last executing test programs: 51m17.928949258s ago: executing program 32 (id=69): socket(0x2b, 0x80801, 0x1) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @raw_data="dea233684c996156af0d4bd8e3300217e750b8c97b7123d48003e7e1d3be5f710c41a1db6719881876e9bcc6e2f73c67cc6b675eb43188b5b7f9f898868de9a9c5d536d418ba283121a73a5aba55a87d2a2525295f4492bbde02ad8bc8e88779f2de06f38e99172df4d45b6f13c813dee4230c204a93172922b778fef7a1f89ce876bb89d44cd705bbb28db4869dfac20d928950507acd92c02d17f51b0a627539f6e0a0bdb92004bc6252cd35e8cd100962db9a83ad63a4e7e1ca17c1b6aac63fefa9bebe429d00"}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) rseq(&(0x7f0000000240)={0x0, 0x0, 0x0, 0x6}, 0x20, 0x0, 0x0) fsmount(0xffffffffffffffff, 0x1, 0x84) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) ioperm(0x0, 0x6, 0x2da3b9f3) r1 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, 0x0, 0x0) r2 = openat$binder_debug(0xffffff9c, 0x0, 0x0, 0x0) fchown(r2, 0x0, 0xffffffffffffffff) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0xe2981) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'}) write$sndseq(r3, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32={[0x2600, 0x0, 0x2000]}}], 0xffc8) 48m42.162233264s ago: executing program 33 (id=268): recvfrom$inet_nvme(0xffffffffffffffff, 0x0, 0x0, 0x12003, 0x0, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000003c0)={{{@in=@broadcast, @in=@multicast2, 0x4e20, 0x0, 0x800, 0x0, 0x2, 0x0, 0x0, 0x5}, {0xa}, {0x0, 0x0, 0x0, 0x6}, 0x8, 0x0, 0x1, 0x0, 0x3, 0x1}, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x0, 0x6c}, 0x0, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000}}, 0xe8) 44m59.207662447s ago: executing program 34 (id=623): r0 = inotify_init() bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, r0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0) getpgid(0x0) 41m39.203658471s ago: executing program 35 (id=956): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f0000001400)={{0x80}, 'port1\x00', 0xe3, 0x1b1c07}) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) rmdir(&(0x7f00000000c0)='./file1\x00') ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x4058534c, &(0x7f0000000000)={0x80, 0x8, 0x2, 0xe05, 0xe7, 0x4}) r5 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x60300, 0x0) ioctl$SNDCTL_SEQ_SYNC(r5, 0x5100) 40m53.746331699s ago: executing program 36 (id=1023): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0) r4 = dup(r3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r4, 0x0) write$P9_RGETLOCK(r4, &(0x7f0000000000)={0x20, 0x37, 0x1, {0x0, 0x8, 0x1c, 0x0, 0x2, ']\x00'}}, 0x20) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) bpf$PROG_BIND_MAP(0xa, 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, 0x0, 0x0) 39m55.536762059s ago: executing program 37 (id=1087): recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40000000, 0x0) socketpair$unix(0x1, 0x7, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) semtimedop(0x0, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[], 0x48) syz_open_procfs(0x0, &(0x7f00000042c0)='mounts\x00') prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c) sendmsg(r3, &(0x7f00000000c0)={0x0, 0x9584, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0x5dc}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) 39m55.153411966s ago: executing program 38 (id=1099): socket$packet(0x11, 0x2, 0x300) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0xc3afe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000000)={0xffffffffffffffff}, 0x2, 0x8}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000280)={0x3, 0x40, 0xfa00, {{0xa, 0x4e22, 0x7ff, @empty, 0x1}, {0xa, 0x4e20, 0x1ff, @dev={0xfe, 0x80, '\x00', 0x2f}, 0x9}, r3, 0xb}}, 0x48) write$RDMA_USER_CM_CMD_DESTROY_ID(r2, &(0x7f0000000380)={0x1, 0x10, 0xfa00, {0x0, r3}}, 0x18) shmat(0x0, &(0x7f0000ffc000/0x2000)=nil, 0x4000) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x121602, 0x0) 38m32.21324501s ago: executing program 39 (id=1184): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) 37m45.340080311s ago: executing program 40 (id=1263): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x1, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {}, {0x7d}}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x33}, 0x0, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x1}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r2 = creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) r3 = fanotify_init(0xf00, 0x0) fanotify_mark(r3, 0x105, 0x40009975, r2, 0x0) mknod(&(0x7f0000000100)='./file0\x00', 0x8001420, 0x1) r4 = syz_open_dev$video4linux(&(0x7f0000000080), 0x6d6b, 0x480) ioctl$VIDIOC_QUERYMENU(r4, 0xc008561c, &(0x7f0000000000)={0x980900, 0x81, @value=0x327}) 34m1.273965257s ago: executing program 41 (id=1598): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, 0x0, 0x0) connect$inet(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x83}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) mknodat$loop(0xffffffffffffff9c, 0x0, 0x6000, 0x1) fsopen(&(0x7f00000000c0)='iso9660\x00', 0x0) name_to_handle_at(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000000)={0x2, 0x4e20, @private=0xa010102}, 0x10, 0x0}, 0x4000010) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$TIOCSETD(r3, 0x5412, &(0x7f0000000340)) 32m50.286414821s ago: executing program 42 (id=1709): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r1, 0x29, 0x3c, &(0x7f0000311ffc)=0x1, 0x4) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000180)={0xa, 0x5e62, 0x100000, @mcast2}, 0x1c) r2 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_FLUSH(r2, 0x29, 0xd4, 0x0, 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) recvmsg$unix(0xffffffffffffffff, 0x0, 0xc0002103) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x9200000000000000) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0xc4}}, 0x4004) getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, 0x0, &(0x7f0000000ac0)) r4 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x103301) ioctl$USBDEVFS_CONTROL(r4, 0xc0105500, &(0x7f0000000080)={0x0, 0x1, 0x2fe, 0x0, 0x0, 0x1, 0x0}) 27m20.01330228s ago: executing program 43 (id=2206): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) r2 = fsopen(&(0x7f0000000100)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) r3 = fsmount(r2, 0x0, 0x0) fchdir(r3) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x12, 0xffffffffffffffff, 0x97d1f000) getdents64(r4, &(0x7f0000000080)=""/234, 0xea) 25m21.615938151s ago: executing program 44 (id=2373): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x4000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) set_mempolicy(0x2, &(0x7f0000000180)=0x9, 0x7) ioctl$HCIINQUIRY(r4, 0x400448ca, 0x0) ioctl$KDSETLED(0xffffffffffffffff, 0x4b32, 0x1) modify_ldt$write2(0x11, &(0x7f0000000400)={0x2, 0x20001000, 0xffffffffffffffff, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1}, 0x10) syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd30", 0x10) r5 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r5, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000440)=""/155, 0xd9}], 0x1, 0x0, 0xfffffffffffffe96}, 0x7}], 0x194, 0x121, 0x0) 24m59.604753996s ago: executing program 45 (id=2400): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) r3 = fsopen(&(0x7f0000000100)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) r4 = fsmount(r3, 0x0, 0x0) fchdir(r4) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x12, 0xffffffffffffffff, 0x97d1f000) getdents64(r5, &(0x7f0000000080)=""/234, 0xea) 22m57.75716226s ago: executing program 46 (id=2514): socket$nl_netfilter(0x10, 0x3, 0xc) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = socket$kcm(0x29, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(r3, 0x89e1, &(0x7f0000000100)) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x0) set_mempolicy_home_node(&(0x7f0000349000/0xa000)=nil, 0xa000, 0x0, 0x0) syz_open_dev$cec(&(0x7f0000000000), 0xffffffffffffffff, 0x0) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000440)={0xffffffffffffffff, 0x20, &(0x7f0000000400)={&(0x7f0000000340)=""/75, 0x4b, 0x0, &(0x7f00000003c0)=""/25, 0x19}}, 0x10) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f00000000c0)={0x34, @rand_addr=0x64010102, 0x4e24, 0x3, 'lblc\x00', 0x10, 0x8, 0x78}, 0x2c) 20m20.136527537s ago: executing program 47 (id=2698): getpid() r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$inet6(0xa, 0x1, 0x8010000000000084) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) mmap(&(0x7f0000fed000/0x12000)=nil, 0x12000, 0x2, 0x11, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, 0x0, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0x24, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000640), 0x2, 0xfff, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x102, 0xa0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, 0x0, 0x0, 0x0) syz_io_uring_setup(0xbdc, 0x0, &(0x7f00000006c0), 0x0) 18m35.424929051s ago: executing program 48 (id=2802): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200), &(0x7f0000001540), 0xfffffffe, 0xffffffffffffffff, 0x0, 0x1500}, 0x38) 16m46.897501728s ago: executing program 49 (id=2930): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb}, 0x94) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) connect$bt_l2cap(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) socket$inet(0x2, 0x4000000000000001, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000080050005000200000011000300686173683a69702c706f7274"], 0x4c}}, 0x2) sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)=ANY=[@ANYBLOB="540000000a0601020000000000000000020000000900020073797a310000000005000100070000002c0007800c00018008000140ffffffff0500070006000000060004404e2100000c00028008000140"], 0x54}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) 15m5.258880239s ago: executing program 7 (id=3093): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) r4 = syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0x86f7, 0x10100}, &(0x7f0000002000)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r5, r6, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22}) io_uring_enter(r4, 0x48e9, 0x0, 0x2, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000440)="97713b46fbaa2b1044f2d408ffca802db4d770eb9874f493e0ef367e4bde497c403b450c72ff2417d079bb892435a1e107fa5c0ecd207d9e6f2a209bf148e6bc56955cb53347d1499097488fcad724a1"}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000800), 0x0, 0x0, 0x0}) 15m2.142572713s ago: executing program 7 (id=3095): mkdir(&(0x7f0000000140)='./file1\x00', 0x1a0) mount(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='tmpfs\x00', 0x8, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000280)='./file1\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) mprotect(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0) r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0) ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000000)={0xc, 0x0, 0x0}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) mount$overlay(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f0000000100), 0x8000, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000000), 0x208e24b) r5 = socket$netlink(0x10, 0x3, 0x0) writev(r5, &(0x7f00000000c0)=[{&(0x7f0000000080)}], 0x1) ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, 0x0) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r1, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r2}) fallocate(r0, 0x1, 0xa, 0x20000) openat$incfs(0xffffffffffffff9c, &(0x7f0000000080)='.log\x00', 0x1813c1, 0x0) 14m58.414362042s ago: executing program 7 (id=3099): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) lsetxattr$security_evm(&(0x7f0000000040)='./file0\x00', &(0x7f00000003c0), &(0x7f0000000400)=ANY=[@ANYBLOB='\x00\a\x00\x00'], 0x9, 0x1) mount$bind(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000480)='./file0/../file0\x00', 0x0, 0x800002, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) getuid() chdir(&(0x7f0000000440)='./bus\x00') getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000280)={@remote, @dev}, &(0x7f0000000300)=0xc) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) lseek(r3, 0x8, 0x1) getdents64(r3, 0x0, 0x0) 14m51.895516564s ago: executing program 7 (id=3110): pipe2$watch_queue(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) close_range(r0, r0, 0x2) syz_io_uring_setup(0x4ee6, &(0x7f0000000180)={0x0, 0xd294, 0x20, 0x3, 0x314, 0x0, r1}, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x11, 0x2, 0xdaac) sched_setscheduler(0x0, 0x0, &(0x7f0000000240)=0xe) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x5) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) socket$inet6_sctp(0xa, 0x1, 0x84) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000, 0x0, &(0x7f00008b5000/0x1000)=nil) r4 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x2, 0x1, @dev={0xfe, 0x80, '\x00', 0xd}, 0x7}, 0x1c) socket(0x15, 0xa, 0x128) r5 = syz_open_dev$vbi(&(0x7f00000001c0), 0x1, 0x2) fcntl$dupfd(r5, 0x0, r5) 14m51.012848506s ago: executing program 7 (id=3111): chdir(0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f00000001c0)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000000)={0x0, 0x1}, 0x8) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) shmget(0x1, 0x1000, 0x200, &(0x7f0000fff000/0x1000)=nil) r4 = fsopen(&(0x7f00000001c0)='devpts\x00', 0x0) fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f00000000c0)='system.posix_acl_access\x00', 0x0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) fsmount(r4, 0x0, 0xf) fsconfig$FSCONFIG_SET_FLAG(r4, 0x0, &(0x7f0000000040)='ro\x00', 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r4, 0x7, 0x0, 0x0, 0x0) 14m46.04385423s ago: executing program 7 (id=3116): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4008, 0x2) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) syz_open_dev$dri(&(0x7f0000000080), 0x1ff, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000700)={0x0, &(0x7f0000000640)=[0x0], 0x0, 0x0, 0x0, 0x1}) prctl$PR_SET_SECUREBITS(0x1c, 0x1d) setuid(0xee01) r3 = semget$private(0x0, 0x4, 0x21b) semctl$SETALL(r3, 0x0, 0x11, &(0x7f0000000000)) socket$nl_netfilter(0x10, 0x3, 0xc) 14m28.87274203s ago: executing program 50 (id=3116): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4008, 0x2) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) syz_open_dev$dri(&(0x7f0000000080), 0x1ff, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000700)={0x0, &(0x7f0000000640)=[0x0], 0x0, 0x0, 0x0, 0x1}) prctl$PR_SET_SECUREBITS(0x1c, 0x1d) setuid(0xee01) r3 = semget$private(0x0, 0x4, 0x21b) semctl$SETALL(r3, 0x0, 0x11, &(0x7f0000000000)) socket$nl_netfilter(0x10, 0x3, 0xc) 8m44.240293141s ago: executing program 5 (id=3609): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYRES32=0x0, @ANYBLOB], 0x50) close(0x3) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = syz_init_net_socket$ax25(0x3, 0x2, 0xcb) ioctl$SIOCAX25NOUID(r0, 0x89e3, &(0x7f0000000040)=0x1) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, 0x0, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={0x0, r1}, 0x18) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r3 = open(&(0x7f0000000580)='./bus\x00', 0x84242, 0x1df2a23c5997fa5f) write$FUSE_CREATE_OPEN(r3, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x4, 0x3, 0x5, 0x6, 0x3, 0x1, {0x400000000001, 0x180, 0x20ff, 0x6, 0x89, 0xd615, 0x9, 0x3, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x5, 0x1}}, {0x0, 0x13}}}, 0xa0) sendfile(r3, r3, &(0x7f0000000080), 0x7f03) 8m40.730978685s ago: executing program 5 (id=3599): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000001b00)=""/102392, 0x18ff8) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) r2 = getpid() r3 = syz_pidfd_open(r2, 0x0) process_madvise(r3, &(0x7f0000000080)=[{&(0x7f0000000100)="7f", 0x1}], 0x1, 0x11, 0x0) bind$netlink(r1, 0x0, 0x0) r4 = socket$inet6(0xa, 0x3, 0x26) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) process_vm_writev(r5, &(0x7f0000001c80)=[{0x0}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x74}], 0x1, 0x0) connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000340)={{{@in=@dev={0xac, 0x14, 0x14, 0x15}, @in6=@private1, 0x4e20, 0x0, 0x4e22, 0x0, 0xa}, {0x9, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x24}, {0x0, 0x4}, 0x0, 0x0, 0x1, 0x0, 0x5, 0x3}, {{@in=@empty, 0x800, 0x33}, 0xa, @in=@private=0xa010102, 0x0, 0x0, 0x0, 0x4, 0xfffffffc, 0x4, 0x401}}, 0xe8) sendmmsg(r4, &(0x7f0000000480), 0x2e9, 0x0) mkdir(&(0x7f00000003c0)='./file1\x00', 0x62) 8m38.956453532s ago: executing program 2 (id=3601): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x0, 0x0, &(0x7f0000000000)='GPL\x00'}, 0x94) request_key(&(0x7f0000001000)='dns_resolver\x00', &(0x7f0000001040)={'syz', 0x2}, &(0x7f0000001080)='\x00', 0x0) request_key(0x0, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$x25(0x9, 0x5, 0x0) r4 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r4, &(0x7f0000000300)={{0x6, @rose}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}, 0x48) r5 = io_uring_setup(0xfc6, &(0x7f0000000180)) r6 = socket$inet_smc(0x2b, 0x1, 0x0) listen(r6, 0x0) accept4(r6, 0x0, 0x0, 0x0) close_range(r5, 0xffffffffffffffff, 0x0) 8m35.665749039s ago: executing program 2 (id=3605): r0 = syz_mount_image$hfs(&(0x7f0000000040), &(0x7f0000000a80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x14013, &(0x7f0000000480)={[{@gid}, {@uid}, {@iocharset={'iocharset', 0x3d, 'macgaelic'}}]}, 0x4, 0x339, &(0x7f0000000140)="$eJzs3U9P1EwcB/DvtLtL94EHK2BIPBmUxBMBPGi8QAzxNXgwRIQlIayYKCZKTETPxngzMfHIzbPRt6AX4xvQEwfjSS/EgzUzne5Ol5m2C7iF7PeTuHbb+fObttPO7GYpiKhvXVv4unNpV/4TVQA+gKuAByAAKgDOYDx4sLGZW5DfWhKIc4p9aZY3GrasAXQOLZTvKhgy19G/EUVR9C031c+exELlEWYPNnjAgO6danvQ88gObc62cjtuV38xjrDYwx4eYrjMcIiIqHz6/u/pu8SQHr97HjCpx+En9f6fSI1v9sqL41ho3f+9+H0k5P45pTbJ+d7aZrOxEk/h5NH3klmirSzrORG1d3cN8ZnlDxpDLqMWOxWLV19dazamtlUBzzCnGcnG1OsKkoYormhrwAyACcvcNENW27MNqjZUZRtmHfGPZtVonQB/+I5X9uoWPxWISXwUn8WiCPEaK63xXyUScueoIxV2dJU4/ml3iaqVYZwq1cp2+KdVJWd1DXj/tt3Kumu/BvBlLDayFNE5fg+TOF/W3LkwgvTHCnHrZtytU7lGgYpQswYz12wr0W9rrrHOuuqr1WZjavlu03XSHy3rjE68EDfEBH7gHRaM8b8nU0/C3TNTvVyolPrMyGxPRaV0HMcU1YHvdNUzSbmeuvgV8xy3cQXD9x9trS81m4175S8kXeWA2c8dcTzxiahPR7lG/m+kQSAXqgCc5VTdm6wLf6Iosm6qoBeHoKqaevlNu8lb60tCX/MOV4W8cnZsmncnBjAPQK9JrggHqf1JK9dAu8BC2X/Jo63W2E/IJKoedJCkqtQmHwOFekp935qdnFyP/z/YVYhOoPbRx/jNsoOhMsixg4jnf8Z8ZVpddeRLmDH/ifIKN0qcccyARtTrf8VmcK1inePEwWQhZ851/iJwoaNGD0mNTzuLDXWcOI7fSnb/VYZYwBfc4uf/REREREREREREREREREREREREREQnTbe/Rtj/c4L8hXSNu334hzeIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiA7HeP4v4KsnxtRsz//NelKT4sdPiAmO4vm/foHn/4rtLlpJRDZ/AwAA//9eD1xQ") syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000100)='.\x00', 0x1a6e43c, &(0x7f0000000f80)=ANY=[@ANYRESOCT, @ANYRES16, @ANYRES8=r0, @ANYBLOB="f1bcca05ed588d63a576cc3afd51baf29cde0400000092f4e66ff7ef22aa9af727ceae8a8ec95fc1b73083de2de825a0cb2b0be774fdb33650d7dace27c16bc23b2f7c7fb72585548939698f280d138aa9255a8a924008f8477e82ba11cdb11efd5ca2f1ab049ce2cc7815d2daf8daea25533a558d561654faf5e0924f1376174f374d664fad4a6ab24ec000ccace822e7f9426e8e5de1fe58085a0ae86fd02a118b9365961834d46208b9fb4c91a1fa962a8b00a9717fcbb46c2400dc2e319379ea1e5a07aeb3f9cd4e648df445a1b4213e732300000000000010000758027a472e7d263ef567a84166f26ee56e701c63a8863787889bf1c90fccf31954a940c8b584ca89a512f28edec08eb1c0823c028840eeaf3f5d8769023c01ac63f7f959571e8e899b43c293bc21a2b833e5c9c703c4cfa063dd050045706bde3d7ac373ab04b62b4111b59eabd436dd97e788a36ef25bad99beec474e667589d37100ec36292c15c6", @ANYRESHEX, @ANYRESHEX=r0, @ANYRES64=r0, @ANYRESOCT=r0, @ANYRES64, @ANYRES8], 0x5, 0x0, &(0x7f0000000000)) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() sched_setaffinity(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xc7faf000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000fdffffff850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = syz_open_procfs(0x0, &(0x7f0000000440)='net/if_inet6\x00') pread64(r4, &(0x7f0000000180)=""/43, 0xfd8a, 0x3c) unlinkat(0xffffffffffffff9c, &(0x7f0000000c40)='./file1\x00', 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) getdents64(r5, &(0x7f00000002c0)=""/174, 0xae) 8m35.30910673s ago: executing program 5 (id=3610): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, 0x0, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x6, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r2 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r2, 0xc0184800, &(0x7f0000000100)={0x4, r1}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x38, '\x00', 0x0, 0x2}, 0x94) r3 = socket(0x25, 0x5, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) getsockopt$llc_int(r3, 0x10c, 0x3, 0x0, &(0x7f00000000c0)) writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$inet6_tcp(0xa, 0x1, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x8}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff, 0x2}, 0x0, 0x0) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$setstatus(r5, 0x4, 0x2400) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0) fcntl$getflags(r6, 0xb) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000040)={0x1, 0x0, 0x10000}) ioctl$DRM_IOCTL_SG_FREE(r6, 0x40106439, &(0x7f00000000c0)={0x6, r7}) brk(0x2) ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000080)=0x4) 8m29.918320758s ago: executing program 5 (id=3616): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x1000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fcntl$dupfd(r2, 0x406, 0xffffffffffffffff) mlock(&(0x7f0000002000/0x2000)=nil, 0x2000) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) fcntl$setpipe(r3, 0x407, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r5, 0x0, r4, 0x0, 0xffff, 0x0) r7 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r7, 0x0, 0x0) sendmsg$can_bcm(r7, 0x0, 0x0) sendmmsg$unix(r6, &(0x7f0000004580)=[{{0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000000080)="18", 0xfe37}], 0x1}}], 0x1, 0x0) syz_open_dev$video(&(0x7f0000000000), 0xffffffffffffffff, 0xc200) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x4d, 0x0, 0x4) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) 8m27.552910012s ago: executing program 5 (id=3620): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a6000000000000005000000", @ANYRES32=r0], 0x4c}}, 0x0) mkdir(0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mount$overlay(0xf6ffffff, 0x0, 0x0, 0xd4, 0x0) io_submit(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) ioprio_set$uid(0x3, 0x0, 0x6007) openat$nullb(0xffffffffffffff9c, 0x0, 0xc102, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200), 0x4) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, &(0x7f0000000000)=0x9, 0x8, 0x1) openat$iommufd(0xffffffffffffff9c, 0x0, 0x30080, 0x0) 8m21.124874755s ago: executing program 5 (id=3641): chdir(0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000000)={0x0, 0x1}, 0x8) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) shmget(0x1, 0x1000, 0x200, &(0x7f0000fff000/0x1000)=nil) r4 = fsopen(&(0x7f00000001c0)='devpts\x00', 0x0) setrlimit(0x7, &(0x7f0000000400)) fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f00000000c0)='system.posix_acl_access\x00', 0x0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) fsmount(r4, 0x0, 0xf) fsconfig$FSCONFIG_SET_FLAG(r4, 0x0, &(0x7f0000000040)='ro\x00', 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r4, 0x7, 0x0, 0x0, 0x0) 8m18.272615257s ago: executing program 51 (id=3605): r0 = syz_mount_image$hfs(&(0x7f0000000040), &(0x7f0000000a80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x14013, &(0x7f0000000480)={[{@gid}, {@uid}, {@iocharset={'iocharset', 0x3d, 'macgaelic'}}]}, 0x4, 0x339, &(0x7f0000000140)="$eJzs3U9P1EwcB/DvtLtL94EHK2BIPBmUxBMBPGi8QAzxNXgwRIQlIayYKCZKTETPxngzMfHIzbPRt6AX4xvQEwfjSS/EgzUzne5Ol5m2C7iF7PeTuHbb+fObttPO7GYpiKhvXVv4unNpV/4TVQA+gKuAByAAKgDOYDx4sLGZW5DfWhKIc4p9aZY3GrasAXQOLZTvKhgy19G/EUVR9C031c+exELlEWYPNnjAgO6danvQ88gObc62cjtuV38xjrDYwx4eYrjMcIiIqHz6/u/pu8SQHr97HjCpx+En9f6fSI1v9sqL41ho3f+9+H0k5P45pTbJ+d7aZrOxEk/h5NH3klmirSzrORG1d3cN8ZnlDxpDLqMWOxWLV19dazamtlUBzzCnGcnG1OsKkoYormhrwAyACcvcNENW27MNqjZUZRtmHfGPZtVonQB/+I5X9uoWPxWISXwUn8WiCPEaK63xXyUScueoIxV2dJU4/ml3iaqVYZwq1cp2+KdVJWd1DXj/tt3Kumu/BvBlLDayFNE5fg+TOF/W3LkwgvTHCnHrZtytU7lGgYpQswYz12wr0W9rrrHOuuqr1WZjavlu03XSHy3rjE68EDfEBH7gHRaM8b8nU0/C3TNTvVyolPrMyGxPRaV0HMcU1YHvdNUzSbmeuvgV8xy3cQXD9x9trS81m4175S8kXeWA2c8dcTzxiahPR7lG/m+kQSAXqgCc5VTdm6wLf6Iosm6qoBeHoKqaevlNu8lb60tCX/MOV4W8cnZsmncnBjAPQK9JrggHqf1JK9dAu8BC2X/Jo63W2E/IJKoedJCkqtQmHwOFekp935qdnFyP/z/YVYhOoPbRx/jNsoOhMsixg4jnf8Z8ZVpddeRLmDH/ifIKN0qcccyARtTrf8VmcK1inePEwWQhZ851/iJwoaNGD0mNTzuLDXWcOI7fSnb/VYZYwBfc4uf/REREREREREREREREREREREREREQnTbe/Rtj/c4L8hXSNu334hzeIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiA7HeP4v4KsnxtRsz//NelKT4sdPiAmO4vm/foHn/4rtLlpJRDZ/AwAA//9eD1xQ") syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000100)='.\x00', 0x1a6e43c, &(0x7f0000000f80)=ANY=[@ANYRESOCT, @ANYRES16, @ANYRES8=r0, @ANYBLOB="f1bcca05ed588d63a576cc3afd51baf29cde0400000092f4e66ff7ef22aa9af727ceae8a8ec95fc1b73083de2de825a0cb2b0be774fdb33650d7dace27c16bc23b2f7c7fb72585548939698f280d138aa9255a8a924008f8477e82ba11cdb11efd5ca2f1ab049ce2cc7815d2daf8daea25533a558d561654faf5e0924f1376174f374d664fad4a6ab24ec000ccace822e7f9426e8e5de1fe58085a0ae86fd02a118b9365961834d46208b9fb4c91a1fa962a8b00a9717fcbb46c2400dc2e319379ea1e5a07aeb3f9cd4e648df445a1b4213e732300000000000010000758027a472e7d263ef567a84166f26ee56e701c63a8863787889bf1c90fccf31954a940c8b584ca89a512f28edec08eb1c0823c028840eeaf3f5d8769023c01ac63f7f959571e8e899b43c293bc21a2b833e5c9c703c4cfa063dd050045706bde3d7ac373ab04b62b4111b59eabd436dd97e788a36ef25bad99beec474e667589d37100ec36292c15c6", @ANYRESHEX, @ANYRESHEX=r0, @ANYRES64=r0, @ANYRESOCT=r0, @ANYRES64, @ANYRES8], 0x5, 0x0, &(0x7f0000000000)) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() sched_setaffinity(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xc7faf000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000fdffffff850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = syz_open_procfs(0x0, &(0x7f0000000440)='net/if_inet6\x00') pread64(r4, &(0x7f0000000180)=""/43, 0xfd8a, 0x3c) unlinkat(0xffffffffffffff9c, &(0x7f0000000c40)='./file1\x00', 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) getdents64(r5, &(0x7f00000002c0)=""/174, 0xae) 8m4.786462332s ago: executing program 52 (id=3641): chdir(0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000000)={0x0, 0x1}, 0x8) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) shmget(0x1, 0x1000, 0x200, &(0x7f0000fff000/0x1000)=nil) r4 = fsopen(&(0x7f00000001c0)='devpts\x00', 0x0) setrlimit(0x7, &(0x7f0000000400)) fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f00000000c0)='system.posix_acl_access\x00', 0x0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) fsmount(r4, 0x0, 0xf) fsconfig$FSCONFIG_SET_FLAG(r4, 0x0, &(0x7f0000000040)='ro\x00', 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r4, 0x7, 0x0, 0x0, 0x0) 7m23.153645596s ago: executing program 3 (id=3694): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, 0x0) r0 = syz_open_dev$sndpcmp(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000) mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x6, 0x0, 0x6, 0x0) r2 = getpid() fcntl$lock(r0, 0x5, &(0x7f0000000080)={0x1, 0x0, 0x7fffffffffffffff, 0x0, r2}) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000940)=@generic={0x0}, 0x18) r3 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x181001, 0x0) ioctl$COMEDI_INSNLIST(r3, 0x8010640b, &(0x7f0000000000)={0x0, 0x0}) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r6 = dup(r5) write$FUSE_BMAP(r6, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r6, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) write$FUSE_GETXATTR(r6, &(0x7f0000000480)={0x18}, 0x18) write$FUSE_INIT(r6, &(0x7f0000000600)={0x50, 0x0, 0x0, {0x7, 0x29, 0x3, 0x0, 0x4, 0x772, 0x7, 0x0, 0x0, 0x0, 0xa0, 0x200}}, 0x50) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r6}}) 7m22.172861551s ago: executing program 3 (id=3695): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x3, 0x5, &(0x7f0000000000)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x61}, @call={0x85, 0x0, 0x0, 0x23}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x18000000000002a0, 0x14, 0x0, &(0x7f0000000440)="b9ff033168440372b89e14f00800a25e4113c182", 0x0, 0xa, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) syz_open_dev$tty1(0xc, 0x4, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f00000004c0)=ANY=[@ANYRES8=0x0], 0x1, 0x5514, &(0x7f000000b2c0)="$eJzs3M1rI2UYAPAn7Xa/XYt48LYDi9DCJmy67aK3qrv4gV3KqgdPmiZpyG6SKU2a1p48eBQPnv0nRMGTR/8GD569iQfFm6BkZqpbP8ClSWPb3w8mz7xv3jzzvGFZeGZKAjiz5pNffirFtbgUEbMRcTUiOy8VR2Y1D89FxPWImHnsKBXzf0ycj4jLEXFtlDzPWSre+vTm8MbKj2/8/PW3F85d+fyr76a3a2Dano+I7lZ+vtvNY9rK48NivjZsZ7G7PCxi/kb3UTFO87jb3Mgy7NYO1tWyeLuVr0+3dvqjuNmp1Uex1d7M5rd6+QX7w9ZBnuwDD2vb2bjR3Mhiu59msbWf17W3n//ftt8f5HkaRb4PsvQxGBzEfL6518z3s/Uoi/XeoJjP86aN5t4oDotYXC7qaaeR1bFxlG/6/+3Ndm9nLxk2t/vttJesVKovVKp3ytXttNEcNJfLtW7jznKy0OqMlpUHzVp3tZWmrU6zUk+7i8lCq14vV6vJwt3mRrvWS6rVyu3KrfLKYnF2M3n1/jtJp5EsjOLL7d7OoN3pJ5vpdpJ/YjFZqtx+cTG5UU3eWltP1h/cu7e2/vZ7d9+9/9La668Ui/5WVrKwdGtpqVy9VV6qLp6h/X9UFD3G/cORlJ5s+YVJ1QFwguj/gWmYXP+//SBi8v1/6P/H4kT1vxPr/z87s/uHI3nC/h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNPj+7kvXstO5vPxlWL+qWLqmWJcioiZiPjtH8zG+UM5Z4s8c/+yfu4vNXxTiizD6BoXiuNyRKwWx69PT/pbAAAAgNPryw+vf5J36/nL/LQL4jjlN21mrr4/pnyliJib/2FM2WZGL8+OKVn27/tc7I0pW3YD6+KYkuW33M6NK9t/MnsoXHwslPIwc6zlAAAAx+JwJ3C8XQgAAADH6eNpF8B0lOLgUebBs+DsL+//fCB46dAIAAAAOIFK0y4AAAAAmLis//f7fwAAAHC65b//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAv7NzP7lpA1EcgJ8NLvSfiqru26N0B8foEbrssuIAvQRHoFfIBTgD2eUIEUR4HBSiJIrisa2Q75PMMBb8/IzwYmakAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALp0Wa0X//9+/9c2Z7dv54WX/dG2bgAAAHgLttV6Ub+Zpf7H5vzn5tTXpl9ERBkRD43dR/HuJHPU5FSPfL66V8NFRJ1wuMakOT5ExM/muP7S9a8AAAAA52uzXM3TaD29zIYuiD6lSZvy069MeUVEVLOrTGnlIe9bprD6/z2OP5nS6gmsaaawNOU2zpX2LPXjfpy1m95pitSUT38/270DAAA9Gp00/Y5CAAAA6NPvoQtgGEXcLmUelwInqWmW996f9AAAAIBXqBi6AAAAAKBz9fjf/n8AAABw3tL+fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHRpW60Xm+Vq3jZnt28nz90AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADADfvzjgIhEAZhsHd9ZzL3P6w0aGpqUgXCx98YDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvPndX/5PTI0zydxrY+l5JFk7NbZOjb1z4+gP4+vXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABc7M9tCoAgEIbBrezrX3j/w8YLeoYIZkB42EVBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBH7hnLOLXO2BJPVbVME3vGvaqOrBJnVokrF/p4sPUPfwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMvO/bzGUcUBAH8zs7NJq+IaZQ8RseBBLzbd1tbexIMSPPgnCCHd1titP9ocbClCLt4k515EjyKCEm/9H3puoZd662EPFTxX5lcy+XFYhZ3ZZD8fePO+Mwzzvm8WQr77XgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADsM/5wL06yQ6+I4/Law2d317P+0YE+c3/78XLWsjhqMunj4Y36SdSvnSw2nwwAAADzIanq+xDCk3RnNevjXl7/p9U9Wc3/00tFXNXzB+v+qq9q/6z9+cfT13YH6hXjZA+9ujEanjucSmd6s5xhz1+e4KZO/ubz716S/AOJP9l6dZzm7zP64cGDj7p5uDD9dAGA/+ds1ZdB9ftQ1g/aTAyAudGpFd5V/Z/02s0JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAnjrfBCFUchhOXOXpx59Ozu+lH9/e3Hy1W7dO/edv2Z2SPSEMLVjdHwXFhscDaz7dbtO9fXRqPhzeaDN0MIbY3+QTn9659NcHMIU0rjTEtvfs6CuPywZyWf4xG0+EMJAIATKS1bVtc/SXdWs2vRUgjPf95f/79di8OE9f/Tzy89rI9Vr/8Hjc1w9q1s3vh65dbtO+9u3Fi7Nrw2/PK984P3BxcuX7x4eSX/rqQ4tp0mAAAAx1i3bPX6P146vP5/uhaHCev/b34cfFcfK1H/H2lv0a/tTAAAAObbK2f++Ts64nrU7YZv1zY3bw6K4+75+eLYQqr/2ULZ6vV/stR2VgAAAEATxlvRvvX/K7U4TLj+/+Ivr/9Wf2YSQjhVrv+fXf9qdKW56cy0qfzx8EL5cDsLAAAAKOvxUwfW/9N8/3+8u+UhDiG881YRl/8GcKL6P/n4+1/rY9X3/19oboozKe4X7yPv+yF0+m1nBAAAwEm2mLdeXv//le6sfvH76U+79v8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANO3fAAAA///FdTwZ") r1 = socket(0x10, 0x3, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, r4}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000180)={'syz', 0x0}, 0x1000000000000, 0x0, 0xffffffffffffffff) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route_sched(r1, 0x0, 0x0) symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00') 7m20.027983644s ago: executing program 3 (id=3697): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000010000000a00000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) syz_emit_ethernet(0x0, 0x0, &(0x7f0000000200)={0x0, 0x1, [0x8e, 0x466, 0x25e, 0x978]}) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f00000000c0)='mnt\x00', 0x4, &(0x7f0000000000), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=") r2 = openat(0xffffffffffffff9c, &(0x7f0000000540)='mnt\x00', 0x0, 0x0) ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r2, 0xc0506617, &(0x7f0000000580)={@id={0x2, 0x0, @a}, 0x40, 0x0, '\x00', @a}) mkdirat(0xffffffffffffff9c, &(0x7f0000000640)='mnt/encrypted_dir\x00', 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000680)='mnt/encrypted_dir\x00', 0x800, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r3, 0x800c6613, &(0x7f00000006c0)=@v2={0x2, @adiantum, 0x1, '\x00', @a}) chdir(0x0) mkdir(&(0x7f0000000200)='./file0\x00', 0x1c8) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(r3, 0xc0406619, &(0x7f0000000080)={@id={0x2, 0x0, @a}}) pivot_root(&(0x7f0000002140)='./file0\x00', 0x0) 7m4.975020389s ago: executing program 3 (id=3714): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) unshare(0x6020400) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0) r1 = socket$caif_stream(0x25, 0x1, 0x5) recvfrom$packet(r1, 0x0, 0x0, 0x100, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_sctp(0xa, 0x1, 0x84) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000280)='./file1/file0\x00', 0x0, 0x201008, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000003c0), 0x0, &(0x7f00000004c0)={[{@lowerdir={'lowerdir', 0x3d, './file1/file0'}}]}) chdir(0x0) rmdir(&(0x7f0000000440)='./file0\x00') sendmsg$IPCTNL_MSG_CT_DELETE(r2, 0x0, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, 0x0) mq_open(0x0, 0x0, 0x0, &(0x7f0000000180)={0x0, 0x80000040001}) add_key$user(&(0x7f00000003c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd) keyctl$dh_compute(0x17, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x0}) 7m1.766645832s ago: executing program 3 (id=3720): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, 0x0) r0 = syz_open_dev$sndpcmp(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000) mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x6, 0x0, 0x6, 0x0) r2 = getpid() fcntl$lock(r0, 0x5, &(0x7f0000000080)={0x1, 0x0, 0x7fffffffffffffff, 0x0, r2}) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000940)=@generic={0x0}, 0x18) ioctl$COMEDI_INSNLIST(0xffffffffffffffff, 0x8010640b, &(0x7f0000000000)={0x0, 0x0}) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r4, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) r5 = dup(r4) write$FUSE_BMAP(r5, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r5, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) write$FUSE_GETXATTR(r5, &(0x7f0000000480)={0x18}, 0x18) write$FUSE_INIT(r5, &(0x7f0000000600)={0x50, 0x0, 0x0, {0x7, 0x29, 0x3, 0x0, 0x4, 0x772, 0x7, 0x0, 0x0, 0x0, 0xa0, 0x200}}, 0x50) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r5}}) 6m58.286215155s ago: executing program 3 (id=3704): chdir(0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000000)={0x0, 0x1}, 0x8) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) shmget(0x1, 0x1000, 0x200, &(0x7f0000fff000/0x1000)=nil) r3 = fsopen(&(0x7f00000001c0)='devpts\x00', 0x0) setrlimit(0x7, &(0x7f0000000400)) fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f00000000c0)='system.posix_acl_access\x00', 0x0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) fsmount(r3, 0x0, 0xf) fsconfig$FSCONFIG_SET_FLAG(r3, 0x0, &(0x7f0000000040)='ro\x00', 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r3, 0x7, 0x0, 0x0, 0x0) 6m42.049352083s ago: executing program 53 (id=3704): chdir(0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000000)={0x0, 0x1}, 0x8) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) shmget(0x1, 0x1000, 0x200, &(0x7f0000fff000/0x1000)=nil) r3 = fsopen(&(0x7f00000001c0)='devpts\x00', 0x0) setrlimit(0x7, &(0x7f0000000400)) fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f00000000c0)='system.posix_acl_access\x00', 0x0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) fsmount(r3, 0x0, 0xf) fsconfig$FSCONFIG_SET_FLAG(r3, 0x0, &(0x7f0000000040)='ro\x00', 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r3, 0x7, 0x0, 0x0, 0x0) 4m5.725524516s ago: executing program 4 (id=3952): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b708000002001e007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000d00)='sched_switch\x00', r4}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0x8401) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$USBDEVFS_SUBMITURB(r6, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20000000, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x4, 0x0, 0x0}) r7 = syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000580)='./file1\x00', 0x800040, &(0x7f0000000340), 0x1, 0x597, &(0x7f0000000b80)="$eJzs3U1sG2UaAOB3xvH2L9t0pV1pd9VDtYtUpKpO0h8onNorolKlHpC4lMhxoyhOHMUONFEO6b1C9IAA9VJucOAI4sABcUHiwpULiDNSRSOQmh7AyH9pm9jBKXWdxs8jjT3ffON5v2/G73hmNCMHMLCO1V7SiP9ExKUkYuShuqFoVh5rzLe+tpK/v7aST6JavfxzEklE3FtbybfmT5rvhyJiNSL+HRFfZSNOpFvjlpeWZyaKxcJCszxamZ0fLS8tn5yenZgqTBXmTr/40tlzZ86Onxrv3Pjszvp644ebb9/49pXbNz/+5Ohq/t2JJM7HcLPu4X48SY11ko3zm6af6UWwPkr63QAeS6aZ57VU+leMRKaZ9e1UR55q04Aeq+6LqO5Esrqj2YHdLNlZ/gN7Rus4oHb+2xoeOUDI9Pb4486FxglILe56c2jUDDWuTcT++rnJwV+SR85MauebR3rbNAbA6vWIGBsa2vr9T5rfv8c39iQaSE99eaGxobZu/3Rj/xNt9j/DrWunf1Fr/7e+Zf/3IH6mw/7vUpcxfnv9xw86xr8e8d+28ZON+Emb+GlEvNFl/FuvfX6uU131w4jj0T5+S7L99eHRq9PFwljjtW2ML44ffXm7/h/sEL9xzXZ//Wem3fqf77L/n3396f9Wt4n//P+33/7t1v+BiHiny/j/uPfRq53q7lxP7taOAna6/WvTbncZ/4Xzx77vUHWgy0UAAAAAAAAAAABtpPV72ZI0tzGeprlc4xnef8bBtFgqV05cLS3OTTbueTsS2bR1p9VIo5zUyuPN+3Fb5VObyqdb9xFnDtTLuXypONnnvgMAAAAAAAAAAAAAAAAAAMBucWjT8/+/ZurP/2/+u2pgr+r8l9/AXif/YXA9mv9JxL6+NQV4yvz+w8Cqyn8YXPIfBpf8h8El/2FwyX8YXPIfBpf8BwAAAAAAAAAAAAAAAAAAAAAAAACAnrh08WJtqN5fW8nXypNDS4szpTdPThbKM7nZxXwuX1qYz02VSlPFQi5fmv2z5RVLpfmxmFu8NloplCuj5aXlK7OlxbnKlenZianClUL2qfQKAAAAAAAAAAAAAAAAAAAAni3D9SFJcxGR1sfTNJeL+HtEHIlscnW6WBiLiMMR8V0mu69WHu93owEAAAAAAAAAAAAAAAAAAGCPKS8tz0wUi4WFARkZ2jLlm84zR8Tqk21GbYk7/lS2ua12yzp81kYObz9PJvrewt040ucdEwAAAAAAAAAAAAAAAAAADKAHD/12+4nfe9sgAAAAAAAAAAAAAAAAAAAAGEjpT0lE1IbjI88Nb679W7Keqb9HxFu3Lr93baJSWRivTb+7Mb3yfnP6qX60H+hWK09beQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8UF5anpkoFgsLPRzpdx8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHscfAQAA//+aXtbd") r8 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r8, &(0x7f0000000140)='Q', 0x1, 0x200980) ioctl$BTRFS_IOC_START_SYNC(r7, 0x80089418, 0x0) r9 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) sendfile(r9, r8, 0x0, 0x7fff) ftruncate(r8, 0xf09) 4m1.500077662s ago: executing program 4 (id=3940): r0 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000140), 0x1a1002, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) syz_open_dev$swradio(&(0x7f0000003900), 0x1, 0x2) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0xffffffb3, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) write$FUSE_LK(r0, &(0x7f0000000000)={0x28, 0x0, 0x0, {{0xc000000000000, 0x40, 0x1, r1}}}, 0x28) r4 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xb) socket$inet6(0xa, 0x80001, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) bind$inet(r4, 0x0, 0x0) connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f00000000c0)='bbr\x00', 0x4) sendto$inet(r4, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) 3m57.299787588s ago: executing program 4 (id=3945): mkdir(0x0, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYRESHEX, @ANYRESDEC=0x0]) read$FUSE(0xffffffffffffffff, 0x0, 0x0) syz_fuse_handle_req(0xffffffffffffffff, &(0x7f00000061c0)="75ff311821f07fa4703471f11c7f9a343f146bc8a0059adb304af4dda6a635c782f0d1876dc4627e1aec92ca1fa753a923ca393dde13807c4a58e5a359ca9e98080eef63408e6f862bb0163f4d0eb142e97c03e024aa14ae0bedb306245522bb5a9d1fbc0e8655ae0dc9ba5980d67871769aef065383747b762ce0de5431ecd5e635dbb9ec7fe06e6cf812ef5bac0e0ea2daea3849ef66912f02de733073e13d5a4e5432e0d04f561567c0a9968ae8f5ff5a896237069bfb948bc71ccdea121324fec465b4cf31bd464726d15e7c13741869f0c969fe6f173604650e9d37350745066e8a5dc520898df15cf02859f6d508dc8bb5342af839d6ac5cd69bfb102b5c54746c5382dd976382351a7b701f3490a27ae738b93176d55d5de60823ddcd2470bf6c939ed858c53ba880c38db973256e065521c495d3b6f01d89a526e285bd11a1ad902cbad5bd7a240a10c4f955e6f57bf2b734fe658151b69ca497d6a90f930b330f639c3480a03b8ff62d067051ee0fb71df680b4d79ade539e31512d102ae66b75fc632b5af7da47ba3b87489a7c9735a522070c1b9c7f980aca172315b90bef887aaffe72804ff70d6a275513a90722d191c367474102dd5b17cd9e115e6ce1a2d6a787f8beac2fa5e32f88be0902db5bb1ecde5adb2331f1cd97e9a181e722c3fb83a99a53568f94e457c377ee840de8f2dcaf183781fad768431dc0b24ee63e689eaaaf7e75346fc5e5f6ff123d2fedaeee184e8d6a4d9e45f7a06b5de83fce572c5f631beed57641d3e262e57d592256bc38911adc7c4c59b022d532c7a5418fdebc76ff44c1fd9392818934a4f5603f33687d7d0f9e72c7056e55180e9ce336d86f99f243d31b3fcb15bd7a5bac39a93fcd7f747ee2352cf4886123757c7b7f759aa06a65fdfbf1da74f74968c47ef679ae843f9a331159d490578ae0d7c314a833bc31dbcda6bb0c019f189a2f999c29bbeb2586744d2f2682f3336516a92740d031029b83b3d38844390165bf6517521db3d89d016192b916bd9ac2ee5a3c2059d76cca7eddffdc3ac38bba3112298cb2ac79c686027621b212cb2165de3849f217d8e01885c05e4278491585ecd9633335769a431e82d809f4c378f1fe1f6b3560745fc9c9b2ba0f095b27513e3d6e6263c8298c0dab4819e8d170db1f42df4a2aee0a05d5422eb8fe61e7fbcf3ac8b568d2d6e0bd0ebfeed6fda0f8783dd797ebb2978a0e92fb9610d0ff465515adaeccf7d84bf7f90cf0867de6ef4a1102050928f5416fefa01af66779964011532b8abdf30b24dd76988699f6f8f139cb3628a94aaaf80baebb86d27d970cc17a298473cd80657c641c94ab4ca99336d1a95c27b47da153a0787002ea830c29db176b0f5539b40500986f206cdbbbc843ac148e1f583de9db549354cf681162483bf55704d548f523f1f4ce7b42abc127ff33fb70d4f129cc355b19eef3f6a19f903419b63b2f535e70a1e42bb85c94615bf2e2a640264e0a9712f69ed4a3ebfec61083a65096619b5c91f17eea4cc1e709b6b958be70656fc0086dde58cdfcf2f881abe9e26d185fef6b4c4726646ee47733de0645a5a204be01132c8ea667562625550035d0053267f4f80fcd9e827410c9bbcc4e8dcadb6fd603d709450749941fe5a4419b1f11764dbd0dbb251fcdc92acf7ef19eb65effcc2b8f563825a148b33747bd71fe7904d3946f60cee531131cc847e9c030922296f0578653d304501eda09e9aa95dc019be57e660282c47b81d00d502a8f7af8e2d8e5ead13577c7ecaec231b1117932de732c937db995056cd124ab9155f6c30a8efe14dfd47c1324b970be0317abbf68c130971a3672d093cf9c6a0fb897987107a490cfaeb114348fe308d3df65c732d5e5f910c344d632db028350739c5ee84b229114d97493827d405b349117818b29d2bd9117ee09d061c46fa2cb5ad83880d23300c7a11aeece2125c87eacf88279052bad129cb69b841fcae78a153cc31b494e0b0de4d8d9f347dafad6e4c44146def64c255173822aea7983cad710d734b9ddf5edd4369c00af3bff5ea434fd6d23079410bc8dfb4ac2554f6d9589d4d3dbc5757c93fe0bf5143ee2cc2118a07ddfa29756d80d78131c79d84ab0d269147bbf7756ad4e3875db312ea1270091d8d1d6249c6b9f703659bb3c60cc00055b0b3854f7e31a793a518927f5718b6f5738914bb07ed83ad8371111a48f1bc252443cc1f54ddee0e909506f0f5107b9dde26059135bc6a253e721f1ae34f81c023df75c58ff392d37b04a797365902d638ecd523cd8a78ff351318401c6729b7a1cc85f30a72223869df4c2013bfcbc64382fc8612393fd950f4874d215bfef214ea816acd8ad3a41d4b52b83e7a62d42069610f2169b9132b2b73f6a96ec31209facf23f1dd21f6c0c5892e3b9435c1f5b1d4bd9650814a34654de031da54729fbca6feb36e2e3fb80925b82d58982e4a17947ea8d5db9d743a108be3cf71c788625aae1eaf8f31d54b798eac0fd9076cfa0de451fd81eb7667ae88ca1f42c212f09fbc6e51fd7b8f3cbb9b664a09575bcda1e860bffe2c02411baba18087bc7dd8b6550019cb344c2e1a7eda52b0040b847bf8570cfaeed3934e0e90734df9ec8b495d1da4775658599326be1126c4995bab0f25d6c0b52e241a06f376f1f2b786da2cf4ffc61ffb1554930c02f34cc1136ffd1013bf2bff1adad5a9aad0360f508dd79765723e19de228d99a4895d51b5e6c5a820b883cc42529c8e1cff24fd31a7085869818d28de64956ec221603dd30c4e148ee34e3dbaf24ecbbf2c32f535be5ecf453d736c90ed28bfca01f4c54a9dd0ba2d16602c5681d70be98a5cc32ac862cc2675101b23e77ed827e3efb6ed34afb546d22dd96d88170fa98324953c58eb37bbcd9cdf366d88cc09e615029c41ab853e06a990e43394e3f3873703a3256b28416f4f6fe06dedbd2b9865b6974e13d5d7ab0cfbd9a2c57c00f407c002f9d6cd4a9458a1f67d507ea990db074ec5100714b7dce20c1f9ff6ce76d7882eab2930dd6a75cdb0a3712fba6c757bdc31e21a88ad59911c3f9d94c82817808d22b4dafe124fc1060bcfe61538ae5c04f1b394019ab0b028f915cd1b74ad3cc78b66b94af4339873e988e580f32801d2556482c168b690312e710c9889c32cc3c616b046c75d2d89eb160e97756fc5e1bbd0880f1e9e77e3de1e84becc16df56b55b6b9dc123bb8f1ec0417ebdaab62439f9dc7549903b9f1a90ed9b39edea8611268ce74d92f3629bb3bb357b78d669e9ef3bc8f5f1f22d16af63208c85c1b98af509a36dceb2c69c60ed8c21c15ea821ce40f3eee389807c51bd3ef310d811456cc36509705865584ed545085101ddf75bd44f260ab0407f476fb16bb3cba70b2361f4804719ad9775e9f015c2952a070bd93ef96cb6e96c4501b776da4e3221420be5bce977bb8b19f044dc339c0c8579c1c5ecf5e30f049c43241f1539a5520f580b67e30a435fb726e3d00e08e7d6a14d89f01257a28aed0fe773aaaedc0f5a6458e163dbe4d43a83ffd54ae69cb0e62a7f72b667f85f84b0decd84b043c943360a3d287c9a7167b30e0c2ddcc61c6d7c14119d760e1b9ced30a3baec6d3c82635e02726ea02489630f0b77b0e6c435b560358b5df5a16762d77860ae94b8b934794c6282ef45d669652551c05f8a451220138a25449da84a77d8e4fc171aedf4b613fa07710f4479912eba0e0cb0faa39582e2edd08c67e858799d9d5ab93f0791dbf5312dd94b5145c66e401d42805178ae212b5d328b7971371975ba952f5d387e694d24d71970aa1d3d719c560719a6e2a8b32a70f71ae44cac4695d342c4561e8eec605f8335e3ff1663feb569141fe859ef29e346759dcb682ca401177eb7ffcdd30b23aa976c5cff76e0ce19d301b272700b726902bc0765d809518be44cbf33cc63c845a9e97d2999a1f75d54c0caed5165a03e8337bb38f5582cd5a87057aa116f97012dd058a59d31c1cf53cc1492a39d213111ecd2284b76fd847c7cbd6305390baffee8373e525a6540c85317b44660fdda85357c04b885aae5d2e353cf094404df2708228f193600e7534e464f891201fcefb37f09302f234de1f1388645798437ad53d150078749f5080d83de1257cd3c7bedcb9817cb025c23bf3750e7b7be10079b4285c19788d6233c2c07f9c976845873bae54eb6f9196c23273b1e0b79464c23454e7a3de1b791ea60dedf6ba7cf44a197cacd6f22276d9456f1f786afcd468b50608233bfda467814a6a74f5035520e46ab21a822ca0f9feb3a2dfb1562addeffa3725d831351c1429232c1001b79b90eb6cefba15f68bcb3d530a11cd7226345b410cbf97a6fa892bf5c9c4c96e8917b07819c9c2628352ff08787c7a520f737b8b4fc6d27f3ff23256b64cdbc7ebc6cf7822badab4af58b845ec7c8b0d8815358cad4e32709e480c9dd14e0e21fcac30eec45b8744565b0b4efbdab74fbeb3b3feff454e8ae277c967bf6e0e70f15c48fe4c0407e7e446016cd683e36a1913f9be7a200247c37495c9585600897e0803eacdc758d8c37362379090df025772dc8e20fb1acbeff16150baa7361aec5c0d299337cf9497defa20cb8a6f9150b0fd7e80fff83900bc5825f2a02193e7da4c62b27630d12c4e161db7e58d0df7f3bb83777af4c60e2489e64aef23056fa7b363955a0477970503ef2925435ff78df62b58454c57f4106a2ff13e78264fdcb725811d378225f7675ba7046d4034590f1e84fb67f37dab7affc09e0ca51386d0fc206884164a322ff8923aa77a5fbd606a97989027c15e2dcea0f064bf893ca48a0f7ba9ba7519e922964260eb268705040be051c3059f8645200eebd51de1376a6ed88d1556b8a71df8796dfcf465426da4a0108c18608b677cb32b36c1da5f8219297e317c00642a09a548710ba6f9974bdb3d8cbd286bf458af5eda394705de8154d939df7856b9e9fd210c58015c859e33874f6dd5c0209c9f512d6d0a327a2fa6c2342d75cad4a0d4a19b48103666db3fd86493edcdb2b4202b1449a547a6f20911b6f982d66a9ddf54e539c48f5742b0d3221ea5f3f9a9a5198d797439cd1d7bbc269d6430e299ee12e1dc56e4da607fc29e047061db51ab5a8d249e0b2aa0b09b60f1314e5ab117c9ea940ebdf6d4529ea02b73565b0894f1420a4a2a4f25ac8e1cf2feb137e06d638af3e47db14aa721a343a00eb3e660b0ea03d6ff1ecdce42d41605a8fec19b61fb49986c87304057cc08880e5d6ad44158c3c3dd64287e55c0e4d0a577e408c1b44cf6670cd04c9a1d79899d367818c7451d3b95bef3d21f93e7c87667ce10fe1d8dec460523cfdfbbb0a8e01527f86e1268a0ffa98aa51a6b966e4196a37f096b4167c9ac9b31ed85a8c33f222aa15d1fa34cfa042d33189cd7f6255d4393228386253367a10cd501a85ad39011d3fa404146ee228e11446a0118c5be841936693e77f2bacc15b4bde2f58a2283bb82fabb29b897509151efed1a8d19c1deb85181e02183a49477a9857b179849d41c389248715350d9ca35a62e637f804cf3e8cf007582957104832c5c2da3765894b267aa0affcf8129469aabfcb6b854a1e54313f5841a34c1c0809004689cce4175811a958defb457a2ff3781a198114ea016232d74fcb8a5161f129f456848c74bf0f081778779060f3662ac3478d804edcc2340a19e449525336d0e9775bae61cfec557b4ddb0e5357458c6d88e94f46378aa0ea4499a3233cc22d6bd4aceb6cb46a0e9e2d619636a860ced49c8731268c69de345df6abfd5c443eb7e0da26e5bca8c03b5bc7b46b479fe14bc8e33df52419ecc8c551561b140c138625ed647a47471f121608e4ae233adc92bf62556ca0af28f94d629f5e5dcbbcd4239ecf202f7c886148db64b702c5be5b4779db955fd229fb40324fbe8db99270c2599da6d5c09cd93fd5197a1e85c3fc791883a71084c846a7f91202db6fc864d6113e1c5834f3d9634b595b2f1ceeab67f65b9d5833f1069e08d55821655938a35895458eb407352218ad49815d1497fb3cbd3ba2f6da2cb1ea81d4ab04416939528c208c4cc420d6fe119ac2adb6ccf32d7b52fb56b4c88f4357dedbe83b630acd0edb826550e36239f5a1703719abac50c8202c2adacba2e7036dcf42342656190b930a45c5bd617fffea79e3baab98e0bbffc48109127849b37f65d59133bb4fc4548f2414756327081f7208158dbe26742880c3d1e8c534e14f2a572d0f4cc5345fa1604f6bdc7eec5ccdc011911d55c6f79272a30282162b7f3cbffebf78871defb9cec442dc5488efc00a158ac265c0319e44fc39aa9b20f7996727fc2821383f69bc1e3d5fbd0810e484416482b196463a6a4d2e22bab5f1a2e0866348a9c9e4c1df5926042aac3fcb179d514d62972245961c308c4250e01f44274bfd8477d3a64396c714d47efb8f5adfacee7360d061bba505c4230a1993d2f43089e734c36494af93b3d4cd77c2540244e41fb7103db54ca0beec9b67a29a2b702028c5772f34325343335806c3fa058ba3e657e8554e5fdfa1aad253114acd220737428bdc1a0c56fd86ad1ab4f2332a2d0a960bdf300e591f164a34d1af63fa2aa98328829f61ff4a6b6b89afe93bb9967dfbc0b97f949d62886c4890fc77f26b344b83a052be0eda4671730f2dfbc792a67c41f9969789a4227facfbe3903b6826d01788ad5702428f3954227609d75e7d9dd8de82a55b9fef1b65dc9168650351e1b5b2b2db96098771c8b7614bdded244f29c6ebda995843e939f96d986fbadb196cf2d27f5c15a5bc7f65e340a054812b88686e9a4ec036d75a5b57cfb5be1c9fc915559508512d8e3936728e5c26e5849cf7559b4d9c993cfedd1b8ca59d895535d444ea7eb96c361cb4b72226acdd64787e0950e43dc517f30b15534ede3006d425296f36cdb3459500c817c05f729a4dd290d28baa55558902f0553df72bd618713013708304c7ba7bfb4b004af2c9af436d6b04e64dd92adbe41f91d2920106167f3d061d6262d62c5ba810e327240004b97536488dc5d758a051a717670b0b760e0c0aa0bc41e1a501614e51ec4f50eb5a862c3723ce53bb4f75469c92cd4f491dfe81ca8c4bd925fe2275caca49843865c56dac2506be78b610b454fb0408e88b3ea6fdd133b9340ef85ac58b1ca7b1ef1c19f7369d55d68ddf68d19cb0853486abfa0bc847bbdeacbc42675462ca236283b7b3171f3129bce5c705f0da567c408baf7848d8f8067a7cda0834bb9adbe07576b11a4c4560ebf32fab24b11acc14d065b8bcb0a75deab241b24f10789fda3f2359d7dcd96804f8a1b79445fed28224965067cd17dd0535495dae3c13ddbdd0d26d1e6c6a44a76b7b391079f8d375b0ae484e449d24d16fc3783a7a6644664edeb0efb57420f97daf4825a3001a010072bcf5a87ad98bda8eb1ad72ea3b84672b10fae1239118fb9be7e504c1f04d59d08792bd6e4ce7090bc4986386beedbb510a36d4dcd59df09daa064df9d6f6649fa41da815dc647db36ad14d0d9f8014e2d96d7e2f9cc43a50719592954508e15e99209abfcbe0553de67f758f07e9d23bd9173e245d4701bf94591a258d0ef88d4f24dfd692658ac2fb551aa14246e9d3f36172c2559eda27a52191be7d4b4c8b2c7d89a238a18c57a0c6bd2989566390ac90171bff2d90706e520835ce24e28040e811035be6512f974c314d547dcfb13f8d66aa3369aad2d2a2e40058c83c9a3e933b211166ce1848ad98e8023469fe7360415fb288104e037f1eaf9fa39d1c81f674c64c48b9dd21e26385a0fc9caac8027eab7b2ec9c1ba87c5e41a5ef4ea2fe8a55d1edc19468eb184483f5b42401e50bd89526c78db9dd59e8a05ebe3c8b36d1cf1287daee3b4de0652a35c2cbd2d69f4f0b63e1b852a75dcb31bab9ab59f1b5f23310e129c4cb0f67dffdb3528726784460f4136f1c0b3bebead066bacc814f054227fbcdc89eddd429b526c94a255e3489cb329dfcdff5df32c70fdd7b5272ab6c14de9afa2c1c943ad896533c1b9c36030080a6df4515bf1a025506f68f45bf5c8bb6007c4c12c3b9841ec959760193ac031bd67106192bd9dd01d37fa18756d24a033b3078e4dbff0ce4efda48ae89c0d1486694d09b8550cd2aa22ab2407af4a74c9d29d23e7ae79ced6f6e46ecfeccb44ea617167d14607c592ed12952a5bb0a078176ff6aba391fb2152089c42fa048a47525708ba67cdeff99a8e62fde26ac22fe106184be2e054ca94b878e14deaa62cf70967ee2063b3ded9b2c5e4ce7c90bcdd329d50083772c6abb0704ee03c2c9a0a714182e6cb49abccbb3fd5c12d184cfb8a343a7dac685775e39cf1c5f2130d66d2c7e7b4490fe200b25a6bbfbd0a6684b10b0cfd833153c7353356c78b0bae6b3545671e5c9ed7fe645c799f409535f0dd69e063eb826129869718a93cca7b0450eef6a93a80cf3bca7746bb904b04a8bc2b12d50477b400a97ceadb0bfed7e8d4a94cbafb4d496b6b3e3d113d997c373ffa2341bb607346b2b24006ccdae52834a559b5d35c5f27ef05722bd32c7471ada2b535b3d786d27a794f5db55b834aba43f6f46bde855ff533cd6450c2a2900ffff0bc9c37ee6cfacfc2b06a7b10336014b7db868d615c9b3d4f3d86a4834ed97ced9f2cf06e96ec21715ffd46527754f8717a672c6cf69455dd5dcc557328cc0599b2420d89ca2d78c9283da5e3ead128be306980211ae3009e2a339106c244e92a9b1065cd0f7ab74b21edd89f910a8dbe28991df6f2e2946697c59da7eb1c3bc356e991b75a65e89288d0878706a49c289d6a573f394e76eb3b28f9a6f4f23e3181fb97257181adcfd36eba2ad2a81a2e3f45f25f7937c423bc28f59e8aba9dfcea3450711b152eae6d29480760988bfbd3670bdfdc3b1ea808b23cd2b9f950e0e1f7cff1e6880830326d808394e340504315d11f80eaffe6640df91e8ad907f3f7b2aacc39eaedcfca78e73bef99b844fd9f365a9990f26f0d25245dad5757c321aa6d8455bb5b1a0a727115f4b6bac2f554cfdd712c067d2200655db26e009c1375888e7582d74fd1e803b7da21866d57a23ba8183d2b5b23ea6d96fa031d0b9e952424e993d45e88d05098002a33198e4eef4f7fd55f75c7b2aaa5d23e6a95e59b6fc9b763217492b45fa8193caf228ea0955e628a3bb9cf912d73113aef09c4f5b1cd12c6404cdd5e365089bcd9e27a81eda7d7cbfd6d7cedd54eebdda507b170a9c994bc9e8baeb7c750d3c011bc59790c5ed5679ecdfef26f48e4ca88efd755c835566353b7e4d32d313398e00a1b72c70bcc6dceb3c08d62294fcff61554cac9e1b8fdd5cae252e5d1f33415b2ff450c06277817ff0d63e52e6be9ccf9f06e028d1d5bd0f93bd80a5c8242b10da68df985635b2d86ed26e6e2b3976be076ccdb9257fa6b64328d83b0180664f507f20ae883a9404ba0a48aa3b7ca1233099f80a892d7ffdbb5af0a90f71ebaf8922bf670b016d301e52d53af718d17c2467ebd863b9146bf730e05120acabfe4fd1208565e0d408f30f83778742ec651649c2a6f7beb4363e77575185449e92f735526dca023647a807e54f8a562d76502e05efd128f171f5b557d7649699bcda0df779cac291326414c6fb27d0f837895eb2066c4ce0a179e768965ed70f3164a2e84f183dd5e9ed0de7a122371ca7205b298389d7a2d92228ab844d169fe356b571a43197d1181e3e7f1609c9120fff75fc6272b56167528557b55b6f7e590610c3deeb82bf3d9bb68bac455e3239305668fe00d6b8b6fe47dba8bc603f7bef657dc6c8d47d0df722b9c1e891ffa5cb7b2be34c361791ac497d07a4d600f1fd24fea1a399546fcf0e9fca7f85ed1eca2ffa05c3c1b30ed74564358562c500d17065c3eb2421e68bfd86bc7700b66d35a85a07de9355d226744a001a9fa8c2df39034329c9736675e450c7f1b614587b4a77a00607471fd5ae1066522d88c65b3e23fcec27204eed1f60b4fa4a40f816900992f0fddadb5eaa0e478ef1c2202193b4992e0f077c9b8cbf9aaa0cc8ac80c0bfba7c7c42a3bfd072ef3df0d644503e36a70048ad79a7007c994128661afb61510af0fb7f8c049bb48d530be4d8a68f3beab8eca240577879e50103fd7bce6393194520bd3e8bcd899fe5d45ed4f05cc624c4ddc2f5bed56a70a4bcc195c79c039955a5302c332580d8f429ed2f9a1b3b8e5acdb60868ea9b64c640a6a0f7dd4cd07661a9e82d50b468efaa96c787a9c7513b769922e146b3906ffc21cd6d9f2a8a4292da640e6438883cdd4f07ec5556e241739710dd6f1e857cbcc2d95bd8448d71a8c72fc1658e6038dd669e7b3bb183a274386571abe8077f23a9ac2d461786b60093177ece718061a64990ca37166f73c505cdeae12295897a57d96ae439ab57e34546f4f3de44de489ec0e1d22e8abcb3c4eaaba51ffd466b662672552d08d0f1baa32fffd7e030dbe54127f2db1ccd812de4a0ca97dc5d4c426d365996a736998e1b27c00fd8bd1134621eb7b3ab571b09ab4b726facd6027b7f301adf4ffb66b7e51d6a59b786439f174a3841343027be4f6bb23b89a10739eca5967dae44bb35088ebf9ff7d3449aadb0babc3852369f449eb9fcf9c622e4c61eefa8c828f42c9869bcee70f0af771032eb65f35ec09fd287c82521193c831b821839a318590543595a76c25c7dadc0fd5a79e826c618963e602f0de526fb30cd76407545558210aad6e06e6a45247b1d920902aad7e61f15058ae98118137e38243ef403c8982c4235e13c34323d37136d276275cb4aba2b44bacffaf3a11a0a5973349204d29999bb0c722ace31c26595521a30f03fa7c28fb4d22b70d3fbd13185cb19a75d8b8eaf1125ce206c6401eaf2c4b73d1629a8e65bb9e586bdb523de71302899bec87bbe62ac9cac46ccbd66c1e098a9e05fe599039bdfed5e9b789b43312fb0b3c2eb1f3f8f9486dfe07ce180369be6fc8d8107a5a1fbd0c0691044d4015810742a122858e2ce25f6d522e5136da5ebe9eb6ed32d932cb1443ead3584bb998fedd2f707a11a4a076c1d36bea69371cf616d2ef5be3d03031da49e4a2aef49d0ae45e7f2c91fb87bed83da94c77cebde7764565e664f6b8b12911b481d4c94853cf5834e8dc6c7d11fffd38f0680679ad9759b60bb5ef8f70c980f57fa990b3dfa0b1fb9a4f2ad61911c55bcdc15a9ca69444481c38b95d47b5f087c1c081ac308be753410157874009e33e8a1f8911f75486db0459ba025f9d7483a964aa8fc840a1c862a3a0284469e8751682ee3ec84696d9bbba81703d3b922eb6e92d1524c0f5ebd7a3376c42e868d53b710b35d95548c82fb9ddbd7f316391288b6cf2902234d90e062b33033df20c4f02b1c62bbc09d81d42fe54aa426ef02350fd35cd00755c78ab3d6ccc98e77ee6ab5e357df58843390422283f311b4b46dea4fa6d8ef2dceed92819db1ce5f5a827d26e8154dffe4ec8f419c420c72825df0", 0x2000, 0x0) r0 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2) socket(0x2a, 0x3, 0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) fsopen(0x0, 0x0) write$dsp(0xffffffffffffffff, 0x0, 0x0) write$proc_mixer(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB='ALTPCM \'Line Capture\' 0'], 0xf7) r2 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0) dup3(r2, r0, 0x0) r3 = getpid() setpgid(0x0, r3) sched_setscheduler(r3, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) ioctl$TIOCVHANGUP(r4, 0x5437, 0x0) 3m55.440941742s ago: executing program 4 (id=3947): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f00000001c0)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) shmget(0x1, 0x1000, 0x200, &(0x7f0000fff000/0x1000)=nil) r3 = fsopen(&(0x7f00000001c0)='devpts\x00', 0x0) setrlimit(0x7, &(0x7f0000000400)) fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f00000000c0)='system.posix_acl_access\x00', 0x0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) fsmount(r3, 0x0, 0xf) fsconfig$FSCONFIG_SET_FLAG(r3, 0x0, &(0x7f0000000040)='ro\x00', 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r3, 0x7, 0x0, 0x0, 0x0) 3m55.38480867s ago: executing program 6 (id=3953): socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xb3, &(0x7f0000000140)=""/179, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f0000002540)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) r3 = dup(0xffffffffffffffff) write$UHID_INPUT(r3, &(0x7f0000001040)={0xf, {"a2e3ad21ed0d1bf91b4d090955f70e06d038e7ff7fc6e5539b0d3f0e8b089b3f35076e090890e0878f0e1ac6e7049b3346959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07580936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x96d) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000bc0000/0x400000)=nil, 0x400000, 0x9) r4 = socket$alg(0x26, 0x5, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000000), 0x4) bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0) memfd_secret(0x0) bpf$LINK_DETACH(0x22, &(0x7f0000000080), 0x4) 3m53.895817718s ago: executing program 4 (id=3955): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x2]}, 0x8, 0x800) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000640)=@generic={0x0}, 0x18) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$inet_msfilter(r3, 0x0, 0x29, &(0x7f0000000080)=ANY=[@ANYBLOB="000000000a0101010100000004000000e070a091f16ac0"], 0x20) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) msgget$private(0x0, 0x2c0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TIOCGPGRP(r4, 0x5437, 0x0) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(r5, 0x6, 0x1, &(0x7f0000000000)={0x0, 0x747, 0x0, 0x3}, 0xc) connect$bt_l2cap(r5, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r5) 3m52.535163471s ago: executing program 4 (id=3957): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a6000000000000005000000", @ANYRES32=r0], 0x4c}}, 0x0) mkdir(0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mount$overlay(0xf6ffffff, 0x0, 0x0, 0xd4, 0x0) io_submit(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) ioprio_set$uid(0x3, 0x0, 0x6007) openat$nullb(0xffffffffffffff9c, 0x0, 0xc102, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200), 0x4) openat$iommufd(0xffffffffffffff9c, 0x0, 0x30080, 0x0) 3m52.356811633s ago: executing program 6 (id=3958): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYRES32=0x0], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, 0x0, &(0x7f0000000280)='GPL\x00', 0xa, 0xb9, &(0x7f0000000140)=""/185, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000000100)=[{0x81, 0x6, 0x1, 0xe7}]}) write$proc_mixer(0xffffffffffffffff, &(0x7f0000000180)=ANY=[], 0xb8) semget$private(0x0, 0x4, 0x1a0) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x3c) connect$inet(r3, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) writev(r3, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000001c"], 0x3c}}, 0x0) 3m49.200820248s ago: executing program 6 (id=3962): r0 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi1\x00', 0x2180, 0x0) r1 = syz_io_uring_setup(0x2f90, 0x0, 0x0, 0x0) epoll_create(0xaf2) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendto$inet6(r5, &(0x7f0000000080)="b3019c28", 0x4, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x1c) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[], 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000780)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x3e, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$BPF_PROG_QUERY(0x10, &(0x7f00000002c0)={@ifindex, 0x3, 0x1, 0x1, &(0x7f0000000180)=[0x0, 0x0], 0x2, 0x0, 0x0, 0x0, 0x0}, 0x40) getsockname(r1, 0x0, &(0x7f0000000ac0)) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000a80)={0x1}, 0x8) setsockopt$inet6_int(r5, 0x29, 0x18, 0x0, 0x0) recvmmsg(r5, &(0x7f0000000d80)=[{{0x0, 0x0, 0x0}}, {{&(0x7f00000000c0)=@nl, 0x0, &(0x7f0000000240)=[{&(0x7f0000000180)=""/186}, {0xffffffffffffffff}], 0x0, &(0x7f0000000280)=""/239, 0x13}}, {{&(0x7f0000000e80)=@vsock={0x28, 0x0, 0x0, @host}, 0x0, &(0x7f0000000680)=[{&(0x7f0000000400)=""/18}, {&(0x7f0000000440)=""/110}, {&(0x7f00000004c0)=""/165}, {&(0x7f0000001540)=""/4096}, {&(0x7f0000000580)=""/245}], 0x0, &(0x7f0000000700)=""/27}}, {{&(0x7f0000000740)=@nfc, 0x0, &(0x7f0000000c00), 0x0, &(0x7f0000000cc0)=""/180}}], 0x4000000000001f1, 0x10162, 0x0) mmap(&(0x7f00005b2000/0x3000)=nil, 0x3000, 0x9, 0x30, r3, 0x79847000) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000080)={'dt2801\x00', [0x0, 0x80008000, 0x7fff, 0x0, 0xfffffffc, 0x8, 0x1, 0xf, 0x1001, 0x400001, 0x80000007, 0x1, 0x1006, 0x4, 0xffff, 0x0, 0xffffffa7, 0x4000000a, 0x836, 0x3, 0x3f8, 0x10000, 0x800, 0x1e2df, 0x2, 0x1, 0x1, 0x6, 0x7, 0x1, 0x5]}) 3m46.718720939s ago: executing program 6 (id=3963): r0 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000140), 0x1a1002, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) syz_open_dev$swradio(&(0x7f0000003900), 0x1, 0x2) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0xffffffb3, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) write$FUSE_LK(r0, &(0x7f0000000000)={0x28, 0x0, 0x0, {{0xc000000000000, 0x40, 0x1, r1}}}, 0x28) r4 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xb) socket$inet6(0xa, 0x80001, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) bind$inet(r4, 0x0, 0x0) connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f00000000c0)='bbr\x00', 0x4) sendto$inet(r4, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) 3m36.968153333s ago: executing program 6 (id=3975): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x1802, 0x0) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f00000000c0)) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r3, 0x0) ioctl$BINDER_THREAD_EXIT(r2, 0x40046208, 0x0) close_range(r2, r2, 0x0) syz_genetlink_get_family_id$ieee802154(&(0x7f0000002b40), 0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r1) r4 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r4, 0x7a7, &(0x7f0000000000)=0x10000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r4, 0x7a0, &(0x7f0000000100)={@local}) r5 = syz_open_dev$video(&(0x7f0000000180), 0x3ff, 0x2000) ioctl$VIDIOC_STREAMOFF(r5, 0x40045613, &(0x7f0000000200)=0x1) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94) ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r4, 0x7af, 0x0) ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r4, 0x7b1, 0x0) 3m34.757170491s ago: executing program 54 (id=3957): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a6000000000000005000000", @ANYRES32=r0], 0x4c}}, 0x0) mkdir(0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mount$overlay(0xf6ffffff, 0x0, 0x0, 0xd4, 0x0) io_submit(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) ioprio_set$uid(0x3, 0x0, 0x6007) openat$nullb(0xffffffffffffff9c, 0x0, 0xc102, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200), 0x4) openat$iommufd(0xffffffffffffff9c, 0x0, 0x30080, 0x0) 3m30.921350355s ago: executing program 6 (id=3980): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a6000000000000005000000", @ANYRES32=r0], 0x4c}}, 0x0) mkdir(0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mount$overlay(0xf6ffffff, 0x0, 0x0, 0xd4, 0x0) io_submit(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) ioprio_set$uid(0x3, 0x0, 0x6007) r2 = openat$nullb(0xffffffffffffff9c, 0x0, 0xc102, 0x0) sendfile(r2, r2, 0x0, 0x40008) r3 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200), 0x4) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, &(0x7f0000000000)=0x9, 0x8, 0x1) openat$iommufd(0xffffffffffffff9c, 0x0, 0x30080, 0x0) 3m13.771891742s ago: executing program 55 (id=3980): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a6000000000000005000000", @ANYRES32=r0], 0x4c}}, 0x0) mkdir(0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mount$overlay(0xf6ffffff, 0x0, 0x0, 0xd4, 0x0) io_submit(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) ioprio_set$uid(0x3, 0x0, 0x6007) r2 = openat$nullb(0xffffffffffffff9c, 0x0, 0xc102, 0x0) sendfile(r2, r2, 0x0, 0x40008) r3 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200), 0x4) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, &(0x7f0000000000)=0x9, 0x8, 0x1) openat$iommufd(0xffffffffffffff9c, 0x0, 0x30080, 0x0) 1m47.730406641s ago: executing program 0 (id=4101): syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) socket$nl_route(0x10, 0x3, 0x0) syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000380)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0xb}, @hci_ev_le_remote_conn_param_req={{}, {0x0, 0x8001, 0x9, 0x6, 0x9}}}}, 0xe) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDGETKEYCODE(r3, 0x4b4c, &(0x7f0000000ac0)={0x1, 0x7}) r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) socket$netlink(0x10, 0x3, 0xc) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, 0x0, 0x0) lseek(r4, 0x851, 0x0) execve(&(0x7f00000190c0)='./file0\x00', 0x0, 0x0) execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) 1m45.865185977s ago: executing program 0 (id=4103): r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e020000"], 0x0, 0x37}, 0x28) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x2000, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x4, 0x100, 0x0, 0x333}, &(0x7f0000000140)=0x0, 0x0) r3 = syz_open_dev$swradio(&(0x7f0000000240), 0x0, 0x2) syz_io_uring_setup(0x6f75, 0x0, &(0x7f00000000c0), &(0x7f0000000200)) ioctl$VIDIOC_ENUM_FMT(r3, 0xc0405602, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, 0x0, 0x0, 0x4) syz_io_uring_submit(r2, 0x0, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd, 0x0, &(0x7f0000000100)=[{0x0}], 0x1}) r4 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) r5 = memfd_create(&(0x7f0000000080)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea\x7f\x8cZ7`_4t\xcda\x9b\x11\x11\x0e\xa1\xcf\x00'/51, 0x2) ftruncate(r5, 0x1000006) fcntl$addseals(r5, 0x409, 0x7) ioctl$UDMABUF_CREATE(r4, 0x40187542, &(0x7f0000000000)={r5, 0x0, 0x0, 0x1000000}) write(r0, 0x0, 0x0) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r6, 0x84, 0x18, &(0x7f00000000c0)={0x0, 0x5}, 0x8) r7 = syz_open_dev$tty1(0xc, 0x4, 0x2) dup(r7) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f00000001c0)={0x0, 0x5}, &(0x7f0000000400)=0x8) 1m41.858007222s ago: executing program 0 (id=4107): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x8, 0x584e4f53, 0x4, 0x2, 0x7, 0x0, 0x5, 0x1, 0x4, 0x2, 0x7}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x14, 0x32, 0x701, 0xfffffffc, 0x0, {0x6}}, 0x14}}, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=@base={0x5, 0x6, 0x8, 0xad, 0x0, 0xffffffffffffffff, 0x4000000}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=@base={0xd, 0x2, 0x4, 0x4002, 0x5, r3, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x8000000}, 0x48) ftruncate(r2, 0x8800000) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x700, 0x0) sendfile(0xffffffffffffffff, r2, 0x0, 0x578410eb) socket$kcm(0x10, 0x2, 0x0) getpid() r4 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r4, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, 0x0, &(0x7f00000002c0)) io_uring_enter(r2, 0x1, 0xf95b, 0x4b, &(0x7f0000000000)={[0x7ff]}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r4, 0x84, 0x75, &(0x7f0000000140)={0x0, 0x647f}, 0x8) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x8) socket$kcm(0x29, 0x5, 0x0) 1m40.139605943s ago: executing program 0 (id=4110): bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[], 0x48) socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xd5e, 0x240000000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) write$char_usb(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) socket$rxrpc(0x21, 0x2, 0x4) r2 = userfaultfd(0x801) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000600)) pipe2$9p(&(0x7f0000000080), 0x0) r3 = timerfd_create(0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000640)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2, 0x0, 0x4}, [@NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @objref={{0xb}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_USERDATA={0x4}]}], {0x14}}, 0x70}}, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r3, &(0x7f0000000200)) timerfd_settime(r3, 0x3, 0x0, 0x0) clock_adjtime(0x0, &(0x7f0000000480)={0xd54, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}) syz_io_uring_submit(r1, 0x0, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) syz_open_dev$MSR(&(0x7f0000000000), 0x9, 0x0) 1m36.90574529s ago: executing program 0 (id=4113): sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, 0x0, 0xc081) r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r1}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) r3 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) getpid() fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0) r4 = gettid() fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) readv(r3, &(0x7f0000000080)=[{&(0x7f0000000100)=""/161, 0xd8}], 0x1) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000480)='\xf5\xfc\xd2\xec]\x95zx8*\xa2d\x11\xb5\xb1\x01\x00\x00\x00\xe49{\x8a{\x81s\xea$\xdfg\xb1\x03DY!\x97\xadM\xd7\xff\x8a\xcd[>\x12e\xc3]d8\xba\x8ec\x00\x00\x00\x00\x00\x00\x00\xa0\xe2\xd5y\xec\x90\x00\x98Y\x91\x19\x16\x89\xd0\x1a\xad\xcd\xd6\xd0\xc6\xb9\xeb\x95\xd3\x9cl\x9cu#\xb4\xee\xe5\x9d\t\fV\xd4\xda\xfc`2?\x15P\xba\x14b\x1c\xcc\xd5\xb9jA$s\xb9g3\x15[\xc7\xec\xa9;\xee\x01\xc9\xc4\x1f\xc3\xe4\xfa\xd3fU\x0e\x86\xc8\xa7\xaf\xaf\x04P\xa3\x8bb\xbf\\\xdb\x83\x00\x96sy\x14\x1eo\xcc9&\x946\xf9\xf5v\xee\xb5m$;\x01\xb8\xeau\x00\xd1S=\x920H\xc2z\xb5\xbe\x95\xef\xeb\xd1\xc8\xa1\xba\xach\xbef\xa8\x86\xc2\x18\x9cC\x15\x9c^\xcf\xe9\xbcp\xb4Ff\x00\x9d>p\"\x19\xd8}|\x92\x13\x874\xe3\x01\xfd-?\xba\xf2\x8e\xa5y\\\xf0\fkd??-\x983\xf3\x19\xc7\xc0/\xe9\x1a\x80=\xa72)\xd2\x00'/272, &(0x7f0000000240)='/\t\x00\x00\x00\x98', 0x0) tkill(r4, 0xb) chdir(0x0) 1m36.765770264s ago: executing program 1 (id=4114): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a6000000000000005000000", @ANYRES32=r0], 0x4c}}, 0x0) mkdir(0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mount$overlay(0xf6ffffff, 0x0, 0x0, 0xd4, 0x0) io_submit(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = openat$nullb(0xffffffffffffff9c, 0x0, 0xc102, 0x0) sendfile(r2, r2, 0x0, 0x40008) r3 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200), 0x4) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, &(0x7f0000000000)=0x9, 0x8, 0x1) openat$iommufd(0xffffffffffffff9c, 0x0, 0x30080, 0x0) 1m34.198024669s ago: executing program 0 (id=4117): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, 0x0) r0 = syz_open_dev$sndpcmp(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000) mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x6, 0x0, 0x6, 0x0) fcntl$lock(r0, 0x5, &(0x7f0000000080)={0x1, 0x0, 0x7fffffffffffffff}) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000940)=@generic={0x0}, 0x18) openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x181001, 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) r4 = dup(r3) write$FUSE_BMAP(r4, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r4, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r4}}) 1m33.168812067s ago: executing program 1 (id=4118): chdir(0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f00000001c0)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) shmget(0x1, 0x1000, 0x200, &(0x7f0000fff000/0x1000)=nil) r3 = fsopen(&(0x7f00000001c0)='devpts\x00', 0x0) setrlimit(0x7, &(0x7f0000000400)) fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f00000000c0)='system.posix_acl_access\x00', 0x0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) fsmount(r3, 0x0, 0xf) fsconfig$FSCONFIG_SET_FLAG(r3, 0x0, &(0x7f0000000040)='ro\x00', 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r3, 0x7, 0x0, 0x0, 0x0) 1m31.871961122s ago: executing program 1 (id=4119): openat$dlm_control(0xffffffffffffff9c, 0x0, 0x2401, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) openat$ttynull(0xffffffffffffff9c, &(0x7f0000000180), 0x88100, 0x0) mknod(0x0, 0x8001420, 0x0) mkdir(0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f00000002c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000440)='\x00'/16, 0x10) r5 = accept4(r4, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0), r5) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r5) sendmsg$TIPC_NL_BEARER_ENABLE(r5, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x240040c2) 1m30.216938367s ago: executing program 1 (id=4121): socket$pptp(0x18, 0x1, 0x2) r0 = socket$inet6(0xa, 0x80002, 0x88) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], 0x0, 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={0x0, 0x0, 0x2d}, 0x28) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf) sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[], 0x18}, 0x1, 0x0, 0x0, 0x8800}, 0x4000) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r5, 0x0, 0x0) io_setup(0x8, &(0x7f00000002c0)=0x0) io_submit(r6, 0x0, &(0x7f0000000000)) 1m28.576216848s ago: executing program 1 (id=4122): r0 = msgget$private(0x0, 0xef) msgctl$IPC_RMID(r0, 0x0) msgsnd(r0, &(0x7f0000000580)={0x3, "eae2254a711b33a783267efc920d52a3a13a771d10244c33744ffddef964e89b61e9da34e2a4f059097f16057f1d11"}, 0x37, 0x0) 1m28.134499879s ago: executing program 1 (id=4124): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, 0x0) r0 = syz_open_dev$sndpcmp(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000) mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x6, 0x0, 0x6, 0x0) r2 = getpid() fcntl$lock(r0, 0x5, &(0x7f0000000080)={0x1, 0x0, 0x7fffffffffffffff, 0x0, r2}) r3 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x181001, 0x0) ioctl$COMEDI_INSNLIST(r3, 0x8010640b, &(0x7f0000000000)={0x0, 0x0}) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r5, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) r6 = dup(r5) write$FUSE_BMAP(r6, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r6, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) write$FUSE_GETXATTR(r6, &(0x7f0000000480)={0x18}, 0x18) write$FUSE_INIT(r6, &(0x7f0000000600)={0x50, 0x0, 0x0, {0x7, 0x29, 0x3, 0x0, 0x4, 0x772, 0x7, 0x0, 0x0, 0x0, 0xa0, 0x200}}, 0x50) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r6}}) 1m17.982178472s ago: executing program 56 (id=4117): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, 0x0) r0 = syz_open_dev$sndpcmp(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000) mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x6, 0x0, 0x6, 0x0) fcntl$lock(r0, 0x5, &(0x7f0000000080)={0x1, 0x0, 0x7fffffffffffffff}) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000940)=@generic={0x0}, 0x18) openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x181001, 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) r4 = dup(r3) write$FUSE_BMAP(r4, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r4, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r4}}) 1m11.553164406s ago: executing program 57 (id=4124): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, 0x0) r0 = syz_open_dev$sndpcmp(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000) mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x6, 0x0, 0x6, 0x0) r2 = getpid() fcntl$lock(r0, 0x5, &(0x7f0000000080)={0x1, 0x0, 0x7fffffffffffffff, 0x0, r2}) r3 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x181001, 0x0) ioctl$COMEDI_INSNLIST(r3, 0x8010640b, &(0x7f0000000000)={0x0, 0x0}) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r5, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) r6 = dup(r5) write$FUSE_BMAP(r6, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r6, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) write$FUSE_GETXATTR(r6, &(0x7f0000000480)={0x18}, 0x18) write$FUSE_INIT(r6, &(0x7f0000000600)={0x50, 0x0, 0x0, {0x7, 0x29, 0x3, 0x0, 0x4, 0x772, 0x7, 0x0, 0x0, 0x0, 0xa0, 0x200}}, 0x50) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r6}}) 35.499646043s ago: executing program 8 (id=4177): r0 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x40, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=@gettaction={0x14, 0x32, 0x800, 0x70bd2c, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x40) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x482100, 0x0) ioctl$TIOCSETD(r1, 0x5423, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = getpgrp(0xffffffffffffffff) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) syz_mount_image$udf(&(0x7f0000000100), &(0x7f0000000040)='./bus\x00', 0x14444, &(0x7f0000000fc0)=ANY=[@ANYBLOB='iocharset=cp860,noadinicb,session=00000000000000000004,unhide,volume=00000000000000052123,umask=00000000000000000000002,shortad,rootdir=00000000000000000003,uid=', @ANYRESDEC=0xee01, @ANYBLOB="2c00052d5440669c78bffc3a3fa4eab3b729e3e111d3842a7ecce1f114be2380a2d1a62a4dc8ec11f76344a7e56ac10de6d7e3d66851cbc9c02da38318fa82c0ce928a0bc43a9e691a213a18ee3532f23d07027881f0ddc4c60b16f1b943bfbc0ad44a99e7e44e8fa4e9c8181751240e3d6b3de4b645bcd60146d24d9d2e95140225efcbc328699b608222ffff36db306021f3c213e2e2014ff850bfe3b43f8abb3d7506c67389b990b7a00a1f7022fb60ea96dcf49eae0900000000000000fbccb6059a73fd1c8b8d44350b5700004035dc7ba9ef0f4528a7cfde84bda823a07d804780da1a7258567a90916b5a1d297a9096931f481e050e47cfdcf04485a2179a6f9f3f84238ecb9b3581fa6e1851277782b4e1ec9199e6d272d6364c1f1773f8b62400ad0ad8a33dfb6a23168d69228dd78cca270bf8a0b69f84eab104130edec400b891f3f294fb0127b515f197056d0737269a"], 0xfe, 0xc22, &(0x7f00000002c0)="$eJzs3UFsHNd9B+D/Gy1FSm4rJk5Uu43bTVukMmO5sqSYilW4q5pmG0CWiVDMLQBX5EpdmCIJkmpkI22YXnroIUBR9JATgdYokKKB0RRBj2zrAsnFhyKnnogWNoKiB7YIkFPAYGbfikuKsmhTpCj7+2zqNzvz3sx7M+sZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxO+/fOnMc+lhtwIAOEhXxr985qznPwB8rFz1//8AAAAAAAAAAAAAAHDYpSji8Ugxf2U9TVafOwYut2dv3Z4YGd252rFU1TxSlS9/Bp47e+78F54fvtDN96//oD0Zr45fvVR/ae7m/EJrcbE1XZ+YbU/NTbd2vYe91t9uqDoB9Zuv3Zq+fn2xfvbZc1s23x58r/+xk4MXh58+/VS37MTI6Oh4T5la34c++l3uNcLjaBRxOlI8890fp2ZEFLH3c3Gf785+O1Z1YqjqxMTIaNWRmXZzdqncONY9EUVEvadSo3uODuBa7EkjYrlsftngobJ74/PNhea1mVZ9rLmw1F5qz82OpU5ry/7Uo4gLKWIlItb6795dXxRRixTfPrGerkXEke55+Hw1MPje7Sj2sY+7ULaz3hexUjwC1+wQ648iXokUP3m7iKnynOWf+FzEK2V+P+LNMl+MSOUX43zEuzt8j3g01aKIvyiv/8X1NB0RGyc660frl79S/9Ls9bmest37yiP/fDhIh/zeNBBFNKs7/nr68L/ZAQAAAAAAAAAAAAAAAOBBOxZFPBkpXv6PP67GFUc1Lv3ExeE/GPzF3jHjT9xnP2XZZyNiudjdmNyjeQjxWBpL6SGPJf44G4gi/iSP//vmw24MAAAAAAAAAAAAAAAAAADAx1oRP4oUL7xzKq1E75zi7dkb9avNazOdWWG7c/9250zf2NjYqKdONnJO5lzOuZJzNedazihy/ZyNnJM5l3Ou5FzNuZYzjuT6ORs5J3Mu51zJuZpzLWfUcv2cjZyTOZdzruRczbmWMw7J3L0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8lRRTxs0jxra+tp0gR0YiYjE6u9nfLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPU38q4nuRov6HjTvrahGRqn87TpW/nI/G0TI/GY3hMl+MxqWczSprjW/e92hpX/rAh9eXivhhpOgfeOvO1cnXv6/zafOavfn1zU+/Uuvkke7Gwff6Hzt54uLw6K89ca/lHa/+0OX27K3b9YmR0dHxntW1fPRP9qwbzMctHkzXiYjF1994rTkz01qw8PFYqHUWanFI2nNQC/l+FYelPdsXGoejGZsLD/nGxIEon//vRorfeec/uw/87vP/Fzqf7jzh46d/uvn8f2H7jvbp+f94z7oX8u9G+moRA0s35/tORgwsvv7G6fbN5o3Wjdbs+TNnvjg8/MVzZ/qORgxcb8+0epb2fKoAAAAAAAAAAAAAAAAADlYq4vciRfOH66keEber8VqDF4efPv3UkThSjbfaMm7r1fGrl+ovzd2cX2gtLram6xOz7am56dZuDzdQDfeaGBndl87c17F9bv+xgZfm5l9faN/4o6Udtx8fuHRtcWmhObXz5jgWRUSjd81Q1eCJkdGq0TPt5mxVdewBvUqhLxXxX5Fi6nw9fTavy+P/to/w3zL+f3n7jvZp/N8netaVx0ypiJ9Git/+yyfis1U7j8dd5yyX+9tIMXThM7lcHC3LddvQea9AZ2RgWfb/IsU//mxr2e54yMc3yz636xP7iCiv/4lI8b0//078Rl639f0PO1//49t3tE/X/1M9645veV/BnrtOvv6nI8WLj78Vv5nXvd/7P4rY2Nj4RsSpXPjO+zn26fp/umfdYHSO+1sPrvsAAAAAAAAAAACPrL5UxN9FiqdGa+n5vG43f/9vevuO9unvf/1yz7rpA5qvaM8nFQAAAAAOib5UxI8ixY2lt+6Mod46/rtn/Ofvbs69PpK2ba3+nO+XqvcGPMg//+s1mI87ufduAwAAAAAAAAAAAAAAAAAAwKGSUhHP5/nUJ+8zn/pqpHj5f57J5dLJslx3HvjB6teBK3Ozpy/NzMxNNZea12Za9fH55lSrrPupSLH+N5/JdYtqfvXufPOdOd4HNrpzsS9EitG/75btzMXenZu8Mx94Zy72suwnIsV//8PWst15rD+9WfZsWfavI8VX/3nnsic3y54ry34nUvzgq/Vu2eNl2e77UTvvJB2oxUzr2am5mbtehQoAAAAAAAAAAAAAAAAAAAAfVF8q4s8ixf/eXInlPOw/z//fnYG/1i375td75vvf5nY1z/9gNf//vZY/zPz/gw+spwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8OhIUcQbkWL+ynpa7S8/dwxcbs/euj0xMrpztWOpqnmkKl/+DDx39tz5Lzw/fKGb71//QXsyXh2/eqn+0tzN+YXW4mJruj4x256am27teg97rb956jqGqhNQv/narenr1xfrZ589t2Xz7cH3+h87OXhx+OnTT3XLToyMjo73lKn1fYCjf6DGbToaRfxVpHjmuz9O/9IfUcTez8V9vjv77VjViaGqExMjo1VHZtrN2aVy41j3RBQR9Z5Kje45OoBrsSeNiOWy+WWDh8rujc83F5rXZlr1sebCUnupPTc7ljqtLftTjyIupIiViFjrv3t3fVHEa5Hi2yfW07/2RxzpnofPXxn/8pmz925HsY993IWynfW+iJXiEbhmh1h/FPFPkeInb5+Kf+uPqEXnJz4X8UqZ3494s8wXI1KK2PhGxLs7fI94NNWiiP8vr//F9fR2f3k/6N5XLn+l/qXZ63M9Zbv3lV09H3793sd86M+Hg3TI700DUcQPqjv+evp3/10DAAAAAAAAAAAAAAAAHCJF/GqkeOGdU6kaH3xnTHF79kb9avPaTGdYX3fsX3fM9MbGxkY9dbKRczLncs6VnKs513JGkevnbOSczLmccyXnas61nHEk18/ZyDmZcznnSs7VnGs5o5br52zknMy5nHMl52rOtZxxSMbuAQAAAAAAAAAAAAAAAAAAHy1F9U+Kb31tPW30d+aXnoxOrpoP9CPv5wEAAP//N4D+uw==") syz_open_procfs(0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0xd, 0x0, &(0x7f0000000b00)) r4 = creat(&(0x7f0000000080)='./file0\x00', 0xd931d3864d39ddd9) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r5, 0x0, 0x0) write$binfmt_aout(r4, &(0x7f0000000280)=ANY=[], 0xff2e) 35.498813204s ago: executing program 9 (id=4186): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a6000000000000005000000", @ANYRES32=r0], 0x4c}}, 0x0) mkdir(0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) io_submit(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) ioprio_set$uid(0x3, 0x0, 0x6007) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x40008) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, &(0x7f0000000000)=0x9, 0x8, 0x1) openat$iommufd(0xffffffffffffff9c, 0x0, 0x30080, 0x0) 34.198443535s ago: executing program 9 (id=4178): openat$dlm_control(0xffffffffffffff9c, 0x0, 0x2401, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) openat$ttynull(0xffffffffffffff9c, &(0x7f0000000180), 0x88100, 0x0) mknod(0x0, 0x8001420, 0x0) mkdir(0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f00000002c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000440)='\x00'/16, 0x10) r5 = accept4(r4, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0), r5) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r5) sendmsg$TIPC_NL_BEARER_ENABLE(r5, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x240040c2) 32.636406023s ago: executing program 8 (id=4179): bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[], 0x48) socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xd5e, 0x240000000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) write$char_usb(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) socket$rxrpc(0x21, 0x2, 0x4) r2 = userfaultfd(0x801) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000600)) pipe2$9p(&(0x7f0000000080), 0x0) r3 = timerfd_create(0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000640)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2, 0x0, 0x4}, [@NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @objref={{0xb}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_USERDATA={0x4}]}], {0x14}}, 0x70}}, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r3, &(0x7f0000000200)) timerfd_settime(r3, 0x3, 0x0, 0x0) clock_adjtime(0x0, &(0x7f0000000480)={0xd54, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}) syz_io_uring_submit(r1, 0x0, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) syz_open_dev$MSR(&(0x7f0000000000), 0x9, 0x0) 8.441150482s ago: executing program 2 (id=3995): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) socket(0x2, 0x2, 0x1) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x3) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)=ANY=[@ANYBLOB="640100001a0001000000000000000000e0000002000000000000000000000000ac1e000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="e0000002000000000000000000000000000080ff3c000000e000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000200000000000000000000000000000a000000000000000000000014000e"], 0x164}, 0x1, 0x0, 0x0, 0xc000}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) keyctl$clear(0x3, 0xfffffffffffffffd) r6 = openat$fb0(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$FBIOBLANK(r6, 0x4611, 0x4) creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) mount$tmpfs(0x0, &(0x7f0000000540)='./cgroup\x00', &(0x7f0000000580), 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="6d706f6c3d643d7374617469633a2c00000000000000a113b66474bff5377bac2d70171de65cde95b3fe42cf7b10947b710cda6b81ee95f4b018f505"]) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000000)='cifs\x00', 0x0, &(0x7f00000001c0)='=\n\x9b\xa1Q\x83\xe9\n@\xf6\"2a\xd7\x1fch\x1a}#\xfa\xe4`\xdc[\x03\x97\xcd\xf1\xa6b\x9a\x1f\xff\xff\xffIT\xe4\x8c&\xac\xe6:\xc5\xe8\xd9\"\x82\xd5\xeb\x90\xef1:\xba\xc3\xc3\xd3\xad\'\xc44\x17,,\x8dZz\x04\x17-#F\xc7<\xe6\xf5]%gC\x9e\xca\nS\xc3\xc8\x98\xd8\xc8\x9eZ\xa76\x9f\xc2=\xaa\xcet7\xb9\xbd\xd47\xe3\xc8@$8\v\x9f\xfd\xe1!\x11\x19Y\x06J\x8f\x80\xef9Tw8\x1b\xe2\xf3\x85\xd5}\xa5\xb7\xd5|') 8.440114201s ago: executing program 9 (id=4190): socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(0x0, r0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) io_setup(0x6, 0x0) io_submit(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) r2 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r2, 0x29, 0x36, &(0x7f0000000600)=ANY=[@ANYBLOB='va\x00\x00\x00\x00'], 0x8) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e2a, 0xffffffff, @mcast2, 0x9}, 0x1c) r3 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r3, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000200), 0x4) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)={0x94, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x94}}, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0x94, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa, 0x0, 0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x94}}, 0x0) sendmsg$IPCTNL_MSG_CT_DELETE(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)={0x14, 0x2, 0x1, 0x5, 0x0, 0x0, {0x2, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x20044804}, 0x40040) 8.439390426s ago: executing program 8 (id=4191): openat$dlm_control(0xffffffffffffff9c, 0x0, 0x2401, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) openat$ttynull(0xffffffffffffff9c, &(0x7f0000000180), 0x88100, 0x0) mknod(0x0, 0x8001420, 0x0) mkdir(0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f00000002c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000440)='\x00'/16, 0x10) r5 = accept4(r4, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0), r5) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r5) sendmsg$TIPC_NL_BEARER_ENABLE(r5, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x240040c2) 6.533217505s ago: executing program 2 (id=4180): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f00000000c0), 0x1) r1 = socket$kcm(0x29, 0x5, 0x0) setsockopt$sock_timeval(r1, 0x1, 0x3d, &(0x7f0000000080)={0x77359400}, 0x10) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f00000001c0)={0xd}, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x28, 0x0, 0x1, 0x70bd29, 0x25dfdbfc, {0x3}, [@TIPC_NLA_BEARER={0x14, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x8, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB], &(0x7f0000000300)='GPL\x00', 0x8, 0x1005, &(0x7f000001b180)=""/4101}, 0x94) r5 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r5}, 0x2c, {'rootmode', 0x3d, 0x4000}}) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c) sendto$inet6(r0, &(0x7f0000000200)="cf", 0x1, 0x400c0d4, &(0x7f0000000140)={0xa, 0x4e23, 0xfa82, @loopback, 0xffffffff}, 0x1c) 5.275731958s ago: executing program 2 (id=4182): r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000100)={0x0, 0x204000, 0x1000}, 0x20) openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x3) syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f0000000140), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{0x1}, &(0x7f00000001c0), &(0x7f0000000300)}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00'}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2042) write$char_usb(r3, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, 0x0, 0x0) r4 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000500), 0x1, 0x0) write$binfmt_register(r4, &(0x7f0000000100)={0x3a, 'syz2', 0x3a, 'E', 0x3a, 0x2, 0x3a, ',[\\&-\x87\x81(.%-\\', 0x3a, '/', 0x3a, './file0', 0x3a, [0x43, 0x43]}, 0x36) r5 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x800) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x4, 0x2012, r5, 0x0) mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1) r6 = socket$inet6_icmp(0xa, 0x2, 0x3a) bind$inet6(r6, &(0x7f0000002f40)={0xa, 0x4e24, 0xa, @dev={0xfe, 0x80, '\x00', 0xf}, 0x3}, 0x1c) 5.257305187s ago: executing program 9 (id=4194): r0 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x40040, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000ec0)={0xc}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x87}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xa) socket$unix(0x1, 0xc17a9ab45fe0440f, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sendmsg$DEVLINK_CMD_RATE_NEW(0xffffffffffffffff, 0x0, 0x24000800) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0) syz_emit_ethernet(0xfdef, &(0x7f0000000000)={@local, @remote, @void, {@llc={0x8864, {@snap={0x0, 0x0, '~', "3fab95", 0x892f}}}}}, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x8, &(0x7f0000000300)) r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20000086) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r4 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x800, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r5 = dup3(r4, r3, 0x0) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r6, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) 2.89906924s ago: executing program 2 (id=4183): sendmsg$inet(0xffffffffffffffff, 0x0, 0x2008084) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB="0000000003000000000000000000"], 0x50) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r4 = openat$dma_heap(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r4, 0xc0184800, 0x0) syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000340)={'batadv_slave_1\x00'}) r5 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$EBT_SO_SET_ENTRIES(r5, 0x0, 0x80, &(0x7f0000000240)=@filter={'filter\x00', 0xe, 0x0, 0xc0, [0x0, 0x200000000180, 0x2000000001b0, 0x2000000001e0], 0x0, 0x0, &(0x7f0000000180)=ANY=[]}, 0x78) socket(0x2, 0x3, 0x67) r6 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r6, 0xc008561c, &(0x7f0000000040)={0xf0f024}) ioctl$vim2m_VIDIOC_S_FMT(r6, 0xc0d05605, &(0x7f0000000540)={0x2, @pix={0x3, 0x401, 0x3132564e, 0x1, 0x3, 0x3, 0xc, 0x7, 0x0, 0x0, 0x0, 0x3}}) 2.897906589s ago: executing program 8 (id=4196): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, 0x0) r0 = syz_open_dev$sndpcmp(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000) mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x6, 0x0, 0x6, 0x0) r2 = getpid() fcntl$lock(r0, 0x5, &(0x7f0000000080)={0x1, 0x0, 0x7fffffffffffffff, 0x0, r2}) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000940)=@generic={0x0}, 0x18) openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x181001, 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r4, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) r5 = dup(r4) write$FUSE_BMAP(r5, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r5, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) write$FUSE_GETXATTR(r5, &(0x7f0000000480)={0x18}, 0x18) write$FUSE_INIT(r5, &(0x7f0000000600)={0x50, 0x0, 0x0, {0x7, 0x29, 0x3, 0x0, 0x4, 0x772, 0x7, 0x0, 0x0, 0x0, 0xa0, 0x200}}, 0x50) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r5}}) 2.198567139s ago: executing program 9 (id=4184): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) prlimit64(0x0, 0xe, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket(0x10, 0x80002, 0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_udp_int(r3, 0x11, 0x1, &(0x7f0000000040)=0x6, 0x4) sendmmsg$inet6(r3, &(0x7f0000000740)=[{{&(0x7f0000000100)={0x2, 0x4e21, 0x0, @empty}, 0x1c, 0x0}}], 0x300, 0x0) r4 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f0000000140)={0x2, 0x8, 0x1}, 0x18) ioctl$F2FS_IOC_SET_PIN_FILE(r4, 0x4004f50d, 0x0) getpid() sched_setaffinity(0x0, 0x0, 0x0) r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r5) ptrace$pokeuser(0x6, r5, 0x358, 0x800000000000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000003000000000000000f8ff00851000000600000018020000", @ANYRES32], &(0x7f0000000000)='GPL\x00', 0x2}, 0x94) r6 = msgget$private(0x0, 0xef) msgctl$IPC_RMID(r6, 0x0) 2.100095385s ago: executing program 8 (id=4185): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x24, 0x1402, 0x1, 0x70bd2a, 0x25dfdc01, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz1\x00'}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000801}, 0x40810) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'generic-gcm-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000140), 0x0) r3 = accept4(r2, 0x0, 0x0, 0x0) r4 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r4}, 0x4) r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={0x0, r5}, 0x18) io_setup(0x3ff, &(0x7f00000000c0)) openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0) ustat(0xe, &(0x7f00000005c0)) sendmsg$nl_route_sched_retired(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000019140)=@newchain={0x24, 0x64, 0x300, 0x70bd2c, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xffe0}, {0x1, 0x5}, {0xfff3, 0xa}}}, 0x24}}, 0x0) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/custom1\x00', 0x802, 0x0) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, 0x0) recvmmsg(r3, &(0x7f0000000180)=[{{0x0, 0x0, 0x0}}], 0x1, 0x60, 0x0) 899.727541ms ago: executing program 9 (id=4187): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) prlimit64(0x0, 0xe, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket(0x10, 0x80002, 0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_udp_int(r3, 0x11, 0x1, &(0x7f0000000040)=0x6, 0x4) sendmmsg$inet6(r3, &(0x7f0000000740)=[{{&(0x7f0000000100)={0x2, 0x4e21, 0x0, @empty}, 0x1c, 0x0}}], 0x300, 0x0) r4 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f0000000140)={0x2, 0x8, 0x1}, 0x18) ioctl$F2FS_IOC_SET_PIN_FILE(r4, 0x4004f50d, 0x0) getpid() sched_setaffinity(0x0, 0x0, 0x0) r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r5) ptrace$pokeuser(0x6, r5, 0x358, 0x800000000000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000003000000000000000f8ff00851000000600000018020000", @ANYRES32], &(0x7f0000000000)='GPL\x00', 0x2}, 0x94) r6 = msgget$private(0x0, 0xef) msgctl$IPC_RMID(r6, 0x0) 0s ago: executing program 8 (id=4188): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) syz_emit_vhci(&(0x7f0000000340)=@HCI_EVENT_PKT={0x4, @hci_ev_logical_link_complete={{}, {0x3, 0xc8, 0xc9, 0x9}}}, 0x64) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xa2bb1000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x5, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r3) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e22, 0x0, @empty, 0x4000006}, 0x1c) listen(r4, 0x6) r5 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r6 = accept(r3, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[], 0xfffffdef}}, 0x0) r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r7, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) listen(r7, 0x90004) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e130100c90001"], 0x16) accept4(r7, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): netlink: 48 bytes leftover after parsing attributes in process `syz.9.3642'. [ 2779.852440][T17883] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 2780.225965][T21210] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 2780.241150][T21210] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 2780.251265][T21210] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 2780.281922][T21210] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 2780.303199][T21210] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 2780.372618][T23860] loop9: detected capacity change from 0 to 256 [ 2780.501056][T23853] loop0: detected capacity change from 0 to 40427 [ 2780.986555][T23860] exFAT-fs (loop9): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x89cb6648, utbl_chksum : 0xe619d30d) [ 2781.410936][T23853] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 2781.552273][T23870] exFAT-fs (loop9): start_clu is invalid cluster(0xffffffff) [ 2782.292971][ T30] audit: type=1804 audit(2000000034.722:348): pid=23871 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.9.3647" name="/newroot/9/file2/bus" dev="loop9" ino=1048735 res=1 errno=0 [ 2782.511967][ T30] audit: type=1800 audit(2000000034.722:349): pid=23871 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.3647" name="bus" dev="loop9" ino=1048735 res=0 errno=0 [ 2782.544417][T21210] Bluetooth: hci0: command tx timeout [ 2782.589216][ T30] audit: type=1804 audit(2000000034.722:350): pid=23872 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.9.3647" name="/newroot/9/file2/bus" dev="loop9" ino=1048735 res=1 errno=0 [ 2783.049835][T23878] syz.0.3644: attempt to access beyond end of device [ 2783.049835][T23878] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 2784.180654][T17989] syz-executor: attempt to access beyond end of device [ 2784.180654][T17989] loop0: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 2784.258669][T17989] CPU: 0 UID: 0 PID: 17989 Comm: syz-executor Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 2784.258719][T17989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 2784.258741][T17989] Call Trace: [ 2784.258753][T17989] [ 2784.258768][T17989] dump_stack_lvl+0x16c/0x1f0 [ 2784.258830][T17989] f2fs_handle_critical_error+0x621/0x9f0 [ 2784.258878][T17989] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2784.258922][T17989] ? f2fs_build_fault_attr+0x53/0x1f0 [ 2784.258973][T17989] f2fs_write_end_io+0x785/0xc20 [ 2784.259023][T17989] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 2784.259075][T17989] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2784.259127][T17989] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 2784.259183][T17989] bio_endio+0x70d/0x850 [ 2784.259223][T17989] submit_bio_noacct+0x56d/0x1eb0 [ 2784.259282][T17989] __submit_merged_bio+0x33c/0x770 [ 2784.259337][T17989] __submit_merged_write_cond+0x319/0x3f0 [ 2784.259399][T17989] f2fs_write_cache_pages+0x2067/0x2570 [ 2784.259485][T17989] ? __pfx_f2fs_write_cache_pages+0x10/0x10 [ 2784.259550][T17989] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2784.259594][T17989] ? __lock_acquire+0x622/0x1c90 [ 2784.259668][T17989] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2784.259796][T17989] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2784.259838][T17989] ? mod_memcg_lruvec_state+0x394/0x610 [ 2784.259899][T17989] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2784.259940][T17989] ? __mod_zone_page_state+0xcc/0x1a0 [ 2784.259997][T17989] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2784.260048][T17989] f2fs_write_data_pages+0x4ad/0xd90 [ 2784.260111][T17989] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 2784.260188][T17989] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2784.260231][T17989] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 2784.260290][T17989] do_writepages+0x27a/0x600 [ 2784.260356][T17989] ? __pfx_do_writepages+0x10/0x10 [ 2784.260412][T17989] ? do_raw_spin_unlock+0x172/0x230 [ 2784.260457][T17989] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2784.260501][T17989] ? _raw_spin_unlock+0x28/0x50 [ 2784.260555][T17989] filemap_fdatawrite_wbc+0x104/0x160 [ 2784.260621][T17989] __filemap_fdatawrite_range+0xb2/0xf0 [ 2784.260667][T17989] ? __pfx___filemap_fdatawrite_range+0x10/0x10 [ 2784.260770][T17989] ? find_held_lock+0x2b/0x80 [ 2784.260819][T17989] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2784.260864][T17989] ? do_raw_spin_unlock+0x172/0x230 [ 2784.260907][T17989] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2784.260958][T17989] f2fs_sync_dirty_inodes+0x2a9/0x990 [ 2784.261038][T17989] block_operations+0x2a3/0xfd0 [ 2784.261100][T17989] ? __pfx___schedule+0x10/0x10 [ 2784.261155][T17989] ? __pfx_block_operations+0x10/0x10 [ 2784.261275][T17989] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2784.261318][T17989] ? down_write+0x14d/0x200 [ 2784.261353][T17989] ? __pfx_down_write+0x10/0x10 [ 2784.261391][T17989] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2784.261435][T17989] ? rcu_is_watching+0x12/0xc0 [ 2784.261490][T17989] f2fs_write_checkpoint+0x2b8/0x4c60 [ 2784.261556][T17989] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2784.261599][T17989] ? kfree+0x2b4/0x4d0 [ 2784.261629][T17989] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2784.261677][T17989] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2784.261721][T17989] ? rcu_is_watching+0x12/0xc0 [ 2784.261768][T17989] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2784.261811][T17989] ? kthread_stop+0x273/0x650 [ 2784.261851][T17989] kill_f2fs_super+0x3c2/0x470 [ 2784.261912][T17989] ? __pfx_kill_f2fs_super+0x10/0x10 [ 2784.261969][T17989] ? lockdep_hardirqs_on+0x7c/0x110 [ 2784.262043][T17989] deactivate_locked_super+0xc1/0x1a0 [ 2784.262085][T17989] deactivate_super+0xde/0x100 [ 2784.262125][T17989] cleanup_mnt+0x225/0x450 [ 2784.262175][T17989] task_work_run+0x150/0x240 [ 2784.262218][T17989] ? __pfx_task_work_run+0x10/0x10 [ 2784.262256][T17989] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2784.262304][T17989] ? __pfx___x64_sys_umount+0x10/0x10 [ 2784.262361][T17989] exit_to_user_mode_loop+0xeb/0x110 [ 2784.262406][T17989] do_syscall_64+0x3f6/0x4c0 [ 2784.262468][T17989] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2784.262506][T17989] RIP: 0033:0x7f097f98fc57 [ 2784.262535][T17989] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 2784.262572][T17989] RSP: 002b:00007fff88c54fe8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 2784.262607][T17989] RAX: 0000000000000000 RBX: 00007f097fa10925 RCX: 00007f097f98fc57 [ 2784.262631][T17989] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff88c550a0 [ 2784.262654][T17989] RBP: 00007fff88c550a0 R08: 0000000000000000 R09: 0000000000000000 [ 2784.262678][T17989] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff88c56130 [ 2784.262703][T17989] R13: 00007f097fa10925 R14: 000000000028bd95 R15: 00007fff88c56170 [ 2784.262753][T17989] [ 2784.263216][T17989] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 2785.077716][T21210] Bluetooth: hci0: command tx timeout [ 2786.771017][T23887] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 2787.219915][T23893] loop9: detected capacity change from 0 to 64 [ 2787.242697][T21210] Bluetooth: hci0: command tx timeout [ 2787.689433][T23898] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3654'. [ 2787.809428][T23899] random: crng reseeded on system resumption [ 2788.559902][T20391] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2788.966720][T23904] loop3: detected capacity change from 0 to 128 [ 2789.139922][T20391] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2789.317373][T23904] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 2789.582783][T21210] Bluetooth: hci0: command tx timeout [ 2789.605013][T23904] ext4 filesystem being mounted at /261/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 2790.437890][T23050] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 2790.447864][T23050] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 2790.456122][T23050] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 2790.465217][T23050] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 2790.473702][T23050] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 2790.692727][T20391] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2790.708243][T17883] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 2791.119524][T23927] netlink: 48 bytes leftover after parsing attributes in process `syz.6.3658'. [ 2792.634039][T23934] loop0: detected capacity change from 0 to 1764 [ 2792.644705][T23934] iso9660: Bad value for 'uid' [ 2792.649660][T23934] iso9660: Bad value for 'uid' [ 2792.738108][T18943] Bluetooth: hci5: command tx timeout [ 2792.788939][T23934] loop0: detected capacity change from 0 to 8 [ 2792.799594][T23934] squashfs: Unknown parameter '/proc/timer_list' [ 2792.867503][T23934] loop0: detected capacity change from 0 to 1024 [ 2792.877392][T23934] EXT4-fs: Ignoring removed nomblk_io_submit option [ 2792.942106][T23934] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 2795.255553][T18943] Bluetooth: hci5: command tx timeout [ 2795.415329][T23934] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 2795.484341][T20391] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2796.855720][T17989] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2797.484149][T23949] loop6: detected capacity change from 0 to 1024 [ 2797.540601][T18943] Bluetooth: hci5: command tx timeout [ 2798.772891][ T13] hfsplus: b-tree write err: -5, ino 4 [ 2800.599672][T18943] Bluetooth: hci5: command tx timeout [ 2801.470060][T23856] chnl_net:caif_netlink_parms(): no params data found [ 2801.577179][T20391] bridge_slave_1: left allmulticast mode [ 2801.582882][T20391] bridge_slave_1: left promiscuous mode [ 2801.590098][T23977] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 2801.632002][T20391] bridge0: port 2(bridge_slave_1) entered disabled state [ 2801.769764][T20391] bridge_slave_0: left allmulticast mode [ 2801.792709][T20391] bridge_slave_0: left promiscuous mode [ 2801.821727][T20391] bridge0: port 1(bridge_slave_0) entered disabled state [ 2803.208393][T20391] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2803.227338][T20391] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2803.239063][T20391] bond0 (unregistering): Released all slaves [ 2803.302746][T23915] chnl_net:caif_netlink_parms(): no params data found [ 2803.363720][T23995] loop6: detected capacity change from 0 to 64 [ 2803.428670][T23997] loop3: detected capacity change from 0 to 128 [ 2804.883389][T23997] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 2804.974805][T23997] ext4 filesystem being mounted at /265/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 2805.365749][T24014] 9pnet_fd: Insufficient options for proto=fd [ 2805.590309][T17883] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 2806.073093][T24021] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3672'. [ 2807.066477][T20391] hsr_slave_0: left promiscuous mode [ 2807.171582][T20391] hsr_slave_1: left promiscuous mode [ 2807.181033][T20391] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2807.212383][T20391] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2807.240559][T20391] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2807.247993][T20391] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2807.389463][T24039] loop9: detected capacity change from 0 to 1764 [ 2807.401633][T24039] iso9660: Bad value for 'uid' [ 2807.406504][T24039] iso9660: Bad value for 'uid' [ 2807.577147][T24039] loop9: detected capacity change from 0 to 8 [ 2807.591927][T24039] squashfs: Unknown parameter '/proc/timer_list' [ 2807.749166][T20391] veth1_macvtap: left promiscuous mode [ 2807.853973][T20391] veth0_macvtap: left promiscuous mode [ 2807.943745][T20391] veth1_vlan: left promiscuous mode [ 2808.042632][T20391] veth0_vlan: left promiscuous mode [ 2808.497770][T24043] loop3: detected capacity change from 0 to 64 [ 2809.129880][T24045] ceph: No mds server is up or the cluster is laggy [ 2809.159452][T14376] libceph: connect (1)[c::]:6789 error -101 [ 2809.602177][T14376] libceph: mon0 (1)[c::]:6789 connect error [ 2810.963500][T24051] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 2812.626656][T24062] random: crng reseeded on system resumption [ 2813.820942][T24064] loop9: detected capacity change from 0 to 40427 [ 2813.921077][T24064] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5 [ 2814.046282][T24070] loop6: detected capacity change from 0 to 22 [ 2814.053686][T24070] MTD: Attempt to mount non-MTD device "/dev/loop6" [ 2814.092674][T24070] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 2815.603252][T24074] syz.9.3681: attempt to access beyond end of device [ 2815.603252][T24074] loop9: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 2816.265369][T23484] syz-executor: attempt to access beyond end of device [ 2816.265369][T23484] loop9: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 2816.326435][T23484] CPU: 1 UID: 0 PID: 23484 Comm: syz-executor Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 2816.326488][T23484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 2816.326511][T23484] Call Trace: [ 2816.326523][T23484] [ 2816.326537][T23484] dump_stack_lvl+0x16c/0x1f0 [ 2816.326599][T23484] f2fs_handle_critical_error+0x621/0x9f0 [ 2816.326647][T23484] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2816.326691][T23484] ? f2fs_build_fault_attr+0x53/0x1f0 [ 2816.326740][T23484] f2fs_write_end_io+0x785/0xc20 [ 2816.326792][T23484] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 2816.326846][T23484] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2816.326900][T23484] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 2816.326947][T23484] bio_endio+0x70d/0x850 [ 2816.326993][T23484] submit_bio_noacct+0x56d/0x1eb0 [ 2816.327051][T23484] __submit_merged_bio+0x33c/0x770 [ 2816.327105][T23484] __submit_merged_write_cond+0x319/0x3f0 [ 2816.327167][T23484] f2fs_write_cache_pages+0x2067/0x2570 [ 2816.327252][T23484] ? __pfx_f2fs_write_cache_pages+0x10/0x10 [ 2816.327316][T23484] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2816.327360][T23484] ? __lock_acquire+0x622/0x1c90 [ 2816.327430][T23484] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2816.327557][T23484] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2816.327600][T23484] ? mod_memcg_lruvec_state+0x394/0x610 [ 2816.327663][T23484] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2816.327706][T23484] ? __mod_zone_page_state+0xcc/0x1a0 [ 2816.327764][T23484] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2816.327815][T23484] f2fs_write_data_pages+0x4ad/0xd90 [ 2816.327879][T23484] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 2816.327949][T23484] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2816.327997][T23484] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 2816.328056][T23484] do_writepages+0x27a/0x600 [ 2816.328121][T23484] ? __pfx_do_writepages+0x10/0x10 [ 2816.328176][T23484] ? do_raw_spin_unlock+0x172/0x230 [ 2816.328220][T23484] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2816.328263][T23484] ? _raw_spin_unlock+0x28/0x50 [ 2816.328317][T23484] filemap_fdatawrite_wbc+0x104/0x160 [ 2816.328381][T23484] __filemap_fdatawrite_range+0xb2/0xf0 [ 2816.328428][T23484] ? __pfx___filemap_fdatawrite_range+0x10/0x10 [ 2816.328530][T23484] ? find_held_lock+0x2b/0x80 [ 2816.328577][T23484] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2816.328622][T23484] ? do_raw_spin_unlock+0x172/0x230 [ 2816.328665][T23484] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2816.328715][T23484] f2fs_sync_dirty_inodes+0x2a9/0x990 [ 2816.328793][T23484] block_operations+0x2a3/0xfd0 [ 2816.328854][T23484] ? __pfx___schedule+0x10/0x10 [ 2816.328907][T23484] ? __pfx_block_operations+0x10/0x10 [ 2816.329026][T23484] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2816.329070][T23484] ? down_write+0x14d/0x200 [ 2816.329104][T23484] ? __pfx_down_write+0x10/0x10 [ 2816.329141][T23484] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2816.329185][T23484] ? rcu_is_watching+0x12/0xc0 [ 2816.329237][T23484] f2fs_write_checkpoint+0x2b8/0x4c60 [ 2816.329302][T23484] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2816.329344][T23484] ? kfree+0x2b4/0x4d0 [ 2816.329375][T23484] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2816.329424][T23484] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2816.329466][T23484] ? rcu_is_watching+0x12/0xc0 [ 2816.329510][T23484] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2816.329552][T23484] ? kthread_stop+0x273/0x650 [ 2816.329590][T23484] kill_f2fs_super+0x3c2/0x470 [ 2816.329648][T23484] ? __pfx_kill_f2fs_super+0x10/0x10 [ 2816.329703][T23484] ? lockdep_hardirqs_on+0x7c/0x110 [ 2816.329774][T23484] deactivate_locked_super+0xc1/0x1a0 [ 2816.329815][T23484] deactivate_super+0xde/0x100 [ 2816.329853][T23484] cleanup_mnt+0x225/0x450 [ 2816.329896][T23484] task_work_run+0x150/0x240 [ 2816.329937][T23484] ? __pfx_task_work_run+0x10/0x10 [ 2816.329973][T23484] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2816.330028][T23484] ? __pfx___x64_sys_umount+0x10/0x10 [ 2816.330084][T23484] exit_to_user_mode_loop+0xeb/0x110 [ 2816.330130][T23484] do_syscall_64+0x3f6/0x4c0 [ 2816.330189][T23484] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2816.330226][T23484] RIP: 0033:0x7f73e638fc57 [ 2816.330255][T23484] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 2816.330290][T23484] RSP: 002b:00007ffd6f6df288 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 2816.330324][T23484] RAX: 0000000000000000 RBX: 00007f73e6410925 RCX: 00007f73e638fc57 [ 2816.330349][T23484] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd6f6df340 [ 2816.330372][T23484] RBP: 00007ffd6f6df340 R08: 0000000000000000 R09: 0000000000000000 [ 2816.330395][T23484] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd6f6e03d0 [ 2816.330419][T23484] R13: 00007f73e6410925 R14: 000000000029362f R15: 00007ffd6f6e0410 [ 2816.330466][T23484] [ 2816.820778][T23484] F2FS-fs (loop9): Stopped filesystem due to reason: 3 [ 2816.960596][T24077] loop0: detected capacity change from 0 to 128 [ 2817.145089][T24077] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 2817.245439][T24077] ext4 filesystem being mounted at /266/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 2817.642318][T17989] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 2818.632460][T24087] 9pnet_fd: Insufficient options for proto=fd [ 2820.694785][T24098] xt_CT: You must specify a L4 protocol and not use inversions on it [ 2822.532433][T24107] loop9: detected capacity change from 0 to 64 [ 2825.113612][T20391] team0 (unregistering): Port device team_slave_1 removed [ 2825.510274][T20391] team0 (unregistering): Port device team_slave_0 removed [ 2825.660996][T24124] loop3: detected capacity change from 0 to 40427 [ 2825.910310][T24124] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 2826.536508][T24132] syz.3.3695: attempt to access beyond end of device [ 2826.536508][T24132] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 2827.339868][T17883] syz-executor: attempt to access beyond end of device [ 2827.339868][T17883] loop3: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 2827.395087][T17883] CPU: 1 UID: 0 PID: 17883 Comm: syz-executor Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 2827.395142][T17883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 2827.395165][T17883] Call Trace: [ 2827.395179][T17883] [ 2827.395194][T17883] dump_stack_lvl+0x16c/0x1f0 [ 2827.395257][T17883] f2fs_handle_critical_error+0x621/0x9f0 [ 2827.395306][T17883] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2827.395351][T17883] ? f2fs_build_fault_attr+0x53/0x1f0 [ 2827.395402][T17883] f2fs_write_end_io+0x785/0xc20 [ 2827.395457][T17883] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 2827.395514][T17883] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2827.395571][T17883] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 2827.395619][T17883] bio_endio+0x70d/0x850 [ 2827.395661][T17883] submit_bio_noacct+0x56d/0x1eb0 [ 2827.395722][T17883] __submit_merged_bio+0x33c/0x770 [ 2827.395779][T17883] __submit_merged_write_cond+0x319/0x3f0 [ 2827.395843][T17883] f2fs_write_cache_pages+0x2067/0x2570 [ 2827.395940][T17883] ? __pfx_f2fs_write_cache_pages+0x10/0x10 [ 2827.396007][T17883] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2827.396051][T17883] ? __lock_acquire+0x622/0x1c90 [ 2827.396120][T17883] ? __pfx_stack_trace_save+0x10/0x10 [ 2827.396171][T17883] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2827.396241][T17883] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2827.396360][T17883] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2827.396403][T17883] ? mod_memcg_lruvec_state+0x394/0x610 [ 2827.396467][T17883] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2827.396510][T17883] ? __mod_zone_page_state+0xcc/0x1a0 [ 2827.396568][T17883] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2827.396622][T17883] f2fs_write_data_pages+0x4ad/0xd90 [ 2827.396691][T17883] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 2827.396765][T17883] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2827.396809][T17883] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 2827.396869][T17883] do_writepages+0x27a/0x600 [ 2827.396942][T17883] ? __pfx_do_writepages+0x10/0x10 [ 2827.396998][T17883] ? do_raw_spin_unlock+0x172/0x230 [ 2827.397041][T17883] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2827.397084][T17883] ? _raw_spin_unlock+0x28/0x50 [ 2827.397141][T17883] filemap_fdatawrite_wbc+0x104/0x160 [ 2827.397205][T17883] __filemap_fdatawrite_range+0xb2/0xf0 [ 2827.397252][T17883] ? __pfx___filemap_fdatawrite_range+0x10/0x10 [ 2827.397365][T17883] ? find_held_lock+0x2b/0x80 [ 2827.397416][T17883] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2827.397460][T17883] ? do_raw_spin_unlock+0x172/0x230 [ 2827.397503][T17883] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2827.397556][T17883] f2fs_sync_dirty_inodes+0x2a9/0x990 [ 2827.397639][T17883] block_operations+0x2a3/0xfd0 [ 2827.397703][T17883] ? __pfx___schedule+0x10/0x10 [ 2827.397758][T17883] ? __pfx_block_operations+0x10/0x10 [ 2827.397881][T17883] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2827.397930][T17883] ? down_write+0x14d/0x200 [ 2827.397966][T17883] ? __pfx_down_write+0x10/0x10 [ 2827.398003][T17883] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2827.398046][T17883] ? rcu_is_watching+0x12/0xc0 [ 2827.398102][T17883] f2fs_write_checkpoint+0x2b8/0x4c60 [ 2827.398170][T17883] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2827.398213][T17883] ? kfree+0x2b4/0x4d0 [ 2827.398243][T17883] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2827.398292][T17883] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2827.398335][T17883] ? rcu_is_watching+0x12/0xc0 [ 2827.398381][T17883] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2827.398424][T17883] ? kthread_stop+0x273/0x650 [ 2827.398465][T17883] kill_f2fs_super+0x3c2/0x470 [ 2827.398527][T17883] ? __pfx_kill_f2fs_super+0x10/0x10 [ 2827.398584][T17883] ? lockdep_hardirqs_on+0x7c/0x110 [ 2827.398661][T17883] deactivate_locked_super+0xc1/0x1a0 [ 2827.398705][T17883] deactivate_super+0xde/0x100 [ 2827.398747][T17883] cleanup_mnt+0x225/0x450 [ 2827.398793][T17883] task_work_run+0x150/0x240 [ 2827.398836][T17883] ? __pfx_task_work_run+0x10/0x10 [ 2827.398874][T17883] ? srso_alias_return_thunk+0x5/0xfbef5 [ 2827.398925][T17883] ? __pfx___x64_sys_umount+0x10/0x10 [ 2827.398984][T17883] exit_to_user_mode_loop+0xeb/0x110 [ 2827.399030][T17883] do_syscall_64+0x3f6/0x4c0 [ 2827.399092][T17883] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2827.399127][T17883] RIP: 0033:0x7fb5f278fc57 [ 2827.399156][T17883] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 2827.399191][T17883] RSP: 002b:00007fff65a22798 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 2827.399226][T17883] RAX: 0000000000000000 RBX: 00007fb5f2810925 RCX: 00007fb5f278fc57 [ 2827.399250][T17883] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff65a22850 [ 2827.399272][T17883] RBP: 00007fff65a22850 R08: 0000000000000000 R09: 0000000000000000 [ 2827.399295][T17883] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff65a238e0 [ 2827.399319][T17883] R13: 00007fb5f2810925 R14: 0000000000295e54 R15: 00007fff65a23920 [ 2827.399372][T17883] [ 2827.401023][T17883] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 2828.040618][T24134] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 2833.552700][T24154] loop3: detected capacity change from 0 to 128 [ 2833.653693][T24157] loop9: detected capacity change from 0 to 64 [ 2833.741227][T24154] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 2833.907770][T24154] ext4 filesystem being mounted at /271/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 2834.255822][T17883] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 2834.479337][T23050] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 2834.509170][T23050] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 2834.524245][T23050] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 2834.566402][T23050] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 2834.595020][T23050] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 2834.904293][T23856] bridge0: port 1(bridge_slave_0) entered blocking state [ 2834.917532][T23856] bridge0: port 1(bridge_slave_0) entered disabled state [ 2834.938982][T23856] bridge_slave_0: entered allmulticast mode [ 2834.965965][T23856] bridge_slave_0: entered promiscuous mode [ 2835.036044][T23915] bridge0: port 1(bridge_slave_0) entered blocking state [ 2835.064814][T23915] bridge0: port 1(bridge_slave_0) entered disabled state [ 2835.088732][T23915] bridge_slave_0: entered allmulticast mode [ 2835.108298][T23915] bridge_slave_0: entered promiscuous mode [ 2835.140678][T23915] bridge0: port 2(bridge_slave_1) entered blocking state [ 2835.185272][T23915] bridge0: port 2(bridge_slave_1) entered disabled state [ 2835.192517][T23915] bridge_slave_1: entered allmulticast mode [ 2835.219456][T23915] bridge_slave_1: entered promiscuous mode [ 2835.367609][T23915] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2835.428963][T23915] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2835.736696][T23915] team0: Port device team_slave_0 added [ 2835.763271][T23915] team0: Port device team_slave_1 added [ 2835.979594][T23915] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2836.001364][T23915] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2836.034688][T23915] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2836.116967][T23915] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2836.123978][T23915] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2836.192649][T23915] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2836.508801][T23915] hsr_slave_0: entered promiscuous mode [ 2836.517516][T23915] hsr_slave_1: entered promiscuous mode [ 2836.524316][T23915] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 2836.535657][T23915] Cannot create hsr debugfs directory [ 2836.690302][T20391] bridge_slave_0: left allmulticast mode [ 2836.696202][T20391] bridge_slave_0: left promiscuous mode [ 2836.705088][T20391] bridge0: port 1(bridge_slave_0) entered disabled state [ 2836.828774][T20391] bond0 (unregistering): Released all slaves [ 2836.841702][T18943] Bluetooth: hci6: command tx timeout [ 2837.272023][T24163] chnl_net:caif_netlink_parms(): no params data found [ 2837.860796][T24163] bridge0: port 1(bridge_slave_0) entered blocking state [ 2837.869440][T24163] bridge0: port 1(bridge_slave_0) entered disabled state [ 2837.876699][T24163] bridge_slave_0: entered allmulticast mode [ 2837.885151][T24163] bridge_slave_0: entered promiscuous mode [ 2837.921259][T24163] bridge0: port 2(bridge_slave_1) entered blocking state [ 2837.933614][T24163] bridge0: port 2(bridge_slave_1) entered disabled state [ 2837.941582][T24163] bridge_slave_1: entered allmulticast mode [ 2837.950274][T24163] bridge_slave_1: entered promiscuous mode [ 2838.043515][T24163] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2838.062211][T24163] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2838.155869][T24163] team0: Port device team_slave_0 added [ 2838.187619][T24163] team0: Port device team_slave_1 added [ 2838.295071][T24163] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2838.312550][T24163] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2838.351696][T24163] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2838.377163][T24163] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2838.391515][T24163] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2838.430410][T24163] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2838.442965][T23915] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 2838.458851][T23915] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 2838.511827][T23915] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 2838.539975][T23915] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 2838.570656][T24163] hsr_slave_0: entered promiscuous mode [ 2838.578190][T24163] hsr_slave_1: entered promiscuous mode [ 2838.587814][T24163] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 2838.596312][T24163] Cannot create hsr debugfs directory [ 2839.065538][T18943] Bluetooth: hci6: command tx timeout [ 2839.221710][T23915] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2839.379795][T23915] 8021q: adding VLAN 0 to HW filter on device team0 [ 2839.402812][T16220] bridge0: port 1(bridge_slave_0) entered blocking state [ 2839.410002][T16220] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2839.563837][T20391] bridge0: port 2(bridge_slave_1) entered blocking state [ 2839.571054][T20391] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2839.669777][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 2839.677180][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 2839.870173][T24163] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 2839.921279][T24163] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 2839.944031][T24163] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 2839.985232][T24163] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 2840.205444][T24163] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2840.271128][T24163] 8021q: adding VLAN 0 to HW filter on device team0 [ 2840.302185][T10779] bridge0: port 1(bridge_slave_0) entered blocking state [ 2840.309395][T10779] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2840.391861][T16220] bridge0: port 2(bridge_slave_1) entered blocking state [ 2840.399073][T16220] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2840.546202][T23915] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2841.220062][T24163] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2841.289528][T18943] Bluetooth: hci6: command tx timeout [ 2841.362696][T24163] veth0_vlan: entered promiscuous mode [ 2841.381114][T24163] veth1_vlan: entered promiscuous mode [ 2841.463093][T24163] veth0_macvtap: entered promiscuous mode [ 2841.489966][T24163] veth1_macvtap: entered promiscuous mode [ 2841.540545][T23915] veth0_vlan: entered promiscuous mode [ 2841.559199][T24163] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2841.595608][T24163] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2841.605092][T23915] veth1_vlan: entered promiscuous mode [ 2841.658962][T24163] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2841.671473][T24163] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2841.690014][T24163] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2841.699156][T24163] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2841.851417][T23915] veth0_macvtap: entered promiscuous mode [ 2841.889043][T23915] veth1_macvtap: entered promiscuous mode [ 2841.905394][T20391] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2841.930768][T20391] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2842.010908][T23915] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2842.036958][T23915] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2842.074614][T23915] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2842.098842][T23915] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2842.109807][T23915] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2842.126210][T23915] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2842.192377][T20391] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2842.218436][T20391] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2842.424024][T10779] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2842.432575][T10779] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2843.641666][T18943] Bluetooth: hci6: command tx timeout [ 2844.246442][T24282] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 2845.268697][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2845.302015][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2849.969318][ T30] audit: type=1326 audit(2000000097.272:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24318 comm="syz.6.3723" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f46e858e929 code=0x0 [ 2853.422591][T24348] loop1: detected capacity change from 0 to 22 [ 2853.430458][T24348] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 2853.488809][T24348] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 2855.587189][T24357] netlink: 48 bytes leftover after parsing attributes in process `syz.6.3710'. [ 2855.932026][T24360] loop0: detected capacity change from 0 to 64 [ 2856.150112][T24363] loop1: detected capacity change from 0 to 64 [ 2856.713281][T24367] loop6: detected capacity change from 0 to 8 [ 2857.475003][T24374] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 2858.312618][T23050] Bluetooth: hci1: command 0x0406 tx timeout [ 2860.354668][T24390] 9pnet_fd: Insufficient options for proto=fd [ 2863.869361][T18943] Bluetooth: hci2: command 0x0406 tx timeout [ 2864.735023][T24411] loop9: detected capacity change from 0 to 2048 [ 2864.813527][T24411] NILFS (loop9): broken superblock, retrying with spare superblock (blocksize = 1024) [ 2864.966596][T24412] NILFS (loop9): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 2867.030492][T24425] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3734'. [ 2868.723760][T24434] loop0: detected capacity change from 0 to 64 [ 2870.588163][T24449] loop9: detected capacity change from 0 to 64 [ 2871.493252][T18943] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 2871.506734][T18943] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 2871.520466][T18943] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 2871.551854][T18943] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 2871.566351][T18943] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 2872.776087][T24466] loop1: detected capacity change from 0 to 64 [ 2872.944690][ T6561] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2874.070517][T23050] Bluetooth: hci0: command tx timeout [ 2875.298604][T24481] loop6: detected capacity change from 0 to 2048 [ 2875.712852][T24481] NILFS (loop6): broken superblock, retrying with spare superblock (blocksize = 1024) [ 2875.826999][T24482] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 2876.269145][T23050] Bluetooth: hci0: command tx timeout [ 2876.426853][T24490] netlink: 48 bytes leftover after parsing attributes in process `syz.9.3747'. [ 2876.442015][ T6561] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2879.080327][T23050] Bluetooth: hci0: command tx timeout [ 2879.667465][ T6561] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2880.321327][T24515] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3752'. [ 2881.385884][T23050] Bluetooth: hci0: command tx timeout [ 2881.938424][ T6561] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2883.399834][T24535] loop1: detected capacity change from 0 to 128 [ 2884.940755][T24542] loop4: detected capacity change from 0 to 64 [ 2886.031573][T24550] loop1: detected capacity change from 0 to 2048 [ 2886.119212][T24550] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 2886.174847][T24556] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 2886.924698][T24560] loop6: detected capacity change from 0 to 128 [ 2887.044517][ T6561] bridge_slave_1: left allmulticast mode [ 2887.104169][T24562] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3761'. [ 2887.133056][ T6561] bridge_slave_1: left promiscuous mode [ 2887.224246][ T6561] bridge0: port 2(bridge_slave_1) entered disabled state [ 2887.393437][T24560] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 2887.488823][ T6561] bridge_slave_0: left allmulticast mode [ 2887.508946][T24560] ext4 filesystem being mounted at /42/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 2887.546226][ T6561] bridge_slave_0: left promiscuous mode [ 2888.854395][ T6561] bridge0: port 1(bridge_slave_0) entered disabled state [ 2889.852662][T24584] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 2891.145196][T23444] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 2891.561233][T24598] netlink: 48 bytes leftover after parsing attributes in process `syz.6.3767'. [ 2891.921462][T24601] loop1: detected capacity change from 0 to 32768 [ 2891.928888][T24601] XFS: ikeep mount option is deprecated. [ 2892.041013][T24601] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 2892.192157][T24601] XFS (loop1): Ending clean mount [ 2892.202520][T24601] XFS (loop1): Quotacheck needed: Please wait. [ 2892.305860][T24601] XFS (loop1): Quotacheck: Done. [ 2894.035880][T24163] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 2900.170277][T24649] loop6: detected capacity change from 0 to 2048 [ 2900.853027][T24660] loop0: detected capacity change from 0 to 8 [ 2900.942177][T24656] loop6: detected capacity change from 0 to 128 [ 2901.173012][T24656] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 2901.269980][T24656] ext4 filesystem being mounted at /46/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 2902.754971][T23444] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 2903.850029][T24684] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3783'. [ 2905.574573][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 2905.581188][ T30] audit: type=1326 audit(2000000149.897:352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24679 comm="syz.4.3784" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdbef58e929 code=0x0 [ 2905.753672][T24687] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 2905.947762][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 2906.771821][T24690] 9pnet_fd: Insufficient options for proto=fd [ 2908.405425][T24704] netlink: 48 bytes leftover after parsing attributes in process `syz.9.3789'. [ 2911.866588][T24720] 9pnet_fd: Insufficient options for proto=fd [ 2912.320918][T24722] loop1: detected capacity change from 0 to 128 [ 2912.329401][T24724] loop0: detected capacity change from 0 to 64 [ 2912.418721][T24722] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 2912.440002][T24722] ext4 filesystem being mounted at /16/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 2912.451128][ T6561] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2912.626336][ T6561] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2912.637251][T24722] fscrypt: loop1: 1 inode(s) still busy after removing key with identifier 69b2f6edeee720cce0577937eb8a6751, including ino 12 [ 2912.935664][ T6561] bond0 (unregistering): Released all slaves [ 2913.890168][T24741] loop0: detected capacity change from 0 to 2048 [ 2914.451092][T24741] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 2914.486654][T24743] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 2914.687031][T24454] chnl_net:caif_netlink_parms(): no params data found [ 2914.707301][T24744] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 2915.683981][T24163] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 2918.335081][T24775] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 2919.220690][T24777] netlink: 48 bytes leftover after parsing attributes in process `syz.9.3803'. [ 2921.526337][T24789] netlink: 96 bytes leftover after parsing attributes in process `syz.4.3807'. [ 2921.553952][T24789] tmpfs: Bad value for 'mpol' [ 2922.867896][T24795] loop9: detected capacity change from 0 to 64 [ 2924.396629][T24807] loop1: detected capacity change from 0 to 8 [ 2924.419330][T23050] Bluetooth: hci5: command 0x0406 tx timeout [ 2924.520077][T24810] loop0: detected capacity change from 0 to 22 [ 2924.539598][T24810] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 2924.594913][T24810] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 2924.624536][T24454] bridge0: port 1(bridge_slave_0) entered blocking state [ 2924.631803][T24454] bridge0: port 1(bridge_slave_0) entered disabled state [ 2924.665400][T24454] bridge_slave_0: entered allmulticast mode [ 2924.673470][T24454] bridge_slave_0: entered promiscuous mode [ 2925.969557][ T6561] hsr_slave_0: left promiscuous mode [ 2926.004578][ T6561] hsr_slave_1: left promiscuous mode [ 2926.063458][ T6561] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2926.111281][ T6561] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2926.128985][ T6561] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2926.173291][ T6561] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2926.267761][ T6561] veth1_macvtap: left promiscuous mode [ 2926.290158][ T6561] veth0_macvtap: left promiscuous mode [ 2926.303387][ T6561] veth1_vlan: left promiscuous mode [ 2926.308761][ T6561] veth0_vlan: left promiscuous mode [ 2928.026525][T24833] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3815'. [ 2928.152922][T24835] loop4: detected capacity change from 0 to 2048 [ 2928.209223][T24835] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 2928.275120][T24839] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 2930.644438][T24853] 9pnet_fd: Insufficient options for proto=fd [ 2931.392983][T24859] loop4: detected capacity change from 0 to 64 [ 2931.979583][T24866] 9pnet_fd: Insufficient options for proto=fd [ 2933.258129][T24872] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3826'. [ 2933.828224][T24873] netlink: 48 bytes leftover after parsing attributes in process `syz.9.3825'. [ 2933.974891][T23050] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 2933.985600][T23050] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 2934.022746][T23050] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 2934.053319][T23050] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 2934.064837][T23050] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 2934.820619][T24885] loop9: detected capacity change from 0 to 22 [ 2935.140483][T24885] MTD: Attempt to mount non-MTD device "/dev/loop9" [ 2935.234931][T24887] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3838'. [ 2935.379297][T24885] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 2936.341548][T23050] Bluetooth: hci3: command tx timeout [ 2937.159509][T24895] loop1: detected capacity change from 0 to 64 [ 2937.507275][T24899] netlink: 48 bytes leftover after parsing attributes in process `syz.4.3832'. [ 2939.632295][T23050] Bluetooth: hci3: command tx timeout [ 2940.404125][T24922] netlink: 116 bytes leftover after parsing attributes in process `syz.6.3834'. [ 2940.437238][T24922] tmpfs: Bad value for 'mpol' [ 2940.445876][T24922] CIFS mount error: No usable UNC path provided in device string! [ 2940.445876][T24922] [ 2940.455972][T24922] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 2941.795778][T18943] Bluetooth: hci3: command tx timeout [ 2941.945409][T24930] netlink: 96 bytes leftover after parsing attributes in process `syz.6.3837'. [ 2941.972461][T24930] tmpfs: Bad value for 'mpol' [ 2942.982031][T24932] netlink: 48 bytes leftover after parsing attributes in process `syz.6.3839'. [ 2943.160802][T24937] random: crng reseeded on system resumption [ 2944.289458][T18943] Bluetooth: hci3: command tx timeout [ 2946.527734][ T6561] team0 (unregistering): Port device team_slave_1 removed [ 2946.713586][T24952] loop4: detected capacity change from 0 to 64 [ 2946.848707][T24953] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3843'. [ 2948.351605][ T6561] team0 (unregistering): Port device team_slave_0 removed [ 2951.373016][T24980] netlink: 48 bytes leftover after parsing attributes in process `syz.4.3852'. [ 2951.980209][T24985] netlink: 48 bytes leftover after parsing attributes in process `syz.6.3854'. [ 2952.173275][T24986] loop9: detected capacity change from 0 to 64 [ 2956.708881][T25006] random: crng reseeded on system resumption [ 2957.365704][T25008] loop9: detected capacity change from 0 to 64 [ 2958.513884][T25016] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3862'. [ 2959.317695][T25017] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 2964.616491][T25042] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3868'. [ 2966.598422][T24454] bridge0: port 2(bridge_slave_1) entered blocking state [ 2966.616208][T24454] bridge0: port 2(bridge_slave_1) entered disabled state [ 2966.633351][T24454] bridge_slave_1: entered allmulticast mode [ 2966.683609][T24454] bridge_slave_1: entered promiscuous mode [ 2968.079971][T23050] Bluetooth: hci6: command 0x0406 tx timeout [ 2968.438418][T25070] loop0: detected capacity change from 0 to 64 [ 2970.590732][T25081] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3890'. [ 2971.447746][T25087] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 2971.448765][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 2971.616480][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 2973.072676][T25111] netlink: 48 bytes leftover after parsing attributes in process `syz.6.3882'. [ 2974.264205][T24875] chnl_net:caif_netlink_parms(): no params data found [ 2975.205528][T25125] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 2977.085507][T25130] netlink: 48 bytes leftover after parsing attributes in process `syz.6.3886'. [ 2982.451729][ T6561] IPVS: stop unused estimator thread 0... [ 2982.464936][T24875] bridge0: port 1(bridge_slave_0) entered blocking state [ 2982.487273][T24875] bridge0: port 1(bridge_slave_0) entered disabled state [ 2982.514201][T24875] bridge_slave_0: entered allmulticast mode [ 2982.535489][T24875] bridge_slave_0: entered promiscuous mode [ 2982.567659][T24875] bridge0: port 2(bridge_slave_1) entered blocking state [ 2982.579946][T24875] bridge0: port 2(bridge_slave_1) entered disabled state [ 2982.596149][T24875] bridge_slave_1: entered allmulticast mode [ 2982.606047][T24875] bridge_slave_1: entered promiscuous mode [ 2982.702153][T24875] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2982.720919][T24875] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2982.768815][ T6561] bridge_slave_1: left allmulticast mode [ 2982.775263][ T6561] bridge_slave_1: left promiscuous mode [ 2982.781901][ T6561] bridge0: port 2(bridge_slave_1) entered disabled state [ 2982.798933][ T6561] bridge_slave_0: left allmulticast mode [ 2982.805110][ T6561] bridge_slave_0: left promiscuous mode [ 2982.810887][ T6561] bridge0: port 1(bridge_slave_0) entered disabled state [ 2982.945009][ T6561] bond0 (unregistering): Released all slaves [ 2983.066737][T24875] team0: Port device team_slave_0 added [ 2983.242417][T24875] team0: Port device team_slave_1 added [ 2983.361586][T24875] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2983.398011][T24875] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2983.425606][T24875] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2983.454956][T24875] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2983.471448][T24875] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2983.517122][T24875] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2983.637727][T24875] hsr_slave_0: entered promiscuous mode [ 2983.644716][T24875] hsr_slave_1: entered promiscuous mode [ 2983.653179][T24875] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 2983.661147][T24875] Cannot create hsr debugfs directory [ 2985.963184][T25193] netlink: 48 bytes leftover after parsing attributes in process `syz.9.3899'. [ 2986.607297][T25200] nvme_fabrics: unknown parameter or missing value '(' in ctrl creation request [ 2988.320899][T25205] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 2988.334631][T25202] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 2991.171044][T24875] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 2991.385247][T25223] netlink: 48 bytes leftover after parsing attributes in process `syz.6.3905'. [ 2991.728103][T24875] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 2991.773993][T24875] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 2991.863728][T24875] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 2993.729082][T25239] binder: 25234:25239 ioctl 4018620d 0 returned -22 [ 2995.183355][T24875] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2997.257631][T25254] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3914'. [ 2998.271041][T25262] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 3000.869812][T25274] netlink: 'syz.0.3919': attribute type 1 has an invalid length. [ 3000.878334][T25274] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3919'. [ 3002.460036][T23050] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 3002.482466][T23050] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 3002.514643][T21210] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 3002.524249][T21210] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 3002.533916][T21210] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 3003.938983][T25294] loop0: detected capacity change from 0 to 16 [ 3004.036775][T25294] erofs (device loop0): mounted with root inode @ nid 36. [ 3004.143736][ T30] audit: type=1800 audit(2000000242.240:353): pid=25294 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.3923" name="file1" dev="loop0" ino=86 res=0 errno=0 [ 3005.345850][T21210] Bluetooth: hci0: command tx timeout [ 3007.829716][T21210] Bluetooth: hci0: command tx timeout [ 3008.087921][T25317] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 3009.042346][T25329] loop6: detected capacity change from 0 to 8192 [ 3009.921727][T25334] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3931'. [ 3010.040902][T21210] Bluetooth: hci0: command tx timeout [ 3014.067976][T21210] Bluetooth: hci0: command tx timeout [ 3014.983054][T25354] loop9: detected capacity change from 0 to 8 [ 3015.055303][T25353] netlink: 96 bytes leftover after parsing attributes in process `syz.4.3935'. [ 3016.004793][T25279] chnl_net:caif_netlink_parms(): no params data found [ 3016.680809][T25279] bridge0: port 1(bridge_slave_0) entered blocking state [ 3016.688469][T25279] bridge0: port 1(bridge_slave_0) entered disabled state [ 3016.703777][T25279] bridge_slave_0: entered allmulticast mode [ 3016.712996][T25279] bridge_slave_0: entered promiscuous mode [ 3016.721790][T25279] bridge0: port 2(bridge_slave_1) entered blocking state [ 3016.729391][T25279] bridge0: port 2(bridge_slave_1) entered disabled state [ 3016.736724][T25279] bridge_slave_1: entered allmulticast mode [ 3016.745111][T25279] bridge_slave_1: entered promiscuous mode [ 3016.851805][T25279] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3016.882054][T25279] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3017.022223][T20253] bridge_slave_1: left allmulticast mode [ 3017.027929][T20253] bridge_slave_1: left promiscuous mode [ 3017.045008][T20253] bridge0: port 2(bridge_slave_1) entered disabled state [ 3017.061283][T20253] bridge_slave_0: left allmulticast mode [ 3017.074564][T20253] bridge_slave_0: left promiscuous mode [ 3017.081934][T20253] bridge0: port 1(bridge_slave_0) entered disabled state [ 3017.657576][T20253] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3017.681569][T20253] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3017.703759][T20253] bond0 (unregistering): Released all slaves [ 3017.741058][T25279] team0: Port device team_slave_0 added [ 3017.768110][T25279] team0: Port device team_slave_1 added [ 3017.906141][T20253] hsr_slave_0: left promiscuous mode [ 3017.913622][T20253] hsr_slave_1: left promiscuous mode [ 3017.927762][T20253] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 3017.937405][T20253] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 3018.397450][T20253] team0 (unregistering): Port device team_slave_1 removed [ 3018.462996][T20253] team0 (unregistering): Port device team_slave_0 removed [ 3018.874675][T25279] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 3018.887963][T25279] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3018.917787][T25279] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 3018.943447][T25279] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 3018.951325][T25279] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3018.992272][T25279] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 3019.106318][T25279] hsr_slave_0: entered promiscuous mode [ 3019.113151][T25279] hsr_slave_1: entered promiscuous mode [ 3019.121297][T25279] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 3019.129213][T25279] Cannot create hsr debugfs directory [ 3019.840021][T25279] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 3019.858549][T25279] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 3019.877588][T25279] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 3019.891706][T25279] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 3020.030132][T25279] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3020.080885][T25279] 8021q: adding VLAN 0 to HW filter on device team0 [ 3020.094971][T21828] bridge0: port 1(bridge_slave_0) entered blocking state [ 3020.102270][T21828] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3020.129348][T21828] bridge0: port 2(bridge_slave_1) entered blocking state [ 3020.136581][T21828] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3020.563814][T25279] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3021.097169][T25279] veth0_vlan: entered promiscuous mode [ 3021.111137][T25279] veth1_vlan: entered promiscuous mode [ 3021.165876][T25279] veth0_macvtap: entered promiscuous mode [ 3021.186718][T25279] veth1_macvtap: entered promiscuous mode [ 3021.211373][T25279] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 3021.253983][T25279] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 3021.273604][T25279] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 3021.288843][T25279] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 3021.297936][T25279] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 3021.307908][T25279] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 3021.459692][T20253] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3021.468629][T20253] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3021.504785][T20951] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3021.515394][T20951] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3022.425134][T25480] loop4: detected capacity change from 0 to 1024 [ 3022.808076][T25482] 9pnet_fd: Insufficient options for proto=fd [ 3025.629079][T25480] EXT4-fs warning (device loop4): ext4_multi_mount_protect:397: Unable to create kmmpd thread for loop4. [ 3030.281069][T25519] netlink: 48 bytes leftover after parsing attributes in process `syz.6.3943'. [ 3035.292668][T25550] 9pnet_virtio: no channels available for device syz [ 3035.881965][T25549] sctp: failed to load transform for md5: -2 [ 3037.065428][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 3037.072915][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 3037.815895][T25563] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 3038.245793][T25568] loop0: detected capacity change from 0 to 64 [ 3042.220919][T25591] netlink: 116 bytes leftover after parsing attributes in process `syz.9.3965'. [ 3042.251831][T25591] tmpfs: Bad value for 'mpol' [ 3042.260752][T25591] CIFS mount error: No usable UNC path provided in device string! [ 3042.260752][T25591] [ 3042.271274][T25591] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 3042.700815][T25592] 9pnet_virtio: no channels available for device syz [ 3051.885657][T25624] sctp: failed to load transform for md5: -2 [ 3057.941037][T25648] Bluetooth: MGMT ver 1.23 [ 3058.718999][T25644] syz.0.3977 (25644): drop_caches: 2 [ 3058.750776][T25644] syz.0.3977 (25644): drop_caches: 2 [ 3060.307894][T25657] netlink: 48 bytes leftover after parsing attributes in process `syz.6.3980'. [ 3060.466553][T25655] netlink: 48 bytes leftover after parsing attributes in process `syz.9.3981'. [ 3066.238200][T23050] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 3066.263779][T23050] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 3066.275432][T23050] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 3066.287406][T23050] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 3066.295286][T23050] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 3068.588533][T23050] Bluetooth: hci3: command tx timeout [ 3068.827304][T25698] loop9: detected capacity change from 0 to 8 [ 3068.834742][T25698] MTD: Attempt to mount non-MTD device "/dev/loop9" [ 3069.542182][T25696] cramfs: Error -5 while decompressing! [ 3069.548110][T25696] cramfs: ffffffff9aecc2c8(26)->ffff888039d78000(4096) [ 3069.556232][T25696] cramfs: Error -3 while decompressing! [ 3069.561799][T25696] cramfs: ffffffff9aecc2e2(26)->ffff8880519be000(4096) [ 3069.568710][T25696] cramfs: Error -3 while decompressing! [ 3069.574252][T25696] cramfs: ffffffff9aecc2fc(16)->ffff888046aa7000(4096) [ 3069.581290][T25696] cramfs: Error -5 while decompressing! [ 3069.587218][T25696] cramfs: ffffffff9aecc2c8(26)->ffff888039d78000(4096) [ 3071.417397][T23050] Bluetooth: hci3: command tx timeout [ 3073.433685][T25719] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3994'. [ 3073.575396][T23050] Bluetooth: hci3: command tx timeout [ 3075.823084][T23050] Bluetooth: hci3: command tx timeout [ 3076.046490][T25743] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 3078.440899][T25679] chnl_net:caif_netlink_parms(): no params data found [ 3080.576296][T25769] input: syz0 as /devices/virtual/input/input21 [ 3081.233878][T25767] F2FS-fs (loop8): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 3081.667915][T25771] netlink: 36 bytes leftover after parsing attributes in process `syz.8.4005'. [ 3081.724265][T25767] F2FS-fs (loop8): Can't find valid F2FS filesystem in 1th superblock [ 3081.742791][T25771] netlink: 16 bytes leftover after parsing attributes in process `syz.8.4005'. [ 3081.755164][T25773] loop1: detected capacity change from 0 to 64 [ 3081.763907][T25767] F2FS-fs (loop8): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 3081.956379][T25771] netlink: 36 bytes leftover after parsing attributes in process `syz.8.4005'. [ 3081.963224][T25767] F2FS-fs (loop8): Can't find valid F2FS filesystem in 2th superblock [ 3081.965543][T25771] netlink: 36 bytes leftover after parsing attributes in process `syz.8.4005'. [ 3082.958017][T21828] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3083.877974][T21210] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 3084.145392][T25792] loop0: detected capacity change from 0 to 32768 [ 3084.183969][T25792] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.4009 (25792) [ 3084.217124][T25792] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 3084.228189][T25792] BTRFS info (device loop0): using crc32c (crc32c-x86_64) checksum algorithm [ 3084.237328][T25792] BTRFS info (device loop0): disk space caching is enabled [ 3084.244583][T25792] BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 3084.271103][T21210] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 3084.435699][T25787] syz.9.4007: attempt to access beyond end of device [ 3084.435699][T25787] nbd9: rw=0, sector=0, nr_sectors = 1 limit=0 [ 3084.450107][T25787] efs: cannot read volume header [ 3084.707042][T21210] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 3084.932381][T21210] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 3084.983364][T21210] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 3086.140771][T25792] BTRFS info (device loop0): rebuilding free space tree [ 3086.163086][T25792] BTRFS info (device loop0): disabling free space tree [ 3086.170697][T25792] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 3086.180802][T25792] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 3086.417876][T21828] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3087.022727][ T30] audit: type=1800 audit(2000000575.643:354): pid=25818 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.4009" name="bus" dev="loop0" ino=269 res=0 errno=0 [ 3087.259111][T21210] Bluetooth: hci5: command tx timeout [ 3089.501425][T21210] Bluetooth: hci5: command tx timeout [ 3090.230417][T17989] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 3090.686700][ T30] audit: type=1326 audit(2000000579.179:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25841 comm="syz.8.4015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f00e838e929 code=0x7ffc0000 [ 3090.804158][ T30] audit: type=1326 audit(2000000579.179:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25841 comm="syz.8.4015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f00e838e929 code=0x7ffc0000 [ 3090.901247][ T30] audit: type=1326 audit(2000000579.179:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25841 comm="syz.8.4015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f00e838e929 code=0x7ffc0000 [ 3090.916947][T21828] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3090.973819][ T30] audit: type=1326 audit(2000000579.179:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25841 comm="syz.8.4015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f00e838e929 code=0x7ffc0000 [ 3091.058213][ T30] audit: type=1326 audit(2000000579.179:359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25841 comm="syz.8.4015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f00e838e929 code=0x7ffc0000 [ 3091.706552][T21210] Bluetooth: hci5: command tx timeout [ 3092.261140][T25679] bridge0: port 1(bridge_slave_0) entered blocking state [ 3092.447870][T25679] bridge0: port 1(bridge_slave_0) entered disabled state [ 3092.481628][T25679] bridge_slave_0: entered allmulticast mode [ 3092.510237][T25679] bridge_slave_0: entered promiscuous mode [ 3092.796686][T21828] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3093.488221][T25679] bridge0: port 2(bridge_slave_1) entered blocking state [ 3093.530626][T25679] bridge0: port 2(bridge_slave_1) entered disabled state [ 3093.564437][T25679] bridge_slave_1: entered allmulticast mode [ 3093.603189][T25679] bridge_slave_1: entered promiscuous mode [ 3093.930089][T21210] Bluetooth: hci5: command tx timeout [ 3093.982443][T25679] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3094.080524][T25679] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3099.837075][T25899] netlink: 116 bytes leftover after parsing attributes in process `syz.9.4022'. [ 3099.873873][T25899] tmpfs: Bad value for 'mpol' [ 3099.881743][T25899] CIFS mount error: No usable UNC path provided in device string! [ 3099.881743][T25899] [ 3099.892370][T25899] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 3100.603276][T25679] team0: Port device team_slave_0 added [ 3100.618353][T25679] team0: Port device team_slave_1 added [ 3102.426969][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 3102.433611][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 3104.575533][T25679] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 3104.614004][T25679] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3104.737870][T25679] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 3105.002374][T25679] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 3105.069052][T25679] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3105.528755][T25931] loop9: detected capacity change from 0 to 512 [ 3106.246165][T25931] EXT4-fs (loop9): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 3106.288392][T25931] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=884ee02c, mo2=0102] [ 3106.296648][T25931] EXT4-fs (loop9): orphan cleanup on readonly fs [ 3106.298635][T25679] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 3106.317087][T25931] EXT4-fs error (device loop9): ext4_free_branches:1020: inode #11: comm syz.9.4028: invalid indirect mapped block 2185560079 (level 1) [ 3106.362129][T25931] EXT4-fs (loop9): Remounting filesystem read-only [ 3106.371258][T25931] EXT4-fs (loop9): 1 truncate cleaned up [ 3106.379110][T25931] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: writeback. [ 3106.850013][T23484] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 3106.884824][T25786] chnl_net:caif_netlink_parms(): no params data found [ 3107.107199][T21828] bridge_slave_1: left allmulticast mode [ 3107.159673][T21828] bridge_slave_1: left promiscuous mode [ 3107.196812][T21828] bridge0: port 2(bridge_slave_1) entered disabled state [ 3107.608471][T21828] bridge_slave_0: left allmulticast mode [ 3107.621716][T21828] bridge_slave_0: left promiscuous mode [ 3108.386170][T21828] bridge0: port 1(bridge_slave_0) entered disabled state [ 3109.214212][T25954] loop0: detected capacity change from 0 to 32768 [ 3109.418560][T25954] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 3109.823270][T25954] XFS (loop0): Ending clean mount [ 3109.836119][T25954] XFS (loop0): Quotacheck needed: Please wait. [ 3110.053580][T25954] XFS (loop0): Quotacheck: Done. [ 3111.668430][T17989] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 3112.039987][T25984] loop8: detected capacity change from 0 to 128 [ 3113.861506][T25993] loop0: detected capacity change from 0 to 16 [ 3114.025630][T25993] erofs (device loop0): mounted with root inode @ nid 36. [ 3115.358880][T25998] loop0: detected capacity change from 0 to 512 [ 3115.491778][T25998] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 3115.679417][T20951] kworker/u8:14: attempt to access beyond end of device [ 3115.679417][T20951] loop8: rw=1, sector=145, nr_sectors = 8 limit=128 [ 3115.766623][T20951] kworker/u8:14: attempt to access beyond end of device [ 3115.766623][T20951] loop8: rw=1, sector=161, nr_sectors = 8 limit=128 [ 3115.781276][T20951] kworker/u8:14: attempt to access beyond end of device [ 3115.781276][T20951] loop8: rw=1, sector=177, nr_sectors = 8 limit=128 [ 3115.799890][T20951] kworker/u8:14: attempt to access beyond end of device [ 3115.799890][T20951] loop8: rw=1, sector=193, nr_sectors = 8 limit=128 [ 3115.806458][T25998] EXT4-fs error (device loop0): ext4_free_branches:1020: inode #11: comm syz.0.4041: invalid indirect mapped block 4294967295 (level 1) [ 3115.828309][T20951] kworker/u8:14: attempt to access beyond end of device [ 3115.828309][T20951] loop8: rw=1, sector=209, nr_sectors = 8 limit=128 [ 3115.828501][T20951] kworker/u8:14: attempt to access beyond end of device [ 3115.828501][T20951] loop8: rw=1, sector=225, nr_sectors = 8 limit=128 [ 3115.943924][T20951] kworker/u8:14: attempt to access beyond end of device [ 3115.943924][T20951] loop8: rw=1, sector=241, nr_sectors = 8 limit=128 [ 3116.006520][T20951] kworker/u8:14: attempt to access beyond end of device [ 3116.006520][T20951] loop8: rw=1, sector=257, nr_sectors = 8 limit=128 [ 3116.021928][T25998] EXT4-fs error (device loop0): ext4_free_branches:1020: inode #11: comm syz.0.4041: invalid indirect mapped block 4294967295 (level 1) [ 3116.078402][T20951] kworker/u8:14: attempt to access beyond end of device [ 3116.078402][T20951] loop8: rw=1, sector=273, nr_sectors = 8 limit=128 [ 3116.099236][T20951] kworker/u8:14: attempt to access beyond end of device [ 3116.099236][T20951] loop8: rw=1, sector=289, nr_sectors = 8 limit=128 [ 3116.136344][T25998] EXT4-fs (loop0): 2 truncates cleaned up [ 3116.251767][T25998] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 3116.332065][T25998] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 3117.949033][T26023] loop9: detected capacity change from 0 to 512 [ 3120.054564][T26033] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 3120.760310][T26039] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4049'. [ 3122.587365][T26049] loop9: detected capacity change from 0 to 64 [ 3123.462653][T26056] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 3125.093438][T21828] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3125.168265][T26066] loop8: detected capacity change from 0 to 16 [ 3125.206702][T21828] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3125.222041][T26066] erofs (device loop8): mounted with root inode @ nid 36. [ 3126.136899][T21828] bond0 (unregistering): Released all slaves [ 3127.497926][T23050] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 3127.510116][T23050] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 3127.542712][T23050] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 3127.559676][T23050] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 3127.570719][T23050] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 3127.617514][T25679] hsr_slave_0: entered promiscuous mode [ 3127.662612][T25679] hsr_slave_1: entered promiscuous mode [ 3127.685649][T25679] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 3127.781824][T25679] Cannot create hsr debugfs directory [ 3128.530846][T26089] loop1: detected capacity change from 0 to 256 [ 3128.601528][T26091] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4059'. [ 3128.707945][T26089] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 3128.898728][T26089] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 3128.948902][T26089] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x062de574, utbl_chksum : 0xe619d30d) [ 3129.850250][T23050] Bluetooth: hci1: command tx timeout [ 3130.604470][T26101] netlink: 48 bytes leftover after parsing attributes in process `syz.8.4062'. [ 3132.084511][T23050] Bluetooth: hci1: command tx timeout [ 3132.780561][T25786] bridge0: port 1(bridge_slave_0) entered blocking state [ 3132.809578][T25786] bridge0: port 1(bridge_slave_0) entered disabled state [ 3132.843154][T25786] bridge_slave_0: entered allmulticast mode [ 3132.862194][T25786] bridge_slave_0: entered promiscuous mode [ 3134.342544][T23050] Bluetooth: hci1: command tx timeout [ 3136.794733][T23050] Bluetooth: hci1: command tx timeout [ 3136.944137][T21828] hsr_slave_0: left promiscuous mode [ 3136.994784][T26142] loop9: detected capacity change from 0 to 64 [ 3137.202553][T21828] hsr_slave_1: left promiscuous mode [ 3137.319735][T21828] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 3137.397796][T21828] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 3137.429525][T21828] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 3137.472565][T21828] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 3137.846786][T26136] loop8: detected capacity change from 0 to 512 [ 3137.933641][T26136] EXT4-fs (loop8): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 3137.982401][T26136] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a842e01c, mo2=0002] [ 3137.990535][T26136] System zones: 1-12 [ 3137.994705][T26136] EXT4-fs (loop8): orphan cleanup on readonly fs [ 3138.010335][T26136] EXT4-fs error (device loop8): ext4_free_branches:1020: inode #11: comm syz.8.4069: invalid indirect mapped block 12 (level 1) [ 3138.029230][T26136] EXT4-fs error (device loop8): ext4_free_branches:1020: inode #11: comm syz.8.4069: invalid indirect mapped block 2 (level 2) [ 3138.066989][T26136] EXT4-fs (loop8): 1 truncate cleaned up [ 3138.074391][T26136] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 3138.567725][T21828] veth1_macvtap: left promiscuous mode [ 3138.573354][T21828] veth0_macvtap: left promiscuous mode [ 3139.514581][T21828] veth1_vlan: left promiscuous mode [ 3139.519972][T21828] veth0_vlan: left promiscuous mode [ 3139.638179][T25279] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 3140.541663][T26159] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR [ 3141.079382][T26169] loop1: detected capacity change from 0 to 64 [ 3141.285713][T26170] netlink: 48 bytes leftover after parsing attributes in process `syz.8.4075'. [ 3142.359380][T26174] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 3143.563752][T21210] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 3143.588165][T21210] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 3143.652384][T21210] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 3143.684095][T21210] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 3143.710192][T21210] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 3145.505946][T14211] libceph: connect (1)[c::]:6789 error -101 [ 3145.529341][T14211] libceph: mon0 (1)[c::]:6789 connect error [ 3145.626052][T26197] ceph: No mds server is up or the cluster is laggy [ 3145.928850][T23050] Bluetooth: hci3: command tx timeout [ 3148.254602][T23050] Bluetooth: hci3: command tx timeout [ 3148.872880][T26226] loop9: detected capacity change from 0 to 16 [ 3148.934894][T26226] erofs (device loop9): mounted with root inode @ nid 36. [ 3149.464847][T26232] erofs (device loop9): corrupted dir block 0 @ nid 36 [ 3150.035955][T26230] 9pnet_fd: Insufficient options for proto=fd [ 3150.303620][T26235] loop8: detected capacity change from 0 to 64 [ 3150.462304][T23050] Bluetooth: hci3: command tx timeout [ 3150.611199][T26240] netlink: 48 bytes leftover after parsing attributes in process `syz.1.4088'. [ 3152.685401][T23050] Bluetooth: hci3: command tx timeout [ 3152.695577][T21828] team0 (unregistering): Port device team_slave_1 removed [ 3152.763264][T26254] nvme_fabrics: unknown parameter or missing value '(' in ctrl creation request [ 3153.014515][T21828] team0 (unregistering): Port device team_slave_0 removed [ 3154.902082][T26267] loop8: detected capacity change from 0 to 1024 [ 3155.053571][T26264] sctp: failed to load transform for md5: -2 [ 3155.114109][T26267] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 3157.387577][T26298] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 3158.529256][T25279] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 3160.229345][T26313] 9pnet_fd: Insufficient options for proto=fd [ 3161.117490][T26325] netlink: 48 bytes leftover after parsing attributes in process `syz.9.4102'. [ 3162.393357][T26333] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 3163.302560][T23050] Bluetooth: hci4: command 0x0406 tx timeout [ 3166.178965][T25786] bridge0: port 2(bridge_slave_1) entered blocking state [ 3166.194205][T25786] bridge0: port 2(bridge_slave_1) entered disabled state [ 3166.241218][T25786] bridge_slave_1: entered allmulticast mode [ 3166.305551][T25786] bridge_slave_1: entered promiscuous mode [ 3166.627268][T26352] loop8: detected capacity change from 0 to 32768 [ 3166.660253][T26352] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop8 (7:8) scanned by syz.8.4108 (26352) [ 3166.680612][T26352] BTRFS info (device loop8): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 3166.691415][T26352] BTRFS info (device loop8): using crc32c (crc32c-x86_64) checksum algorithm [ 3166.700215][T26352] BTRFS info (device loop8): disk space caching is enabled [ 3166.707504][T26352] BTRFS warning (device loop8): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 3166.812429][T26352] BTRFS info (device loop8): rebuilding free space tree [ 3166.834426][T26352] BTRFS info (device loop8): disabling free space tree [ 3166.841572][T26352] BTRFS info (device loop8): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 3166.851926][T26352] BTRFS info (device loop8): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 3168.105865][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 3168.112574][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 3168.426051][ T30] audit: type=1800 audit(2000000651.915:360): pid=26377 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.4108" name="bus" dev="overlay" ino=270 res=0 errno=0 [ 3170.318464][T23050] Bluetooth: hci0: command 0x0406 tx timeout [ 3172.271958][T26401] ceph: No mds server is up or the cluster is laggy [ 3173.406198][T26419] netlink: 48 bytes leftover after parsing attributes in process `syz.1.4114'. [ 3173.673815][T25279] BTRFS info (device loop8): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 3176.093175][T26438] netlink: 'syz.8.4115': attribute type 2 has an invalid length. [ 3176.102475][T26438] netlink: 'syz.8.4115': attribute type 1 has an invalid length. [ 3176.111000][T26438] netlink: 8 bytes leftover after parsing attributes in process `syz.8.4115'. [ 3177.558795][T26072] chnl_net:caif_netlink_parms(): no params data found [ 3178.946475][T21828] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3179.121369][T26189] chnl_net:caif_netlink_parms(): no params data found [ 3180.845801][T21828] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3182.491764][T21828] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3183.947355][T26489] loop8: detected capacity change from 0 to 1764 [ 3184.050059][T26491] netlink: 48 bytes leftover after parsing attributes in process `syz.9.4128'. [ 3184.477380][T26072] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wg1": -EINTR [ 3186.956135][T21210] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 3186.975212][T21210] CPU: 1 UID: 0 PID: 21210 Comm: kworker/u9:1 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 3186.975262][T21210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 3186.975294][T21210] Workqueue: hci2 hci_rx_work [ 3186.975330][T21210] Call Trace: [ 3186.975343][T21210] [ 3186.975357][T21210] dump_stack_lvl+0x16c/0x1f0 [ 3186.975416][T21210] sysfs_warn_dup+0x7f/0xa0 [ 3186.975462][T21210] sysfs_create_dir_ns+0x24b/0x2b0 [ 3186.975508][T21210] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 3186.975553][T21210] ? find_held_lock+0x2b/0x80 [ 3186.975609][T21210] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3186.975655][T21210] ? do_raw_spin_unlock+0x172/0x230 [ 3186.975703][T21210] kobject_add_internal+0x2c4/0x9b0 [ 3186.975750][T21210] kobject_add+0x16e/0x240 [ 3186.975787][T21210] ? __pfx_kobject_add+0x10/0x10 [ 3186.975827][T21210] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3186.975872][T21210] ? do_raw_spin_unlock+0x172/0x230 [ 3186.975916][T21210] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3186.975960][T21210] ? kobject_put+0xab/0x5a0 [ 3186.976021][T21210] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3186.976076][T21210] device_add+0x288/0x1a70 [ 3186.976115][T21210] ? __pfx_dev_set_name+0x10/0x10 [ 3186.976160][T21210] ? __pfx_device_add+0x10/0x10 [ 3186.976200][T21210] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3186.976244][T21210] ? mgmt_send_event_skb+0x2fb/0x460 [ 3186.976318][T21210] hci_conn_add_sysfs+0x17e/0x230 [ 3186.976358][T21210] le_conn_complete_evt+0x1075/0x1d70 [ 3186.976425][T21210] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3186.976472][T21210] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 3186.976527][T21210] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3186.976582][T21210] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3186.976635][T21210] hci_le_conn_complete_evt+0x23c/0x370 [ 3186.976705][T21210] hci_le_meta_evt+0x357/0x5e0 [ 3186.976739][T21210] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 3186.976804][T21210] hci_event_packet+0x685/0x11c0 [ 3186.976861][T21210] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 3186.976898][T21210] ? __pfx_hci_event_packet+0x10/0x10 [ 3186.976955][T21210] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3186.977003][T21210] ? kcov_remote_start+0x3c9/0x6d0 [ 3186.977045][T21210] ? lockdep_hardirqs_on+0x7c/0x110 [ 3186.977099][T21210] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3186.977156][T21210] hci_rx_work+0x2c5/0x16b0 [ 3186.977192][T21210] ? rcu_is_watching+0x12/0xc0 [ 3186.977249][T21210] process_one_work+0x9cf/0x1b70 [ 3186.977315][T21210] ? __pfx_process_one_work+0x10/0x10 [ 3186.977356][T21210] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3186.977412][T21210] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3186.977456][T21210] ? assign_work+0x1a0/0x250 [ 3186.977499][T21210] worker_thread+0x6c8/0xf10 [ 3186.977552][T21210] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3186.977599][T21210] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3186.977644][T21210] ? __kthread_parkme+0x19e/0x250 [ 3186.977697][T21210] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3186.977745][T21210] ? __pfx_worker_thread+0x10/0x10 [ 3186.977786][T21210] kthread+0x3c5/0x780 [ 3186.977824][T21210] ? __pfx_kthread+0x10/0x10 [ 3186.977862][T21210] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3186.977905][T21210] ? rcu_is_watching+0x12/0xc0 [ 3186.977953][T21210] ? __pfx_kthread+0x10/0x10 [ 3186.977992][T21210] ret_from_fork+0x5d7/0x6f0 [ 3186.978046][T21210] ? __pfx_kthread+0x10/0x10 [ 3186.978084][T21210] ret_from_fork_asm+0x1a/0x30 [ 3186.978151][T21210] [ 3186.978189][T21210] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 3187.270998][T26507] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 3187.358678][T26507] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 3187.367503][T26507] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 3187.378134][T26507] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 3187.385959][T26507] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 3187.556246][T21828] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3187.567295][T21210] Bluetooth: hci2: failed to register connection device [ 3188.473580][T26519] netlink: 'syz.9.4131': attribute type 2 has an invalid length. [ 3188.481502][T26519] netlink: 'syz.9.4131': attribute type 1 has an invalid length. [ 3188.489354][T26519] netlink: 8 bytes leftover after parsing attributes in process `syz.9.4131'. [ 3189.645946][T26189] bridge0: port 1(bridge_slave_0) entered blocking state [ 3189.653127][T26189] bridge0: port 1(bridge_slave_0) entered disabled state [ 3189.753009][T26189] bridge_slave_0: entered allmulticast mode [ 3189.802996][T21210] Bluetooth: hci5: command tx timeout [ 3190.714419][T26189] bridge_slave_0: entered promiscuous mode [ 3190.732028][T26189] bridge0: port 2(bridge_slave_1) entered blocking state [ 3190.740162][T26189] bridge0: port 2(bridge_slave_1) entered disabled state [ 3190.754829][T26189] bridge_slave_1: entered allmulticast mode [ 3190.764688][T26189] bridge_slave_1: entered promiscuous mode [ 3192.090832][T21210] Bluetooth: hci5: command tx timeout [ 3193.703722][T26553] Lens B: ================= START STATUS ================= [ 3193.711266][T26553] Lens B: Focus, Absolute: 0 [ 3193.718468][T26553] Lens B: ================== END STATUS ================== [ 3194.257546][T21210] Bluetooth: hci5: command tx timeout [ 3194.765745][T26555] netlink: 'syz.8.4138': attribute type 11 has an invalid length. [ 3194.773698][T26555] netlink: 224 bytes leftover after parsing attributes in process `syz.8.4138'. [ 3195.676459][T26189] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3195.737662][T26189] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3195.909886][T26507] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 3195.922807][T26507] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 3195.933630][T26507] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 3196.336043][T26507] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 3196.348658][T26507] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 3196.570721][T21210] Bluetooth: hci5: command tx timeout [ 3198.801007][T26507] Bluetooth: hci1: command tx timeout [ 3198.932151][T26571] mkiss: ax0: crc mode is auto. [ 3198.939490][T21210] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 3198.957943][T21210] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 3198.992607][T21210] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 3199.073262][T21210] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 3199.172531][T21210] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 3199.254621][T26189] team0: Port device team_slave_0 added [ 3199.527701][T26189] team0: Port device team_slave_1 added [ 3199.703789][T26592] loop8: detected capacity change from 0 to 128 [ 3199.743453][T26592] EXT4-fs (loop8): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 3199.815813][T26592] ext4 filesystem being mounted at /52/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 3201.178236][T26507] Bluetooth: hci1: command tx timeout [ 3201.833502][T26507] Bluetooth: hci4: command tx timeout [ 3201.941345][T25279] EXT4-fs (loop8): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 3202.021607][T26189] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 3202.028983][T26189] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3202.055482][T26189] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 3202.069147][T26189] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 3202.295005][T26189] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3202.322470][T26189] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 3202.423940][T21828] bridge_slave_1: left allmulticast mode [ 3202.439380][T21828] bridge_slave_1: left promiscuous mode [ 3202.445193][T21828] bridge0: port 2(bridge_slave_1) entered disabled state [ 3202.554944][T21828] bridge_slave_0: left allmulticast mode [ 3202.605573][T21828] bridge_slave_0: left promiscuous mode [ 3202.611466][T21828] bridge0: port 1(bridge_slave_0) entered disabled state [ 3202.635698][T21828] bridge_slave_1: left allmulticast mode [ 3202.641376][T21828] bridge_slave_1: left promiscuous mode [ 3202.657845][T21828] bridge0: port 2(bridge_slave_1) entered disabled state [ 3202.684791][T21828] bridge_slave_0: left allmulticast mode [ 3202.704704][T21828] bridge_slave_0: left promiscuous mode [ 3202.771670][T21828] bridge0: port 1(bridge_slave_0) entered disabled state [ 3202.882024][T21828] bridge_slave_1: left allmulticast mode [ 3202.908926][T21828] bridge_slave_1: left promiscuous mode [ 3202.939441][T21828] bridge0: port 2(bridge_slave_1) entered disabled state [ 3203.014830][T21828] bridge_slave_0: left allmulticast mode [ 3203.039968][T21828] bridge_slave_0: left promiscuous mode [ 3203.071127][T21828] bridge0: port 1(bridge_slave_0) entered disabled state [ 3203.412287][T26507] Bluetooth: hci1: command tx timeout [ 3203.619225][T21828] bond0 (unregistering): Released all slaves [ 3204.000201][T26507] Bluetooth: hci4: command tx timeout [ 3205.589282][T26632] loop8: detected capacity change from 0 to 64 [ 3205.657607][T26507] Bluetooth: hci1: command tx timeout [ 3206.628394][T26507] Bluetooth: hci4: command tx timeout [ 3207.370284][T21828] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3207.456971][T21210] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 3207.477489][T21210] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 3207.489658][T21210] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 3207.495612][T21828] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3207.528226][T21210] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 3207.540703][T21210] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 3207.593507][T21828] bond0 (unregistering): Released all slaves [ 3207.639169][T26645] loop8: detected capacity change from 0 to 16 [ 3207.691438][T26647] loop9: detected capacity change from 0 to 2048 [ 3207.714255][T26647] UDF-fs: error (device loop9): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 3207.727403][T26647] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 3207.751767][T26645] erofs (device loop8): mounted with root inode @ nid 36. [ 3208.745623][T26651] erofs (device loop8): corrupted dir block 0 @ nid 36 [ 3209.523186][T26507] Bluetooth: hci4: command tx timeout [ 3209.773073][T26507] Bluetooth: hci6: command tx timeout [ 3210.264853][T26661] ceph: No mds server is up or the cluster is laggy [ 3210.296863][T18377] libceph: connect (1)[c::]:6789 error -101 [ 3210.866201][T18377] libceph: mon0 (1)[c::]:6789 connect error [ 3211.973209][T26507] Bluetooth: hci6: command tx timeout [ 3212.863388][ C0] vkms_vblank_simulate: vblank timer overrun [ 3213.308212][T21828] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3213.376350][T21828] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3213.430858][T21828] bond0 (unregistering): Released all slaves [ 3213.597934][T26506] chnl_net:caif_netlink_parms(): no params data found [ 3214.180373][T26507] Bluetooth: hci6: command tx timeout [ 3216.407322][T26507] Bluetooth: hci6: command tx timeout [ 3219.782080][T26724] netlink: 48 bytes leftover after parsing attributes in process `syz.8.4171'. [ 3220.837685][T26506] bridge0: port 1(bridge_slave_0) entered blocking state [ 3220.880771][T26506] bridge0: port 1(bridge_slave_0) entered disabled state [ 3221.093750][T26506] bridge_slave_0: entered allmulticast mode [ 3221.102606][T26506] bridge_slave_0: entered promiscuous mode [ 3222.009739][T26734] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 3222.212062][T21828] hsr_slave_0: left promiscuous mode [ 3222.314635][T21828] hsr_slave_1: left promiscuous mode [ 3222.321136][T21828] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 3222.364636][T21828] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 3222.414552][T21828] hsr_slave_0: left promiscuous mode [ 3222.714438][T21828] hsr_slave_1: left promiscuous mode [ 3222.721217][T21828] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 3222.728745][T21828] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 3222.738075][T21828] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 3222.746079][T21828] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 3224.037985][T21828] veth1_macvtap: left promiscuous mode [ 3224.053659][T21828] veth0_macvtap: left promiscuous mode [ 3224.080397][T21828] veth1_vlan: left promiscuous mode [ 3224.105968][T21828] veth0_vlan: left promiscuous mode [ 3227.569693][T21828] team0 (unregistering): Port device team_slave_1 removed [ 3228.621338][T21828] team0 (unregistering): Port device team_slave_0 removed [ 3230.569339][T26803] loop8: detected capacity change from 0 to 64 [ 3230.669985][T26807] netlink: 48 bytes leftover after parsing attributes in process `syz.9.4175'. [ 3231.999898][T26820] loop8: detected capacity change from 0 to 2048 [ 3232.019712][T26820] UDF-fs: error (device loop8): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 3232.033523][T26820] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 3232.178476][T26824] netlink: 48 bytes leftover after parsing attributes in process `syz.9.4186'. [ 3233.812047][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 3233.818763][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 3236.220164][T21828] team0 (unregistering): Port device team_slave_1 removed [ 3236.347810][T21828] team0 (unregistering): Port device team_slave_0 removed [ 3237.426665][T26506] bridge0: port 2(bridge_slave_1) entered blocking state [ 3237.438611][T26506] bridge0: port 2(bridge_slave_1) entered disabled state [ 3237.446161][T26506] bridge_slave_1: entered allmulticast mode [ 3237.468936][T26506] bridge_slave_1: entered promiscuous mode [ 3237.646926][T26506] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3237.805581][T26506] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3237.974409][T26506] team0: Port device team_slave_0 added [ 3238.074675][T26506] team0: Port device team_slave_1 added [ 3238.238584][T26641] chnl_net:caif_netlink_parms(): no params data found [ 3238.257343][T26558] chnl_net:caif_netlink_parms(): no params data found [ 3238.336460][T26506] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 3238.348352][T26506] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3238.377579][T26506] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 3238.431840][T26506] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 3238.439285][T26506] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3238.467998][T26506] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 3238.538741][T26581] chnl_net:caif_netlink_parms(): no params data found [ 3238.801795][T26506] hsr_slave_0: entered promiscuous mode [ 3238.810230][T26506] hsr_slave_1: entered promiscuous mode [ 3238.816651][T26506] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 3238.824800][T26506] Cannot create hsr debugfs directory [ 3238.906798][T26558] bridge0: port 1(bridge_slave_0) entered blocking state [ 3238.913987][T26558] bridge0: port 1(bridge_slave_0) entered disabled state [ 3238.922183][T26558] bridge_slave_0: entered allmulticast mode [ 3238.931001][T26558] bridge_slave_0: entered promiscuous mode [ 3238.940323][T26558] bridge0: port 2(bridge_slave_1) entered blocking state [ 3238.947446][T26558] bridge0: port 2(bridge_slave_1) entered disabled state [ 3238.954804][T26558] bridge_slave_1: entered allmulticast mode [ 3238.963009][T26558] bridge_slave_1: entered promiscuous mode [ 3239.022745][T26641] bridge0: port 1(bridge_slave_0) entered blocking state [ 3239.033317][T26641] bridge0: port 1(bridge_slave_0) entered disabled state [ 3239.040737][T26641] bridge_slave_0: entered allmulticast mode [ 3239.056068][T26641] bridge_slave_0: entered promiscuous mode [ 3239.154812][T26641] bridge0: port 2(bridge_slave_1) entered blocking state [ 3239.162920][T26641] bridge0: port 2(bridge_slave_1) entered disabled state [ 3239.170512][T26641] bridge_slave_1: entered allmulticast mode [ 3239.178837][T26641] bridge_slave_1: entered promiscuous mode [ 3239.263933][T26581] bridge0: port 1(bridge_slave_0) entered blocking state [ 3239.271817][T26581] bridge0: port 1(bridge_slave_0) entered disabled state [ 3239.279663][T26581] bridge_slave_0: entered allmulticast mode [ 3239.287414][T26581] bridge_slave_0: entered promiscuous mode [ 3239.317797][T26558] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3239.331693][T26558] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3239.370314][T26581] bridge0: port 2(bridge_slave_1) entered blocking state [ 3239.377893][T26581] bridge0: port 2(bridge_slave_1) entered disabled state [ 3239.385216][T26581] bridge_slave_1: entered allmulticast mode [ 3239.393781][T26581] bridge_slave_1: entered promiscuous mode [ 3239.404557][T26641] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3239.474944][T26641] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3239.555810][T26581] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3239.608882][T26558] team0: Port device team_slave_0 added [ 3239.618873][T26558] team0: Port device team_slave_1 added [ 3239.628835][T26581] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3239.649230][T26641] team0: Port device team_slave_0 added [ 3239.659283][T26641] team0: Port device team_slave_1 added [ 3239.772824][T26641] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 3239.780867][T26641] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3239.807319][T26641] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 3239.820434][T26558] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 3239.828890][T26558] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3239.856441][T26558] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 3239.906143][T26641] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 3239.914808][T26641] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3239.944081][T26641] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 3240.000377][T26558] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 3240.013766][T26558] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3240.041462][T26558] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 3240.059295][T26581] team0: Port device team_slave_0 added [ 3240.073741][T26581] team0: Port device team_slave_1 added [ 3240.171790][T26581] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 3240.189790][T26581] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3240.236672][T26581] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 3240.376500][T26581] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 3240.396318][T26581] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3240.442000][T26581] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 3240.516187][T26641] hsr_slave_0: entered promiscuous mode [ 3240.536710][T26641] hsr_slave_1: entered promiscuous mode [ 3240.562184][T26641] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 3240.569802][T26641] Cannot create hsr debugfs directory [ 3240.610871][T26558] hsr_slave_0: entered promiscuous mode [ 3240.627783][T26558] hsr_slave_1: entered promiscuous mode [ 3240.635837][T26558] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 3240.665378][T26558] Cannot create hsr debugfs directory [ 3240.892837][T26581] hsr_slave_0: entered promiscuous mode [ 3240.902496][T26581] hsr_slave_1: entered promiscuous mode [ 3240.911621][T26581] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 3240.920816][T26581] Cannot create hsr debugfs directory [ 3241.133027][T21828] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3241.338937][T21828] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3241.523887][T21828] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3241.690263][T21828] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3242.037540][T26558] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3242.259519][T26558] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3242.477959][T26558] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3242.595355][T21828] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3242.691832][T26558] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3242.749569][T21828] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3242.862692][T21828] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3243.037062][T21828] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3243.145825][T26506] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 3243.184894][T26506] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 3243.277211][T26506] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 3243.324366][T26506] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 3243.813199][T21828] bridge_slave_1: left allmulticast mode [ 3243.818912][T21828] bridge_slave_1: left promiscuous mode [ 3243.844575][T21828] bridge0: port 2(bridge_slave_1) entered disabled state [ 3243.854518][T21828] bridge_slave_0: left allmulticast mode [ 3243.874298][T21828] bridge_slave_0: left promiscuous mode [ 3243.901944][T21828] bridge0: port 1(bridge_slave_0) entered disabled state [ 3243.916245][T21828] bridge_slave_1: left allmulticast mode [ 3243.922621][T21828] bridge_slave_1: left promiscuous mode [ 3243.928410][T21828] bridge0: port 2(bridge_slave_1) entered disabled state [ 3243.942034][T21828] bridge_slave_0: left allmulticast mode [ 3243.947704][T21828] bridge_slave_0: left promiscuous mode [ 3243.954056][T21828] bridge0: port 1(bridge_slave_0) entered disabled state [ 3243.966086][T21828] bridge_slave_1: left allmulticast mode [ 3243.971864][T21828] bridge_slave_1: left promiscuous mode [ 3243.983268][T21828] bridge0: port 2(bridge_slave_1) entered disabled state [ 3243.992704][T21828] bridge_slave_0: left allmulticast mode [ 3244.001161][T21828] bridge_slave_0: left promiscuous mode [ 3244.007132][T21828] bridge0: port 1(bridge_slave_0) entered disabled state [ 3244.270989][T21828] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3244.282586][T21828] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3244.292809][T21828] bond0 (unregistering): Released all slaves [ 3244.653368][T21828] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3244.665045][T21828] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3244.675870][T21828] bond0 (unregistering): Released all slaves [ 3245.078285][T21828] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3245.090730][T21828] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3245.101277][T21828] bond0 (unregistering): Released all slaves [ 3245.242282][T21828] bond0 (unregistering): Released all slaves [ 3245.548576][T26641] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 3245.587026][T26641] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 3245.761050][T26641] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 3245.888610][T26641] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 3246.629988][T26506] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3246.800068][T26506] 8021q: adding VLAN 0 to HW filter on device team0 [ 3246.877246][T20391] bridge0: port 1(bridge_slave_0) entered blocking state [ 3246.884463][T20391] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3246.947773][T21828] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 3246.975682][T21828] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 3247.007081][T21828] hsr_slave_0: left promiscuous mode [ 3247.023164][T21828] hsr_slave_1: left promiscuous mode [ 3247.029369][T21828] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 3247.037479][T21828] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 3247.047055][T21828] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 3247.054821][T21828] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 3247.068805][T21828] hsr_slave_0: left promiscuous mode [ 3247.076413][T21828] hsr_slave_1: left promiscuous mode [ 3247.082564][T21828] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 3247.101802][T21828] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 3247.127449][T21828] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 3247.134963][T21828] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 3247.200275][T21828] veth1_macvtap: left promiscuous mode [ 3247.206103][T21828] veth0_macvtap: left promiscuous mode [ 3247.212475][T21828] veth1_vlan: left promiscuous mode [ 3247.217895][T21828] veth0_vlan: left promiscuous mode [ 3247.231392][T21828] veth1_macvtap: left promiscuous mode [ 3247.237313][T21828] veth0_macvtap: left promiscuous mode [ 3247.243051][T21828] veth1_vlan: left promiscuous mode [ 3247.249423][T21828] veth0_vlan: left promiscuous mode [ 3247.689648][T21828] team0 (unregistering): Port device team_slave_1 removed [ 3247.791686][T21828] team0 (unregistering): Port device team_slave_0 removed [ 3249.022554][T21828] team0 (unregistering): Port device team_slave_1 removed [ 3249.144374][T21828] team0 (unregistering): Port device team_slave_0 removed [ 3250.112833][T21210] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 3250.138524][T21210] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 3250.175836][T21210] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 3250.208461][T21210] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 3250.230804][T21210] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 3250.848080][T21828] team0 (unregistering): Port device team_slave_1 removed [ 3250.904921][T21828] team0 (unregistering): Port device team_slave_0 removed [ 3251.771192][T26641] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3251.959960][T26558] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 3252.042716][T26558] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 3252.133069][T26641] 8021q: adding VLAN 0 to HW filter on device team0 [ 3252.183963][T26558] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 3252.199712][T26558] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 3252.381462][ T6561] bridge0: port 1(bridge_slave_0) entered blocking state [ 3252.388635][ T6561] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3252.494215][T21210] Bluetooth: hci3: command tx timeout [ 3252.530966][ T6561] bridge0: port 2(bridge_slave_1) entered blocking state [ 3252.538222][ T6561] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3252.845110][T26581] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 3252.926060][T26581] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 3253.097891][T26581] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 3253.163204][T26581] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 3253.323166][T27006] chnl_net:caif_netlink_parms(): no params data found [ 3253.576806][T27006] bridge0: port 1(bridge_slave_0) entered blocking state [ 3253.594574][T27006] bridge0: port 1(bridge_slave_0) entered disabled state [ 3253.601921][T27006] bridge_slave_0: entered allmulticast mode [ 3253.638354][T27006] bridge_slave_0: entered promiscuous mode [ 3253.675251][T27006] bridge0: port 2(bridge_slave_1) entered blocking state [ 3253.690868][T27006] bridge0: port 2(bridge_slave_1) entered disabled state [ 3253.698196][T27006] bridge_slave_1: entered allmulticast mode [ 3253.722614][T21828] IPVS: stop unused estimator thread 0... [ 3253.729588][T27006] bridge_slave_1: entered promiscuous mode [ 3253.804427][T26641] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3253.878524][T27006] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3253.938764][T27006] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3254.161220][T27006] team0: Port device team_slave_0 added [ 3254.184276][T27006] team0: Port device team_slave_1 added [ 3254.636139][T27006] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 3254.651448][T27006] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3254.686382][T27006] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 3254.700962][T27006] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 3254.708113][T27006] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3254.738756][T21210] Bluetooth: hci3: command tx timeout [ 3254.778820][T27006] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 3254.819013][T26507] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 3254.830954][T26507] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 3254.839758][T26507] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 3254.847994][T26507] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 3254.876193][T26507] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 3255.109039][T26641] veth0_vlan: entered promiscuous mode [ 3255.160212][T27006] hsr_slave_0: entered promiscuous mode [ 3255.172213][T27006] hsr_slave_1: entered promiscuous mode [ 3255.180441][T27006] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 3255.189268][T27006] Cannot create hsr debugfs directory [ 3255.278347][T26641] veth1_vlan: entered promiscuous mode [ 3255.438387][T26581] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3255.553781][T26581] 8021q: adding VLAN 0 to HW filter on device team0 [ 3255.761485][T20391] bridge0: port 1(bridge_slave_0) entered blocking state [ 3255.768706][T20391] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3255.814335][T26641] veth0_macvtap: entered promiscuous mode [ 3255.867748][T21828] bridge_slave_1: left allmulticast mode [ 3255.875545][T21828] bridge_slave_1: left promiscuous mode [ 3255.881383][T21828] bridge0: port 2(bridge_slave_1) entered disabled state [ 3255.891495][T21828] bridge_slave_0: left allmulticast mode [ 3255.903753][T21828] bridge_slave_0: left promiscuous mode [ 3255.909514][T21828] bridge0: port 1(bridge_slave_0) entered disabled state [ 3256.267308][T21828] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3256.279546][T21828] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3256.292073][T21828] bond0 (unregistering): Released all slaves [ 3256.345665][T22035] bridge0: port 2(bridge_slave_1) entered blocking state [ 3256.352890][T22035] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3256.416526][T26641] veth1_macvtap: entered promiscuous mode [ 3256.493929][T21828] hsr_slave_0: left promiscuous mode [ 3256.499912][T21828] hsr_slave_1: left promiscuous mode [ 3256.512916][T21828] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 3256.521639][T21828] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 3256.754337][T21828] team0 (unregistering): Port device team_slave_1 removed [ 3256.792431][T21828] team0 (unregistering): Port device team_slave_0 removed [ 3256.955337][T26507] Bluetooth: hci3: command tx timeout [ 3257.115513][T26507] Bluetooth: hci5: command tx timeout [ 3257.366933][T26581] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 3257.406802][T26581] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 3257.428756][T26641] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 3257.481192][T27058] chnl_net:caif_netlink_parms(): no params data found [ 3257.559141][T26641] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 3257.587938][T26641] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 3257.607648][T26641] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 3257.621491][T26641] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 3257.633250][T26641] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 3257.851994][T27006] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 3257.874964][T27006] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 3257.886665][T27006] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 3257.899665][T27006] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 3258.034031][T26581] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3258.077249][T27058] bridge0: port 1(bridge_slave_0) entered blocking state [ 3258.093091][T27058] bridge0: port 1(bridge_slave_0) entered disabled state [ 3258.101514][T27058] bridge_slave_0: entered allmulticast mode [ 3258.116096][T27058] bridge_slave_0: entered promiscuous mode [ 3258.149690][T27058] bridge0: port 2(bridge_slave_1) entered blocking state [ 3258.156879][T27058] bridge0: port 2(bridge_slave_1) entered disabled state [ 3258.173319][T27058] bridge_slave_1: entered allmulticast mode [ 3258.184372][T27058] bridge_slave_1: entered promiscuous mode [ 3258.298014][ T6561] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3258.305869][ T6561] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3258.339347][T27058] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3258.443458][T27058] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3258.549802][T27058] team0: Port device team_slave_0 added [ 3258.572506][T27058] team0: Port device team_slave_1 added [ 3258.699252][T27058] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 3258.708547][T27058] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3258.737184][T27058] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 3258.757922][T20391] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3258.765785][T20391] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3258.775048][T27058] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 3258.783279][T27058] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3258.815728][T27058] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 3258.856410][T26581] veth0_vlan: entered promiscuous mode [ 3259.281783][T26507] Bluetooth: hci3: command tx timeout [ 3259.788075][T27087] netlink: 96 bytes leftover after parsing attributes in process `syz.2.3995'. [ 3259.923721][T27087] tmpfs: Bad value for 'mpol' [ 3259.948390][T27087] CIFS mount error: No usable UNC path provided in device string! [ 3259.948390][T27087] [ 3259.958719][T27087] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 3260.263480][T26507] Bluetooth: hci5: command tx timeout [ 3260.764211][T27058] hsr_slave_0: entered promiscuous mode [ 3260.802108][T27058] hsr_slave_1: entered promiscuous mode [ 3260.821650][T27058] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 3260.829377][T27058] Cannot create hsr debugfs directory [ 3260.873494][T26581] veth1_vlan: entered promiscuous mode [ 3262.117907][T27006] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3262.204548][T21828] bridge_slave_1: left allmulticast mode [ 3262.210302][T21828] bridge_slave_1: left promiscuous mode [ 3262.249152][T21828] bridge0: port 2(bridge_slave_1) entered disabled state [ 3263.266135][T26507] Bluetooth: hci5: command tx timeout [ 3264.183238][T21828] bridge_slave_0: left allmulticast mode [ 3264.191142][T21828] bridge_slave_0: left promiscuous mode [ 3264.325918][T26507] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 3264.345411][T26507] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 3264.382457][T21828] bridge0: port 1(bridge_slave_0) entered disabled state [ 3264.411731][T26507] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 3264.444869][T26507] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 3264.453210][T26507] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 3264.587129][T27095] binder: 27094:27095 ioctl 4018620d 0 returned -22 [ 3265.576635][T26507] Bluetooth: hci5: command tx timeout [ 3266.703709][T26507] Bluetooth: hci1: command tx timeout [ 3268.331963][T21828] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3268.390145][T21828] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3268.405065][T21828] bond0 (unregistering): Released all slaves [ 3268.726753][T26507] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 3268.736994][T26507] CPU: 1 UID: 0 PID: 26507 Comm: kworker/u9:0 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 3268.737050][T26507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 3268.737076][T26507] Workqueue: hci0 hci_rx_work [ 3268.737113][T26507] Call Trace: [ 3268.737127][T26507] [ 3268.737142][T26507] dump_stack_lvl+0x16c/0x1f0 [ 3268.737201][T26507] sysfs_warn_dup+0x7f/0xa0 [ 3268.737247][T26507] sysfs_create_dir_ns+0x24b/0x2b0 [ 3268.737293][T26507] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 3268.737337][T26507] ? find_held_lock+0x2b/0x80 [ 3268.737393][T26507] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3268.737439][T26507] ? do_raw_spin_unlock+0x172/0x230 [ 3268.737486][T26507] kobject_add_internal+0x2c4/0x9b0 [ 3268.737533][T26507] kobject_add+0x16e/0x240 [ 3268.737570][T26507] ? __pfx_kobject_add+0x10/0x10 [ 3268.737614][T26507] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3268.737658][T26507] ? kobject_put+0xab/0x5a0 [ 3268.737720][T26507] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3268.737775][T26507] device_add+0x288/0x1a70 [ 3268.737815][T26507] ? __pfx_dev_set_name+0x10/0x10 [ 3268.737860][T26507] ? __pfx_device_add+0x10/0x10 [ 3268.737899][T26507] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3268.737947][T26507] ? mgmt_send_event_skb+0x2fb/0x460 [ 3268.738018][T26507] hci_conn_add_sysfs+0x17e/0x230 [ 3268.738064][T26507] le_conn_complete_evt+0x1075/0x1d70 [ 3268.738134][T26507] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 3268.738187][T26507] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3268.738234][T26507] ? irqentry_exit+0x3b/0x90 [ 3268.738287][T26507] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3268.738335][T26507] ? lockdep_hardirqs_on+0x7c/0x110 [ 3268.738388][T26507] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3268.738444][T26507] hci_le_conn_complete_evt+0x23c/0x370 [ 3268.738513][T26507] hci_le_meta_evt+0x357/0x5e0 [ 3268.738547][T26507] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 3268.738611][T26507] hci_event_packet+0x685/0x11c0 [ 3268.738667][T26507] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 3268.738705][T26507] ? __pfx_hci_event_packet+0x10/0x10 [ 3268.738770][T26507] ? kcov_remote_start+0x3d9/0x6d0 [ 3268.738825][T26507] hci_rx_work+0x2c5/0x16b0 [ 3268.738873][T26507] process_one_work+0x9cf/0x1b70 [ 3268.738934][T26507] ? __pfx_process_one_work+0x10/0x10 [ 3268.738980][T26507] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3268.739047][T26507] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3268.739092][T26507] ? assign_work+0x1a0/0x250 [ 3268.739134][T26507] worker_thread+0x6c8/0xf10 [ 3268.739186][T26507] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3268.739232][T26507] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3268.739276][T26507] ? __kthread_parkme+0x19e/0x250 [ 3268.739329][T26507] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3268.739376][T26507] ? __pfx_worker_thread+0x10/0x10 [ 3268.739420][T26507] kthread+0x3c5/0x780 [ 3268.739458][T26507] ? __pfx_kthread+0x10/0x10 [ 3268.739497][T26507] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3268.739541][T26507] ? rcu_is_watching+0x12/0xc0 [ 3268.739591][T26507] ? __pfx_kthread+0x10/0x10 [ 3268.739630][T26507] ret_from_fork+0x5d7/0x6f0 [ 3268.739686][T26507] ? __pfx_kthread+0x10/0x10 [ 3268.739724][T26507] ret_from_fork_asm+0x1a/0x30 [ 3268.739790][T26507] [ 3268.740220][T26507] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 3269.024393][T21210] Bluetooth: hci1: command tx timeout [ 3269.034942][T26507] Bluetooth: hci0: failed to register connection device [ 3269.107020][T26507] ================================================================== [ 3269.115162][T26507] BUG: KASAN: slab-use-after-free in l2cap_sock_new_connection_cb+0x22a/0x240 [ 3269.124124][T26507] Read of size 8 at addr ffff888036ef8588 by task kworker/u9:0/26507 [ 3269.132210][T26507] [ 3269.134558][T26507] CPU: 1 UID: 0 PID: 26507 Comm: kworker/u9:0 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 3269.134610][T26507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 3269.134639][T26507] Workqueue: hci0 hci_rx_work [ 3269.134678][T26507] Call Trace: [ 3269.134691][T26507] [ 3269.134705][T26507] dump_stack_lvl+0x116/0x1f0 [ 3269.134765][T26507] print_report+0xcd/0x680 [ 3269.134811][T26507] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3269.134868][T26507] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3269.134913][T26507] ? __phys_addr+0xe8/0x180 [ 3269.134961][T26507] ? l2cap_sock_new_connection_cb+0x22a/0x240 [ 3269.135008][T26507] kasan_report+0xe0/0x110 [ 3269.135055][T26507] ? l2cap_sock_new_connection_cb+0x22a/0x240 [ 3269.135100][T26507] l2cap_sock_new_connection_cb+0x22a/0x240 [ 3269.135142][T26507] l2cap_connect_cfm+0x4c7/0xf80 [ 3269.135203][T26507] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 3269.135262][T26507] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 3269.135318][T26507] le_conn_complete_evt+0x1665/0x1d70 [ 3269.135381][T26507] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 3269.135434][T26507] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3269.135481][T26507] ? irqentry_exit+0x3b/0x90 [ 3269.135536][T26507] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3269.135581][T26507] ? lockdep_hardirqs_on+0x7c/0x110 [ 3269.135635][T26507] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3269.135687][T26507] hci_le_conn_complete_evt+0x23c/0x370 [ 3269.135750][T26507] hci_le_meta_evt+0x357/0x5e0 [ 3269.135783][T26507] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 3269.135843][T26507] hci_event_packet+0x685/0x11c0 [ 3269.135896][T26507] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 3269.135933][T26507] ? __pfx_hci_event_packet+0x10/0x10 [ 3269.136001][T26507] ? kcov_remote_start+0x3d9/0x6d0 [ 3269.136050][T26507] hci_rx_work+0x2c5/0x16b0 [ 3269.136091][T26507] process_one_work+0x9cf/0x1b70 [ 3269.136143][T26507] ? __pfx_process_one_work+0x10/0x10 [ 3269.136183][T26507] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3269.136234][T26507] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3269.136279][T26507] ? assign_work+0x1a0/0x250 [ 3269.136317][T26507] worker_thread+0x6c8/0xf10 [ 3269.136362][T26507] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3269.136409][T26507] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3269.136455][T26507] ? __kthread_parkme+0x19e/0x250 [ 3269.136508][T26507] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3269.136555][T26507] ? __pfx_worker_thread+0x10/0x10 [ 3269.136596][T26507] kthread+0x3c5/0x780 [ 3269.136632][T26507] ? __pfx_kthread+0x10/0x10 [ 3269.136668][T26507] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3269.136713][T26507] ? rcu_is_watching+0x12/0xc0 [ 3269.136762][T26507] ? __pfx_kthread+0x10/0x10 [ 3269.136800][T26507] ret_from_fork+0x5d7/0x6f0 [ 3269.136857][T26507] ? __pfx_kthread+0x10/0x10 [ 3269.136891][T26507] ret_from_fork_asm+0x1a/0x30 [ 3269.136946][T26507] [ 3269.136960][T26507] [ 3269.412569][T26507] Allocated by task 26507: [ 3269.416999][T26507] kasan_save_stack+0x33/0x60 [ 3269.421704][T26507] kasan_save_track+0x14/0x30 [ 3269.426412][T26507] __kasan_kmalloc+0xaa/0xb0 [ 3269.431041][T26507] __kmalloc_noprof+0x223/0x510 [ 3269.435910][T26507] sk_prot_alloc+0x1a8/0x2a0 [ 3269.440516][T26507] sk_alloc+0x36/0xc20 [ 3269.444611][T26507] bt_sock_alloc+0x3b/0x3a0 [ 3269.449148][T26507] l2cap_sock_alloc.constprop.0+0x33/0x1d0 [ 3269.454974][T26507] l2cap_sock_new_connection_cb+0x101/0x240 [ 3269.460888][T26507] l2cap_connect_cfm+0x4c7/0xf80 [ 3269.465859][T26507] le_conn_complete_evt+0x1665/0x1d70 [ 3269.471281][T26507] hci_le_conn_complete_evt+0x23c/0x370 [ 3269.476860][T26507] hci_le_meta_evt+0x357/0x5e0 [ 3269.481633][T26507] hci_event_packet+0x685/0x11c0 [ 3269.486599][T26507] hci_rx_work+0x2c5/0x16b0 [ 3269.491116][T26507] process_one_work+0x9cf/0x1b70 [ 3269.496073][T26507] worker_thread+0x6c8/0xf10 [ 3269.500677][T26507] kthread+0x3c5/0x780 [ 3269.504768][T26507] ret_from_fork+0x5d7/0x6f0 [ 3269.509391][T26507] ret_from_fork_asm+0x1a/0x30 [ 3269.514176][T26507] [ 3269.516498][T26507] Freed by task 27123: [ 3269.520563][T26507] kasan_save_stack+0x33/0x60 [ 3269.525257][T26507] kasan_save_track+0x14/0x30 [ 3269.529980][T26507] kasan_save_free_info+0x3b/0x60 [ 3269.535047][T26507] __kasan_slab_free+0x51/0x70 [ 3269.539919][T26507] kfree+0x2b4/0x4d0 [ 3269.543823][T26507] __sk_destruct+0x740/0x980 [ 3269.548440][T26507] sk_destruct+0xc2/0xf0 [ 3269.552711][T26507] __sk_free+0xf4/0x3e0 [ 3269.556897][T26507] sk_free+0x6a/0x90 [ 3269.560825][T26507] l2cap_sock_kill+0x171/0x2d0 [ 3269.565611][T26507] l2cap_sock_cleanup_listen+0x3d/0x2a0 [ 3269.571180][T26507] l2cap_sock_release+0x5c/0x210 [ 3269.576146][T26507] __sock_release+0xb3/0x270 [ 3269.580779][T26507] sock_close+0x1c/0x30 [ 3269.584964][T26507] __fput+0x402/0xb70 [ 3269.588992][T26507] task_work_run+0x150/0x240 [ 3269.593605][T26507] get_signal+0x1d1/0x26d0 [ 3269.598072][T26507] arch_do_signal_or_restart+0x8f/0x7d0 [ 3269.603646][T26507] exit_to_user_mode_loop+0x84/0x110 [ 3269.608958][T26507] do_syscall_64+0x3f6/0x4c0 [ 3269.613607][T26507] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 3269.619517][T26507] [ 3269.621846][T26507] The buggy address belongs to the object at ffff888036ef8000 [ 3269.621846][T26507] which belongs to the cache kmalloc-2k of size 2048 [ 3269.635923][T26507] The buggy address is located 1416 bytes inside of [ 3269.635923][T26507] freed 2048-byte region [ffff888036ef8000, ffff888036ef8800) [ 3269.649937][T26507] [ 3269.652274][T26507] The buggy address belongs to the physical page: [ 3269.658749][T26507] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x36ef8 [ 3269.667540][T26507] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 3269.676060][T26507] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 3269.684057][T26507] page_type: f5(slab) [ 3269.688049][T26507] raw: 00fff00000000040 ffff88801b842000 0000000000000000 0000000000000001 [ 3269.696646][T26507] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 3269.705249][T26507] head: 00fff00000000040 ffff88801b842000 0000000000000000 0000000000000001 [ 3269.713939][T26507] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 3269.722651][T26507] head: 00fff00000000003 ffffea0000dbbe01 00000000ffffffff 00000000ffffffff [ 3269.731351][T26507] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 3269.740055][T26507] page dumped because: kasan: bad access detected [ 3269.746476][T26507] page_owner tracks the page as allocated [ 3269.752198][T26507] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 26558, tgid 26558 (syz-executor), ts 3251877721903, free_ts 3251541842272 [ 3269.775343][T26507] post_alloc_hook+0x1c0/0x230 [ 3269.780140][T26507] get_page_from_freelist+0x1321/0x3890 [ 3269.785708][T26507] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 3269.791623][T26507] alloc_pages_mpol+0x1fb/0x550 [ 3269.796497][T26507] new_slab+0x23b/0x330 [ 3269.800685][T26507] ___slab_alloc+0xd9c/0x1940 [ 3269.805396][T26507] __slab_alloc.constprop.0+0x56/0xb0 [ 3269.810777][T26507] __kmalloc_node_track_caller_noprof+0x2ee/0x510 [ 3269.817219][T26507] kmalloc_reserve+0xef/0x2c0 [ 3269.821913][T26507] pskb_expand_head+0x238/0x1030 [ 3269.826881][T26507] netlink_trim+0x22d/0x310 [ 3269.831414][T26507] netlink_unicast+0xc5/0x7f0 [ 3269.836106][T26507] ctrl_getfamily+0x40a/0x540 [ 3269.840805][T26507] genl_family_rcv_msg_doit+0x209/0x2f0 [ 3269.846373][T26507] genl_rcv_msg+0x55c/0x800 [ 3269.850898][T26507] netlink_rcv_skb+0x158/0x420 [ 3269.855678][T26507] page last free pid 25462 tgid 25462 stack trace: [ 3269.862183][T26507] __free_frozen_pages+0x7fe/0x1180 [ 3269.867430][T26507] __put_partials+0x16d/0x1c0 [ 3269.872126][T26507] qlist_free_all+0x4d/0x120 [ 3269.876743][T26507] kasan_quarantine_reduce+0x195/0x1e0 [ 3269.882229][T26507] __kasan_slab_alloc+0x69/0x90 [ 3269.887114][T26507] kmem_cache_alloc_node_noprof+0x1d5/0x3b0 [ 3269.893032][T26507] __alloc_skb+0x2b2/0x380 [ 3269.897501][T26507] mld_newpack.isra.0+0x18e/0xa20 [ 3269.902551][T26507] add_grhead+0x299/0x340 [ 3269.906900][T26507] add_grec+0x112a/0x1680 [ 3269.911269][T26507] mld_ifc_work+0x41f/0xca0 [ 3269.915953][T26507] process_one_work+0x9cf/0x1b70 [ 3269.920935][T26507] worker_thread+0x6c8/0xf10 [ 3269.925554][T26507] kthread+0x3c5/0x780 [ 3269.929641][T26507] ret_from_fork+0x5d7/0x6f0 [ 3269.934270][T26507] ret_from_fork_asm+0x1a/0x30 [ 3269.939088][T26507] [ 3269.941428][T26507] Memory state around the buggy address: [ 3269.947073][T26507] ffff888036ef8480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3269.955150][T26507] ffff888036ef8500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3269.963227][T26507] >ffff888036ef8580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3269.971331][T26507] ^ [ 3269.975781][T26507] ffff888036ef8600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 3269.983881][T26507] ffff888036ef8680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3269.992045][T26507] ================================================================== [ 3270.018573][T26507] Disabling lock debugging due to kernel taint [ 3270.024803][T26507] ================================================================== [ 3270.032885][T26507] BUG: KASAN: slab-use-after-free in l2cap_connect_cfm+0x4e9/0xf80 [ 3270.040845][T26507] Write of size 6 at addr ffff88807930d018 by task kworker/u9:0/26507 [ 3270.049032][T26507] [ 3270.051387][T26507] CPU: 1 UID: 0 PID: 26507 Comm: kworker/u9:0 Tainted: G B 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 3270.051448][T26507] Tainted: [B]=BAD_PAGE [ 3270.051463][T26507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 3270.051492][T26507] Workqueue: hci0 hci_rx_work [ 3270.051533][T26507] Call Trace: [ 3270.051547][T26507] [ 3270.051561][T26507] dump_stack_lvl+0x116/0x1f0 [ 3270.051625][T26507] print_report+0xcd/0x680 [ 3270.051672][T26507] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3270.051719][T26507] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3270.051763][T26507] ? __phys_addr+0xe8/0x180 [ 3270.051809][T26507] ? l2cap_connect_cfm+0x4e9/0xf80 [ 3270.051866][T26507] kasan_report+0xe0/0x110 [ 3270.051909][T26507] ? l2cap_connect_cfm+0x4e9/0xf80 [ 3270.051966][T26507] kasan_check_range+0x100/0x1b0 [ 3270.052020][T26507] __asan_memcpy+0x3c/0x60 [ 3270.052062][T26507] l2cap_connect_cfm+0x4e9/0xf80 [ 3270.052123][T26507] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 3270.052181][T26507] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 3270.052236][T26507] le_conn_complete_evt+0x1665/0x1d70 [ 3270.052301][T26507] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 3270.052354][T26507] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3270.052400][T26507] ? irqentry_exit+0x3b/0x90 [ 3270.052457][T26507] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3270.052499][T26507] ? lockdep_hardirqs_on+0x7c/0x110 [ 3270.052552][T26507] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3270.052599][T26507] hci_le_conn_complete_evt+0x23c/0x370 [ 3270.052660][T26507] hci_le_meta_evt+0x357/0x5e0 [ 3270.052694][T26507] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 3270.052754][T26507] hci_event_packet+0x685/0x11c0 [ 3270.052809][T26507] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 3270.052845][T26507] ? __pfx_hci_event_packet+0x10/0x10 [ 3270.052904][T26507] ? kcov_remote_start+0x3d9/0x6d0 [ 3270.052953][T26507] hci_rx_work+0x2c5/0x16b0 [ 3270.052992][T26507] process_one_work+0x9cf/0x1b70 [ 3270.053048][T26507] ? __pfx_process_one_work+0x10/0x10 [ 3270.053088][T26507] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3270.053137][T26507] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3270.053182][T26507] ? assign_work+0x1a0/0x250 [ 3270.053218][T26507] worker_thread+0x6c8/0xf10 [ 3270.053263][T26507] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3270.053309][T26507] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3270.053354][T26507] ? __kthread_parkme+0x19e/0x250 [ 3270.053410][T26507] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3270.053456][T26507] ? __pfx_worker_thread+0x10/0x10 [ 3270.053497][T26507] kthread+0x3c5/0x780 [ 3270.053534][T26507] ? __pfx_kthread+0x10/0x10 [ 3270.053570][T26507] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3270.053615][T26507] ? rcu_is_watching+0x12/0xc0 [ 3270.053666][T26507] ? __pfx_kthread+0x10/0x10 [ 3270.053701][T26507] ret_from_fork+0x5d7/0x6f0 [ 3270.053761][T26507] ? __pfx_kthread+0x10/0x10 [ 3270.053796][T26507] ret_from_fork_asm+0x1a/0x30 [ 3270.053850][T26507] [ 3270.053864][T26507] [ 3270.336781][T26507] Allocated by task 26507: [ 3270.341213][T26507] kasan_save_stack+0x33/0x60 [ 3270.345938][T26507] kasan_save_track+0x14/0x30 [ 3270.350641][T26507] __kasan_kmalloc+0xaa/0xb0 [ 3270.355256][T26507] l2cap_chan_create+0x44/0x920 [ 3270.360163][T26507] l2cap_sock_alloc.constprop.0+0xf5/0x1d0 [ 3270.365997][T26507] l2cap_sock_new_connection_cb+0x101/0x240 [ 3270.371909][T26507] l2cap_connect_cfm+0x4c7/0xf80 [ 3270.376882][T26507] le_conn_complete_evt+0x1665/0x1d70 [ 3270.382289][T26507] hci_le_conn_complete_evt+0x23c/0x370 [ 3270.387868][T26507] hci_le_meta_evt+0x357/0x5e0 [ 3270.392642][T26507] hci_event_packet+0x685/0x11c0 [ 3270.397618][T26507] hci_rx_work+0x2c5/0x16b0 [ 3270.402140][T26507] process_one_work+0x9cf/0x1b70 [ 3270.407101][T26507] worker_thread+0x6c8/0xf10 [ 3270.411712][T26507] kthread+0x3c5/0x780 [ 3270.415795][T26507] ret_from_fork+0x5d7/0x6f0 [ 3270.420416][T26507] ret_from_fork_asm+0x1a/0x30 [ 3270.425197][T26507] [ 3270.427607][T26507] Freed by task 27123: [ 3270.431679][T26507] kasan_save_stack+0x33/0x60 [ 3270.436379][T26507] kasan_save_track+0x14/0x30 [ 3270.441082][T26507] kasan_save_free_info+0x3b/0x60 [ 3270.446141][T26507] __kasan_slab_free+0x51/0x70 [ 3270.450926][T26507] kfree+0x2b4/0x4d0 [ 3270.454834][T26507] l2cap_chan_put+0x216/0x2c0 [ 3270.459531][T26507] l2cap_sock_cleanup_listen+0x4d/0x2a0 [ 3270.465096][T26507] l2cap_sock_release+0x5c/0x210 [ 3270.470055][T26507] __sock_release+0xb3/0x270 [ 3270.474681][T26507] sock_close+0x1c/0x30 [ 3270.478872][T26507] __fput+0x402/0xb70 [ 3270.482905][T26507] task_work_run+0x150/0x240 [ 3270.487640][T26507] get_signal+0x1d1/0x26d0 [ 3270.492109][T26507] arch_do_signal_or_restart+0x8f/0x7d0 [ 3270.497689][T26507] exit_to_user_mode_loop+0x84/0x110 [ 3270.503013][T26507] do_syscall_64+0x3f6/0x4c0 [ 3270.507653][T26507] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 3270.513572][T26507] [ 3270.515906][T26507] The buggy address belongs to the object at ffff88807930d000 [ 3270.515906][T26507] which belongs to the cache kmalloc-2k of size 2048 [ 3270.529995][T26507] The buggy address is located 24 bytes inside of [ 3270.529995][T26507] freed 2048-byte region [ffff88807930d000, ffff88807930d800) [ 3270.543821][T26507] [ 3270.546153][T26507] The buggy address belongs to the physical page: [ 3270.552573][T26507] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x79308 [ 3270.561354][T26507] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 3270.569867][T26507] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 3270.577429][T26507] page_type: f5(slab) [ 3270.581426][T26507] raw: 00fff00000000040 ffff88801b842000 dead000000000100 dead000000000122 [ 3270.590028][T26507] raw: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000 [ 3270.598631][T26507] head: 00fff00000000040 ffff88801b842000 dead000000000100 dead000000000122 [ 3270.607321][T26507] head: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000 [ 3270.616160][T26507] head: 00fff00000000003 ffffea0001e4c201 00000000ffffffff 00000000ffffffff [ 3270.624888][T26507] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 3270.633566][T26507] page dumped because: kasan: bad access detected [ 3270.639993][T26507] page_owner tracks the page as allocated [ 3270.645709][T26507] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 23444, tgid 23444 (syz-executor), ts 2740312282124, free_ts 2740281625194 [ 3270.668431][T26507] post_alloc_hook+0x1c0/0x230 [ 3270.673224][T26507] get_page_from_freelist+0x1321/0x3890 [ 3270.678794][T26507] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 3270.684715][T26507] alloc_pages_mpol+0x1fb/0x550 [ 3270.689598][T26507] new_slab+0x23b/0x330 [ 3270.693791][T26507] ___slab_alloc+0xd9c/0x1940 [ 3270.698502][T26507] __slab_alloc.constprop.0+0x56/0xb0 [ 3270.703890][T26507] __kmalloc_node_track_caller_noprof+0x2ee/0x510 [ 3270.710337][T26507] kmalloc_reserve+0xef/0x2c0 [ 3270.715029][T26507] __alloc_skb+0x166/0x380 [ 3270.719473][T26507] inet6_ifinfo_notify+0x77/0x150 [ 3270.724529][T26507] addrconf_notify+0x81a/0x19e0 [ 3270.729411][T26507] notifier_call_chain+0xbc/0x410 [ 3270.734477][T26507] call_netdevice_notifiers_info+0xbe/0x140 [ 3270.740393][T26507] __dev_notify_flags+0x12c/0x2e0 [ 3270.745446][T26507] netif_change_flags+0x108/0x160 [ 3270.750502][T26507] page last free pid 23566 tgid 23566 stack trace: [ 3270.757002][T26507] __free_frozen_pages+0x7fe/0x1180 [ 3270.762236][T26507] __put_partials+0x16d/0x1c0 [ 3270.766927][T26507] qlist_free_all+0x4d/0x120 [ 3270.771533][T26507] kasan_quarantine_reduce+0x195/0x1e0 [ 3270.777010][T26507] __kasan_slab_alloc+0x69/0x90 [ 3270.781881][T26507] kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 3270.787356][T26507] getname_flags.part.0+0x4c/0x550 [ 3270.792502][T26507] getname_flags+0x93/0xf0 [ 3270.796931][T26507] __x64_sys_execve+0x74/0xb0 [ 3270.801621][T26507] do_syscall_64+0xcd/0x4c0 [ 3270.806156][T26507] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 3270.812067][T26507] [ 3270.814403][T26507] Memory state around the buggy address: [ 3270.820033][T26507] ffff88807930cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3270.828106][T26507] ffff88807930cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3270.836175][T26507] >ffff88807930d000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3270.844242][T26507] ^ [ 3270.849098][T26507] ffff88807930d080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3270.857171][T26507] ffff88807930d100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3270.865236][T26507] ================================================================== [ 3270.886141][T26507] Kernel panic - not syncing: kasan.fault=panic_on_write set ... [ 3270.893906][T26507] CPU: 1 UID: 0 PID: 26507 Comm: kworker/u9:0 Tainted: G B 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 3270.907929][T26507] Tainted: [B]=BAD_PAGE [ 3270.912098][T26507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 3270.922181][T26507] Workqueue: hci0 hci_rx_work [ 3270.926903][T26507] Call Trace: [ 3270.930201][T26507] [ 3270.933150][T26507] dump_stack_lvl+0x3d/0x1f0 [ 3270.937790][T26507] panic+0x71c/0x800 [ 3270.941727][T26507] ? rcu_is_watching+0x12/0xc0 [ 3270.946526][T26507] ? __pfx_panic+0x10/0x10 [ 3270.950979][T26507] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3270.956643][T26507] ? l2cap_connect_cfm+0x4e9/0xf80 [ 3270.961788][T26507] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3270.967446][T26507] ? preempt_schedule_common+0x44/0xc0 [ 3270.972940][T26507] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3270.978604][T26507] ? preempt_schedule_thunk+0x16/0x30 [ 3270.984271][T26507] ? l2cap_connect_cfm+0x4e9/0xf80 [ 3270.989418][T26507] end_report+0x159/0x170 [ 3270.993778][T26507] kasan_report+0xee/0x110 [ 3270.998261][T26507] ? l2cap_connect_cfm+0x4e9/0xf80 [ 3271.003454][T26507] kasan_check_range+0x100/0x1b0 [ 3271.008443][T26507] __asan_memcpy+0x3c/0x60 [ 3271.012885][T26507] l2cap_connect_cfm+0x4e9/0xf80 [ 3271.017871][T26507] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 3271.023368][T26507] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 3271.028866][T26507] le_conn_complete_evt+0x1665/0x1d70 [ 3271.034288][T26507] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 3271.040051][T26507] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3271.045713][T26507] ? irqentry_exit+0x3b/0x90 [ 3271.050339][T26507] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3271.055999][T26507] ? lockdep_hardirqs_on+0x7c/0x110 [ 3271.061236][T26507] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3271.067030][T26507] hci_le_conn_complete_evt+0x23c/0x370 [ 3271.072638][T26507] hci_le_meta_evt+0x357/0x5e0 [ 3271.077430][T26507] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 3271.083548][T26507] hci_event_packet+0x685/0x11c0 [ 3271.088532][T26507] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 3271.093848][T26507] ? __pfx_hci_event_packet+0x10/0x10 [ 3271.099340][T26507] ? kcov_remote_start+0x3d9/0x6d0 [ 3271.104496][T26507] hci_rx_work+0x2c5/0x16b0 [ 3271.109044][T26507] process_one_work+0x9cf/0x1b70 [ 3271.114030][T26507] ? __pfx_process_one_work+0x10/0x10 [ 3271.119427][T26507] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3271.125096][T26507] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3271.130762][T26507] ? assign_work+0x1a0/0x250 [ 3271.135380][T26507] worker_thread+0x6c8/0xf10 [ 3271.140003][T26507] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3271.145673][T26507] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3271.151337][T26507] ? __kthread_parkme+0x19e/0x250 [ 3271.156416][T26507] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3271.162088][T26507] ? __pfx_worker_thread+0x10/0x10 [ 3271.167235][T26507] kthread+0x3c5/0x780 [ 3271.171333][T26507] ? __pfx_kthread+0x10/0x10 [ 3271.175954][T26507] ? srso_alias_return_thunk+0x5/0xfbef5 [ 3271.181627][T26507] ? rcu_is_watching+0x12/0xc0 [ 3271.186434][T26507] ? __pfx_kthread+0x10/0x10 [ 3271.191092][T26507] ret_from_fork+0x5d7/0x6f0 [ 3271.195732][T26507] ? __pfx_kthread+0x10/0x10 [ 3271.200345][T26507] ret_from_fork_asm+0x1a/0x30 [ 3271.205156][T26507] [ 3271.208495][T26507] Kernel Offset: disabled [ 3271.212836][T26507] Rebooting in 86400 seconds..