322.534480][ T1052] veth1_vlan: left promiscuous mode [ 322.540609][ T1052] veth0_vlan: left promiscuous mode [ 322.658387][ T5233] Bluetooth: hci3: command tx timeout [ 322.667489][ T5498] XFS (loop2): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 322.722410][ T5230] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 322.740159][ T5230] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 322.756873][ T5230] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 322.766499][ T5230] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 322.774478][ T5230] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 322.784608][ T5230] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 322.984623][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.993318][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 324.339852][ T7783] syz.2.676[7783] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 324.340167][ T7783] syz.2.676[7783] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 324.575971][ T5245] Bluetooth: hci1: command tx timeout [ 324.736883][ T5245] Bluetooth: hci3: command tx timeout [ 324.895920][ T5233] Bluetooth: hci0: command tx timeout [ 325.075858][ T5245] Bluetooth: hci9: Controller not accepting commands anymore: ncmd = 0 [ 325.087549][ T5245] Bluetooth: hci9: Injecting HCI hardware error event [ 325.098955][ T5233] Bluetooth: hci9: hardware error 0x00 [ 325.143212][ T1052] team0 (unregistering): Port device team_slave_1 removed [ 325.292210][ T1052] team0 (unregistering): Port device team_slave_0 removed [ 326.652819][ T7799] ================================================================== [ 326.660937][ T7799] BUG: KASAN: slab-use-after-free in uprobe_mmap+0xb9a/0x11a0 [ 326.668438][ T7799] Read of size 8 at addr ffff888029f084b0 by task syz.4.681/7799 [ 326.676453][ T7799] [ 326.678775][ T7799] CPU: 0 UID: 0 PID: 7799 Comm: syz.4.681 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0 [ 326.689632][ T7799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 326.699712][ T7799] Call Trace: SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 326.702988][ T7799] [ 326.705923][ T7799] dump_stack_lvl+0x241/0x360 [ 326.710729][ T7799] ? __pfx_dump_stack_lvl+0x10/0x10 [ 326.715951][ T7799] ? __pfx__printk+0x10/0x10 [ 326.720576][ T7799] ? srso_alias_return_thunk+0x5/0xfbef5 [ 326.726255][ T7799] ? _printk+0xd5/0x120 [ 326.730483][ T7799] ? __virt_addr_valid+0x183/0x530 [ 326.735637][ T7799] ? srso_alias_return_thunk+0x5/0xfbef5 [ 326.741322][ T7799] print_report+0x169/0x550 [ 326.745886][ T7799] ? __virt_addr_valid+0x183/0x530 [ 326.751016][ T7799] ? srso_alias_return_thunk+0x5/0xfbef5 [ 326.756676][ T7799] ? __virt_addr_valid+0x45f/0x530 [ 326.761805][ T7799] ? srso_alias_return_thunk+0x5/0xfbef5 [ 326.767462][ T7799] ? __phys_addr+0xba/0x170 [ 326.771979][ T7799] ? uprobe_mmap+0xb9a/0x11a0 [ 326.776673][ T7799] kasan_report+0x143/0x180 [ 326.781211][ T7799] ? uprobe_mmap+0xb9a/0x11a0 [ 326.786059][ T7799] uprobe_mmap+0xb9a/0x11a0 [ 326.790596][ T7799] ? __pfx_uprobe_mmap+0x10/0x10 [ 326.795565][ T7799] mmap_region+0x1891/0x2090 [ 326.800192][ T7799] ? mark_lock+0x9a/0x350 [ 326.804753][ T7799] ? __pfx_mmap_region+0x10/0x10 [ 326.809784][ T7799] ? mm_get_unmapped_area+0xa5/0xd0 [ 326.815357][ T7799] ? srso_alias_return_thunk+0x5/0xfbef5 [ 326.821214][ T7799] ? srso_alias_return_thunk+0x5/0xfbef5 [ 326.826892][ T7799] ? shmem_get_unmapped_area+0x2a7/0x8f0 [ 326.832576][ T7799] ? srso_alias_return_thunk+0x5/0xfbef5 [ 326.838240][ T7799] ? cap_mmap_addr+0x163/0x2c0 [ 326.843039][ T7799] ? srso_alias_return_thunk+0x5/0xfbef5 [ 326.848877][ T7799] ? __get_unmapped_area+0x2f0/0x360 [ 326.855010][ T7799] ? srso_alias_return_thunk+0x5/0xfbef5 [ 326.860693][ T7799] do_mmap+0x8f9/0x1010 [ 326.864907][ T7799] ? __pfx_do_mmap+0x10/0x10 [ 326.869896][ T7799] ? __pfx_down_write_killable+0x10/0x10 [ 326.875770][ T7799] ? __pfx_ima_file_mmap+0x10/0x10 [ 326.880908][ T7799] ? srso_alias_return_thunk+0x5/0xfbef5 [ 326.888123][ T7799] ? security_mmap_file+0x178/0x1a0 [ 326.894339][ T7799] vm_mmap_pgoff+0x1dd/0x3d0 [ 326.900690][ T7799] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 326.907954][ T7799] ? __fget_files+0x29/0x470 [ 326.913231][ T7799] ? srso_alias_return_thunk+0x5/0xfbef5 [ 326.920330][ T7799] ? __fget_files+0x3f6/0x470 [ 326.925112][ T7799] ksys_mmap_pgoff+0x4f1/0x720 [ 326.930674][ T7799] ? __x64_sys_mmap+0x7f/0x140 [ 326.935522][ T7799] do_syscall_64+0xf3/0x230 [ 326.940403][ T7799] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 326.946687][ T7799] RIP: 0033:0x7fe3921779f9 [ 326.951303][ T7799] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 326.971941][ T7799] RSP: 002b:00007fe392f7b048 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 326.980565][ T7799] RAX: ffffffffffffffda RBX: 00007fe392305f80 RCX: 00007fe3921779f9 [ 326.988804][ T7799] RDX: 0000000000000000 RSI: 0000000000003000 RDI: 0000000020000000 [ 326.996793][ T7799] RBP: 00007fe3921e58ee R08: 0000000000000003 R09: 0000000000000000 [ 327.004766][ T7799] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000000000 [ 327.013120][ T7799] R13: 000000000000000b R14: 00007fe392305f80 R15: 00007ffe4087e038 [ 327.021125][ T7799] [ 327.024141][ T7799] [ 327.026457][ T7799] Allocated by task 1052: [ 327.030771][ T7799] kasan_save_track+0x3f/0x80 [ 327.035508][ T7799] __kasan_kmalloc+0x98/0xb0 [ 327.040248][ T7799] __kmalloc_node_track_caller_noprof+0x225/0x440 [ 327.047113][ T7799] kmemdup_noprof+0x2a/0x60 [ 327.051749][ T7799] sctp_addr_wq_mgmt+0x2f8/0x720 [ 327.056900][ T7799] sctp_inetaddr_event+0x44b/0x600 [ 327.062676][ T7799] notifier_call_chain+0x1a1/0x3e0 [ 327.068147][ T7799] blocking_notifier_call_chain+0x69/0x90 [ 327.074003][ T7799] __inet_del_ifa+0x884/0x1040 [ 327.078891][ T7799] inetdev_event+0x663/0x15c0 [ 327.083590][ T7799] notifier_call_chain+0x1a1/0x3e0 [ 327.088718][ T7799] unregister_netdevice_many_notify+0xd81/0x1c40 [ 327.095073][ T7799] cleanup_net+0x75d/0xcc0 [ 327.100120][ T7799] process_scheduled_works+0xa2e/0x1830 [ 327.105681][ T7799] worker_thread+0x86d/0xd40 [ 327.110298][ T7799] kthread+0x2f2/0x390 [ 327.114958][ T7799] ret_from_fork+0x4d/0x80 [ 327.119621][ T7799] ret_from_fork_asm+0x1a/0x30 [ 327.124652][ T7799] [ 327.127160][ T7799] Freed by task 12: [ 327.130996][ T7799] kasan_save_track+0x3f/0x80 [ 327.135961][ T7799] kasan_save_free_info+0x40/0x50 [ 327.141938][ T7799] poison_slab_object+0xe0/0x150 [ 327.147062][ T7799] __kasan_slab_free+0x37/0x60 [ 327.152021][ T7799] kfree+0x149/0x360 [ 327.155946][ T7799] sctp_addr_wq_timeout_handler+0x2e6/0x470 [ 327.156425][ T5233] Bluetooth: hci9: Opcode 0x0c03 failed: -110 [ 327.163090][ T7799] call_timer_fn+0x190/0x650 [ 327.163159][ T7799] __run_timer_base+0x66a/0x8e0 [ 327.163192][ T7799] run_timer_softirq+0xb7/0x170 [ 327.163225][ T7799] handle_softirqs+0x2c6/0x970 [ 327.163255][ T7799] do_softirq+0x11b/0x1e0 [ 327.193801][ T7799] __local_bh_enable_ip+0x1bb/0x200 [ 327.199136][ T7799] batadv_nc_purge_paths+0x30f/0x3b0 [ 327.204456][ T7799] batadv_nc_worker+0x365/0x610 [ 327.209306][ T7799] process_scheduled_works+0xa2e/0x1830 [ 327.215374][ T7799] worker_thread+0x86d/0xd40 [ 327.220150][ T7799] kthread+0x2f2/0x390 [ 327.224468][ T7799] ret_from_fork+0x4d/0x80 [ 327.228899][ T7799] ret_from_fork_asm+0x1a/0x30 [ 327.234137][ T7799] [ 327.236505][ T7799] The buggy address belongs to the object at ffff888029f08480 [ 327.236505][ T7799] which belongs to the cache kmalloc-64 of size 64 [ 327.250602][ T7799] The buggy address is located 48 bytes inside of [ 327.250602][ T7799] freed 64-byte region [ffff888029f08480, ffff888029f084c0) [ 327.264873][ T7799] [ 327.267187][ T7799] The buggy address belongs to the physical page: [ 327.273601][ T7799] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x29f08 [ 327.282455][ T7799] anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 327.289986][ T7799] page_type: 0xfdffffff(slab) [ 327.295094][ T7799] raw: 00fff00000000000 ffff8880158418c0 0000000000000000 dead000000000001 [ 327.303987][ T7799] raw: 0000000000000000 0000000000200020 00000001fdffffff 0000000000000000 [ 327.312577][ T7799] page dumped because: kasan: bad access detected [ 327.319007][ T7799] page_owner tracks the page as allocated [ 327.326404][ T7799] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5238, tgid 5238 (syz-executor), ts 93453357154, free_ts 92710881798 [ 327.346155][ T7799] post_alloc_hook+0x1f3/0x230 [ 327.350987][ T7799] get_page_from_freelist+0x2e4c/0x2f10 [ 327.356670][ T7799] __alloc_pages_noprof+0x256/0x6c0 [ 327.363526][ T7799] alloc_slab_page+0x5f/0x120 [ 327.368332][ T7799] allocate_slab+0x5a/0x2f0 [ 327.372851][ T7799] ___slab_alloc+0xcd1/0x14b0 [ 327.377794][ T7799] __slab_alloc+0x58/0xa0 [ 327.382499][ T7799] __kmalloc_noprof+0x25a/0x400 [ 327.387379][ T7799] kobject_get_path+0xb8/0x230 [ 327.392299][ T7799] kobject_uevent_env+0x2a5/0x8e0 [ 327.397971][ T7799] __kobject_del+0xd3/0x310 [ 327.402863][ T7799] kobject_put+0x245/0x480 [ 327.407846][ T7799] net_rx_queue_update_kobjects+0x52b/0x5b0 [ 327.414674][ T7799] netif_set_real_num_rx_queues+0x100/0x1f0 [ 327.420767][ T7799] veth_init_queues+0x10a/0x180 [ 327.425661][ T7799] veth_newlink+0xa28/0xcd0 [ 327.430830][ T7799] page last free pid 5232 tgid 5232 stack trace: [ 327.437879][ T7799] free_unref_page+0xd22/0xea0 [ 327.442687][ T7799] __slab_free+0x31b/0x3d0 [ 327.448016][ T7799] qlist_free_all+0x9e/0x140 [ 327.452899][ T7799] kasan_quarantine_reduce+0x14f/0x170 [ 327.458382][ T7799] __kasan_slab_alloc+0x23/0x80 [ 327.463612][ T7799] kmem_cache_alloc_noprof+0x135/0x2a0 [ 327.469816][ T7799] __kernfs_new_node+0xd8/0x870 [ 327.474711][ T7799] kernfs_new_node+0x137/0x240 [ 327.479912][ T7799] kernfs_create_dir_ns+0x43/0x120 [ 327.485044][ T7799] sysfs_create_dir_ns+0x189/0x3a0 [ 327.490387][ T7799] kobject_add_internal+0x435/0x8d0 [ 327.495648][ T7799] kobject_init_and_add+0x124/0x190 [ 327.501611][ T7799] br_add_if+0x387/0xef0 [ 327.506030][ T7799] do_setlink+0xe72/0x41f0 [ 327.511431][ T7799] rtnl_newlink+0x180d/0x20a0 [ 327.516467][ T7799] rtnetlink_rcv_msg+0x741/0xcf0 [ 327.521510][ T7799] [ 327.523837][ T7799] Memory state around the buggy address: [ 327.529819][ T7799] ffff888029f08380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 327.538186][ T7799] ffff888029f08400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 327.546277][ T7799] >ffff888029f08480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 327.554780][ T7799] ^ [ 327.562193][ T7799] ffff888029f08500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 327.570313][ T7799] ffff888029f08580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 327.578396][ T7799] ================================================================== [ 327.587105][ T5233] Bluetooth: hci1: command tx timeout [ 327.592655][ T5245] Bluetooth: hci3: command tx timeout [ 327.593647][ T5230] Bluetooth: hci0: command tx timeout [ 327.601937][ T7799] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 327.601965][ T7799] CPU: 1 UID: 0 PID: 7799 Comm: syz.4.681 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0 [ 327.601997][ T7799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 327.602015][ T7799] Call Trace: [ 327.602026][ T7799] [ 327.602039][ T7799] dump_stack_lvl+0x241/0x360 [ 327.602091][ T7799] ? __pfx_dump_stack_lvl+0x10/0x10 [ 327.602130][ T7799] ? __pfx__printk+0x10/0x10 [ 327.602167][ T7799] ? preempt_schedule+0xe1/0xf0 [ 327.602206][ T7799] ? srso_alias_return_thunk+0x5/0xfbef5 [ 327.602238][ T7799] ? vscnprintf+0x5d/0x90 [ 327.602267][ T7799] panic+0x349/0x860 [ 327.602303][ T7799] ? check_panic_on_warn+0x21/0xb0 [ 327.602334][ T7799] ? __pfx_panic+0x10/0x10 [ 327.602367][ T7799] ? srso_alias_return_thunk+0x5/0xfbef5 [ 327.602403][ T7799] ? srso_alias_return_thunk+0x5/0xfbef5 [ 327.602433][ T7799] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 327.602469][ T7799] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 327.602503][ T7799] ? print_report+0x502/0x550 [ 327.602550][ T7799] check_panic_on_warn+0x86/0xb0 [ 327.602577][ T7799] ? uprobe_mmap+0xb9a/0x11a0 [ 327.602607][ T7799] end_report+0x77/0x160 [ 327.602647][ T7799] kasan_report+0x154/0x180 [ 327.602689][ T7799] ? uprobe_mmap+0xb9a/0x11a0 [ 327.602724][ T7799] uprobe_mmap+0xb9a/0x11a0 [ 327.602764][ T7799] ? __pfx_uprobe_mmap+0x10/0x10 [ 327.602800][ T7799] mmap_region+0x1891/0x2090 [ 327.602840][ T7799] ? mark_lock+0x9a/0x350 [ 327.602897][ T7799] ? __pfx_mmap_region+0x10/0x10 [ 327.602940][ T7799] ? mm_get_unmapped_area+0xa5/0xd0 [ 327.602980][ T7799] ? srso_alias_return_thunk+0x5/0xfbef5 [ 327.603013][ T7799] ? srso_alias_return_thunk+0x5/0xfbef5 [ 327.603043][ T7799] ? shmem_get_unmapped_area+0x2a7/0x8f0 [ 327.603085][ T7799] ? srso_alias_return_thunk+0x5/0xfbef5 [ 327.603115][ T7799] ? cap_mmap_addr+0x163/0x2c0 [ 327.603150][ T7799] ? srso_alias_return_thunk+0x5/0xfbef5 [ 327.603180][ T7799] ? __get_unmapped_area+0x2f0/0x360 [ 327.603221][ T7799] ? srso_alias_return_thunk+0x5/0xfbef5 [ 327.603255][ T7799] do_mmap+0x8f9/0x1010 [ 327.603303][ T7799] ? __pfx_do_mmap+0x10/0x10 [ 327.603341][ T7799] ? __pfx_down_write_killable+0x10/0x10 [ 327.603384][ T7799] ? __pfx_ima_file_mmap+0x10/0x10 [ 327.603414][ T7799] ? srso_alias_return_thunk+0x5/0xfbef5 [ 327.603445][ T7799] ? security_mmap_file+0x178/0x1a0 [ 327.603476][ T7799] vm_mmap_pgoff+0x1dd/0x3d0 [ 327.603522][ T7799] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 327.603562][ T7799] ? __fget_files+0x29/0x470 [ 327.603603][ T7799] ? srso_alias_return_thunk+0x5/0xfbef5 [ 327.603633][ T7799] ? __fget_files+0x3f6/0x470 [ 327.603678][ T7799] ksys_mmap_pgoff+0x4f1/0x720 [ 327.603718][ T7799] ? __x64_sys_mmap+0x7f/0x140 [ 327.603764][ T7799] do_syscall_64+0xf3/0x230 [ 327.603807][ T7799] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 327.603852][ T7799] RIP: 0033:0x7fe3921779f9 [ 327.603875][ T7799] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 327.603898][ T7799] RSP: 002b:00007fe392f7b048 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 327.926115][ T7799] RAX: ffffffffffffffda RBX: 00007fe392305f80 RCX: 00007fe3921779f9 [ 327.934118][ T7799] RDX: 0000000000000000 RSI: 0000000000003000 RDI: 0000000020000000 [ 327.942131][ T7799] RBP: 00007fe3921e58ee R08: 0000000000000003 R09: 0000000000000000 [ 327.950444][ T7799] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000000000 [ 327.959576][ T7799] R13: 000000000000000b R14: 00007fe392305f80 R15: 00007ffe4087e038 [ 327.967653][ T7799] [ 327.970897][ T7799] Kernel Offset: disabled [ 327.975209][ T7799] Rebooting in 86400 seconds..