last executing test programs: 1m52.376706935s ago: executing program 3 (id=64): setsockopt$MRT_ADD_MFC_PROXY(0xffffffffffffffff, 0x0, 0xd2, &(0x7f0000000200)={@empty, @multicast2=0xe0000300, 0x0, "028a3f6c58b274e6d8451697efe42811ee1df06e9264f7d866b1970548fc3c7b", 0xb2, 0xfffffff7, 0x6, 0x6}, 0x3c) syz_usb_connect(0x0, 0x1c5, &(0x7f0000000200)=ANY=[@ANYBLOB="120100002aa9dc20560800bc7fb2010203010902"], 0x0) r0 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7734, 0x80, 0x0, 0x34f}, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x15523ea56aa22b9a, 0x0, 0x0, 0x0, 0x12345}) io_uring_enter(r0, 0x47bc, 0x0, 0x8, 0x0, 0x0) 1m49.958504192s ago: executing program 3 (id=81): r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_user\x00', 0x275a, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000000206010200000000000000000100000005000400000000000900"], 0x28}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffffc}, 0x18) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1d, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd0007008019000000000000000000000000af1e4ccfb7b3cad800", [0x0, 0x2000000000001]}}) 1m49.412247956s ago: executing program 3 (id=84): r0 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000780)=@gettaction={0x14, 0x32, 0x1, 0x70bd29, 0x25dfdbfc}, 0x14}}, 0x0) getsockname$packet(r0, &(0x7f0000000540)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x44, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_RSC={0x10, 0x1, {0x5, 0xa, 0xffff}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000680)=@newtfilter={0x40, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0xfffa, 0xfff3}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0xfff1, 0x4}}]}}]}, 0x40}}, 0x24000000) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 1m48.933764724s ago: executing program 3 (id=86): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0) umount2(&(0x7f00000001c0)='./file0/file0\x00', 0x0) 1m48.645573073s ago: executing program 3 (id=89): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) write$UHID_CREATE2(r0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119) syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1008082, &(0x7f00000001c0)={[{@nodioread_nolock}, {@nolazytime}, {@abort}, {@errors_continue}, {@dioread_nolock}, {@jqfmt_vfsv0}, {@nomblk_io_submit}, {@nobarrier}]}, 0x0, 0x5e0, &(0x7f00000011c0)="$eJzs3c1vVFUbAPDnTj9oKe/bQt68igtpYgwkSksLGGJcwNaQBj/ixo2VFkQKNLRGiyaUBDcmxo0xJq5ciP+FEtmy0pULN64MCVHD0sQxd3pv6bR3+kU7t3J/v2TouefM5Zzb6dNz5vScOwFU1mD6Ty1if0RMJxH9yfxiWWdkhYMLz3vw50dn00cS9fprvyeRZHn585Psa192ck9E/PhDEvs6VtY7M3ft4vjU1OTV7Hh49tL08MzctcMXLo2fnzw/eXn0hdETx48dPzFyZFPXdb0g7/TNd9/v/2TszW+++isZ+faXsSROxsvZE5dex1YZjMHG9yRZWdR3YqsrK0lH9nOy9CVOOoue2dW+RrFu+euXvjpPRH90xMMXrz8+fqXUxgHbqp5E1IGKSsQ/VFQ+Dsjf2y9/H1wrZVQCtMP9UwsTACvjv3NhbjB6GnMDux8ksXRaJ4mIzc3MNdsTEXfvjN08d2fsZmzTPBxQbP5GRDxZFP9JI/4HoicGGvFfa4r/dFxwJvua5r+6yfqXTxWLf2ifhfjvWTX+o0X8v7Uk/t/eZP2DD5Pv9DbFf+9mLwkAAAAAAAAq6/apiHi+6O//tcX1P1Gw/qcvIk5uQf2Dy45X/v2/dm8LqgEK3D8V8VLh+t9avvp3oCNL/aexHqArOXdhavJIRPw3Ig5F1670eGSVOg5/uu/LVmWD2fq//JHWfzdbC5i1417nruZzJsZnxx/1uoGI+zcinipc/5ss9v9JQf+f/j6YXmcd+569daZV2drxD2yX+tcRBwv7/4d3rUhWvz/HcGM8MJyPClZ6+sPPvmtV/2bjv/AWE8CGpP3/7tXjfyBZer+emY3XcXSus96qbLPj/+7k9cYtZ7qzvA/GZ2evjkR0J6c70tym/NGNtxkeR3k85PGSxv+hZ1af/ysa//dGxPyy/zv5o3lPce7/f/f92qo9xv9QnjT+JzbU/288MXpr4PtW9a+v/z/W6OsPZTnm/2DBF3mYdjfnF4RjZ1FRu9sLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI+DWkTsiaQ2tJiu1YaGIvoi4n+xuzZ1ZWb2uXNX3rs8kZY1Pv+/ln/Sb//CcZJ//v/AkuPRZcdHI2JvRHze0ds4Hjp7ZWqi7IsHAAAAAAAAAAAAAAAAAACAHaKvxf7/1G8dZbcO2HadZTcAKE1B/P9URjuA9tP/Q3WJf6gu8Q/VJf6husQ/VJf4h+oS/1Bd4h8AAAAAAB4rew/c/jmJiPkXexuPVHdW1lVqy4DtViu7AUBp3OIHqsvSH6gu7/GBZI3ynpYnrXXmaqbPPsLJAAAAAAAAAAAAAFA5B/fb/w9VZf8/VJf9/1Bd+f7/AyW3A2g/7/GBWGMnf+H+/zXPAgAAAAAAAAAAAAC20szctYvjU1OTVyXe2BnNaGeiXq9fT38Kdkp7/uWJfCn8TmnPskS+1299Z5X3OwkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGj2TwAAAP//+Ekkyg==") r1 = syz_open_dev$hidraw(&(0x7f00000004c0), 0x0, 0x14a042) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000c0005001a0608"], 0x15) ioctl$HIDIOCGRDESCSIZE(r1, 0x80044801, &(0x7f0000000180)) 1m47.983590237s ago: executing program 3 (id=93): r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r1, 0xc02064b6, &(0x7f00000001c0)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f0000000200)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r4, r3, 0x0, 0x0, 0x0, 0x800, {0x4, 0x1, 0x3, 0x69, 0x200, 0x0, 0x2, 0x5, 0x4cab, 0xe156, 0x0, 0x0, 0x60ff, 0x0, "fe1d00003413000000000000000caa000000090000000000000004b427180010"}}) 1m47.447008253s ago: executing program 32 (id=93): r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r1, 0xc02064b6, &(0x7f00000001c0)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f0000000200)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r4, r3, 0x0, 0x0, 0x0, 0x800, {0x4, 0x1, 0x3, 0x69, 0x200, 0x0, 0x2, 0x5, 0x4cab, 0xe156, 0x0, 0x0, 0x60ff, 0x0, "fe1d00003413000000000000000caa000000090000000000000004b427180010"}}) 1m45.102085012s ago: executing program 0 (id=110): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000580)={0x0, 0x2e21}) 1m28.743324371s ago: executing program 0 (id=110): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000580)={0x0, 0x2e21}) 1m27.975345017s ago: executing program 5 (id=183): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000072"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) close(r0) r1 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r1, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x30004081) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r2}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20) recvmsg(r1, &(0x7f0000000e80)={0x0, 0x0, 0x0}, 0x40004140) 1m27.719310169s ago: executing program 5 (id=187): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x800810, &(0x7f0000000040)={[{@nobh}, {@nojournal_checksum}]}, 0xff, 0x23f, &(0x7f0000000540)="$eJzs3T1oLFUYBuB3Zne95t5FrtoI4g+IiAbCtRNsYqMQkBBEBBUiIjZKIsQEu8TKxkJrlVQ2QeyMlpIm2CiCVdQUsRE0WBgstFiZnURisuLPxh1xngdmZ2b3nPnOMPOe3WbYAK11Nclskk6S6SS9JMXpBnfWy9Xj3c2p3cVkMHjsh2LYrt6vnfS7kmQjyQNJdsoiL3STte2nDn7ae+Se11d7d7+7/eTURE/y2OHB/qNH78y/9sHc/WufffHdfJHZ9H93XhevGPFet0hu+jeK/UcU3aZHwF+x8Mr7X1a5vznJXcP891KmvnhvrFy308t9b/9R3ze///zWSY4VuHiDQa/6DtwYAK1TJumnKGeS1NtlOTNT/4b/qnO5fHF55eXp55dXl55reqYCLko/2X/4o0sfXjmT/287df6B/68q/48vbH1dbR91mh4NMBG31asq/9PPrN8b+YfWkX9oL/mH9pJ/aC/5h/aSf2gv+Yf2kn9oL/mH9pJ/aK/T+QcA2mVwqeknkIGmND3/AAAAAAAAAAAAAAAAAAAA521O7S6eLJOq+clbyeFDSbqj6neG/0ecXD98vfxjUTX7TVF3G8vTd4x5gDG91/DT1zd802z9T29vtv76UrLxapJr3e75+684vv/+uRv/5PPes2MW+JuKM/sPPjHZ+mf9stVs/bm95ONq/rk2av4pc8twPXr+6VfXb8z6L/085gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACYmF8DAAD//xFQbUc=") creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) symlink(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') mkdir(&(0x7f00000007c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x180) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x103500, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000006880)=@v2={0x2, @adiantum, 0x4, '\x00', @a}) 1m27.104621009s ago: executing program 5 (id=192): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4000}}, &(0x7f0000000000)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) sendmsg$ETHTOOL_MSG_PAUSE_GET(r1, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000100)={0x20, r2, 0x1, 0x70bd2a, 0x0, {0x1a}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x40880}, 0xd0) 1m25.855355441s ago: executing program 5 (id=202): syz_mount_image$ext4(&(0x7f0000000700)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x8042, &(0x7f0000000380)={[{@grpjquota}, {@init_itable_val={'init_itable', 0x3d, 0x7}}, {@dioread_nolock}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x7fffffff}}]}, 0x3, 0x4f3, &(0x7f00000012c0)="$eJzs3F1oXFUeAPD/nXz2a5vd7Xa33e5uut1lwxaTNq02D4JUFHxQECuojyFJS23aSJOCLVWmIPVRCr6Lj7764Kv6UsQnwdf6KEihSF/aCuLInbl3vjKTNJNkxpjfD27mnHtn7jnnnnvunHtO5gawbY2mf5JK+E5E7I2IQvMbRisvD+9fn3l0//pMFEulMz8m5Y89SOOZbDexK4uMFSIK7yW1DXUWr167MD0/P3c5i08sXXxrYvHqtSfOD2drpqaS/g4L1SK9tFwPDr67cOjAC2/cemmmuuc8tfpybJTRGG2VlbL/bnRiPbanLtxxvdF16fmfVtdAuf3vjb5YqfKKXcwZsNlKpVJpqP3mYqnZjWVrgC0rhnudA6A38i/69P43X1p1BAY3p/vRc/dOV26A0nI/zJaIf5VX5uMgA033txtpNCJeL/70UbrEJo1DAADU++J03hNs6v+NVGZGfr5y+5n09Q/ZHMpIRPwxIv4UEX+OiH0R8ZeI2B8Rf42IvzXtvy8iSiukP9oUr6ZfnYQq3N2goraU9v+ezua20qU291UNjfRlsT0ReYd57lh2TMZiYOjs+fm54yuk8eVz337Qblt9/y9d0jzkfcEsH3f7mwboZqeXpjsr7XL3bkQc7K+Vv9L/TfojkupMQBIRByLi4Br2O1IXPv//Tw5VIwON71u9/GWllvNoGzDPVPo44n+V+i9GtfzRMImYNMxPXpw+N3du7tLk1NTJE8dPPTX55MRwzM8dm0jPgmMt0/j6m5svt0t/1fJ/9n3zR54/9fmZrGWtX1r/O+vO/8jnb2vlH0kikup87eLa07j53ftt72k6Pf8Hk1fL4fy+9O3ppaXLxyMGkxeXr5+sfTaPp69RrJR/7Ejz+V9Ot3yNy4/E3yMiPYn/ERH/jModYpr3wxHx74g4skL5v3r2P292Xv7NlZZ/NhrLX6n5hvqvzde3CyTZ3GDDpsFIA30XDt951Obi8Xj1f7IcGsvWtL7+JQ2XiHY5zb/t0jW/rPvoAQAAwNZQiIjddWNJu6NQGB+vjAHti52F+YXFpaNnF65cmk23RYzEQCEf6aqMBw8k+fjnSF18sil+Ihs3/rBvRzk+PrMwP9vTkgO7ym0+KYxHvNZX1/5TP2zMEDPwW+b3WrB9rdT+0078/ltdzAzQVY///X/7nU3NCNB1de2/3S/8ix383xewBbj/B2pWf9CPawZsfSVtGba1NbX/ox4CCL8n/fFKNVzoaU6AbtP/h21p1d/1rytQGmq9aTiWvzmGV95hX3SWjR0t0upJIO1Z9ST1HZ18Kn+aQtv3RGFtOxyKxjWDHdbp2XUejeLlxXP7ayd//myRdR7nUva/8htdg592pZ22CnT9UgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALApfg0AAP//XhrXwA==") setreuid(0x0, 0xee00) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) chdir(&(0x7f0000000240)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) getdents64(r0, 0x0, 0x22) 1m24.707645726s ago: executing program 5 (id=207): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) fsopen(0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, 0x0, r1) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(r2, 0x5, 0x0, 0x0) 1m23.815584004s ago: executing program 5 (id=215): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYRESHEX], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r0}, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f00000000c0)=@framed, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000340)={r1, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000000c0)={r2}, 0x4) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r3, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4a, 0x0, 0x8, 0x0, 0x0}}, 0x10) 1m23.287865625s ago: executing program 33 (id=215): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYRESHEX], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r0}, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f00000000c0)=@framed, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000340)={r1, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000000c0)={r2}, 0x4) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r3, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4a, 0x0, 0x8, 0x0, 0x0}}, 0x10) 1m7.336493597s ago: executing program 0 (id=110): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000580)={0x0, 0x2e21}) 59.839294624s ago: executing program 6 (id=346): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r0, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) writev(r0, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x3, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x0, 0x5, 0x4, 0x0, 0x7, 0x3c5b, 0x1, 0x24, 0x6, 0x1, 0x5, 0xffffffff, 0xe661, 0x4, 0x7, 0x3, 0x8, 0x4c74, 0x80000000, 0x242, 0x3, 0xe, 0x0, 0x80008061, 0x7, 0x17, 0x5, 0x7, 0x5, 0x3e, 0x8f, 0x4006, 0x6, 0x0, 0x5, 0x4, 0x8, 0x400, 0x80, 0x0, 0x5, 0x4006, 0x8, 0x3, 0xfffffffe, 0x40], [0x10000007, 0x9, 0x8000012f, 0x6, 0x5, 0x6, 0x12, 0xc8, 0xf9, 0xe, 0x2bf, 0xfffffeff, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0x4000, 0x4, 0xa, 0x7fff, 0x9, 0x420, 0x401, 0x5, 0x1, 0xff, 0x5, 0x1000005, 0x5f31, 0x0, 0x4e0, 0x2, 0x4, 0xa, 0x4, 0x9, 0x81, 0x9, 0x9, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0x2, 0x4, 0x9, 0x6, 0x3, 0x9, 0x1, 0x3, 0x3, 0x1f, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x0, 0x7fff, 0x0, 0x5, 0x2000b, 0x9, 0x9, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x10000, 0x3, 0x5, 0x3e5, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x4, 0x38, 0x820003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0xffe, 0xa2, 0x7, 0xa5, 0x5, 0x9, 0xac8, 0xc0, 0x2, 0x6, 0x7ff, 0x12b, 0x4, 0x1, 0x4, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x4, 0xb, 0x5, 0x938, 0x2, 0xf, 0x0, 0xb9, 0xce7, 0x9, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x4, 0x7fff, 0xffff, 0x2000a620, 0x102, 0x5, 0x1, 0x2, 0x7, 0xe7, 0x6, 0x16, 0xffffffff, 0x80000003, 0x5, 0x4, 0xc8, 0x9, 0xffffeffc, 0x10000, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0xaf, 0x8, 0x6, 0x226, 0x5, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xfffffffa, 0x7, 0x1, 0x6c1b, 0x0, 0x20000004, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) 58.606146407s ago: executing program 6 (id=354): r0 = syz_usb_connect$uac1(0x0, 0xac, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029a0003010000000904000000010100000a24010000000201020c24020000000000000800000524050000082407000000009e0c240700000000a3e82f07070d240701060000fd80000000e80924030000000001"], 0x0) syz_usb_control_io(r0, &(0x7f0000000140)={0x2c, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x407}}, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$uac1(r0, &(0x7f0000001840)={0x14, 0x0, &(0x7f0000000080)={0x0, 0x3, 0x2, @string={0x2}}}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000c40)={0x84, &(0x7f0000000740)={0x20, 0x3, 0x2, "b23b"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000b40)={0x84, &(0x7f0000000500)={0x40, 0x1, 0x2, "3aec"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000001480)={0x84, &(0x7f0000001040)={0x40, 0x8, 0x2, "e249"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) 55.619607635s ago: executing program 6 (id=365): r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000b00)={0x4, "abacd211119ca94c63377526aeb5ab2c7b9ca5fa07558139ede6dc06270ee042", 0xffffffffffffffff}) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000f40)={0x8, "b546baa5cc590d3033de259c2996817bb959ebab028deda525e19bdeffafde25", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r2, 0xc0303e03, &(0x7f0000000780)={"d1ed39d88b014076ab94c1fb10628c46d2e681cdb9e581a38ebb0ddd5f307e56", r3, 0xffffffffffffffff}) close_range(r0, r1, 0x0) ioctl$SYNC_IOC_FILE_INFO(r4, 0xc0383e04, &(0x7f00000000c0)={""/32, 0x0, 0x0, 0x0, 0x0, 0x0}) 55.443460458s ago: executing program 6 (id=367): syz_mount_image$vfat(&(0x7f0000000280), &(0x7f00000002c0)='./file0\x00', 0x2adbc3b, 0xffffffffffffffff, 0x7, 0x0, 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000440)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) 55.221999484s ago: executing program 6 (id=370): openat$tcp_mem(0xffffffffffffff9c, 0x0, 0x1, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKINFO_SET(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000007c0)={0x34, r2, 0x1, 0x70bd24, 0x25dfdbfc, {}, [@ETHTOOL_A_LINKINFO_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKINFO_PORT={0x5, 0x2, 0x7}]}, 0x34}, 0x1, 0x0, 0x0, 0x20009005}, 0x0) 54.459588067s ago: executing program 4 (id=373): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x3, 0x4, 0x0, 0x0, 0xc, 0x4, 0xf, 0x3, 0xb8, 0x2, 0x2, 0x5, 0x0, 0x8, 0x1, 0x3, 0x9, 0x6d, 0x81, '\x00', 0x0, 0x101}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0x0, 0x200, 0x20003, 0x10020f5b, 0x0, [{0x0, 0x9}, {}, {}, {0x0, 0x35, 0xff}, {0x20, 0xa, 0xfc}, {0x0, 0x0, 0x6, '\x00', 0x7}, {0x20}, {0x2, 0x1, 0x7}, {0x0, 0x0, 0x8}, {0x0, 0x1, 0x2}, {0x0, 0x0, 0xfe, '\x00', 0x1}, {0x0, 0x0, 0x0, '\x00', 0x3}, {}, {0x0, 0xfc}, {0x7, 0x0, 0x0, '\x00', 0x39}, {0x0, 0x0, 0x0, '\x00', 0x8}, {0x0, 0x8, 0x0, '\x00', 0xff}, {0x0, 0x75, 0xfa}, {0x0, 0x0, 0x0, '\x00', 0x20}, {}, {0x6, 0x0, 0x0, '\x00', 0x1}, {0x0, 0x0, 0x0, '\x00', 0xfc}, {0x0, 0x5, 0x0, '\x00', 0x1}, {0x0, 0xfc}]}}) 54.099515951s ago: executing program 6 (id=376): socket$kcm(0x10, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0) ioctl$MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f0000000180)={0x0, 0x0, 0xfffffffd}) ioctl$MON_IOCH_MFLUSH(r0, 0x9208, 0x0) 53.625413777s ago: executing program 34 (id=376): socket$kcm(0x10, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0) ioctl$MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f0000000180)={0x0, 0x0, 0xfffffffd}) ioctl$MON_IOCH_MFLUSH(r0, 0x9208, 0x0) 53.596607419s ago: executing program 4 (id=380): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000090003206d0414c34000ffff000109022400010400a000090400000103010100093700086ce82201000905815f"], 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x14, &(0x7f0000000dc0)=ANY=[@ANYBLOB="00020c0000000c0002"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f00000006c0)={0x84, 0x0, 0x0, 0x0, &(0x7f00000005c0)={0x20, 0x0, 0x4, {0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 51.730480349s ago: executing program 4 (id=383): r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10) listen(r0, 0x0) r1 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r1, &(0x7f0000000240)={&(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x41}}}, 0x10, &(0x7f0000000340)=[{&(0x7f00000002c0)='/', 0x1}], 0x1, 0x0, 0x0, 0x40}, 0x0) r2 = accept4(r0, 0x0, 0x0, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) 51.577994251s ago: executing program 4 (id=386): syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000080)='./file0\x00', 0x48c5, &(0x7f0000000400)={[{@shortname_winnt}, {@shortname_winnt}, {@numtail}, {@rodir}, {}, {@shortname_lower}, {@numtail}, {@fat=@dmask={'dmask', 0x3d, 0x100}}, {@iocharset={'iocharset', 0x3d, 'koi8-r'}}, {@shortname_win95}, {@utf8no}, {@shortname_winnt}]}, 0x0, 0x274, &(0x7f0000000780)="$eJzs3MGLG1UYAPDPbNvdbmmzBxEUxIde9BLa9S8I0oK4oKyNqAdh6mY17JgsmbgSEdubV/+O4tGboP4De/HmXbwsguClBzHSJONm10BbaZzV/H4Q5su8+fLeTGbCNwN5R29/+dHebtHYzQZRW0tRi7gT9yI27kdTT0yXtXF8IWbdiZcu/fbjs2++8+5rza2t69sp3WjefHkzpXTluW8/+eyr578fXHrr6yvfrMbhxntHv27+dPjU4dNHf9wsP703SFm61esNslt5O+10ir1GSm/k7axop063aPdPtO/mvf39Ycq6O5fX9/vtokhZd5j22sM06KVBf5iyD7JONzUajXR5PZbNyiNntO5ub2fNhQyGKlyct7Lfb2Yrcxtbd/+NQQEAZ0tV9f+HnSJ1itR9UP1fC/X/4qj/l8H9+n99ev2epP4HAAAAAAAAAAAAAID/gnujUX00GtXLZflajYi1iCjfVz1OFsP3v9xm/ri3FpF/cdA6aE2Wk/bmbnQij3ZcPR/x+/h8mJrEN17dun41jW3Ed/ntaf7tg9ZKrJb5pY35+dcm+elk/vlYn+1/M+rx5Pz8zbn5F+LFF2byG1GPH96PXuSxMz6vj/M/v5bSK69vncq/ON4OAAAA/g8a6S9/u38ftzdSOW3IqfbJyuPnA1F/wPOBU/fX5+KZc9XtNwAAACyTYvjpXpbn7b7g0QKHbuFBLSIq6v2XiDgbB+GxBj9/PLnqH2bjqn+ZAACAx+246K96JAAAAAAAAAAAAAAAAAAAALC8HnbysHL7fzL32Ex3K9XsJQAAAAAAAAAAAAAAAAAAAAAAAJwNfwYAAP//xsMhSw==") r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='mounts\x00') mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000500)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1333404, 0x0) mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x11080, 0x0) mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0) read$FUSE(r0, &(0x7f0000002140)={0x2020}, 0x2100) 51.177945927s ago: executing program 4 (id=388): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_NEWSET={0x14, 0x9, 0xa, 0x401, 0x0, 0x0, {0x0, 0x0, 0xd}}, @NFT_MSG_NEWSET={0x20, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x9}, [@NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}]}, @NFT_MSG_DELOBJ={0x34, 0x14, 0xa, 0x3, 0x0, 0x0, {0x3, 0x0, 0x7}, [@NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x2}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x3}]}, @NFT_MSG_NEWOBJ={0x18, 0x12, 0xa, 0x301, 0x0, 0x0, {0x0, 0x0, 0x3}, @NFT_OBJECT_CONNLIMIT=@NFTA_OBJ_DATA={0x4}}], {0x14}}, 0xa8}, 0x1, 0x0, 0x0, 0x44810}, 0x44000) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000100)=@bpf_ext={0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x1313f, 0xffffffffffffffff, 0x0, 0x0, &(0x7f00000003c0), 0x10, 0x746, @void, @value}, 0x94) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x110e22fff6) ioctl$TUNGETVNETLE(r0, 0x4010744d, &(0x7f0000000180)) 50.801689282s ago: executing program 4 (id=391): mkdir(&(0x7f00000003c0)='./file0\x00', 0x21) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) mkdir(&(0x7f0000000200)='./bus\x00', 0x10) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chroot(&(0x7f0000000000)='./bus\x00') openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0) 50.2743482s ago: executing program 35 (id=391): mkdir(&(0x7f00000003c0)='./file0\x00', 0x21) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) mkdir(&(0x7f0000000200)='./bus\x00', 0x10) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chroot(&(0x7f0000000000)='./bus\x00') openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0) 49.097482249s ago: executing program 2 (id=397): r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01) ioctl$EVIOCSFF(r0, 0x40304580, &(0x7f0000000b40)={0x52, 0x1, 0x1, {0x0, 0x1}, {0x63, 0x2}, @period={0x58, 0x0, 0x0, 0x3, 0x80, {0x1, 0x8001, 0xf, 0x1}, 0x0, 0x0}}) r1 = syz_io_uring_setup(0x88f, &(0x7f00000000c0)={0x0, 0xaee2, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0) write$char_usb(r0, &(0x7f0000000040)="e2", 0x2250) 49.018774045s ago: executing program 0 (id=110): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000580)={0x0, 0x2e21}) 48.330518551s ago: executing program 2 (id=399): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8001, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(0xffffffffffffffff, 0x40086602, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="02000000000000001000000000000000f0ffffffffffffff10"]) 48.036601514s ago: executing program 2 (id=400): syz_mount_image$nilfs2(&(0x7f0000000480), &(0x7f0000000f00)='./file1\x00', 0x208800, &(0x7f0000003100)=ANY=[], 0x1, 0xf04, &(0x7f0000000f40)="$eJzs3U9sHNUZAPA3a6/txCZeAwUDJaTQikDBDkmkprcgUI+IS++gkNAIQ1FDD0T8MT0gKiGKhDhVHKi4UCqlSK0EqlShntqeWvXWE+qFSlUqBfXQRkpc2X5vvX72sOuxPbv2/n7St2/fvNn5vslazsx49m0AhlZj5fHkydkihHc/fefRl58qfru87K72GkdWHovYa4UQmh39Itve53HBtSsvndmsLcLxlcfUD49dbr92MoSwGI6Ez0IrfDS/8OWH7z1y9OPXJ2556+Izr+zS7rfl+wEAAPvRpT8v/P2+f/7pgZmrlw6fDuPt5en4vBX7k/G4/1g8UE7Hy42wvl90RKexbL2RGI1svZFsvdEsz2hJvma2nWbJemNd8o10LNtsPwEAAGAvSue1rVA05tb1G425udXz/mWfT48Vc8+dXzh3oU+FAgAAAJX959WVm26FEEIIIUSt0RyAGoQQQgxTLE33+woEAAAAMGzy+cI2WNzZmbraW2v1lv/yw43NXw87oO6ff/n3Vv4PXvMbBwCA6vbr0WTar3QcneYxyOcRHMlet9Xj/0a2ndEt1lk2r+C65cXgvk1l9ef/roOqrP6tvo/9UlZ/Ph/moCqrP5+nc1CV1T9ecx1VldU/UXMdVZXVf6DmOqoqq/9gzXVUVVb/ZM11VFVW/1TNdVRVVv8NNddRVVn9h2quo6qy+vfKbbVl9bdqrqOqsvpnaq6jqrL6b6y5jqrK6r+p5jqqKqv/5prr6Jc7Y5v+HQ5n453nz/k53V45xwMAAIBh9z/z/wkhhBAbYuU+iAGoQ4j9HcUA1CC+Ktp/7xuAWoQQ249X+3r1AQAAABgE6XMB6QPoS1EaH+kyPho/S7QyPrG2Qhpvdnn9WJfx8S7jAAAAQAi/e+PcbW8Xa5/z3+58eB3zRl0PFeYxyie622r+7c57tt38e2XeMgAAAIZL8b3Prt//6PsvzFy9dPh0x9nv9Xi+m+YBHY3XBj6J/XRfwFTWL9I59On1eRol6+XXB24o297j29xRAAAAGGLp/L0VisZcx3l3KzQac3Nr5+OzoVmcO79w9ljsp+9n+eN0c3x5+UM11w0AAAD0bu18f/Pz//Q9vrNhrJh77vzCuQur/an28maj87rA9NryovO6QCtbfrxk+YnYT9/f+YPpAyvL5878cOGpnd55AAAAGBIXXrz4zJMLC2d/5IknnnjSftLv30wAAMBO++KLd5o/PjH1+9XP/6/Nf5c+/38k9ltxbr+/xBXSfQLpcwAbPq//xPo802XrPb9+vVa23kiM8azuiY7tLDuQvW6mLF9r/XbGSvJNZvmmsnz5PAWj2fop36FseT4/YVpvOluez8M4muUosvx3BwAAACg3/8Kzz89fePHig+efffLps0+ffe7E8VPfPXXq2EPfeWh+5b7++c67+wEAAIC9aO2m335XAgAAAAAAAAAAAAAAAAAAAMOrjq8T6/c+AgAAwLD796shhEUhhKgcS+P9r0EIIYQQQog9Eyvf7V5/3ka/rz8AAAAAw+falZfOhDARQlhuN7FY7Gi+9tZaq831K6t5Uzv14N9mliOtdvnhkXWvP7ij1TDsrsWfu9RusMM///LvrfwfvLaz+SfSk55//2WXjE9Xy3vv/C9nO/PfPtpj/nz/H6+W/2iW/97QW/6l97P8T1TLf1+W/2CP+Tfs//PV8t8f88/G/tF7es2//v0fj23ajwM95v92tv9PhV7zZ/vf6jFh5oGYHwCG0X69ASAdJaTj6MnYT/sbDzfDSPa6rR7/N7LtjG678vXbTcdBt8Z+Ol6ayvImW61/MtveDRXrzOV1Daqy+nfqfdxtZfU3a66jqrL6x2quo6qy+sdrrqOqsvonaq6jqrL6ez0P7bey+vfKdeWy+idrrqOqsvqnaq6jqrL6t/r/eL+U1X+o5jqqKqt/uuY6qiqrv+JltdqV1T9Tcx1VldV/Y811VFVW/00111FVWf0311xHv9wR27Lz4XT+OR3HUr+V9cc3+bfcr9cWAAAAYK/519DO/xevdPS9DiGEEELs1ZgY9GOJZFe2P7rL2xd1x3+XVvW7DiHE7sXSUt1XHBgku/tpZgAGld//w837P9y8/8PN+89XSffwF1k/GekyPtplvNllfCwbz39ex7uM35Rtdyld14xu7jL+tS7jh7qM39plfLbL+G1dxm/vMn5Hl3EAAACGwy2xdX4IAAAA+9fLv/rkzd/c+8SVmauXDp8OYxvmnT8W++Pxb+tvxH4+733SjH/z/0ns/yK2f4jtP7L13X8CAAAAuy99T4y//wMAAMD+lb6n1Pk/AAAA7F8zsXX+DwAAAPvXjbF1/g8AAAD7WDGx+eLYpusCd8e213n9AIDB9/XY3hnbw7G9K7bfiG06Drgntt+sqT4AYOf8/Ps/PfV2sTbf/4ls/FpcntoNFlevFBSN9TP5H4jtwdh+q8d68u8D6DV/cqjHPLuVf3qb+QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/aOx8njy5GwRwrufvvPoz8be/OvysrvaaxxZeSxirxVCaLZfl0bX+r+OK1678tKZzvZ6bItwPBShaC8Pj11uZ5oMISyGI+Gz0AofzS98+eF7jxz9+PWJW966+Mwru/hPsG7/AAAAYD/6fwAAAP//ScMebw==") r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x1000004, 0x11, r0, 0x100004000) symlink(&(0x7f0000000440)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x100) lseek(r1, 0x1, 0x1) getdents(r1, &(0x7f0000001fc0)=""/184, 0xb8) 47.591551788s ago: executing program 2 (id=402): r0 = socket$vsock_stream(0x28, 0x1, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) bind$vsock_stream(r0, &(0x7f0000000440)={0x28, 0x0, 0x0, @local}, 0x10) listen(r0, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) writev(r1, &(0x7f0000000300)=[{0x0}, {&(0x7f00000007c0)="6ceeb2dfcdb5a36ff0a5e8c2987602e871ddeb92ad8b3b0bc0c3048ae477f309c7119b791b0b4186e3132c105e1aedd1498f8cfe6c731e5fc6e39b938846b929c4e5c8a6fe3fb5bfdf5521193569b3247edb4d9ba2f0d4d7c44506285a0166dff4d353c24f68353cffb8c325bcfd0db215dec1d89feac089fc19c95339d6105bec7b920cd046a9bf8f7c70fff29c6c4d0115fb5f4c7f66ac6b0d5ea888dff81dc8da855b612100be5581ff5dac2799f1f37ca44b249999dc168c9f44804ec4ae671fc39d4b5229ab6604b966ffe2ab900302b155e495b24d9d3b42b2a9836c01a851aee13329c9535057cc45727df1d6d6ebb6b2d82fdd3bedb85566489ae1249337fa8e5778e8d9560bbf11dda40a8fbafafa7ab98340ee69ffa227973a9ef51d51c203f6a624012ea641c05d38b272d636231d0a37419a392e68aef629ed619bee9bdbe798072c58569f69316355b05ab0a9af371cc627a83a1a90e45c827b7fd310b5b7ff0b6751a1bbf50a85e5eb7957f3fd1d4ffb34e77bb78f5f9d484917ff10bddf565271dece242c310a52ad2d303f56921159bda0a1ca1d106532e540bbc7199c59140660f8c1681e137efd570f93d0a1964273c0117bff2bbce3133570bcedab4b82129ba4e758e643af6ddb32639c034c8a1fe056319b27c63a1a16794ca26a039f2a68a215a7bb471a4d2f89e8dd3fd5c6e30737dc696c017c4009430bb848005a11b98aaf01ca17af479df4563ea07741eadfc8835474785d089011c2327e62f8730586902f86a88530e605e62abb98de5355e6485afa405141fad7356eb423d29cd52cca61c6bb5d55e42f94990d08a7fa86429556915752c29e0d907665db8bb6cc91fdb307e645f4586a66bd41f20acb2b552ca06cfd8eadfd14d00f095fd5df48138c16a94d6e91d9a4fe7c31fdb518557a61ad73eb341693f6d73d9548d03813c2bb0086c389b1c18e56690a7130d84b67201c6a84f373d1abd2e339d7d3422b833737fd386ff8f2f6495cd86cd47f2c64f7212ff69f9ce96e3f33e2ac0c1a9c5055233894143b3012d99922d1b00a38c74b9e86b464e228b5e44aff3f931b640794899006f270bdad8f2f51e2dc719d59cf304f8ec516676192a290c923a7ee982f82372009610b4166a7c831b095ae48393ab2f2a92e8194e6195385eb2fab222cbad8ec17272db1890e9d915ebf552a9213fba8e0f08ddfbeec12f6e2fd05455372fa9be70dbd988749faa6c9f5b66fb894eda5dc62461b6e5d6365f438726c1689d81f7064e42032da474afa0e0eb0c2834097af0980747fe614392a0e6ff5e49210c89b8ec73da50e5a5c7079732e529f5c093f0984d1440e6815d8827a075c2aa150706ccac4a8f032340cbabde31296d4458286f802b428b22addb34d5091292c82a4cdcd29c5d2453c6aacbb666e66886a7955f6f72c76f236d71103fa2f69b205b1bcf2bb8686e041b2542ddf06bf46741a28e17a9b3a7ad3f4771584b2b574fefca149cafd95ee1be903fd1f345649713b20db57e4d1ab685c1838c4eff581cc40d8b76a7126ef1968f366888b98bb542d216b3869d20ef8a21849042b5d2aabef7de5e31d5f6354e0c1c5899ac8eb57a4771e7fcb06acf319cf7c479f3e3d73d5c2682d452af542b8491ebac710ca2a606a3b1a8ee6fd19e6cf3bd912893f9ded9439150e8ceebb33b051044b76ea638b3a9b57b30be9e6123c0a71e15986a1fe9774eb8e850072e004d7a6a8c82830fd6d809ad4b250081455cd4af9bce443d75b2bf67fe6266842332daffe0414609838c3a4675a1a15747d6e7766f42a121b3ae44d6036e7230f2378231699eea5788267c59fbf5eb383ded7641704f8b56c0d1e2bd673a64e5321dc0ca6e1ac149be60f89fedf42fb35855353436cea5ead6b33b4f106a25c7394df836276a9e6af688e9cb470658335ccfafa111c9faec5ebcffa67bbb4ea69407119357bebf0c256de7785ae2986fbcf5af40bd1e9f5b9afb9842694375c88c817b6815131e6a157574e4699afe171646c4b759ffde2528d1cc5282c785cd83bfacdec0d311f8d7a73f8012083d1b939f6a5774511d27048d323a1aeb1b3dcc9acc205ceff630444b3e248f2eaf4ab5370ed3080e89895e18db3751bfc4a16220590cd3a54944d58d0aadc931f5076b22812420ecdb0ee607569b3c1b78a8fe8abc117c3fe691ba00c285bc94bc0a5892bd44eb8e95e11424710b5d2f36a6e41c1eafbeb4a7a3c6510d354899d8401a1726d36d26451e1680fd55b431caca7f0ecc1b9cbd764b3a4625f2ae33c7a6d768e0fec147b5ba2a224142295b218d763ab01ba5890b9d6a6666a35e28ea9627ec424cfaa79e8910c21dc0c74c91289f9ef8e4b5543241594079e56d2fc9374c08d07ab021e71bf59c1c87436b317d4d7ecf7e430f42b03bdc5869736241b742240252a17b9219d725d9158647463937ec2906e629db6498fc79e294da1cb8358104b014241d4266c71f90d3e34a33eca0d38fefaab4803d1fc1c9a7235e31951fb18190cd74228876dde37cb4f5300c8b774882c7258ea8ab828749da8c9c799598d1b9e65fc018f8c9bad5b3c2cc47c2fd39d77e9e7cb92dd1cc205da08bf3b8bbba6e02f22d6675b8fb97af1e0b82f5070714b32fc89a50d76307559902a166852b6e3def39f97f1c39512064c9de69aa5a8dabaf3dd0a67c3d3814935f7aec8c205b30dfdc6f5d23ddddc31e2ca3e8b6b057bbe15cea1951fbb4f6ffe97dd4c32fb35b3f1904848f9a4f82e70285444f07d54e9ceda4df57639dab9e9e4ced2fd1383dfba17d2b72d414c218e5be63b76a016077b787ceae33f81eb7032ed73cd62575757660314ee3361aa2a939a0e919d3329e32c7dbbb892bc1fa607aa1582d7fcddfdd62096244812cf0d1f131fe8264b2b65bc9b7f6efeba9d088cf76d2eb99afee3a0bdae59d725508493735c5f5b1a016a40b472", 0x841}], 0x2) 47.404806405s ago: executing program 2 (id=403): mkdir(&(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdir(&(0x7f0000000440)='./file0\x00', 0x0) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) open(&(0x7f0000000100)='./file0\x00', 0x80ff, 0x0) 47.33400818s ago: executing program 2 (id=404): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a"], 0x7c}}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x181040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000240)=@arm64={0x4, 0x2, 0x75, '\x00', 0x3ff}) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000500)=ANY=[@ANYBLOB="010000000000000070000040"]) 36.186834686s ago: executing program 0 (id=110): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000580)={0x0, 0x2e21}) 32.223453517s ago: executing program 36 (id=404): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a"], 0x7c}}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x181040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000240)=@arm64={0x4, 0x2, 0x75, '\x00', 0x3ff}) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000500)=ANY=[@ANYBLOB="010000000000000070000040"]) 14.438938401s ago: executing program 0 (id=110): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000580)={0x0, 0x2e21}) 11.686051857s ago: executing program 7 (id=524): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000780)=@newtfilter={0x54, 0x2c, 0xd27, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {}, {0x9}}, [@filter_kind_options=@f_basic={{0xa}, {0x24, 0x2, [@TCA_BASIC_EMATCHES={0x20, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x3}}, @TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x7, 0x1, 0x0, 0x0, {{0x3, 0x8, 0x2}}}]}]}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x48c0}, 0x20001880) 11.243620342s ago: executing program 7 (id=525): socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00') syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000000c0)={[{@quota}, {@bsdgroups}, {@nouid32}, {@errors_remount}, {@jqfmt_vfsv1}, {@oldalloc}, {@stripe={'stripe', 0x3d, 0x5}}]}, 0x2, 0x46b, &(0x7f0000000580)="$eJzs3M1vFOUfAPDvzLbw+/HWivgColaJsfGlpQWVgxeNJh4wmugB9VTbQgiFGloTIUSqMXgxMSR6Vo8m/gXevBj1ZGLiSe+GhCgX0FPNzM5Ad9ltt3TZrd3PJxl4nn2e7TzfPvPMPDPPbgPoWUPZP0nEtoj4LSIGqtnaCkPV/65dOTf595Vzk0ksLr72Z5LXu3rl3GRZtXzf1iIznEakHyXFTmrNnTl7YmJmZvp0kR+dP/nO6NyZs08ePzlxbPrY9KnxQ4cOHhh75unxp9oSZxbX1T3vz+7d/dIbF1+ePHLx7R+/ydq7rShfGsct2XTzS0NZ4H8t5urLHon/r2l36832Jemkr4sNYVUqEZF1V38+/geiEjc6byBe/LCrjQNuq+zatLl58cIisIEl0e0WAN1RXuiz+99y69DUY124/Fz1BiiL+1qxVUv6Ii3q9Nfd37bTUEQcWfjni2yLdjyHAABYwSeTnx+OJxrN/9K4e0m9HcUaymBE3BEROyPizojYFRF3ReR174mIe1e5//qloZvnP+mlWwqsRdn879libat2/lfO/mKwUuS25/H3J0ePz0zvL34nw9G/OcuPLbOP71745dNmZUvnf9mW7b+cCxbtuNRX94BuamJ+Ip+UtsHlDyL29DWKP7m+EpBExO6I2LO6H72jTBx/7Ou9zSqtHP8y2rDOtPhVxKPV/l+IuvhLyfLrk6P/i5np/aPlUXGzn36+8Gqz/a8p/jbI+n9L7fFflHx5pkgMvrV0vXYuVr1yeeH3j5ve09zq8b8peT0/H5XLru9NzM+fHovYlBzO8zWvj994b5kv62fxD+9rPP53Fu/J+v++iMgO4vsj4oGIeLBo+0MR8XBE7Fsm/h+eb162Hvp/quH57/rxP5jU9P/qE5UT33/bbP+t9f/BPDVcvJKf/1bQagPX8rsDAACA/4o0/wx8ko5cT6fpyEj1M/y7Yks6Mzs3//jR2XdPTVU/Kz8Y/Wn5pGtgyfPQsWSh+InV/HjxrLgsP1A8N/6sEnl+ZHJ2ZqrLsUOv29pk/Gf+qHS7dcBt12gdbbzBF9qAjad+/Ke12fOvdLIxQEf5vjb0rhXGf9qpdgCd5/oPvavR+D9fl7cWABuT6z/0LuMfepfxD72rbvxX4tdutQTooLV8r1+ilxORrotmtJRo/e9B3O7Em+ujGS0kun1mAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaI9/AwAA//9sbvBf") r0 = socket(0x8, 0x3, 0x0) ioctl$IMGETCOUNT(r0, 0x61d0, 0x0) 10.602182023s ago: executing program 7 (id=528): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000080)='./file1\x00') r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}}, &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) quotactl_fd$Q_SETQUOTA(r1, 0xffffffff80000800, 0xee01, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x2, 0x3, 0x0, 0x6, 0x32}) 10.2950092s ago: executing program 7 (id=530): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) unshare(0x2c020400) mount$bind(&(0x7f0000000440)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0) 10.021636934s ago: executing program 7 (id=531): syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000000)='./file1\x00', 0x804c10, &(0x7f0000000180)=ANY=[], 0xfe, 0x669, &(0x7f0000000640)="$eJzs3c1vHGcdB/DvrDd2Ni3BTZM2oEq1GgkQFolf5IK5EBBCPlSoKgfOVuI0VjZpsV3kVog6vF576B9QDr4gTkjcIxUOXODWG/KxEhKXXjCnRTs7a6/XL10njb1pP59o9nmeeWae+T2/2Zl9saIN8IW1MJn6gxRZmHxlvd3e2pxtbm3O3u3Wk4wl2UjqSWpJiv+2Wq0Pk+tJsTNM0Vfu8/7y/GsffbL1cadVr5Zy+9pR+/WpttvoW73RXTeRZKQqH8Ge8W488njFTuTXk1ypSjh1Z5K09vjZ35/e6enROGjvsycSI/B4FZ3XzX3Gk3PVhd5+H9B95a2dbHSDGxtwu/53EAAAAPCkGeQz8Je3s5314vwJhAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACfCxu7v/9fVEutW59I0f39/9FqXar6cHnxeJs/eFxxAAAAAAAAAMAJenE721nP+W67VZR/83+pbFwsH5/KW1nNUlZyNetZzFrWspLpJOM9A42uL66trUwPsOfMgXvOfEqgY1XZ+GzmDQAAAAAAAACfM7/Kwu7f/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYBgUyUinSHG/Z/V4avUkZ5OMtldsJP/s1p9kD047AAAAADgBY8l21nO+224VuZjkufI7gLN5K/eyluWspZml3Cy/F+h86q9tbc42tzZn77aX/eN+/z/HCqMcMZ3vHg4+8uVyi0ZuZblcczU38kaauZlauWfb5Sqe7qh9cd1vx1R8rzJgZDersj3z96pyn3ePNdnDHPPLlPEyI2d2MjJVxdbOxjPdM3PwGTrm2ek/0nRqO8Fe7DvS6N7JPFTOz1Vlez6/Oyznp6I/EzM9z77njs558vW//OmnU1V9eKY0mJGqbJWPjf2ZmO3JxPODZOJ2896d27dWJ5+0TOwzVWbi0k57IT/KTzKZibyalSzn51nMWpYykR+WtcXq5Bc9l/whmbq+p/Xqp0UyWj1DOyfreDG9VO57Psv5cd7IzSzl5fLfTKbz7cxlLvM9Z/jS0We4vOprh1z1rS8dGPyVb1SVRpLfV+VwaOf1mZ689t5zx8u+3jW7WbowQJaOeW+sf7WqtI/x66ocDv2ZmO7JxLNHZ+IP5W1ltXnvzsrtxTcHO9yF96pK+zr6bTIxPDeS9vPlQvtkla29z45237MH9k2XfRd3+mr7+i7t9HWu1I1Dr9TR6j3c/pFmyr7nD+ybLfsu9/Qd9H4LgKF37pvnRhv/bvyj8UHjN43bjVfO/mDsO2MvjObMX898tz418rXaC8Wf80F+ufv5HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeHirb79zZ7HZXFrpq7RarXcP6RqwUq+O8JC7P0IlE/96qn3kA7q6P2d2gvF85enk5OY+rJX/tVqtak1xyDZ//NvQJKpVGYrUnVLl9O5JwMm4tnb3zWurb7/zreW7i68vvb50b35ubn5qfu7l2Wu3lptLU53H044SeBx2X/RPOxIAAAAAAAAAAABgUCfx3wlOe44AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAk21hMvUHKTI9dXWq3d7anG22l259d8t6klqS4hdJ8WFyPZ0l4z3DFYcd5/3l+dc++mTr492x6t3ta0ftN5iNaslEkpFOef+zGu9GVR6pOGoKxc4M2wm70k0cnLb/BwAA//+o5gZ+") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) ftruncate(r0, 0x5) read$FUSE(r0, &(0x7f0000000cc0)={0x2020}, 0x2020) 7.599724271s ago: executing program 7 (id=546): r0 = socket$kcm(0x2, 0x5, 0x84) sendmsg$inet(r0, &(0x7f0000002980)={&(0x7f0000000180)={0x2, 0x0, @dev}, 0x10, &(0x7f0000001400)=[{&(0x7f00000004c0)='_t', 0x2}], 0x1}, 0x4000000) setsockopt$sock_attach_bpf(r0, 0x84, 0x1e, &(0x7f0000000000), 0x10) r1 = socket$kcm(0x2, 0x3, 0x2) r2 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8916, &(0x7f0000000040)={'wg1\x00', @random="0200ac7f7f00"}) ioctl$SIOCSIFHWADDR(r1, 0x8916, &(0x7f0000000080)={'veth1_macvtap\x00', @random="0200ac7f7f00"}) 6.960017573s ago: executing program 37 (id=546): r0 = socket$kcm(0x2, 0x5, 0x84) sendmsg$inet(r0, &(0x7f0000002980)={&(0x7f0000000180)={0x2, 0x0, @dev}, 0x10, &(0x7f0000001400)=[{&(0x7f00000004c0)='_t', 0x2}], 0x1}, 0x4000000) setsockopt$sock_attach_bpf(r0, 0x84, 0x1e, &(0x7f0000000000), 0x10) r1 = socket$kcm(0x2, 0x3, 0x2) r2 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8916, &(0x7f0000000040)={'wg1\x00', @random="0200ac7f7f00"}) ioctl$SIOCSIFHWADDR(r1, 0x8916, &(0x7f0000000080)={'veth1_macvtap\x00', @random="0200ac7f7f00"}) 4.147565396s ago: executing program 1 (id=560): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0xe8, 0x0, 0x0) ioctl$KVM_SET_NESTED_STATE(r2, 0x4080aebf, &(0x7f0000005700)={{0x0, 0x0, 0xfffffffffffffe9a, {0xd000, 0x80a0000}}, "cb31455c9e9d288a70a2a6bb8068fd95dd041cf5b177a3bffe992dfbbdf959487337b92336ce1de32e7695c411c0bf9f852d2d71192f33001fd51f5b396a55cb98699a09d21648c4cb30d9d7e3e397c7a3c041c76c72385a46c48c5302848c3696facce956952c2a85822ddf20434ccee5806294ed563ff3a972cddf6ef16ddace933d8a5adea40cd3ad40c9873c29368838e815ff59723519154856b2d5cd9cd79a97af85a08dada1175817886e5f9e7aa3dca783a44c667a4806826570ec6acb57d65efc313a384e11fb633dee17ee600145f2cb3103384606140021be766fcb7fa029f0513bbb466177ca1068192550bbf4e6f5694aec747a16e27688a988fa595bca1761b8e88a7dbcaeaf97a8b7b53058b1faf880dd6f1b6eb4c7beb0582b4007f1a67db1352407adb41456bf762c94fd825b9419d74f63cdeb6c6976de1890d773f0c8088d2bd48a838cf5b87f5ddf926352960fb978874b0f175acfa55ddfe84de3fc9f75b58bf7a35f33d3c43ed5e3224e92751fa1b43f94f64b681163ef1360a3f3bb7403afc67a188b2104b45c5814aaa9e218552498bf85f4b221d9acc32a331f5f8c109cc9f335ff4e418ab30b54b99d5376cd928c431fc8211fcbaf64716afdc4b6d0417e04d5723e4675d282b36bef3a3a19e855029ec7c33830a6df19332b63e9d8a0f22d96ac230c67657a4e7f7afab91dc0ce751b68980e5a4f6d9d6d9b98802ba9d8576640eea61b8c308a1745df61560e56108bececa3016d93246fdc8b768634e8319b1ffde103c07378f8f4927baba05e992a4b5af0958a7e495e7ce53f7917451d15a963ca14f5cdc4563775688b6533a4b97e0f84b0a33c30077b20805c1f42cc7815efada97ad59ac486bc9e0ee386b49cb97b47fbf8f919f06c75a49636795054b5ebee3e91602c90d7f4db49220affe56d56b96e4f662b2bf36dae482ffc7ba21cbc55e21b73309d6b7aa5509defcb77c236e43b579c61eae5c8d8f8fa71ad876b96069f2e4352c8aaf16e299d21edf5434c0cd9b25cdc9210fb0de759b1dd3fc7fe4c7118bbde72a5617dff21f7a5036448fba7fe41aaee0c289cd076d757e47b0713b236f6f141ba0112c9312b3ec853aabafdf1eb2cbb517d2d7352725f557214d27d9a340af0128fc960a4ea64c933b0d8dd226b6e024471aaac8a7074b2a8695ab990fabba5bf315d246fbfe4260f1fffe54814e33b6235c5b4095437298858909bcbd40a8a286d1bedb06b7b1775bce0a5bca19b0a5c2fa8dbf87b55ae0a43c5086422e5bacb94047e150451f5996420b0d4a697f59decb49900b2b9c13aade536933e14d672c21a35cb68572c3de02f3147414eff4b8674b91f7aebf35f056a8d388f67f8ef7cfaf6b28fe745831ef41def1839791647016932c70685752851327f1837d2f1e9d8f93443eefed2317119c8152ca451a5d3aeb253fb484283f52e5db9f61f059ad3c217a860ee0571d254483501b00699208c7fa5571cf58b9715c954115bc2db0af28361938bb95ced7370c8cbb6141ef62fdbf369dfc4eccd98ab9886d79a52cbf91a27dd0f4b29940492e860fb94654dea54fad6290570760e3b59a0cf28053732472dc313b5fedfc583fc702a880971dc61286370aaf167810455cce7654dc4325a41d9d1944abcdc4d81378f1e96a8f94cd95b886a01f086e379601504219d57d531ba34e1ba0905785fb629c61f6b940a652cdee9dbef12b7fcde087b92816db3386a5769049ba00788e31de4ddbb8b56de1fbe3a5e671728effda7cfd0b650cf5df2faf22470812efbbb548e47cbf36c64e05a7877820f08948ceedb35e12a4a143ee0101a7bf0a00a4062b50c39020669700adf739a6f75352a45fd1373d3e85c3867170373f0c7a794d8590f4c22ae62d438ec365b0f6a15cb2ffe0fc6f57185e1760761bd4370027c01dfad0502f00b6898115df3c530d0b0b4a64e623fd580b528a733e4c881cf5843a975a97f92a7833527887c79fa8eec82b9526a15c6c5f2972083ce8aec735810580ffa4ea2cef4823aee044dd70927f7c07bba18b930006aa86ae7399ac6b4c24bc9d6a6ab0c5b428d7255d4d983eadf97e10c1b00867da29ac981acb453073a37236e7ae808e7759b2e0cffc3ec43afb1e95cd090a7d4b9225a0e3cbebfe49b93846ab603891e2da7d85a04bf42d12d16a97c965bc4911d3ba7a9ca505794d8744fef00a436089de67aa8b480070230dfb002eb91edaff428d4908a87afae418dff7ca59aefe1ad8f6935f309fe7985c2310881659c60a66a5e50242497ba1cd5d2bd79496ccd23f9fd901afc6622829cb3701caa50f96e09e3b23bfa3181b74ec7dae2e42c9caab43e49ae1d922a1a1eb3682de026323d9215fcec42c54401a1af81450830a4b784ed1c7922734bf3632409147680dd3fabcef296353705bb5c0e650e12905a05db1e7923923a96ddc783fc1ed46e2010416c37d9d149ad73e808bd6e4464f62893024a8501803b6c88fc55c8bbc1da7cbf580b5a81fb7c61455ae3a8aaec303fba12e0f2b51ed5e8bd31db40e8bdbd00e7b1ddd364766c974d813d86fc88a27bf82bba60c62e5f0f6af6bda3390f8e72a2811baf3d6325e70d9a3b59cab1abe95290ecb87985567e1243504c038de9d4d100ea64eec45208cd8d2474e646f7d81eed6d59b8b0859552b6fc088d874cde3e75ee30243dc9d88ed5b577851a5bd9e2a453287025777fcac19ac33e1c94b4ad272f1055b16b842a6bd6168fb45f1f74ed2467020df5431068a5f2cbeaa6ac1841308c7c9f752aa06927f91fdf18ef9d9e942367e5ecac0abf4d3b8fc7b80238c0e7faf2ea7d3f5271028fc558a44799bde63168becc67c5531e843336fb16ab618d37f95a91937b824bf896b044146bc3a5e264a8f23ddd00729cd9aa56d9a9a24b7ab96ae021b193d8874d03ff4b723d86b7564e550378599c3e0c7a2b3d447ad76eb4cd699733d970a5ab218429a1af81df9c8013d6d16a6bcb019f6ace4461cdaa785d20ea027cfa53d521bb91ad2c04aaa6c0f268b14924803977633280c7b7beb14c88fae542b7a13e96253259e7296e37276da88891c14664340e84ae732edbd71e67047e476735b220ca231de31a380ece372db632ec3cb3ef5ac97ec41148febd2acb15cde1ee5e990ea0aaa95c2df39e2111dd1185d14a194e22d34fda8f54e99d3a73e5a231682c726d40816e048c1d059bf3bb9ee2b5f895365d95aa28f6adbf6e16469926b4d8ee7f04c7dbafaa444df5b88596c17874f0efe35e5ada1a69634f4b430f852d33b032f823c5deb54f47a7a4adb1adf56d5440b7a917580004c13e0b36c8e0a203a2be3f8fffd9efef3af19389a12c67859d4381ac0a02da18e259ce021216b731de25e1245482c84d45de1cddbce2109322a3428bff692012573fe9efd02109dbf35c5d3a287dec105cf3f1a2e50100cc08c7b4759766d25d0f7b42c3ea8bf8101e61159a2ba7602e9c7947cf936ac39bf59b24084709fd61d744bbdba7d282aac778b7ec1dcaf984527c8112d56e75ab774d1598d9816abc77b0e693880beca5f330c626774ab5cb6967fb0ea8e14efce120947092c3b6f8a22f07cad22e971418092481fcad36ecf0cfd6bc3864115b8507c13554584f1f6fee5ee07eb6a091638d8e7781c1c006166e0f987f9f4de535e9f3df1db8c9328e9a19a73c76059ab4edfe9eda7f16cc6b869229bafb179d194e20ccc6f9338183b673de8138ddab9a0907278f6eaacc55bf59a450ebc10e0b88c82d9f0deca86ff771f46509250fde94e0c94256b77616d099862ddc9b341838d634a9dc4b55a88fcc6248901135f6aa76365433e7e534e0e5ae8eec2a63df62c3e244a40481189ff54122698c7e2da2c829b2eec9efc9894ee05be04ae6dd48406eaace17827e38bf38b414059aded0343e0711a8d864ff41a8d9ed40fb2aa1a3f4014f691cd0e8af62445a021820ff03afa8a192ee255862f306851df1de96ce36cafb6a60b7069db7aa96fd1ffb2fb01e6247f770304dffe4b1c8d0eeb336dd6806d6ab5d418953b1cae7cbbf53766b61e4aad5cfce8255b78af26f9bd11283a9c7d12cd63b82cd506fd4061d1e16fc7c713d80763c3b0aa0faadcd9b7d676101aad80e1ca00369297e1f714003ab8d0b545c335014a522a25a767950963ef821425b79b521076166d0df3ef358c7d60d99cc85463c186e8faf16af79785680382e4cc93f6594f8c4461e0988c08717640df24a5f357db22432fcae21702dc792d201212fb3791e0164bb3d433a8268ec96df73766fdba42965e00e619246cba5d96eb853a7c22c34d2fe5e5d3f3ccf9c627d069517b743cd07f6f7b444074bb9a50269f2e03309c58930e56a9583eb00c37fbcdd391972261f41756c10c8899fcd036e2017e088ef9e6ec31f795d55b3bba214c53c98fc9318e4ade0e7e6fd259aa277fed54c27e5210787a5f6937f56fdbe1da5113f059061ca590ddf536a55cb91ac6ed41cb9c0418b115b29f5e823c1b0ee7c2b3982087763545b34e2c945d587ebce69bbe299a7f52b674f351977370fc700474bc15d7e6ef98c14258ecf40334f3bba1a9aa76c5ab0b8819fe6efe3fba1899909e5e48554299150ee272451b56142d12ae2bb4942db430239701d494917f2c939a6fb9d98d4751a6f2c4537ec870342d223343a9bd7b8d8c99aff8cbfa298395551185f35dec120228073a1e496a58b59d9ac5986249a7c6db9398395cbf341c08ee910700e2daa042dba1846fef59c72ce872bba2046a14fcf9a47a5686d62bfba76309a9865c26e5fa41dd872fc749fdc57953105ace4978f9eb788c8d061c853ad0313e51e732c5d7bc05e752443c8e99b8e81c688befdb5b14c3cc2f96eb8ce8290303e483992fcbece1ff278d0dc036ad437b6cbc695c7741ba4556e242146d40843c73deaf8fceba40e4a4acd739b3031848b17a210a1ff0dc1908b77c4bb94543af52e1fe2a090c8f217428d02336303f7952c3ddefa7c81850676e7f4cc3d32c3937281fa5ab279c3fe39f92ba077dadb8c2c3df17cc511bd33c41cb161d24aea154f0f5902c94b56fe072d321a983668bd9f4838878e66ec44cb233d7d0ca908a794c844ff8b3ba4c57f6c5fc2f3a54db448b013f0c4998bbc6ed0409b3368391cb28c6df4a909fff90f308ff38c758ff7d8a2920bc221236d89b3b76de44e8ce649b32f5135a0217ba9036a8edddee97d7ba15f2c21fb7d3cae3eb6ef09dd03eed650489c83b5ba5dd9daf7a86cf0544fb8a58e46b860e3e42e10cd6f1c4f81179eb2c3ba611793a32abb4c0768db90e8bdd1694efaa9c2b45c89d203fdfb8b926b6a0d666d91b93065a83184fc2065961f2308056241b66f427c0f0aabc75852c90f0624cf036d537032ca8d73325d2ae2a79a7292c240c34584bb881fe5d468a051cbc0bde061f9eddfb758cd2dfba296eef549e5c4ede097111216a0ec60f90e8d6f5dd843c82e1549d552978eb8135a5f8c79c3ceb8dd5828b0218ffe40f375d6cf3ff2f47c276c8169ab98336582a852c1535018fb2306aca6b8c9f9e38d64c66a722762b76c69d4ca6c14bd6992549e4eec17287fce194467f972d9200c3d1ac4fd4a8f2620e2e4061d28c099946ed90789ba122705326390d3e058ceed24044e542efb36416272eadf6304f30efa0b7bc1ae5be92fe50e591ee6f725726e917ec113506920beb2aa53b39f1d76b31500", "cfb220c7d481332f3f1f8079dfe27e23185fd67a407358db7892789f96b7fa9b14daa48617a10d8a91b820ecbaa470ec0bb1f3cbce7f70ec70b19a4cad082229c2788f8611d7dc306d9a45761a97828c36ed87ebde5d4a3e1609c1422a8ae2f7cca428ebdb0dd38b90b9598a353b18a600bf35a369e6e3e5abb0a1c5c0c0e48e014e7ef1b7d768b3c5657f1adfbb7ff2985082b16c99eb83ec3660990dcf1106efa6b7f8a4798fec811c2c85faec0235c83b7093b3d02367421abc40a554e0b0d7fc1bcaece4222c594f8d20e368fe625ca433c75486fe5c94103cd17291349ee12b877602936688666f82ecd8f4f83d50bb1650e08b96cd25ad147c4c956c98649806a3736d072c8d97c6e3a46a7c18535df8d828b86662400d8e9cc861fa1dd5dc193892d3168396c499e07b279fb76c7e289f2fd955691363bc1de74536dc571817615c88b0d594a136966c129e424ccb7ef1c7c7461eac7ca5f03d72ea4c9c3d1156ee4cb1bb70e097357588b5c49f6716bbae1bd118104b42786f09a3b9f7cb80f383cadfd0c462096ff2bb637b7cf79764b6a4b7ffc5d87c1f063fb48e7f08ad5af534c70079f12f28e8921abbd4280801cdf6101ea494768b1274afd0eea5939843d56022a83590920fe446d52dfe699c33977d5592dbf7e0e236b8175d7faae06e0c50f7402174023ce4b996564e945c416fa823f2f9c3213ac50b20bd1fd55bb8d9fe70ee31ea2f404ae0fcbf857bebcc9196c8c622059fea2e248e4058905b69fb98be312d3193ea1d8ff653173e8c4ad8c81d77a5bea45b3cd6fba19b6336f94ec04c8f86d24e9ca959874577d7ca0baf3c4ff30b554bc3ccc06df46d925373fbf7863e2cf684d3bc9603ab72b851ca4728294de87f2dec6f23ca9e43ed2e5cbba662d13137fc1ce0f6ae6aeb974f72f4b750825fafb67715e425f40c7da83b92d4249a0a4e96b789cceb7b07f38cb83f72dd093a345ab3cb8ae760fc14e40ea182a0d7fe1facc62a1ab0902349fd7e27bb0cd349fb5053f4734823abf020739b4b43bb11f5d69b61295068df31177959903c2ea1bb82d24eeaa93d0d4738d5d15b2a401e7ebe0d3cfbd45b2db2882cdb41408aaa710c3e20fbb7f9da4f68d0eebeef175442e807e9908132731fe5e268582dcf6dffa4251ebb7121db8e412089fa9d8af9919799547a26b6b8eb44c28f1ce5f9a3021fe30841be204c1b4b3813dccae6baeef9b53fe413cbec46bb0cd95d3793cdc9bfe6cdd96ce0c4aa4a25e1cbbeeee6c9fa558b279048c7e31d07b125bac68d4e1f4253bd4dc7824cf3d722c94cf2b8f61bc8155731f072fd447082b181a13ffb8c08a1d568298c5de2d969fae2bea070a9e2688f294e76b8c200dfb993ec19778eb56ae3127c1116ccc85ef8806fdcb9ee0cb66ff03fbb0fa6c52b9b101b3830fc1650efa859163a264b4059092e5dc9a415ec09bfd1460f142fe5ef00beb6aa9032bd0de97aefc6f65e8cfeea761b3d8174caf528b6627682ff4d4450cb0f34251fc000ed01dd538ef13260984f44703b89dfb511bfb538d0b1c8aded964e1bcc5ca57437468b14a31ec0000a17e4d24369c40500449c37e7dccedba3eceb59d827dace246b5c48afb6a5988e64c560b3dc76c32d831f51cdbc5cfc4364ac8b25372b87c92bacfedc6bc8feb44098dbebc89cda03c59e4c58a31372bd574704b9e788834b9f83c6703f6709efad97c4ce499ea580dae1de282a019247cb3dce5c1906322e6d3ca5157ea6428bc42416936fac194efe136089c07faf7adf1e923003f1dc63fcbc634b389a4f351a6acee785e23c6bb04ca2f265be1e634362eb5bf86fce896dbc2a1db6b286c7ffde6370bb4d6e9e0cc3ec451e1a99d134726c9075e71319d3a683e91e4b900061c0e6d086481069cd32f4cde7816f8e3a0ac6428a7488f31f06ee0da10df3ed0c150d29085879d064f914407f60018bb588735663647bfeda930407d69abef3f72fd461c2b85b00988b412a180fd267fc646a86d297e7e40912607157b6fa873df6442579b1523d8117f0c06c87adf75843b8bff30a5bfb4fe1e9846b7fdd58774641baf9cc9c4e38e53ed24a9d9e9dbc7657aa9b220a8545852b0409f5c0812e953823e841967bf55059acc7a4600818134359e72cfae0d04a0738ac8acca433d6395a455b22cdd6f901d4cdea1cf17415f7d7895a4b65f80d2f7c5c60a0dc04b40c9ae5ffc922e074a82afd704673e1766d19db9f60eab0238fb4a3169a08aded607847e5d752d4e24c4914b95bac3892bcfc2076f16a7f07583f0d418b9dec03afdb2e93335a392e1b1ef2910eb2a4b6a63fe61641f3c02bef73cd7e4a77a6f30ae821598c3160511603541bea89022b54f321c2a55cdeeb19335d78a821ab6ca0f36588a9a79a41e2123905a491d658c2a1caeee998c995bb0f816c92c5dc2b862183f80b9f9786c9c5524723c944d11f6894c7f008ab8194f577e22c03631d2a33205f508ea49653e7600639242dbaba704f700ac227f32dc575c559a0a1f4fe0cf6c22fbf7e1ca2ab4b1e4724e8379021e3c9a7c1509c6a413bd7d9c98938e440762eda2546d636597defa86c1ad31126a1182d365f858927d140fb0a97f80adcc5f4ed5efe11ac503453917a263f1d64692348d30f382e85e464ef7616067a42df5de1a1b622fabefe2ca4ceffa4801f7a02fdef40644cd1d079590d900727628d54b44db7ac700d8d664f7eeae43a354fe51b4c49e8fcda3c322b738ed2b800b5cc06e22c72af2a67ee7bc8ae894e841f2cf2b0a7e381caf944bf4e91ded63b6f82f7474e4f81e986fff7e5339b8e9f60103a1af81833e120f0c88893ecabac044a4a2867cda4fdcb084459a00507aa9e5a8e761a72df3322a1ae8cd918b4994c23bdb1e459b4f21651bd7fa067a00e2a2877bf6b29f289ed8018e0a78f6fb4ded9749640e0e37f6381b320ab72da404f3d70d60152f6fa6738932387b83250cb3148141edb52f109bfd4bda8054959db01f4c550609a63c08cf01ecd110cfc6f0055638c0dde039d2ac2daafe59e561f9f08a8830c3f661e4325de63e98f4a4216ec3b83fd200201ed3f647147611424286ffc6c4a8aca64a6874743242d4feeaa9153de06e51c512d9cab7ae712c6424069f3e5db4ddebe9b48b5f6caa741162edf97674d2368e03a387f798151a4b9b9fa9e3a5838a343133158364a9fe3bb4b9a3c464c0c54a4c64ca774ad200925ac6bf59508c10a8574afde9b821741af43ec64cedc13aa220b39772195283506dfe899dd6a7b37eb21f154056a2df3564ef2bb918a928651de88c3613b84e7960bddd7b46b1304deb30f57b6fe5a3b4788629e91bcc245e748b3387f52da4bb094782326dcfde0827e2d674e41bb375247d349cade9c704e5431785009b0e53f1b45c70b237c9432e07e4c7a8464ed11608a3d2184338dd9e6f6ef4b3d751e979667b6a3953c89aff4eead7a978071a912b3de21a85a5849c57933cf53cd74a610f3e60f699766fbc7e0bb8a891a429c77bb6f3b6f9f8eb0b1bd9588ef2ce98fdf0a0838e4b0bed807d8b673093c717feec8d697e32542274887d039db7a2daed5d52c8e9767443229f8003c5d67e907376ea2f393484fa70deee159cb56f8d097b8fe2736e95f540137e20725f0940a8d049068ead4c46bb3771a671bb00de88931e03445a55868de0c220db05cbda9f996d5fe7c1070efe5e718fed4d4cb4ecacad3d6b643bc0ffe9a71b720ba7b5adbbdefe29106ef6a6ffe4547f5d02bec312147df0abe80efb2d5e598fc7c8b268e58b59e0d75728e9a18126f013c963ddc92d251405f857fe3a5cbacf443be7772975b7bf4f6d7ed6f80dfcc47a88c6d19120942adb5385be6ef3c0d7e396bcac5affc8f9276d6cd1a0b069aed72a98cde8ea7aabe6cc091b19efcfaf9368dfeb3087a05a42e3b893dae5ffeb72e6ac06e995a2a75ea0b5f7876247bb4c38cf3f0153f1f7473b522f1c440b632270e2b1d654d3a5ae16cb788482760d34ca79c8951b29c628e21029715683a3e6f8f77c5d89ecdae37e0190f79c4c1dbc9d0160e359cd6c94d6662ed53bb01a83374ff593c823acc59241b11f020902069fc0054a9b26cb320bef4fb1f8cc5bd8ae76eb029afab731b9876bc4e8708a8315512823cff1f9375d284ce66e53d4efad6c76d17bb532fc938b8f80c13ce86b5ba3e540164bc5a5d47cd321c241d8740f453ef95bd3878d578561ad6ce20877ffbd44062dce8df1d048d8d5e4045be647886108cbb1f0b26a8b74b66858afedb830a161bb02bde4c46a688a0ea3a7018ce24666aab0f422ede2f78ea29f77e28d87c744cba0285ce33d0d9ac45774829699de6d725a9b6db6e7d03ad4ec9d075c386e68ca0bcd9e9911d741ed0168cbddb87a7918a964d206629da4e887277b0ef7d3f9c7082f3f15f29a0dfb39f3b0877a5ec3ac4343e0d808f5aee8f1869923aab6dfc1016821c013109f34aece6183994b853d0e9561375c02cdd26b1b5511ade44637044c4ebddb190f173969a0ca4cf5d42153763a0b91da0110ae7a25204850927d81b00176d4568a3d444d8029bd010df784e3f673fe855601ec4f1b26b2df58841e6a65f0db66373f63cc14a8b07dfc52ac9957eb542d05ed687c79519609de96df18b63cb294b534ddf7d2e8f41bcc1e5a006191c4db057b6709f0a96f18e7e8f67b8be2a19c015b9c4b0b3f42e4de366b71f8da8888809473c3c7a02a1158e375f29997a43bc7118ca4d1abb8f8f21972fc589aaa3d73a4d40a1e1705e169ac6e56cff50d89fc45b6863c8fc67bb2b5939a7f33072539ba4c24077be5711ba368bf7efd4897931531d388eb5c2e56bef337777150dd59518652145c9594e110e41d2615196c6b197916c88cc2814e13a3a922b4ecb044bf31cc90e0bfe0ce07de29188bbcb0ec1a12b509f52582fbb948c3cbe0c6964f46991cec0704bfac08aec6ad8ddfc36dc68c7f547c5ee6af4a8d55c79e3dc1c49b045379811f81e9a185a92cd37ae4ee32c5d3c82d36d6202a6c84fd231fe467071d42072827fd77afa5d757e6f37247f783ef09bdfd7536b666e84bc4bb878005b7829293a04ba090272dec844f4ef0e934617c08518bdc6b915ac6f3f03e4a6ab88e21c3f21f93b31d95ea3b9228e0031cb69795de5abd19c4cb4a0cf2984e53ca391cc66e33ee0d510151670331fa264753704fea5e4b1760f74890c49a74a47e0da13155c5470013d53dea0f05b5e088f1511c209f5be940232318af2757951d399e32eb862d915784713baa8ba93645caf04ba78fa3cf600ff92b9c5be58ad87438a340bac00a5ea9fb17e39478ba61fe36335e48d8c5a0b25f024cbd2ec7f217d0f260951da396dc13a2a74cd90df4b52db686e3b34d27cfa4cebd7bf59cbcfaf4007dc943a1da6e0bd1799a21ab449d7bb42935e50c839c5b567c59742436af15bc8d46095520dcd9273ae2b6f3c1cc2b4311ac9e5d297f0940b1552c5955adb302022022bb7457978998b56328629b7725dfbe3dedb37f37af0697a4471d1d6ff6bec633a38540adeba903f3eaaec5785fbb3c6a598f49dbd9ff93c67dea1ef39a614331b119fa8efccc8bac01595fb95a2a57eec9fc6c6fe82782aa89ea971866fd9a3bca4010182092ab6d1e2b49b964be9e3bb13bd6b77850e435f55a5d46e5bcb3330c7edefd31c33f61275e51600"}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3.840243941s ago: executing program 1 (id=561): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$uinput_user_dev(r1, &(0x7f0000000580)={'syz1\x00', {0x6fc9, 0x7, 0x5, 0x5}, 0x3e, [0x9, 0x3, 0x8, 0x2, 0x5334, 0x400, 0x80000000, 0x5, 0x8, 0x0, 0x6, 0xf5, 0x9, 0x39, 0x747d5a13, 0x8, 0xfffffb9a, 0xfffffffc, 0x4, 0xfffffffb, 0xbeb, 0x3, 0x4, 0xf252, 0x4, 0x800, 0x300000, 0x7, 0xe, 0x4623b, 0x0, 0x0, 0x1ff, 0x8000, 0x3ff, 0x3, 0xd, 0x4, 0xba55, 0x8da8, 0x2, 0x200, 0x2, 0x8, 0xe, 0x4, 0x2, 0xde, 0x8, 0x9, 0x1, 0x199f, 0x8, 0x2, 0x9, 0x1, 0x4, 0x6, 0x1000, 0x5, 0x40, 0x9, 0x7, 0x1], [0x6, 0x1e, 0x3, 0x8000, 0xfffffffe, 0x3, 0x0, 0x5, 0x7, 0xfffffffc, 0x4, 0x7fff, 0x72c, 0xc32, 0x3, 0x9, 0x10000, 0x400, 0x8001, 0x3, 0x1, 0x297, 0x5, 0x0, 0x981, 0x4, 0x100, 0x3ff, 0x0, 0xfffffffe, 0x0, 0x1000001, 0x10, 0xfffffff9, 0x0, 0x2, 0x1, 0x0, 0x6, 0x5, 0x800, 0xffff, 0x6, 0x96, 0xfffffff9, 0x101, 0x0, 0x2, 0x401, 0xc, 0x3, 0x379, 0x9, 0xe, 0x5, 0x7, 0x6, 0x2, 0x1, 0x1, 0x8, 0x6, 0x200, 0x3], [0x401, 0xc584, 0xffff, 0xcd4, 0x7, 0x20, 0x7, 0x4, 0x8, 0x10, 0x7, 0x9, 0xe8b, 0x5, 0x80000001, 0x7, 0xfffffffc, 0x1000, 0x2, 0x10, 0x1, 0xfffffff9, 0xe55, 0x10, 0x80000001, 0x4, 0x4, 0x5, 0x9, 0x2, 0x5, 0x80, 0x9, 0x9, 0x47, 0x2, 0x3, 0x4, 0x7, 0x6d7e, 0x3, 0x8, 0x8001, 0xbf23, 0x6, 0x8, 0x0, 0x0, 0x3ff, 0x3, 0x6, 0x100fffd, 0x2005, 0x7, 0x4, 0xea, 0x9, 0x5, 0x6, 0xd9, 0x0, 0x7d, 0x401, 0x5], [0x108e, 0x7fff, 0x3, 0x3, 0x88, 0x2, 0x6, 0x4, 0x10, 0x2, 0x763, 0xb, 0x402, 0x800, 0x4, 0x1000, 0x7f, 0x5, 0x3fa6, 0x4, 0x6, 0x5, 0x1e0, 0x4, 0xe47, 0x3, 0x3, 0x4, 0x200, 0x1000, 0x3b, 0x2, 0x5, 0x800, 0xa80a, 0x65f413f9, 0x4, 0x8, 0x8a8, 0x2, 0x3d, 0x7, 0x2, 0x4, 0x4, 0x10, 0x340a, 0x0, 0x7fff, 0xffffffff, 0xfffffff8, 0x401, 0x1, 0x200, 0x7, 0x4edf, 0xfffffffd, 0x7, 0xe, 0x2, 0xe, 0xf, 0x133, 0x6]}, 0x45c) ioctl$UI_DEV_CREATE(r1, 0x5501) readv(r1, &(0x7f0000000b80)=[{&(0x7f0000000a00)=""/113, 0x71}], 0x1) write$input_event(r1, &(0x7f0000000000)={{0x77359400}, 0x15}, 0xfe4f) 3.332819523s ago: executing program 1 (id=562): r0 = userfaultfd(0x80001) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1}) ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000000/0x1000)=nil, 0x4000}) 2.925169675s ago: executing program 1 (id=564): syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f00000001c0)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6572726f72733d72656d6f756e742d726f2c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c6c6f63616c666c6f636b732c6572726f72733d72656d6f756e742d726f2c61636c2c00a9b504852143b698d2e379891a0dde7f9adfca8cbec85bf8e749e04e"], 0x11, 0x443f, &(0x7f00000088c0)="$eJzs3c1PHOcdAOB3BlyD6w9wfXClSl2pllq1FQKf2mKpGGNjsKkrt7aqXtYLrG3ahbVgqXqwFHKzlFOkHKIcrETKjZPFIVfnT8glR+dsKTnkEimSFaLdnYWdYVds0C7EzvMcmJ33e/c3H+8chjdOVB4ureWW1nKFlVx54f7axdz/yqX15WKID0nL/o8dXv90phfHyVEfez9lt65c+8fdiyF8uvj5y+3t7e1Q1R9aGmv6/M3Xjxeatw1xpk613datdcu/Qwjn9oyrqi+E8K9PQohCCJeTtMlkOxhCOBXqeXcfv3Mv16XRPHtRvJR/Nfdka/zC7ObTrfbfPQrhg9Iv//hg+cvf9I1/8fsudQ8AAAAAAAAAAAAAAAAAwGtu+vatO38fHQvPo9C/Ge19X3c62bZ7P3a7a37d+y8LAAAAAAAAAAAAAAAAAAAAP1K77//norMt3v+fSrYTbepv/7VNxvHujpPemPnbramro2PJ+u/Rnvw/JUlfXe4Lwy3Wfc+u/345U7/1+u97+zmoxvga/Q6FKB7ZfmsnfyjE8chICB8lC7+fj07EpfJa5Q/3y+sri10bxmsrHf/66v2p6CQL+nca/8lM+71f//8Xe46m6v697h1ib7R0/Pvalvv47aij+F/J1DuM+HNw6fj319IGmwtM1C8A1fi/279//Kcy7fcq/qdDCLmoOtZc6gpQncNU09vNV0hLx/9YLS116Ux+yHbn/7eZ+F/NtN8u/me69g1aX/83sjciWkrH/2e1tIFUid3zfzje//y/lmn/KO7/1fFvuP93JB3/5KGtP1Wk9kt2ev2fzrTfq/jfiZNxno5SR8BmVE9v9//qSEvHf2BP/u7zX9zR/O96pv5hPf81+q09/zU9h/wuqj//0Vo6/oNty3V6/s9k6vX6+j9Rm/9xUOn4n6ilpefOQ7W/ncZ/NtN+r+Jfm5UMNOK/ez357ng9/UPzv46k4//zemLcXGKj9rc2/4v2n//fyLR/FPO/6vg34t72+qZIx/9k23LV+H/Wwf3/ZqZe7+Mfwqi5/oGl43+qbbna+T+wf/znMvV6Hf/f9rJxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNfAZLIdClE8ktqP45GREK4k++fDiWi+sJifL5UX/rsWwlSSngtnowel8nyhlF9aKS8W84VSqbwQwtUk/1wYiNZK5Up+ufDo2k5bg9HDYmG1Ml8sVEII00n6r8KpRlvzS5XlwqMQwvWdvDNxefXRw8JKfnFp9S+jo6OjYWZnDMNR8f+V4kql3ns9N4TZnbpDUdPgatk3dsZyMvpPeX11pVCqpd9sqlMqLxRKTXXmkrz3wnBUWV1fWShUivlS+UGjv6M0kWynZm7/8/bNsT3596L6dvJwhwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAD/R8/M/vhxD663txCGGi8SFqVf7Zi+Kl/Ku5J1vjF2Y3n269bFcOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOB7duBAAAAAAADI/7URqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrBLxygRA1EYgN+Mhdp5DKuQdLYJimhhRPAEegwPE4/iJbyDhYWthQhmBjTuQprd6vuaB/l5eT8kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACsc3k33t+2XUSKo6/DiJfH17ff+XWZ0zDPvNg/2FNPduPqZjy/aLvy3dO//Kw8eu/zT/r58fQQG2b1PPzdX/5Ps3rneGuvaVjXv/ard08i5SYi+pKfppybZt27AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPhmBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCjtwLAAAAAAgzN86ir4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4FcAAAD//78SIGU=") r0 = open(&(0x7f00000001c0)='./file1\x00', 0x14927e, 0x20) fallocate(r0, 0x0, 0x0, 0x1001f0) fallocate(r0, 0x3, 0xf00, 0x10000) r1 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x60842, 0xc) pwritev2(r1, &(0x7f00000001c0)=[{&(0x7f0000000080)="ff", 0xfdef}], 0x1, 0xe7b, 0x0, 0x0) truncate(&(0x7f0000000900)='./file1\x00', 0xb73d) 2.567517809s ago: executing program 8 (id=568): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x8c, 0x2c, 0xd27, 0x30bd26, 0x25dfdc00, {0x0, 0x0, 0x0, r3, {0x0, 0x3}, {}, {0x3}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x40, 0x6, 0x20000000, 0xea, 0x100004}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x2}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x10}, 0x84) 1.923273022s ago: executing program 8 (id=571): bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={@cgroup, 0xffffffffffffffff, 0x13, 0x0, 0x0, @void, @value}, 0x10) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x9) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000000)={0x8080000, 0x1d000, 0x2}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x8000000, 0x10000}) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000040)={0xdddd0000, 0x10000}) 1.637127907s ago: executing program 8 (id=572): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/bus/input/devices\x00', 0x0, 0x0) r1 = epoll_create(0x6) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, 0x0) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$uinput_user_dev(r2, &(0x7f0000000100)={'syz0\x00', {0x0, 0x0, 0x180, 0xfffc}, 0x7, [0x0, 0x80000000, 0x0, 0x0, 0x8, 0x0, 0x0, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x20002, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x100], [0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8008, 0x40, 0x0, 0xffffffff, 0x0, 0x3d, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x1, 0x200, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9], [0x0, 0x401, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20, 0x95e, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0xffffffff, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x3, 0x100000, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x1, 0x8000, 0x3, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}, 0x45c) ioctl$UI_DEV_SETUP(r2, 0x5501, 0x0) 1.622714703s ago: executing program 1 (id=573): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x5, @none, 0x0, 0x2}, 0xe) listen(r0, 0xa1) accept4$bt_l2cap(r0, 0x0, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x7, &(0x7f0000000080), 0x4) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x44000) 1.31421212s ago: executing program 8 (id=574): sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x3}, 0x1c) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'xfrm0\x00', 0x0}) sendto$packet(r1, &(0x7f0000000380)=' ', 0x1, 0x20008801, &(0x7f0000000100)={0x11, 0x88a8, r2, 0x1, 0x0, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3d}}, 0x14) 1.199918694s ago: executing program 9 (id=575): openat$adsp1(0xffffff9c, &(0x7f0000000140), 0x48002, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000040)={0x0}) 1.019592404s ago: executing program 8 (id=576): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000000c0)={0x9}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 851.213469ms ago: executing program 9 (id=577): ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005080000024d564b"]) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x200) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, 0x0}], 0x1, 0x60, 0x0, 0x0) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r2, 0x4068aea3, &(0x7f0000000080)={0xbe, 0x0, 0x1}) ioctl$KVM_GET_MSRS(r2, 0xc008ae88, &(0x7f0000000040)) 677.843187ms ago: executing program 9 (id=578): r0 = socket$inet_smc(0x2b, 0x1, 0x0) r1 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0xd4bb, 0x0, 0xfffffffd}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) sendmsg$inet(r0, &(0x7f0000001640)={0x0, 0x0, 0x0}, 0x20000090) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x80800}) listen(r0, 0x5) io_uring_enter(r1, 0x3517, 0xc2de, 0x9, 0x0, 0x0) 602.710688ms ago: executing program 8 (id=579): r0 = socket$kcm(0x29, 0x2, 0x0) write$cgroup_pressure(r0, &(0x7f0000000140)={'full'}, 0xfffffdef) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x5452, &(0x7f0000000000)) r1 = syz_io_uring_setup(0x10a, &(0x7f0000000140)={0x0, 0x5883, 0x8, 0x0, 0xfffffdfc}, &(0x7f0000000040)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0}) io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0) 383.633945ms ago: executing program 9 (id=580): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r0}, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r2) recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) write$cgroup_subtree(r3, &(0x7f0000000200)=ANY=[], 0x12) ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x541b, &(0x7f0000000640)) 292.735822ms ago: executing program 9 (id=581): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r0}, 0x10) r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8) close(r2) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x1f, 0xd, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x80}, [@call={0x85, 0x0, 0x0, 0xa8}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x20000002}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0xa6}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) 197.183426ms ago: executing program 1 (id=582): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x8000101, 0x5, 0x0, 0x0, 0x20005, 0x4d6, 0x4002004c0, 0x2000000001000, 0x1, 0x0, 0x1, 0x0, 0x0, 0x59e], 0xffff1000, 0x1144}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 0s ago: executing program 9 (id=583): r0 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0xfffffefffffbffaf, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r1 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000180)=@raw={'raw\x00', 0x8, 0x3, 0x4a8, 0x0, 0xffffffff, 0xffffffff, 0x150, 0xffffffff, 0x3d8, 0xffffffff, 0xffffffff, 0x3d8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x128, 0x150, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x508) socket$packet(0x11, 0xa, 0x300) sendto$inet6(r0, &(0x7f0000001600)='\b', 0xfffffffffffffd68, 0x4004095, 0x0, 0xd56888b5705b13c6) kernel console output (not intermixed with test programs): 7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6573 comm="syz.2.159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb453f8e929 code=0x7ffc0000 [ 107.690964][ T6587] loop4: detected capacity change from 0 to 1024 [ 107.725240][ T6354] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 107.739928][ T6036] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.747126][ T6036] bridge0: port 2(bridge_slave_1) entered forwarding state [ 107.776156][ T6354] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 107.850190][ T6354] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 107.909531][ T6354] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 108.228584][ T6604] mmap: syz.4.164 (6604) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 108.362077][ T6354] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.548061][ T6354] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.629902][ T6026] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.637084][ T6026] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.755819][ T6026] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.763019][ T6026] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.766793][ T6609] loop1: detected capacity change from 0 to 32768 [ 108.830874][ T6609] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 108.839306][ T6609] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 108.878675][ T6609] gfs2: fsid=syz:syz.0: journal 0 mapped with 3 extents in 0ms [ 108.894060][ T981] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 108.900976][ T981] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 109.073047][ T6297] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.148723][ T981] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 247ms [ 109.177684][ T981] gfs2: fsid=syz:syz.0: jid=0: Done [ 109.193745][ T6609] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 109.292901][ T6609] gfs2: fsid=syz:syz.0: found 1 quota changes [ 109.599305][ T6354] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.711743][ T6354] veth0_vlan: entered promiscuous mode [ 109.777506][ T6354] veth1_vlan: entered promiscuous mode [ 109.821545][ T6354] veth0_macvtap: entered promiscuous mode [ 109.849148][ T6354] veth1_macvtap: entered promiscuous mode [ 109.967458][ T6354] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 110.027898][ T6354] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 110.063073][ T2982] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.091321][ T2982] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.129400][ T2982] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.154104][ T2982] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.347406][ T6297] veth0_vlan: entered promiscuous mode [ 110.394986][ T6297] veth1_vlan: entered promiscuous mode [ 110.463850][ T6660] loop1: detected capacity change from 0 to 8192 [ 110.481548][ T976] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.523054][ T976] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.524193][ T6647] loop4: detected capacity change from 0 to 32768 [ 110.758264][ T6647] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 110.899418][ T6036] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.944028][ T6036] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.961846][ T6666] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 0) [ 110.988159][ T6297] veth0_macvtap: entered promiscuous mode [ 111.000671][ T6647] XFS (loop4): Ending clean mount [ 111.006188][ T6666] FAT-fs (loop1): Filesystem has been set read-only [ 111.025643][ T6297] veth1_macvtap: entered promiscuous mode [ 111.046499][ T6666] FAT-fs (loop1): error, corrupted directory (invalid entries) [ 111.106172][ T6297] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 111.141695][ T6297] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 111.190212][ T2982] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.210785][ T5826] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 111.215314][ T2982] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.444269][ T2982] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.538333][ T2982] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.660021][ T6026] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.689279][ T6026] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.801473][ T6026] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.829718][ T6026] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.168455][ T6036] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.345072][ T6036] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.516804][ T6036] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.821101][ T6036] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 113.091823][ T5843] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 113.103643][ T5843] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 113.112638][ T5843] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 113.122599][ T5843] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 113.147463][ T6727] loop5: detected capacity change from 0 to 128 [ 113.150348][ T5843] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 113.172088][ T6727] EXT4-fs: Ignoring removed nobh option [ 113.249991][ T6727] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 113.262892][ T6737] loop4: detected capacity change from 0 to 1024 [ 113.271758][ T6734] tipc: Started in network mode [ 113.280115][ T6734] tipc: Node identity 06d7d8faf4b1, cluster identity 4711 [ 113.294058][ T6727] ext4 filesystem being mounted at /2/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 113.313647][ T6734] tipc: Enabled bearer , priority 0 [ 113.381780][ T6722] tipc: Disabling bearer [ 113.453219][ T6737] hfsplus: xattr searching failed [ 113.479137][ T6737] hfsplus: xattr searching failed [ 113.602561][ T6297] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 113.643821][ T6036] bridge_slave_1: left allmulticast mode [ 113.653742][ T6036] bridge_slave_1: left promiscuous mode [ 113.659981][ T6036] bridge0: port 2(bridge_slave_1) entered disabled state [ 113.721497][ T6036] bridge_slave_0: left allmulticast mode [ 113.735319][ T6746] hfsplus: xattr searching failed [ 113.747737][ T6036] bridge_slave_0: left promiscuous mode [ 113.770027][ T6036] bridge0: port 1(bridge_slave_0) entered disabled state [ 113.880622][ T6746] hfsplus: bad catalog file entry [ 114.091911][ T976] hfsplus: b-tree write err: -5, ino 3 [ 114.545402][ T6036] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 114.581332][ T6036] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 114.634449][ T6036] bond0 (unregistering): Released all slaves [ 114.783042][ T6766] xt_hashlimit: size too large, truncated to 1048576 [ 114.998861][ T6776] loop5: detected capacity change from 0 to 512 [ 115.213565][ T6776] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 115.229036][ T5844] Bluetooth: hci0: command tx timeout [ 115.360714][ T6776] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #11: comm syz.5.202: invalid indirect mapped block 4294967295 (level 1) [ 115.473226][ T6776] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #11: comm syz.5.202: invalid indirect mapped block 4294967295 (level 1) [ 115.495210][ T6776] EXT4-fs (loop5): 2 truncates cleaned up [ 115.511693][ T6776] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 115.699021][ T6776] capability: warning: `syz.5.202' uses deprecated v2 capabilities in a way that may be insecure [ 115.772504][ T6776] EXT4-fs error (device loop5): ext4_inlinedir_to_tree:1340: inode #12: block 7: comm syz.5.202: path /: bad entry in directory: rec_len % 4 != 0 - offset=259, inode=4278190093, rec_len=255, size=60 fake=0 [ 115.971626][ T6297] EXT4-fs error (device loop5): ext4_lookup:1787: inode #17: comm syz-executor: iget: bad extended attribute block 6904 [ 115.990721][ T6297] EXT4-fs error (device loop5): ext4_lookup:1787: inode #17: comm syz-executor: iget: bad extended attribute block 6904 [ 116.127131][ T6790] loop2: detected capacity change from 0 to 128 [ 116.152694][ T6790] FAT-fs (loop2): bogus number of reserved sectors [ 116.182771][ T6790] FAT-fs (loop2): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero [ 116.250710][ T6790] FAT-fs (loop2): Can't find a valid FAT filesystem [ 116.599766][ T6297] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.746867][ T6036] hsr_slave_0: left promiscuous mode [ 116.777900][ T6036] hsr_slave_1: left promiscuous mode [ 116.784070][ T6036] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 116.791487][ T6036] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 116.880988][ T6036] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 116.913757][ T6036] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 117.001360][ T6036] veth1_macvtap: left promiscuous mode [ 117.013700][ T5913] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 117.021712][ T6036] veth0_macvtap: left promiscuous mode [ 117.033629][ T6036] veth1_vlan: left promiscuous mode [ 117.053120][ T6036] veth0_vlan: left promiscuous mode [ 117.174375][ T5913] usb 2-1: Using ep0 maxpacket: 32 [ 117.198174][ T5913] usb 2-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 117.221814][ T5913] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.260941][ T5913] usb 2-1: config 0 descriptor?? [ 117.291433][ T5913] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 117.304090][ T5844] Bluetooth: hci0: command tx timeout [ 118.128889][ T5843] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 118.140969][ T5843] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 118.149216][ T5843] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 118.158067][ T5843] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 118.169255][ T5843] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 118.315847][ T6036] team0 (unregistering): Port device team_slave_1 removed [ 118.359523][ T6036] team0 (unregistering): Port device team_slave_0 removed [ 118.713785][ T5906] usb 2-1: USB disconnect, device number 5 [ 118.770141][ C1] vcan0: j1939_tp_rxtimer: 0xffff88814d6fc000: rx timeout, send abort [ 118.781000][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88814d6fc000: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session. [ 119.050557][ T6723] chnl_net:caif_netlink_parms(): no params data found [ 119.386459][ T5843] Bluetooth: hci0: command tx timeout [ 119.591329][ T6723] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.602257][ T6723] bridge0: port 1(bridge_slave_0) entered disabled state [ 119.665770][ T6723] bridge_slave_0: entered allmulticast mode [ 119.682161][ T6723] bridge_slave_0: entered promiscuous mode [ 119.800870][ T6723] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.818273][ T6723] bridge0: port 2(bridge_slave_1) entered disabled state [ 119.834724][ T6723] bridge_slave_1: entered allmulticast mode [ 119.845429][ T6723] bridge_slave_1: entered promiscuous mode [ 119.996277][ T6036] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.127807][ T6036] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.191187][ T6834] chnl_net:caif_netlink_parms(): no params data found [ 120.216049][ T6723] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 120.263559][ T5843] Bluetooth: hci3: command tx timeout [ 120.277487][ T6723] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 120.375925][ T6036] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.624324][ T6723] team0: Port device team_slave_0 added [ 120.650634][ T6036] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.660328][ T6888] kvm: emulating exchange as write [ 120.662441][ T30] audit: type=1326 audit(1750709093.034:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6891 comm="syz.1.231" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f66e6b8e929 code=0x0 [ 120.748847][ T6723] team0: Port device team_slave_1 added [ 120.856992][ T6834] bridge0: port 1(bridge_slave_0) entered blocking state [ 120.868884][ T6834] bridge0: port 1(bridge_slave_0) entered disabled state [ 120.877216][ T6834] bridge_slave_0: entered allmulticast mode [ 120.884881][ T6901] loop2: detected capacity change from 0 to 128 [ 120.895953][ T6834] bridge_slave_0: entered promiscuous mode [ 120.944033][ T6901] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 120.976821][ T6723] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 120.992629][ T6905] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 121.002241][ T6723] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 121.023505][ T6901] ext4 filesystem being mounted at /64/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 121.028145][ C0] vkms_vblank_simulate: vblank timer overrun [ 121.084016][ T6723] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 121.105809][ T6834] bridge0: port 2(bridge_slave_1) entered blocking state [ 121.115472][ T5830] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 121.115684][ T6834] bridge0: port 2(bridge_slave_1) entered disabled state [ 121.135525][ T6834] bridge_slave_1: entered allmulticast mode [ 121.149079][ T6834] bridge_slave_1: entered promiscuous mode [ 121.250949][ T6723] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 121.260218][ T6723] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 121.292352][ T6912] loop2: detected capacity change from 0 to 256 [ 121.303420][ T6723] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 121.466045][ T5843] Bluetooth: hci0: command tx timeout [ 121.479828][ T6834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 121.605906][ T6834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 121.706584][ T6922] netlink: 12 bytes leftover after parsing attributes in process `syz.2.237'. [ 121.798301][ T6922] loop2: detected capacity change from 0 to 1024 [ 121.843091][ T6922] hfsplus: Unknown parameter '' [ 122.073216][ T6834] team0: Port device team_slave_0 added [ 122.185345][ T6932] fuse: root generation should be zero [ 122.224709][ T6723] hsr_slave_0: entered promiscuous mode [ 122.236015][ T6723] hsr_slave_1: entered promiscuous mode [ 122.297388][ T6834] team0: Port device team_slave_1 added [ 122.343616][ T5843] Bluetooth: hci3: command tx timeout [ 122.488857][ T6834] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 122.502657][ T6834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 122.538871][ T6834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 122.683416][ T5975] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 122.744334][ T6834] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 122.762888][ T6834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 122.828630][ T6834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 122.865604][ T5975] usb 3-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 122.899060][ T5975] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 122.932815][ T5975] usb 3-1: config 0 descriptor?? [ 123.034817][ T6036] bridge_slave_1: left allmulticast mode [ 123.040489][ T6036] bridge_slave_1: left promiscuous mode [ 123.052579][ T6036] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.076819][ T6036] bridge_slave_0: left allmulticast mode [ 123.083051][ T6036] bridge_slave_0: left promiscuous mode [ 123.103553][ T6036] bridge0: port 1(bridge_slave_0) entered disabled state [ 123.128996][ T6954] netlink: 4 bytes leftover after parsing attributes in process `syz.4.247'. [ 123.493009][ T6956] loop1: detected capacity change from 0 to 32768 [ 123.564922][ T6036] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 123.578877][ T6036] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 123.596860][ T6036] bond0 (unregistering): Released all slaves [ 123.626836][ T6956] MetaData crosses page boundary!! [ 123.632088][ T6956] lblock = 60b00, size = 8908800 [ 123.648109][ T6956] CPU: 0 UID: 0 PID: 6956 Comm: syz.1.248 Not tainted 6.16.0-rc3-next-20250623-syzkaller #0 PREEMPT(full) [ 123.648132][ T6956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 123.648144][ T6956] Call Trace: [ 123.648152][ T6956] [ 123.648159][ T6956] dump_stack_lvl+0x189/0x250 [ 123.648203][ T6956] ? __pfx_dump_stack_lvl+0x10/0x10 [ 123.648229][ T6956] ? __pfx__printk+0x10/0x10 [ 123.648254][ T6956] ? folio_unlock+0x101/0x160 [ 123.648278][ T6956] __get_metapage+0x9ea/0xde0 [ 123.648309][ T6956] dtSearch+0x591/0x21b0 [ 123.648370][ T6956] jfs_lookup+0x155/0x380 [ 123.648393][ T6956] ? __pfx_jfs_lookup+0x10/0x10 [ 123.648412][ T6956] ? d_alloc_parallel+0x14ae/0x15e0 [ 123.648461][ T6956] ? __pfx_d_alloc_parallel+0x10/0x10 [ 123.648500][ T6956] path_openat+0x10fe/0x3830 [ 123.648563][ T6956] ? __pfx_path_openat+0x10/0x10 [ 123.648607][ T6956] do_filp_open+0x1fa/0x410 [ 123.648626][ T6956] ? __lock_acquire+0xab9/0xd20 [ 123.648650][ T6956] ? __pfx_do_filp_open+0x10/0x10 [ 123.648695][ T6956] ? _raw_spin_unlock+0x28/0x50 [ 123.648711][ T6956] ? alloc_fd+0x64c/0x6c0 [ 123.648741][ T6956] do_sys_openat2+0x121/0x1c0 [ 123.648761][ T6956] ? __se_sys_futex+0x36f/0x400 [ 123.648781][ T6956] ? __pfx_do_sys_openat2+0x10/0x10 [ 123.648809][ T6956] ? rcu_is_watching+0x15/0xb0 [ 123.648836][ T6956] __x64_sys_openat+0x138/0x170 [ 123.648862][ T6956] do_syscall_64+0xfa/0x3b0 [ 123.648882][ T6956] ? lockdep_hardirqs_on+0x9c/0x150 [ 123.648901][ T6956] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.648919][ T6956] ? clear_bhb_loop+0x60/0xb0 [ 123.648941][ T6956] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.648957][ T6956] RIP: 0033:0x7f66e6b8e929 [ 123.648978][ T6956] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 123.648993][ T6956] RSP: 002b:00007f66e7ab8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 123.649022][ T6956] RAX: ffffffffffffffda RBX: 00007f66e6db5fa0 RCX: 00007f66e6b8e929 [ 123.649035][ T6956] RDX: 0000000000000200 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 123.649047][ T6956] RBP: 00007f66e6c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 123.649057][ T6956] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 123.649068][ T6956] R13: 0000000000000000 R14: 00007f66e6db5fa0 R15: 00007fff0c92a928 [ 123.649097][ T6956] [ 123.649104][ T6956] bread failed! [ 123.895856][ T6956] jfs_lookup: dtSearch returned -5 [ 123.953180][ T114] blkno = 8ed2c, nblocks = 1 [ 123.974605][ T114] ERROR: (device loop1): dbUpdatePMap: blocks are outside the map [ 123.974605][ T114] [ 123.982142][ T6834] hsr_slave_0: entered promiscuous mode [ 123.998635][ T114] ERROR: (device loop1): remounting filesystem as read-only [ 124.007839][ T114] JFS: metapage_get_blocks failed [ 124.008805][ T6834] hsr_slave_1: entered promiscuous mode [ 124.012921][ T114] ERROR: (device loop1): release_metapage: metapage_write_one() failed [ 124.012921][ T114] [ 124.030265][ T114] blkno = 8ed2c, nblocks = 1 [ 124.038241][ T114] ERROR: (device loop1): dbUpdatePMap: blocks are outside the map [ 124.038241][ T114] [ 124.040795][ T6834] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 124.065086][ T6834] Cannot create hsr debugfs directory [ 124.079084][ T6952] veth0: entered promiscuous mode [ 124.084334][ T6952] veth0: left promiscuous mode [ 124.112778][ T6953] veth0: entered promiscuous mode [ 124.120595][ T6953] veth0: left promiscuous mode [ 124.361481][ T5975] pegasus 3-1:0.0: can't reset MAC [ 124.369776][ T5975] pegasus 3-1:0.0: probe with driver pegasus failed with error -5 [ 124.400425][ T5975] usb 3-1: USB disconnect, device number 2 [ 124.424360][ T5843] Bluetooth: hci3: command tx timeout [ 124.872566][ T6970] loop1: detected capacity change from 0 to 512 [ 124.893824][ T6036] hsr_slave_0: left promiscuous mode [ 124.928898][ T6036] hsr_slave_1: left promiscuous mode [ 124.944268][ T6036] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 124.973813][ T6970] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 124.990167][ T6036] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 125.018438][ T6970] ext4 filesystem being mounted at /59/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 125.032482][ T6959] loop4: detected capacity change from 0 to 40427 [ 125.037655][ T6036] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 125.053975][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 125.055039][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 125.070541][ T6036] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 125.089019][ T6970] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #2: comm syz.1.249: corrupted inode contents [ 125.103824][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 125.112293][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 125.133797][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 125.165134][ T6959] F2FS-fs (loop4): invalid crc value [ 125.212448][ T6970] EXT4-fs error (device loop1): ext4_dirty_inode:6459: inode #2: comm syz.1.249: mark_inode_dirty error [ 125.226625][ T6036] veth1_macvtap: left promiscuous mode [ 125.246924][ T6036] veth0_macvtap: left promiscuous mode [ 125.316896][ T6036] veth1_vlan: left promiscuous mode [ 125.322598][ T6036] veth0_vlan: left promiscuous mode [ 125.322672][ T6970] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #2: comm syz.1.249: corrupted inode contents [ 125.351526][ T6970] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #2: comm syz.1.249: mark_inode_dirty error [ 125.585325][ T5838] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 125.644660][ T6959] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 125.701374][ T6959] syz.4.250: attempt to access beyond end of device [ 125.701374][ T6959] loop4: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 125.716712][ T6959] CPU: 0 UID: 0 PID: 6959 Comm: syz.4.250 Not tainted 6.16.0-rc3-next-20250623-syzkaller #0 PREEMPT(full) [ 125.716727][ T6959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 125.716733][ T6959] Call Trace: [ 125.716738][ T6959] [ 125.716742][ T6959] dump_stack_lvl+0x189/0x250 [ 125.716763][ T6959] ? __pfx_dump_stack_lvl+0x10/0x10 [ 125.716775][ T6959] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 125.716787][ T6959] ? __pfx_queue_work_on+0x10/0x10 [ 125.716801][ T6959] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 125.716811][ T6959] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 125.716822][ T6959] ? f2fs_hw_is_readonly+0x39b/0x470 [ 125.716838][ T6959] f2fs_handle_critical_error+0x37c/0x540 [ 125.716854][ T6959] f2fs_write_end_io+0x495/0x810 [ 125.716862][ T6959] ? blkg_put+0x22/0x240 [ 125.716883][ T6959] __submit_merged_bio+0x27a/0x6a0 [ 125.716895][ T6959] ? up_write+0x1c4/0x420 [ 125.716907][ T6959] __submit_merged_write_cond+0x44c/0x530 [ 125.716923][ T6959] f2fs_sync_node_pages+0x1869/0x1a00 [ 125.716948][ T6959] ? __pfx_f2fs_sync_node_pages+0x10/0x10 [ 125.716976][ T6959] ? f2fs_write_checkpoint+0xe43/0x1df0 [ 125.716987][ T6959] ? up_write+0x1c4/0x420 [ 125.716994][ T6959] ? do_raw_spin_unlock+0x122/0x240 [ 125.717007][ T6959] f2fs_write_checkpoint+0xe6f/0x1df0 [ 125.717029][ T6959] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 125.717066][ T6959] ? down_write+0x162/0x1f0 [ 125.717079][ T6959] ? __pfx_down_write+0x10/0x10 [ 125.717089][ T6959] ? futex_unqueue+0x22/0x240 [ 125.717103][ T6959] ? futex_unqueue+0x22/0x240 [ 125.717114][ T6959] ? futex_unqueue+0x22/0x240 [ 125.717131][ T6959] f2fs_issue_checkpoint+0x3ac/0x570 [ 125.717141][ T6959] ? register_lock_class+0x51/0x320 [ 125.717152][ T6959] ? __pfx_f2fs_issue_checkpoint+0x10/0x10 [ 125.717163][ T6959] ? __lock_acquire+0xab9/0xd20 [ 125.717182][ T6959] ? __up_read+0x280/0x680 [ 125.717196][ T6959] ? f2fs_sync_fs+0x200/0x3d0 [ 125.717209][ T6959] f2fs_do_sync_file+0x869/0x1860 [ 125.717224][ T6959] ? __pfx_f2fs_do_sync_file+0x10/0x10 [ 125.717231][ T6959] ? path_setxattrat+0x37e/0x3a0 [ 125.717265][ T6959] ? __fget_files+0x2a/0x420 [ 125.717273][ T6959] ? __fget_files+0x3a0/0x420 [ 125.717284][ T6959] ? f2fs_sync_file+0xe9/0x160 [ 125.717295][ T6959] __x64_sys_fsync+0x18e/0x1f0 [ 125.717308][ T6959] do_syscall_64+0xfa/0x3b0 [ 125.717318][ T6959] ? lockdep_hardirqs_on+0x9c/0x150 [ 125.717328][ T6959] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.717338][ T6959] ? clear_bhb_loop+0x60/0xb0 [ 125.717349][ T6959] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.717358][ T6959] RIP: 0033:0x7f97f4d8e929 [ 125.717367][ T6959] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 125.717375][ T6959] RSP: 002b:00007f97f2bf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000004a [ 125.717387][ T6959] RAX: ffffffffffffffda RBX: 00007f97f4fb5fa0 RCX: 00007f97f4d8e929 [ 125.717393][ T6959] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 125.717398][ T6959] RBP: 00007f97f4e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 125.717403][ T6959] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 125.717408][ T6959] R13: 0000000000000000 R14: 00007f97f4fb5fa0 R15: 00007ffe5d667758 [ 125.717424][ T6959] [ 125.717429][ T6959] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 126.083628][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 126.244941][ T6959] CPU: 1 UID: 0 PID: 6959 Comm: syz.4.250 Not tainted 6.16.0-rc3-next-20250623-syzkaller #0 PREEMPT(full) [ 126.244966][ T6959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 126.244976][ T6959] Call Trace: [ 126.244984][ T6959] [ 126.244992][ T6959] dump_stack_lvl+0x189/0x250 [ 126.245027][ T6959] ? __pfx_dump_stack_lvl+0x10/0x10 [ 126.245057][ T6959] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 126.245077][ T6959] ? __pfx_queue_work_on+0x10/0x10 [ 126.245104][ T6959] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 126.245123][ T6959] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 126.245144][ T6959] ? f2fs_hw_is_readonly+0x39b/0x470 [ 126.245175][ T6959] f2fs_handle_critical_error+0x37c/0x540 [ 126.245208][ T6959] f2fs_write_end_io+0x495/0x810 [ 126.245246][ T6959] __submit_merged_bio+0x27a/0x6a0 [ 126.245268][ T6959] ? up_write+0x1c4/0x420 [ 126.245292][ T6959] __submit_merged_write_cond+0x44c/0x530 [ 126.245326][ T6959] f2fs_sync_node_pages+0x1869/0x1a00 [ 126.245381][ T6959] ? __pfx_f2fs_sync_node_pages+0x10/0x10 [ 126.245443][ T6959] ? f2fs_write_checkpoint+0xe43/0x1df0 [ 126.245468][ T6959] ? up_write+0x1c4/0x420 [ 126.245481][ T6959] ? do_raw_spin_unlock+0x122/0x240 [ 126.245506][ T6959] f2fs_write_checkpoint+0xe6f/0x1df0 [ 126.245557][ T6959] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 126.245629][ T6959] ? down_write+0x162/0x1f0 [ 126.245651][ T6959] ? __pfx_down_write+0x10/0x10 [ 126.245671][ T6959] ? futex_unqueue+0x22/0x240 [ 126.245697][ T6959] ? futex_unqueue+0x22/0x240 [ 126.245719][ T6959] ? futex_unqueue+0x22/0x240 [ 126.245754][ T6959] f2fs_issue_checkpoint+0x3ac/0x570 [ 126.245774][ T6959] ? register_lock_class+0x51/0x320 [ 126.245795][ T6959] ? __pfx_f2fs_issue_checkpoint+0x10/0x10 [ 126.245818][ T6959] ? __lock_acquire+0xab9/0xd20 [ 126.245860][ T6959] ? __up_read+0x280/0x680 [ 126.245893][ T6959] ? f2fs_sync_fs+0x200/0x3d0 [ 126.245920][ T6959] f2fs_do_sync_file+0x869/0x1860 [ 126.245951][ T6959] ? __pfx_f2fs_do_sync_file+0x10/0x10 [ 126.245966][ T6959] ? path_setxattrat+0x37e/0x3a0 [ 126.246052][ T6959] ? __fget_files+0x2a/0x420 [ 126.246068][ T6959] ? __fget_files+0x3a0/0x420 [ 126.246092][ T6959] ? f2fs_sync_file+0xe9/0x160 [ 126.246114][ T6959] __x64_sys_fsync+0x18e/0x1f0 [ 126.246140][ T6959] do_syscall_64+0xfa/0x3b0 [ 126.246160][ T6959] ? lockdep_hardirqs_on+0x9c/0x150 [ 126.246180][ T6959] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.246198][ T6959] ? clear_bhb_loop+0x60/0xb0 [ 126.246221][ T6959] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.246237][ T6959] RIP: 0033:0x7f97f4d8e929 [ 126.246253][ T6959] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 126.246267][ T6959] RSP: 002b:00007f97f2bf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000004a [ 126.246286][ T6959] RAX: ffffffffffffffda RBX: 00007f97f4fb5fa0 RCX: 00007f97f4d8e929 [ 126.246298][ T6959] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 126.246308][ T6959] RBP: 00007f97f4e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 126.246319][ T6959] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 126.246329][ T6959] R13: 0000000000000000 R14: 00007f97f4fb5fa0 R15: 00007ffe5d667758 [ 126.246365][ T6959] [ 126.247470][ T6959] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 126.563661][ T5843] Bluetooth: hci3: command tx timeout [ 126.723745][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 127.794431][ T6036] team0 (unregistering): Port device team_slave_1 removed [ 127.929605][ T6036] team0 (unregistering): Port device team_slave_0 removed [ 127.965139][ T5884] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 127.993576][ T7018] loop1: detected capacity change from 0 to 256 [ 128.004786][ T7018] exfat: Bad value for 'uid' [ 128.009396][ T7018] exfat: Bad value for 'uid' [ 128.133814][ T5884] usb 5-1: Using ep0 maxpacket: 8 [ 128.151913][ T5884] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 128.162339][ T5884] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 128.189146][ T5884] usb 5-1: config 0 descriptor?? [ 128.543616][ T24] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 128.717650][ T24] usb 2-1: Using ep0 maxpacket: 16 [ 128.739920][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 128.754342][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 128.761552][ T7028] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 128.764873][ T24] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 128.790321][ T24] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 128.805337][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 128.825961][ T24] usb 2-1: config 0 descriptor?? [ 129.197910][ T6723] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 129.216718][ T6723] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 129.260586][ T24] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 129.267163][ T6723] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 129.277826][ T24] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 129.285660][ T6723] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 129.307619][ T24] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 129.323428][ T24] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 129.344611][ T24] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 129.353004][ T24] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 129.361188][ T24] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 129.368656][ T24] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 129.376249][ T24] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 129.385572][ T24] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 129.424531][ T5884] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 129.455152][ T5884] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 129.494166][ T6834] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 129.501041][ T24] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0003/input/input6 [ 129.518337][ T5884] asix 5-1:0.0: probe with driver asix failed with error -71 [ 129.527836][ T24] microsoft 0003:045E:07DA.0003: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 129.591572][ T5884] usb 5-1: USB disconnect, device number 3 [ 129.625333][ T24] usb 2-1: USB disconnect, device number 6 [ 129.651968][ T6834] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 129.692444][ T6834] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 129.737790][ T7042] fido_id[7042]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory [ 129.757322][ T6834] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 129.854697][ T6723] 8021q: adding VLAN 0 to HW filter on device bond0 [ 129.940777][ T6723] 8021q: adding VLAN 0 to HW filter on device team0 [ 129.945140][ T7032] loop2: detected capacity change from 0 to 32768 [ 129.971363][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 129.978520][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 130.029498][ T7032] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 130.040240][ T2982] bridge0: port 2(bridge_slave_1) entered blocking state [ 130.047385][ T2982] bridge0: port 2(bridge_slave_1) entered forwarding state [ 130.285444][ T7032] XFS (loop2): Ending clean mount [ 130.322301][ T7068] loop1: detected capacity change from 0 to 1024 [ 130.323888][ T7032] XFS (loop2): Quotacheck needed: Please wait. [ 130.336572][ T6834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 130.431784][ T6834] 8021q: adding VLAN 0 to HW filter on device team0 [ 130.545921][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 130.553121][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 130.572359][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 130.573612][ T7032] XFS (loop2): Quotacheck: Done. [ 130.579509][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 130.761164][ T6834] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 130.970518][ T6723] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 130.993162][ T5830] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 131.381228][ T7094] netlink: 4 bytes leftover after parsing attributes in process `syz.4.278'. [ 131.415171][ T6723] veth0_vlan: entered promiscuous mode [ 131.465033][ T6723] veth1_vlan: entered promiscuous mode [ 131.638244][ T6723] veth0_macvtap: entered promiscuous mode [ 131.701985][ T6834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 131.722392][ T6723] veth1_macvtap: entered promiscuous mode [ 131.736691][ T7104] loop4: detected capacity change from 0 to 1024 [ 131.789570][ T6723] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 131.862311][ T6723] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 131.949145][ T2982] hfsplus: b-tree write err: -5, ino 4 [ 131.950817][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 132.056763][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 132.105323][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 132.166350][ T36] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 132.236265][ T7123] loop2: detected capacity change from 0 to 64 [ 132.378972][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 132.439156][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 132.483621][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 132.493619][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 132.609071][ T7131] loop1: detected capacity change from 0 to 1 [ 132.618098][ T7131] syz.1.286: attempt to access beyond end of device [ 132.618098][ T7131] loop1: rw=2048, sector=0, nr_sectors = 8 limit=1 [ 132.631262][ T7131] SQUASHFS error: Failed to read block 0x0: -5 [ 132.637525][ T7131] unable to read squashfs_super_block [ 132.669343][ T6026] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 132.739977][ T6026] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 132.771210][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.778261][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.853549][ T30] audit: type=1326 audit(1750709105.204:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7134 comm="syz.1.287" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f66e6b8e929 code=0x0 [ 133.028668][ T6834] veth0_vlan: entered promiscuous mode [ 133.057547][ T6834] veth1_vlan: entered promiscuous mode [ 133.244329][ T6834] veth0_macvtap: entered promiscuous mode [ 133.283956][ T6834] veth1_macvtap: entered promiscuous mode [ 133.487686][ T2959] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.541877][ T6834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 133.581476][ T6834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 133.659946][ T2959] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.718455][ T6026] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.750529][ T6026] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.816826][ T6026] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.853747][ T6026] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.910638][ T2959] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.987777][ T7162] loop4: detected capacity change from 0 to 512 [ 134.090432][ T7162] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 134.125221][ T2959] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.167263][ T7162] ext4 filesystem being mounted at /81/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 134.208813][ T7162] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.294: corrupted inode contents [ 134.291557][ T7162] EXT4-fs error (device loop4): ext4_dirty_inode:6459: inode #2: comm syz.4.294: mark_inode_dirty error [ 134.330163][ T7162] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.294: corrupted inode contents [ 134.389822][ T7162] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #2: comm syz.4.294: mark_inode_dirty error [ 134.425427][ T6036] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 134.462609][ T6036] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 134.635627][ T5826] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 134.709193][ T6036] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 134.727221][ T6036] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 134.804235][ T5844] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 134.818986][ T5844] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 134.828990][ T5844] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 134.842506][ T5844] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 134.855399][ T5844] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 134.874069][ T2959] bridge_slave_1: left allmulticast mode [ 134.879718][ T2959] bridge_slave_1: left promiscuous mode [ 134.916519][ T2959] bridge0: port 2(bridge_slave_1) entered disabled state [ 135.002250][ T2959] bridge_slave_0: left allmulticast mode [ 135.039994][ T2959] bridge_slave_0: left promiscuous mode [ 135.068777][ T2959] bridge0: port 1(bridge_slave_0) entered disabled state [ 135.189381][ T7197] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 136.016610][ T7200] loop4: detected capacity change from 0 to 32768 [ 136.118759][ T7200] XFS (loop4): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 136.164976][ T2959] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 136.194745][ T2959] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 136.205487][ T2959] bond0 (unregistering): Released all slaves [ 136.238313][ T7200] XFS (loop4): Ending clean mount [ 136.636555][ T5826] XFS (loop4): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 136.697714][ T7246] loop1: detected capacity change from 0 to 256 [ 136.760285][ T7246] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 136.820492][ T7246] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 136.903966][ T5844] Bluetooth: hci0: command tx timeout [ 136.910101][ T7246] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 137.372314][ T2959] hsr_slave_0: left promiscuous mode [ 137.380368][ T2959] hsr_slave_1: left promiscuous mode [ 137.408491][ T2959] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 137.437477][ T7270] binder: 7269:7270 ioctl c0306201 200000000040 returned -14 [ 137.452114][ T2959] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 137.470501][ T2959] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 137.497431][ T2959] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 137.568408][ T2959] veth1_macvtap: left promiscuous mode [ 137.585889][ T2959] veth0_macvtap: left promiscuous mode [ 137.598617][ T2959] veth1_vlan: left promiscuous mode [ 137.612831][ T2959] veth0_vlan: left promiscuous mode [ 138.938118][ T7294] loop6: detected capacity change from 0 to 32768 [ 138.994360][ T5844] Bluetooth: hci0: command tx timeout [ 139.040154][ T7294] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode. [ 139.221396][ T2959] team0 (unregistering): Port device team_slave_1 removed [ 139.294042][ T6834] ocfs2: Unmounting device (7,6) on (node local) [ 139.378037][ T2959] team0 (unregistering): Port device team_slave_0 removed [ 139.403801][ T7302] block nbd0: server does not support multiple connections per device. [ 139.425016][ T7302] block nbd0: shutting down sockets [ 139.580183][ T7306] loop2: detected capacity change from 0 to 256 [ 139.602494][ T7306] exfat: Deprecated parameter 'utf8' [ 139.721812][ T7306] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xd9b3646f, utbl_chksum : 0xe619d30d) [ 140.428614][ T981] libceph: connect (1)[c::]:6789 error -101 [ 140.443550][ T981] libceph: mon0 (1)[c::]:6789 connect error [ 140.469666][ T7319] ceph: No mds server is up or the cluster is laggy [ 140.476790][ T5913] usb 3-1: new low-speed USB device number 3 using dummy_hcd [ 140.665490][ T5913] usb 3-1: config 0 has no interfaces? [ 140.671237][ T5913] usb 3-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7 [ 140.689869][ T5913] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 140.734231][ T5913] usb 3-1: config 0 descriptor?? [ 140.994357][ T981] usb 3-1: USB disconnect, device number 3 [ 141.066236][ T5844] Bluetooth: hci0: command tx timeout [ 141.182985][ T7184] chnl_net:caif_netlink_parms(): no params data found [ 141.480392][ T7340] loop1: detected capacity change from 0 to 4096 [ 141.576188][ T7184] bridge0: port 1(bridge_slave_0) entered blocking state [ 141.597660][ T7184] bridge0: port 1(bridge_slave_0) entered disabled state [ 141.605282][ T7184] bridge_slave_0: entered allmulticast mode [ 141.610278][ T7351] loop4: detected capacity change from 0 to 256 [ 141.614630][ T7184] bridge_slave_0: entered promiscuous mode [ 141.666217][ T7184] bridge0: port 2(bridge_slave_1) entered blocking state [ 141.718975][ T7184] bridge0: port 2(bridge_slave_1) entered disabled state [ 141.742159][ T7184] bridge_slave_1: entered allmulticast mode [ 141.760799][ T7184] bridge_slave_1: entered promiscuous mode [ 141.782285][ T7351] FAT-fs (loop4): Directory bread(block 64) failed [ 141.850217][ T7351] FAT-fs (loop4): Directory bread(block 65) failed [ 141.872313][ T7351] FAT-fs (loop4): Directory bread(block 66) failed [ 141.913538][ T7351] FAT-fs (loop4): Directory bread(block 67) failed [ 141.920168][ T7351] FAT-fs (loop4): Directory bread(block 68) failed [ 141.968547][ T7351] FAT-fs (loop4): Directory bread(block 69) failed [ 141.986816][ T7351] FAT-fs (loop4): Directory bread(block 70) failed [ 142.010580][ T7351] FAT-fs (loop4): Directory bread(block 71) failed [ 142.029429][ T7351] FAT-fs (loop4): Directory bread(block 72) failed [ 142.030656][ T7184] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 142.062418][ T7351] FAT-fs (loop4): Directory bread(block 73) failed [ 142.098300][ T7184] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 142.365462][ T7184] team0: Port device team_slave_0 added [ 142.381661][ T7184] team0: Port device team_slave_1 added [ 142.421995][ T7368] loop1: detected capacity change from 0 to 2048 [ 142.463684][ T5975] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 142.545000][ T7368] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 142.643404][ T5975] usb 7-1: Using ep0 maxpacket: 16 [ 142.679472][ T7184] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 142.700245][ T5975] usb 7-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 142.701442][ T30] audit: type=1800 audit(1750709115.064:20): pid=7368 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.355" name="file2" dev="loop1" ino=16 res=0 errno=0 [ 142.717381][ T7184] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 142.769726][ T5975] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 142.796654][ T5975] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 142.855830][ T5975] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 142.871291][ T5975] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 142.875607][ T5838] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 142.881550][ T7184] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 142.899002][ T5975] usb 7-1: Product: syz [ 142.903164][ T5975] usb 7-1: Manufacturer: syz [ 142.916361][ T5975] usb 7-1: SerialNumber: syz [ 142.990227][ T7184] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 143.050546][ T7184] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 143.069003][ T7383] loop1: detected capacity change from 0 to 2048 [ 143.101679][ T7383] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 143.133353][ T7184] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 143.153349][ T5844] Bluetooth: hci0: command tx timeout [ 143.272879][ T7184] hsr_slave_0: entered promiscuous mode [ 143.284455][ T7184] hsr_slave_1: entered promiscuous mode [ 143.398073][ T5975] usb 7-1: 0:2 : does not exist [ 143.415346][ T7376] loop2: detected capacity change from 0 to 32768 [ 143.531481][ T7376] XFS (loop2): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 143.664875][ T7376] XFS (loop2): Ending clean mount [ 144.170073][ T7381] loop4: detected capacity change from 0 to 32768 [ 144.170777][ T5830] XFS (loop2): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 144.296781][ T7402] loop1: detected capacity change from 0 to 4096 [ 144.310840][ T7381] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 144.477249][ T7402] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 144.494779][ T5975] usb 7-1: 1:0: failed to get current value for ch 0 (-22) [ 144.565506][ T5975] usb 7-1: USB disconnect, device number 2 [ 144.627710][ T6741] udevd[6741]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 144.679761][ T7381] XFS (loop4): Ending clean mount [ 144.680521][ T7184] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 144.721880][ T7381] XFS (loop4): Quotacheck needed: Please wait. [ 144.739582][ T7402] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 144.767404][ T7184] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 144.822650][ T7184] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 144.869231][ T7381] XFS (loop4): Quotacheck: Done. [ 144.913952][ T7184] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 145.042848][ T7426] loop1: detected capacity change from 0 to 128 [ 145.107140][ T7426] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 145.156349][ T5826] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 145.199949][ T7426] ext4 filesystem being mounted at /95/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 145.379924][ T7184] 8021q: adding VLAN 0 to HW filter on device bond0 [ 145.437270][ T5838] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 145.488564][ T7184] 8021q: adding VLAN 0 to HW filter on device team0 [ 145.528004][ T6019] bridge0: port 1(bridge_slave_0) entered blocking state [ 145.535286][ T6019] bridge0: port 1(bridge_slave_0) entered forwarding state [ 145.596611][ T6019] bridge0: port 2(bridge_slave_1) entered blocking state [ 145.603802][ T6019] bridge0: port 2(bridge_slave_1) entered forwarding state [ 145.768792][ T7184] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 146.013848][ T30] audit: type=1326 audit(1750709118.374:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7448 comm="syz.4.366" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f97f4d8e929 code=0x7ffc0000 [ 146.100323][ T30] audit: type=1326 audit(1750709118.374:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7448 comm="syz.4.366" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f97f4d8e929 code=0x7ffc0000 [ 146.231305][ T30] audit: type=1326 audit(1750709118.374:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7448 comm="syz.4.366" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f97f4d8e929 code=0x7ffc0000 [ 146.258694][ T30] audit: type=1326 audit(1750709118.374:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7448 comm="syz.4.366" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f97f4d2ab19 code=0x7ffc0000 [ 146.344383][ T30] audit: type=1326 audit(1750709118.374:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7448 comm="syz.4.366" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f97f4d2ab19 code=0x7ffc0000 [ 146.398533][ T30] audit: type=1326 audit(1750709118.374:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7448 comm="syz.4.366" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7f97f4d8e929 code=0x7ffc0000 [ 146.489023][ T30] audit: type=1326 audit(1750709118.374:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7448 comm="syz.4.366" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f97f4d8e929 code=0x7ffc0000 [ 146.604962][ T30] audit: type=1326 audit(1750709118.374:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7448 comm="syz.4.366" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f97f4d8e929 code=0x7ffc0000 [ 146.700941][ T30] audit: type=1326 audit(1750709118.434:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7448 comm="syz.4.366" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f97f4d2ab19 code=0x7ffc0000 [ 146.730112][ T7471] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 146.752613][ T7184] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 146.881286][ T6019] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.031971][ T6019] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.130327][ T7184] veth0_vlan: entered promiscuous mode [ 147.215885][ T6019] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.288519][ T7184] veth1_vlan: entered promiscuous mode [ 147.387489][ T981] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 147.426655][ T6019] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.497446][ T7184] veth0_macvtap: entered promiscuous mode [ 147.553438][ T981] usb 5-1: Using ep0 maxpacket: 32 [ 147.566364][ T7184] veth1_macvtap: entered promiscuous mode [ 147.587314][ T981] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 147.607268][ T5884] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 147.652286][ T981] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 147.668642][ T7184] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 147.677482][ T981] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 147.691361][ T7184] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 147.698699][ T981] usb 5-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 147.716271][ T981] usb 5-1: Product: syz [ 147.720446][ T981] usb 5-1: Manufacturer: syz [ 147.748553][ T981] hub 5-1:4.0: USB hub found [ 147.762330][ T36] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.777521][ T36] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.806702][ T5884] usb 3-1: config 0 has an invalid interface number: 104 but max is 0 [ 147.833053][ T5884] usb 3-1: config 0 has no interface number 0 [ 147.849457][ T5884] usb 3-1: config 0 interface 104 has no altsetting 0 [ 147.889398][ T5884] usb 3-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=a1.c9 [ 147.906929][ T36] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.926480][ T5884] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 147.926759][ T5843] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 147.963002][ T5843] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 147.965022][ T976] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.979479][ T5843] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 147.982979][ T5884] usb 3-1: Product: syz [ 147.990932][ T981] hub 5-1:4.0: 2 ports detected [ 147.999710][ T5843] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 148.007464][ T5843] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 148.016202][ T5884] usb 3-1: Manufacturer: syz [ 148.020849][ T5884] usb 3-1: SerialNumber: syz [ 148.086849][ T7504] loop1: detected capacity change from 0 to 1024 [ 148.102174][ T5884] usb 3-1: config 0 descriptor?? [ 148.174461][ T5884] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 148.218833][ T7504] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 148.312673][ T30] kauditd_printk_skb: 25 callbacks suppressed [ 148.312685][ T30] audit: type=1804 audit(1750709120.674:55): pid=7504 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.382" name="/newroot/102/bus/bus" dev="loop1" ino=18 res=1 errno=0 [ 148.335534][ T6019] bridge_slave_1: left allmulticast mode [ 148.352522][ T6019] bridge_slave_1: left promiscuous mode [ 148.358401][ T6019] bridge0: port 2(bridge_slave_1) entered disabled state [ 148.377184][ T6019] bridge_slave_0: left allmulticast mode [ 148.383226][ T5884] gspca_vc032x: reg_r err -71 [ 148.391360][ T981] hub 5-1:4.0: set hub depth failed [ 148.396786][ T6019] bridge_slave_0: left promiscuous mode [ 148.405812][ T6019] bridge0: port 1(bridge_slave_0) entered disabled state [ 148.408365][ T5884] gspca_vc032x: I2c Bus Busy Wait 00 [ 148.423473][ T981] usb 5-1: USB disconnect, device number 4 [ 148.439899][ T5884] gspca_vc032x: I2c Bus Busy Wait 00 [ 148.456465][ T5884] gspca_vc032x: I2c Bus Busy Wait 00 [ 148.466592][ T5884] gspca_vc032x: I2c Bus Busy Wait 00 [ 148.479333][ T5884] gspca_vc032x: I2c Bus Busy Wait 00 [ 148.491821][ T5884] gspca_vc032x: I2c Bus Busy Wait 00 [ 148.516142][ T5884] gspca_vc032x: I2c Bus Busy Wait 00 [ 148.530455][ T5884] gspca_vc032x: I2c Bus Busy Wait 00 [ 148.536972][ T5884] gspca_vc032x: I2c Bus Busy Wait 00 [ 148.551577][ T5884] gspca_vc032x: I2c Bus Busy Wait 00 [ 148.559820][ T5884] gspca_vc032x: I2c Bus Busy Wait 00 [ 148.565514][ T5884] gspca_vc032x: I2c Bus Busy Wait 00 [ 148.570902][ T5884] gspca_vc032x: I2c Bus Busy Wait 00 [ 148.577342][ T5884] gspca_vc032x: I2c Bus Busy Wait 00 [ 148.582986][ T5884] gspca_vc032x: I2c Bus Busy Wait 00 [ 148.589381][ T5884] gspca_vc032x: I2c Bus Busy Wait 00 [ 148.599805][ T5884] gspca_vc032x: I2c Bus Busy Wait 00 [ 148.608770][ T5884] gspca_vc032x: I2c Bus Busy Wait 00 [ 148.614329][ T5884] gspca_vc032x: Unknown sensor... [ 148.619550][ T5884] vc032x 3-1:0.104: probe with driver vc032x failed with error -22 [ 148.644206][ T5884] usb 3-1: USB disconnect, device number 4 [ 148.971069][ T6019] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 149.012664][ T5838] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 149.022849][ T6019] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 149.054996][ T6019] bond0 (unregistering): Released all slaves [ 149.104192][ T7514] loop2: detected capacity change from 0 to 1024 [ 149.111429][ T7514] EXT4-fs: Ignoring removed bh option [ 149.195165][ T7518] loop1: detected capacity change from 0 to 128 [ 149.206335][ T7519] loop4: detected capacity change from 0 to 128 [ 149.242370][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 149.289087][ T7514] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: writeback. [ 149.302480][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 149.405935][ T7514] EXT4-fs (loop2): shut down requested (1) [ 149.560400][ T5830] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 149.758987][ T7526] netlink: 4 bytes leftover after parsing attributes in process `syz.2.389'. [ 149.811270][ T6021] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 149.833468][ T5922] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 149.854059][ T6021] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 150.052222][ T5922] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 223, changing to 11 [ 150.099229][ T5922] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 150.110425][ T5843] Bluetooth: hci3: command tx timeout [ 150.131202][ T5922] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 150.145352][ T5922] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 150.162193][ T6019] hsr_slave_0: left promiscuous mode [ 150.175776][ T5922] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 150.192666][ T5922] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 150.200989][ T6019] hsr_slave_1: left promiscuous mode [ 150.207108][ T6019] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 150.215743][ T5922] usb 2-1: Product: syz [ 150.219920][ T5922] usb 2-1: Manufacturer: syz [ 150.224615][ T6019] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 150.232161][ T5922] usb 2-1: SerialNumber: syz [ 150.254025][ T6019] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 150.261423][ T6019] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 150.302049][ T6019] veth1_macvtap: left promiscuous mode [ 150.307761][ T6019] veth0_macvtap: left promiscuous mode [ 150.314163][ T6019] veth1_vlan: left promiscuous mode [ 150.319579][ T6019] veth0_vlan: left promiscuous mode [ 150.807998][ T5844] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 150.817234][ T5844] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 150.826500][ T5844] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 150.837372][ T5844] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 150.849378][ T5844] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 150.957838][ T6019] team0 (unregistering): Port device team_slave_1 removed [ 150.996759][ T6019] team0 (unregistering): Port device team_slave_0 removed [ 151.286636][ T5922] cdc_ncm 2-1:1.0: bind() failure [ 151.300120][ T5922] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 151.307570][ T5922] cdc_ncm 2-1:1.1: bind() failure [ 151.422345][ T7501] chnl_net:caif_netlink_parms(): no params data found [ 151.532576][ T5906] usb 2-1: USB disconnect, device number 7 [ 151.840493][ T7501] bridge0: port 1(bridge_slave_0) entered blocking state [ 151.859076][ T7501] bridge0: port 1(bridge_slave_0) entered disabled state [ 151.880674][ T7501] bridge_slave_0: entered allmulticast mode [ 151.892560][ T7501] bridge_slave_0: entered promiscuous mode [ 151.934447][ T7501] bridge0: port 2(bridge_slave_1) entered blocking state [ 151.941928][ T7501] bridge0: port 2(bridge_slave_1) entered disabled state [ 151.954327][ T7501] bridge_slave_1: entered allmulticast mode [ 151.966325][ T7501] bridge_slave_1: entered promiscuous mode [ 152.044438][ T7501] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 152.082620][ T7501] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 152.184110][ T5844] Bluetooth: hci3: command tx timeout [ 152.229413][ T7501] team0: Port device team_slave_0 added [ 152.289978][ T7501] team0: Port device team_slave_1 added [ 152.398714][ T7556] loop1: detected capacity change from 0 to 512 [ 152.509245][ T7556] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 152.557900][ T7556] EXT4-fs error (device loop1): ext4_validate_block_bitmap:432: comm syz.1.398: bg 0: block 104: invalid block bitmap [ 152.578030][ T7556] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6548: Corrupt filesystem [ 152.588490][ T7556] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.398: invalid indirect mapped block 1 (level 1) [ 152.606461][ T7556] EXT4-fs (loop1): 1 truncate cleaned up [ 152.615028][ T7556] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 152.728766][ T5838] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 152.749855][ T5843] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 152.767510][ T5843] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 152.783562][ T5843] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 152.795458][ T5843] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 152.799084][ T6019] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 152.821584][ T7561] loop2: detected capacity change from 0 to 4096 [ 152.831115][ T5843] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 152.888197][ T7565] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 152.908299][ T5843] Bluetooth: hci0: command tx timeout [ 152.920709][ T7501] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 152.938123][ T7501] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 153.005187][ T7501] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 153.108818][ T7501] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 153.138785][ T7501] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 153.166704][ T7501] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 153.237536][ T6019] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.351427][ T6019] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.448086][ T7540] chnl_net:caif_netlink_parms(): no params data found [ 153.455965][ T30] audit: type=1800 audit(1750709125.814:56): pid=7577 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.405" name="bus" dev="overlay" ino=593 res=0 errno=0 [ 153.538256][ T6019] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.599572][ T7501] hsr_slave_0: entered promiscuous mode [ 153.609886][ T7501] hsr_slave_1: entered promiscuous mode [ 153.617262][ T7501] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 153.626499][ T7501] Cannot create hsr debugfs directory [ 153.933613][ T7540] bridge0: port 1(bridge_slave_0) entered blocking state [ 153.940735][ T7540] bridge0: port 1(bridge_slave_0) entered disabled state [ 153.956702][ T7540] bridge_slave_0: entered allmulticast mode [ 153.970505][ T7540] bridge_slave_0: entered promiscuous mode [ 154.040115][ T7540] bridge0: port 2(bridge_slave_1) entered blocking state [ 154.063962][ T7540] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.071107][ T7540] bridge_slave_1: entered allmulticast mode [ 154.087295][ T7540] bridge_slave_1: entered promiscuous mode [ 154.255570][ T7540] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 154.269215][ T7540] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 154.273346][ T5843] Bluetooth: hci3: command tx timeout [ 154.372793][ T7598] input: syz0 as /devices/virtual/input/input7 [ 154.464685][ T7540] team0: Port device team_slave_0 added [ 154.503055][ T6019] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.550021][ T7540] team0: Port device team_slave_1 added [ 154.685054][ T6019] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.769693][ T7540] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 154.779022][ T7540] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 154.810300][ T7540] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 154.822424][ T7501] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 154.833103][ T7560] chnl_net:caif_netlink_parms(): no params data found [ 154.859749][ T6019] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.874480][ T7540] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 154.881482][ T7540] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 154.909064][ T7540] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 154.928705][ T7501] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 154.957101][ T6019] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.983443][ T5843] Bluetooth: hci1: command tx timeout [ 154.989072][ T5831] Bluetooth: hci0: command tx timeout [ 155.003343][ T7501] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 155.048439][ T7540] hsr_slave_0: entered promiscuous mode [ 155.061427][ T7540] hsr_slave_1: entered promiscuous mode [ 155.074050][ T7540] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 155.081588][ T7540] Cannot create hsr debugfs directory [ 155.092612][ T7501] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 155.325628][ T7560] bridge0: port 1(bridge_slave_0) entered blocking state [ 155.333142][ T7560] bridge0: port 1(bridge_slave_0) entered disabled state [ 155.343080][ T7560] bridge_slave_0: entered allmulticast mode [ 155.350248][ T7560] bridge_slave_0: entered promiscuous mode [ 155.399999][ T7560] bridge0: port 2(bridge_slave_1) entered blocking state [ 155.409097][ T7560] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.417770][ T7560] bridge_slave_1: entered allmulticast mode [ 155.425248][ T7560] bridge_slave_1: entered promiscuous mode [ 155.482976][ T7560] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 155.523252][ T7560] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 155.593934][ T6019] bridge_slave_1: left allmulticast mode [ 155.599597][ T6019] bridge_slave_1: left promiscuous mode [ 155.609168][ T6019] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.621349][ T6019] bridge_slave_0: left allmulticast mode [ 155.628513][ T6019] bridge_slave_0: left promiscuous mode [ 155.635660][ T6019] bridge0: port 1(bridge_slave_0) entered disabled state [ 155.650638][ T6019] bridge_slave_1: left allmulticast mode [ 155.657086][ T6019] bridge_slave_1: left promiscuous mode [ 155.663073][ T6019] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.690086][ T6019] bridge_slave_0: left allmulticast mode [ 155.698243][ T6019] bridge_slave_0: left promiscuous mode [ 155.704726][ T6019] bridge0: port 1(bridge_slave_0) entered disabled state [ 156.029399][ T6019] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 156.040772][ T6019] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 156.051200][ T6019] bond0 (unregistering): Released all slaves [ 156.308737][ T6019] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 156.319692][ T6019] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 156.332010][ T6019] bond0 (unregistering): Released all slaves [ 156.343582][ T5843] Bluetooth: hci3: command tx timeout [ 156.406210][ T7560] team0: Port device team_slave_0 added [ 156.428590][ T7560] team0: Port device team_slave_1 added [ 156.581560][ T7560] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 156.589552][ T7560] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 156.601342][ T7622] loop1: detected capacity change from 0 to 128 [ 156.622763][ T7560] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 156.660580][ T7560] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 156.667790][ T7560] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 156.694324][ T7560] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 156.717350][ T7622] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 156.748089][ T7622] ext4 filesystem being mounted at /119/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 156.805928][ T7622] EXT4-fs error (device loop1): dx_make_map:1296: inode #2: block 18: comm syz.1.417: bad entry in directory: inode out of bounds - offset=988, inode=128, rec_len=36, size=1024 fake=1 [ 156.828748][ T7622] EXT4-fs error (device loop1) in do_split:2029: Corrupt filesystem [ 156.909388][ T5838] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 156.934645][ T7560] hsr_slave_0: entered promiscuous mode [ 156.941210][ T7560] hsr_slave_1: entered promiscuous mode [ 156.954296][ T7560] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 156.961854][ T7560] Cannot create hsr debugfs directory [ 157.072611][ T5843] Bluetooth: hci1: command tx timeout [ 157.078254][ T5831] Bluetooth: hci0: command tx timeout [ 157.170990][ T7540] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 157.230041][ T7540] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 157.282986][ T7540] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 157.347672][ T7501] 8021q: adding VLAN 0 to HW filter on device bond0 [ 157.427321][ T7540] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 157.477734][ T7501] 8021q: adding VLAN 0 to HW filter on device team0 [ 157.507336][ T6019] hsr_slave_0: left promiscuous mode [ 157.533321][ T6019] hsr_slave_1: left promiscuous mode [ 157.545137][ T6019] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 157.572227][ T6019] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 157.603809][ T6019] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 157.614536][ T6019] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 157.648708][ T6019] hsr_slave_0: left promiscuous mode [ 157.657742][ T6019] hsr_slave_1: left promiscuous mode [ 157.674069][ T6019] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 157.681460][ T6019] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 157.690642][ T6019] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 157.698276][ T6019] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 157.758000][ T6019] veth1_macvtap: left promiscuous mode [ 157.767021][ T6019] veth0_macvtap: left promiscuous mode [ 157.772667][ T6019] veth1_vlan: left promiscuous mode [ 157.782509][ T6019] veth0_vlan: left promiscuous mode [ 157.793495][ T6019] veth1_macvtap: left promiscuous mode [ 157.799034][ T6019] veth0_macvtap: left promiscuous mode [ 157.810737][ T6019] veth1_vlan: left promiscuous mode [ 157.816087][ T6019] veth0_vlan: left promiscuous mode [ 157.937976][ T7639] loop1: detected capacity change from 0 to 32768 [ 158.137633][ T7639] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,background_target=invalid device 79,nojournal_transaction_names [ 158.137657][ T7639] allowing incompatible features above 0.0: (unknown version) [ 158.137668][ T7639] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 158.193391][ T7639] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0 [ 158.202293][ T7639] bcachefs (loop1): initializing new filesystem [ 158.226687][ T7639] bcachefs (loop1): going read-write [ 158.253089][ T7639] bcachefs (loop1): marking superblocks [ 158.271794][ T7639] bcachefs (loop1): initializing freespace [ 158.289614][ T7639] bcachefs (loop1): done initializing freespace [ 158.301604][ T7639] bcachefs (loop1): reading snapshots table [ 158.308090][ T7639] bcachefs (loop1): reading snapshots done [ 158.346936][ T7639] bcachefs (loop1): done starting filesystem [ 158.462778][ T30] audit: type=1804 audit(1750709130.824:57): pid=7639 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.422" name="/newroot/124/file1/bus" dev="loop1" ino=4098 res=1 errno=0 [ 158.463823][ T7639] bcachefs (loop1): requested incompat feature 1.16: reflink_p_may_update_opts currently not enabled, allowed up to 1.16: reflink_p_may_update_opts [ 158.463823][ T7639] set version_upgrade=incompat to enable [ 158.484282][ C0] vkms_vblank_simulate: vblank timer overrun [ 158.672264][ T5838] bcachefs (loop1): shutting down [ 158.680542][ T5838] bcachefs (loop1): going read-only [ 158.686585][ T5838] bcachefs (loop1): finished waiting for writes to stop [ 158.705210][ T5838] bcachefs (loop1): flushing journal and stopping allocators, journal seq 5 [ 158.765268][ T6019] team0 (unregistering): Port device team_slave_1 removed [ 158.779631][ T5838] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 6 [ 158.791404][ T5838] bcachefs (loop1): clean shutdown complete, journal seq 7 [ 158.800041][ T5838] bcachefs (loop1): marking filesystem clean [ 158.830410][ T6019] team0 (unregistering): Port device team_slave_0 removed [ 158.849166][ T5838] bcachefs (loop1): shutdown complete [ 159.143608][ T5843] Bluetooth: hci1: command tx timeout [ 159.143769][ T5831] Bluetooth: hci0: command tx timeout [ 159.551064][ T6019] team0 (unregistering): Port device team_slave_1 removed [ 159.610640][ T6019] team0 (unregistering): Port device team_slave_0 removed [ 159.984637][ T6021] bridge0: port 1(bridge_slave_0) entered blocking state [ 159.991822][ T6021] bridge0: port 1(bridge_slave_0) entered forwarding state [ 160.061045][ T6021] bridge0: port 2(bridge_slave_1) entered blocking state [ 160.068166][ T6021] bridge0: port 2(bridge_slave_1) entered forwarding state [ 160.318441][ T7501] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 160.571097][ T7540] 8021q: adding VLAN 0 to HW filter on device bond0 [ 160.678333][ T7540] 8021q: adding VLAN 0 to HW filter on device team0 [ 160.720841][ T976] bridge0: port 1(bridge_slave_0) entered blocking state [ 160.728026][ T976] bridge0: port 1(bridge_slave_0) entered forwarding state [ 160.760802][ T6021] bridge0: port 2(bridge_slave_1) entered blocking state [ 160.767997][ T6021] bridge0: port 2(bridge_slave_1) entered forwarding state [ 160.803193][ T7501] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 160.880927][ T7540] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 161.135548][ T7560] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 161.189914][ T7560] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 161.223765][ T5831] Bluetooth: hci1: command tx timeout [ 161.255033][ T7560] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 161.309428][ T7560] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 161.336834][ T7677] netlink: 4 bytes leftover after parsing attributes in process `syz.1.425'. [ 161.702416][ T7540] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 161.738866][ T7501] veth0_vlan: entered promiscuous mode [ 161.768916][ T7501] veth1_vlan: entered promiscuous mode [ 161.841565][ T7560] 8021q: adding VLAN 0 to HW filter on device bond0 [ 161.862463][ T7501] veth0_macvtap: entered promiscuous mode [ 161.890787][ T7501] veth1_macvtap: entered promiscuous mode [ 161.905450][ T7560] 8021q: adding VLAN 0 to HW filter on device team0 [ 161.920946][ T6019] bridge0: port 1(bridge_slave_0) entered blocking state [ 161.928096][ T6019] bridge0: port 1(bridge_slave_0) entered forwarding state [ 161.960832][ T6019] bridge0: port 2(bridge_slave_1) entered blocking state [ 161.968069][ T6019] bridge0: port 2(bridge_slave_1) entered forwarding state [ 162.002128][ T7501] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 162.014262][ T5906] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 162.054334][ T7501] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 162.096477][ T6036] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.115867][ T6036] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.128885][ T6036] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.162462][ T12] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.183829][ T5906] usb 2-1: Using ep0 maxpacket: 16 [ 162.197228][ T5906] usb 2-1: config 0 has an invalid interface number: 180 but max is 0 [ 162.206221][ T5906] usb 2-1: config 0 has no interface number 0 [ 162.229167][ T5906] usb 2-1: config 0 interface 180 has no altsetting 0 [ 162.262717][ T5906] usb 2-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=e8.1f [ 162.293882][ T5906] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 162.302011][ T5906] usb 2-1: Product: syz [ 162.307353][ T5906] usb 2-1: Manufacturer: syz [ 162.311956][ T5906] usb 2-1: SerialNumber: syz [ 162.330669][ T5906] usb 2-1: config 0 descriptor?? [ 162.355305][ T7540] veth0_vlan: entered promiscuous mode [ 162.372357][ T2982] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 162.392674][ T2982] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 162.410647][ T7540] veth1_vlan: entered promiscuous mode [ 162.469839][ T6021] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 162.502237][ T6021] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 162.527021][ T7540] veth0_macvtap: entered promiscuous mode [ 162.543227][ T7540] veth1_macvtap: entered promiscuous mode [ 162.619901][ T7540] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 162.636994][ T7540] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 162.649007][ T7560] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 162.707302][ T2982] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.718214][ T2982] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.743929][ T2982] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.775966][ T2982] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.794344][ T5906] viperboard 2-1:0.180: version 0.00 found at bus 002 address 008 [ 162.875083][ T5906] viperboard-i2c viperboard-i2c.2.auto: error -EIO: failure setting i2c_bus_freq to 100 [ 162.925768][ T5906] viperboard-i2c viperboard-i2c.2.auto: probe with driver viperboard-i2c failed with error -5 [ 162.966103][ T7560] veth0_vlan: entered promiscuous mode [ 163.018847][ T5906] usb 2-1: USB disconnect, device number 8 [ 163.111657][ T7560] veth1_vlan: entered promiscuous mode [ 163.171861][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 163.209338][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 163.217062][ T5913] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 163.284208][ T6036] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 163.306587][ T6036] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 163.319487][ T7560] veth0_macvtap: entered promiscuous mode [ 163.362331][ T7560] veth1_macvtap: entered promiscuous mode [ 163.384992][ T5913] usb 8-1: Using ep0 maxpacket: 32 [ 163.424684][ T5913] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 163.424821][ T7560] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 163.455432][ T5913] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 163.456788][ T7560] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 163.483697][ T5913] usb 8-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 163.499869][ T6019] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.510212][ T5913] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 163.531137][ T6019] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.559318][ T5913] usb 8-1: config 0 descriptor?? [ 163.587305][ T6019] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.599501][ T5913] hub 8-1:0.0: USB hub found [ 163.639089][ T6019] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.798391][ T5913] hub 8-1:0.0: 1 port detected [ 163.851982][ T2982] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 163.878612][ T2982] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 163.957090][ T2982] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 163.979402][ T2982] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 164.420024][ T92] hub 8-1:0.0: activate --> -90 [ 164.548080][ T7723] loop8: detected capacity change from 0 to 32768 [ 164.609831][ T7723] XFS (loop8): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 164.629271][ T6019] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 164.766633][ T7723] XFS (loop8): Ending clean mount [ 164.800267][ T7723] XFS (loop8): Quotacheck needed: Please wait. [ 164.832492][ T5975] usb 8-1: USB disconnect, device number 2 [ 164.849004][ T6019] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 164.899428][ T7723] XFS (loop8): Quotacheck: Done. [ 165.001849][ T7540] XFS (loop8): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 165.057375][ T6019] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.234089][ T6019] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.434380][ T6019] bridge_slave_1: left allmulticast mode [ 165.445081][ T6019] bridge_slave_1: left promiscuous mode [ 165.450754][ T6019] bridge0: port 2(bridge_slave_1) entered disabled state [ 165.461051][ T6019] bridge_slave_0: left allmulticast mode [ 165.469332][ T6019] bridge_slave_0: left promiscuous mode [ 165.478469][ T6019] bridge0: port 1(bridge_slave_0) entered disabled state [ 165.623912][ T7760] loop1: detected capacity change from 0 to 256 [ 165.906427][ T5843] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 165.916519][ T5843] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 165.939867][ T5843] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 165.964863][ T5843] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 165.978163][ T5843] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 166.007535][ T6019] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 166.019162][ T6019] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 166.029365][ T6019] bond0 (unregistering): Released all slaves [ 166.499035][ T7772] loop1: detected capacity change from 0 to 1764 [ 166.548313][ T7772] iso9660: Bad value for 'block' [ 166.712072][ T6019] hsr_slave_0: left promiscuous mode [ 166.746936][ T6019] hsr_slave_1: left promiscuous mode [ 166.762216][ T6019] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 166.797870][ T6019] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 166.837438][ T6019] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 166.862215][ T6019] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 166.941899][ T6019] veth1_macvtap: left promiscuous mode [ 166.959646][ T6019] veth0_macvtap: left promiscuous mode [ 166.978918][ T7766] loop7: detected capacity change from 0 to 32768 [ 166.986588][ T6019] veth1_vlan: left promiscuous mode [ 167.002123][ T6019] veth0_vlan: left promiscuous mode [ 167.305932][ T7766] bcachefs (loop7): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow [ 167.305954][ T7766] allowing incompatible features above 0.0: (unknown version) [ 167.305965][ T7766] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 167.402755][ T7766] bcachefs (loop7): Using encoding defined by superblock: utf8-12.1.0 [ 167.414866][ T7766] bcachefs (loop7): initializing new filesystem [ 167.432045][ T7766] bcachefs (loop7): going read-write [ 167.444282][ T7766] bcachefs (loop7): marking superblocks [ 167.476896][ T7766] bcachefs (loop7): initializing freespace [ 167.486664][ T7766] bcachefs (loop7): done initializing freespace [ 167.496891][ T7766] bcachefs (loop7): reading snapshots table [ 167.502886][ T7766] bcachefs (loop7): reading snapshots done [ 167.517166][ T7775] loop8: detected capacity change from 0 to 32768 [ 167.553652][ T7766] bcachefs (loop7): loop7: Superblock write was silently dropped! (seq 0 expected 42) [ 167.579347][ T7775] XFS (loop8): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 167.595560][ T7766] bcachefs (loop7): done starting filesystem [ 167.735133][ T7775] XFS (loop8): Ending clean mount [ 167.858916][ T7540] XFS (loop8): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 168.024913][ T5843] Bluetooth: hci1: command tx timeout [ 168.088157][ T7501] bcachefs (loop7): shutting down [ 168.094266][ T7501] bcachefs (loop7): going read-only [ 168.099496][ T7501] bcachefs (loop7): finished waiting for writes to stop [ 168.116848][ T7501] bcachefs (loop7): flushing journal and stopping allocators, journal seq 34 [ 168.179260][ T7501] bcachefs (loop7): flushing journal and stopping allocators complete, journal seq 35 [ 168.203364][ T7501] bcachefs (loop7): clean shutdown complete, journal seq 36 [ 168.212011][ T7501] bcachefs (loop7): marking filesystem clean [ 168.280062][ T7501] bcachefs (loop7): shutdown complete [ 168.378868][ T6019] team0 (unregistering): Port device team_slave_1 removed [ 168.500392][ T6019] team0 (unregistering): Port device team_slave_0 removed [ 168.741357][ T7817] loop8: detected capacity change from 0 to 1024 [ 168.818050][ T7817] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 168.868076][ T7817] overlayfs: conflicting lowerdir path [ 168.987749][ T7540] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 169.175679][ T5831] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 169.195483][ T5831] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 169.206082][ T5831] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 169.231448][ T5831] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 169.257580][ T5831] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 169.595442][ T7779] netem: incorrect ge model size [ 169.600909][ T7779] netem: change failed [ 170.104401][ T5831] Bluetooth: hci1: command tx timeout [ 170.483196][ T7762] chnl_net:caif_netlink_parms(): no params data found [ 170.917804][ T7824] chnl_net:caif_netlink_parms(): no params data found [ 171.309547][ T5831] Bluetooth: hci2: command tx timeout [ 171.465962][ T6019] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.539389][ T7762] bridge0: port 1(bridge_slave_0) entered blocking state [ 171.572643][ T7762] bridge0: port 1(bridge_slave_0) entered disabled state [ 171.613537][ T7762] bridge_slave_0: entered allmulticast mode [ 171.648336][ T7762] bridge_slave_0: entered promiscuous mode [ 171.676078][ T7762] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.704081][ T7888] loop8: detected capacity change from 0 to 32768 [ 171.705298][ T7762] bridge0: port 2(bridge_slave_1) entered disabled state [ 171.733174][ T7762] bridge_slave_1: entered allmulticast mode [ 171.751861][ T7762] bridge_slave_1: entered promiscuous mode [ 171.841594][ T7888] ocfs2: Mounting device (7,8) on (node local, slot 0) with ordered data mode. [ 172.004075][ T6019] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 172.184089][ T5831] Bluetooth: hci1: command tx timeout [ 172.283589][ T7540] ocfs2: Unmounting device (7,8) on (node local) [ 172.509377][ T6019] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 172.532301][ T7884] loop7: detected capacity change from 0 to 32768 [ 172.568159][ T7762] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 172.600963][ T7884] XFS (loop7): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 172.612843][ T7824] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.628747][ T7824] bridge0: port 1(bridge_slave_0) entered disabled state [ 172.644157][ T7824] bridge_slave_0: entered allmulticast mode [ 172.655383][ T7824] bridge_slave_0: entered promiscuous mode [ 172.667176][ T7762] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 172.719172][ T6019] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 172.760216][ T7884] XFS (loop7): Ending clean mount [ 172.784217][ T7824] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.808369][ T7824] bridge0: port 2(bridge_slave_1) entered disabled state [ 172.852783][ T7824] bridge_slave_1: entered allmulticast mode [ 172.895663][ T7824] bridge_slave_1: entered promiscuous mode [ 173.175759][ T7824] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 173.209277][ T7824] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 173.268451][ T7762] team0: Port device team_slave_0 added [ 173.336704][ T7762] team0: Port device team_slave_1 added [ 173.383918][ T5831] Bluetooth: hci2: command tx timeout [ 173.485487][ T7501] XFS (loop7): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 173.565974][ T7940] loop8: detected capacity change from 0 to 32768 [ 173.700941][ T7824] team0: Port device team_slave_0 added [ 173.860923][ T7940] ocfs2: Mounting device (7,8) on (node local, slot 0) with writeback data mode. [ 173.978404][ T7762] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 174.012281][ T7762] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 174.057534][ T30] audit: type=1804 audit(1750709402.414:58): pid=7940 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.8.467" name="/newroot/18/file1/bus" dev="loop8" ino=17058 res=1 errno=0 [ 174.131011][ T7762] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 174.225996][ T7824] team0: Port device team_slave_1 added [ 174.252571][ T7540] ocfs2: Unmounting device (7,8) on (node local) [ 174.263865][ T5831] Bluetooth: hci1: command tx timeout [ 174.443785][ T5913] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 174.462688][ T7762] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 174.471795][ T7762] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 174.530147][ T7762] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 174.623392][ T5913] usb 8-1: Using ep0 maxpacket: 16 [ 174.636305][ T5913] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 174.673608][ T5913] usb 8-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00 [ 174.682673][ T5913] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 174.705975][ T7824] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 174.727269][ T5913] usb 8-1: config 0 descriptor?? [ 174.734360][ T7824] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 174.809219][ T7824] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 174.968979][ T6019] bridge_slave_1: left allmulticast mode [ 174.990680][ T6019] bridge_slave_1: left promiscuous mode [ 175.003775][ T6019] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.021909][ T6019] bridge_slave_0: left allmulticast mode [ 175.030120][ T6019] bridge_slave_0: left promiscuous mode [ 175.052917][ T6019] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.087850][ T7986] Bluetooth: MGMT ver 1.23 [ 175.092332][ T7986] Bluetooth: hci0: service_discovery: expected 4 bytes, got 7 bytes [ 175.160256][ T5913] kye 0003:0458:5016.0004: control desc unexpectedly large [ 175.215447][ T5913] input: HID 0458:5016 as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/0003:0458:5016.0004/input/input8 [ 175.282143][ T5913] input: HID 0458:5016 as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/0003:0458:5016.0004/input/input9 [ 175.464631][ T5831] Bluetooth: hci2: command tx timeout [ 175.591922][ T5913] kye 0003:0458:5016.0004: input,hiddev0,hidraw0: USB HID v0.09 Device [HID 0458:5016] on usb-dummy_hcd.7-1/input0 [ 175.873403][ T5913] usb 8-1: USB disconnect, device number 3 [ 176.029539][ T5906] page_pool_release_retry() stalled pool shutdown: id 36, 2 inflight 60 sec [ 176.207586][ T7996] loop1: detected capacity change from 0 to 8192 [ 176.564551][ T5884] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 176.662036][ T8018] netlink: 4 bytes leftover after parsing attributes in process `syz.8.478'. [ 176.753574][ T5884] usb 2-1: Using ep0 maxpacket: 16 [ 176.768455][ T6019] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 176.778869][ T5884] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 176.804452][ T6019] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 176.804907][ T5884] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 176.833789][ T5884] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 176.850138][ T6019] bond0 (unregistering): Released all slaves [ 176.854119][ T5884] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 176.864270][ T5884] usb 2-1: Product: syz [ 176.868438][ T5884] usb 2-1: Manufacturer: syz [ 176.873028][ T5884] usb 2-1: SerialNumber: syz [ 176.888384][ T5884] usb 2-1: config 0 descriptor?? [ 176.898575][ T5884] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 176.916130][ T5884] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class) [ 176.926396][ T7824] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 176.936622][ T7824] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 176.971658][ T7824] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 177.008296][ T7762] hsr_slave_0: entered promiscuous mode [ 177.025813][ T7762] hsr_slave_1: entered promiscuous mode [ 177.374477][ T7824] hsr_slave_0: entered promiscuous mode [ 177.381007][ T7824] hsr_slave_1: entered promiscuous mode [ 177.394568][ T7824] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 177.402127][ T7824] Cannot create hsr debugfs directory [ 177.517043][ T5884] em28xx 2-1:0.0: unknown em28xx chip ID (0) [ 177.527963][ T5884] em28xx 2-1:0.0: Config register raw data: 0x2f [ 177.537234][ T5884] em28xx 2-1:0.0: I2S Audio (1 sample rate(s)) [ 177.544594][ T5831] Bluetooth: hci2: command tx timeout [ 177.553422][ T5884] em28xx 2-1:0.0: No AC97 audio processor [ 177.820880][ T6019] hsr_slave_0: left promiscuous mode [ 177.838006][ T6019] hsr_slave_1: left promiscuous mode [ 177.848705][ T6019] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 177.856270][ T6019] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 177.866603][ T6019] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 177.874324][ T6019] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 177.898185][ T6019] veth1_macvtap: left promiscuous mode [ 177.903866][ T5975] usb 8-1: new low-speed USB device number 4 using dummy_hcd [ 177.913450][ T6019] veth0_macvtap: left promiscuous mode [ 177.919239][ T6019] veth1_vlan: left promiscuous mode [ 177.924780][ T6019] veth0_vlan: left promiscuous mode [ 178.090216][ T5975] usb 8-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 178.108623][ T5975] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 178.127903][ T5975] usb 8-1: config 0 descriptor?? [ 178.186902][ T5884] usb 2-1: USB disconnect, device number 9 [ 178.686465][ T6019] team0 (unregistering): Port device team_slave_1 removed [ 178.728473][ T6019] team0 (unregistering): Port device team_slave_0 removed [ 179.578097][ T5975] asix 8-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 179.596787][ T5975] asix 8-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 179.621084][ T5975] asix 8-1:0.0: probe with driver asix failed with error -71 [ 179.665905][ T5975] usb 8-1: USB disconnect, device number 4 [ 180.405082][ T7824] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 180.702973][ T7824] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 180.769070][ T7824] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 180.867482][ T7824] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 181.110252][ T7762] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 181.214215][ T7762] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 181.280848][ T7762] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 181.310679][ T7762] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 181.642499][ T7824] 8021q: adding VLAN 0 to HW filter on device bond0 [ 181.765886][ T7824] 8021q: adding VLAN 0 to HW filter on device team0 [ 181.842751][ T2982] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.849978][ T2982] bridge0: port 1(bridge_slave_0) entered forwarding state [ 181.902176][ T6021] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.909374][ T6021] bridge0: port 2(bridge_slave_1) entered forwarding state [ 181.987110][ T7762] 8021q: adding VLAN 0 to HW filter on device bond0 [ 182.149674][ T7762] 8021q: adding VLAN 0 to HW filter on device team0 [ 182.250780][ T6036] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.257983][ T6036] bridge0: port 1(bridge_slave_0) entered forwarding state [ 182.318948][ T6036] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.326134][ T6036] bridge0: port 2(bridge_slave_1) entered forwarding state [ 182.380240][ T8102] loop1: detected capacity change from 0 to 262144 [ 182.530336][ T8102] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 183.245113][ T7762] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 183.308306][ T7824] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 183.460710][ T7762] veth0_vlan: entered promiscuous mode [ 183.516369][ T7762] veth1_vlan: entered promiscuous mode [ 183.550887][ T8169] loop7: detected capacity change from 0 to 4096 [ 183.627291][ T8169] ntfs3(loop7): Different NTFS sector size (4096) and media sector size (512). [ 183.718669][ T7762] veth0_macvtap: entered promiscuous mode [ 183.769131][ T8169] ntfs3(loop7): ino=19, mi_enum_attr [ 183.775647][ T7762] veth1_macvtap: entered promiscuous mode [ 183.797433][ T8169] ntfs3(loop7): Mark volume as dirty due to NTFS errors [ 183.852966][ T7762] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 183.932728][ T7762] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 183.987418][ T8169] ntfs3(loop7): failed to convert "c46c" to iso8859-5 [ 184.005457][ T2982] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 184.066739][ T2982] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 184.107659][ T2982] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 184.137130][ T8169] ntfs3(loop7): ino=20, mi_enum_attr [ 184.291130][ T2982] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 184.326068][ T8179] loop8: detected capacity change from 0 to 40427 [ 184.340912][ T8179] F2FS-fs (loop8): Invalid log_blocksize (268), supports only 12 [ 184.348735][ T8179] F2FS-fs (loop8): Can't find valid F2FS filesystem in 1th superblock [ 184.364951][ T8179] F2FS-fs (loop8): invalid crc value [ 184.528276][ T8179] F2FS-fs (loop8): Try to recover 1th superblock, ret: 0 [ 184.539219][ T8179] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5 [ 184.717121][ T8188] loop7: detected capacity change from 0 to 4096 [ 184.815196][ T7824] veth0_vlan: entered promiscuous mode [ 184.815618][ T7540] F2FS-fs (loop8): invalid namelen(0), ino:0, run fsck to fix. [ 184.832767][ T2982] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 184.845339][ T7540] F2FS-fs (loop8): invalid namelen(0), ino:0, run fsck to fix. [ 184.858956][ T7824] veth1_vlan: entered promiscuous mode [ 184.864865][ T7540] F2FS-fs (loop8): invalid namelen(0), ino:0, run fsck to fix. [ 184.872417][ T7540] F2FS-fs (loop8): invalid namelen(0), ino:0, run fsck to fix. [ 184.888786][ T7540] F2FS-fs (loop8): invalid namelen(0), ino:0, run fsck to fix. [ 184.890181][ T2982] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 184.896888][ T7540] F2FS-fs (loop8): invalid namelen(0), ino:0, run fsck to fix. [ 184.956589][ T7540] F2FS-fs (loop8): invalid namelen(0), ino:0, run fsck to fix. [ 184.960393][ T8188] ntfs3(loop7): Mark volume as dirty due to NTFS errors [ 185.105734][ T6029] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 185.153636][ T6029] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 185.176574][ T7824] veth0_macvtap: entered promiscuous mode [ 185.176954][ T8188] [syz.7.509/8188] FS: loop7 File: /bus/file0/file2 would truncate fibmap result [ 185.219386][ T7824] veth1_macvtap: entered promiscuous mode [ 185.314917][ T7824] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 185.354670][ T2982] ntfs3(loop7): ino=9, ntfs3_write_inode failed, -22. [ 185.393523][ T7824] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 185.406716][ T7501] ntfs3(loop7): ino=9, ntfs_sync_fs failed, -22. [ 185.499997][ T2959] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.525054][ T2959] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.713718][ T2959] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.761856][ T2959] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.972185][ T976] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 186.003841][ T976] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 186.085357][ T2982] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 186.093202][ T2982] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 186.263046][ T8211] 9pnet: p9_errstr2errno: server reported unknown error a'%6U;qB&ð ){ylNl6w_JXb_Cɇ [ [ 186.348569][ T8209] loop7: detected capacity change from 0 to 4096 [ 186.443020][ T2959] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.724941][ T2959] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.842378][ T2959] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.949037][ T2959] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 187.185923][ T2959] bridge_slave_1: left allmulticast mode [ 187.194829][ T2959] bridge_slave_1: left promiscuous mode [ 187.200614][ T2959] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.231639][ T2959] bridge_slave_0: left allmulticast mode [ 187.248830][ T2959] bridge_slave_0: left promiscuous mode [ 187.260641][ T2959] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.678581][ T8235] netlink: 88 bytes leftover after parsing attributes in process `syz.7.515'. [ 187.713649][ T8235] netlink: 48 bytes leftover after parsing attributes in process `syz.7.515'. [ 188.348922][ T5843] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 188.360507][ T5843] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 188.371337][ T5843] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 188.391011][ T8257] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 188.394174][ T5843] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 188.408815][ T5843] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 188.680261][ T8251] loop1: detected capacity change from 0 to 32768 [ 188.746165][ T8261] netlink: 'syz.7.522': attribute type 3 has an invalid length. [ 188.766518][ T8251] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 188.800696][ T2959] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 188.812873][ T8261] netlink: 201372 bytes leftover after parsing attributes in process `syz.7.522'. [ 188.824160][ T2959] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 188.849439][ T2959] bond0 (unregistering): Released all slaves [ 188.907405][ T8251] XFS (loop1): Ending clean mount [ 188.927052][ T8251] XFS (loop1): Quotacheck needed: Please wait. [ 189.105249][ T8251] XFS (loop1): Quotacheck: Done. [ 189.520736][ T8284] loop7: detected capacity change from 0 to 512 [ 189.534590][ T5838] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 189.565700][ T8284] EXT4-fs: Ignoring removed oldalloc option [ 189.760444][ T8284] EXT4-fs (loop7): 1 truncate cleaned up [ 189.835892][ T8284] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 189.848570][ T2959] hsr_slave_0: left promiscuous mode [ 189.857224][ T2959] hsr_slave_1: left promiscuous mode [ 189.864609][ T2959] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 189.872003][ T2959] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 189.884556][ T8259] loop8: detected capacity change from 0 to 40427 [ 189.929307][ T2959] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 189.937467][ T8259] F2FS-fs (loop8): build fault injection rate: 690 [ 189.957930][ T2959] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 189.965456][ T8259] F2FS-fs (loop8): Image doesn't support compression [ 189.994626][ T8259] F2FS-fs (loop8): Image doesn't support compression [ 190.041476][ T8259] F2FS-fs (loop8): invalid crc value [ 190.073136][ T7501] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 190.086380][ T2959] veth1_macvtap: left promiscuous mode [ 190.091921][ T2959] veth0_macvtap: left promiscuous mode [ 190.147048][ T2959] veth1_vlan: left promiscuous mode [ 190.152419][ T2959] veth0_vlan: left promiscuous mode [ 190.274369][ T8306] loop1: detected capacity change from 0 to 512 [ 190.382923][ T8306] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 190.409197][ T8259] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5 [ 190.484499][ T8306] ext4 filesystem being mounted at /159/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 190.504183][ T5843] Bluetooth: hci1: command tx timeout [ 190.673049][ T7540] syz-executor: attempt to access beyond end of device [ 190.673049][ T7540] loop8: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 190.705685][ T7540] CPU: 0 UID: 0 PID: 7540 Comm: syz-executor Not tainted 6.16.0-rc3-next-20250623-syzkaller #0 PREEMPT(full) [ 190.705710][ T7540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 190.705720][ T7540] Call Trace: [ 190.705727][ T7540] [ 190.705735][ T7540] dump_stack_lvl+0x189/0x250 [ 190.705767][ T7540] ? __pfx_dump_stack_lvl+0x10/0x10 [ 190.705788][ T7540] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 190.705808][ T7540] ? __pfx_queue_work_on+0x10/0x10 [ 190.705832][ T7540] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 190.705850][ T7540] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 190.705870][ T7540] ? f2fs_hw_is_readonly+0x39b/0x470 [ 190.705898][ T7540] f2fs_handle_critical_error+0x37c/0x540 [ 190.705927][ T7540] f2fs_write_end_io+0x495/0x810 [ 190.705942][ T7540] ? blkg_put+0x22/0x240 [ 190.705980][ T7540] __submit_merged_bio+0x27a/0x6a0 [ 190.706010][ T7540] __submit_merged_write_cond+0x255/0x530 [ 190.706047][ T7540] f2fs_write_data_pages+0x261d/0x3000 [ 190.706108][ T7540] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 190.706208][ T7540] ? __lock_acquire+0xab9/0xd20 [ 190.706238][ T7540] ? do_raw_spin_lock+0x121/0x290 [ 190.706268][ T7540] ? do_raw_spin_unlock+0x122/0x240 [ 190.706286][ T7540] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 190.706311][ T7540] do_writepages+0x32b/0x550 [ 190.706344][ T7540] ? do_raw_spin_unlock+0x122/0x240 [ 190.706366][ T7540] filemap_fdatawrite+0x199/0x240 [ 190.706389][ T7540] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 190.706461][ T7540] ? do_raw_spin_unlock+0x122/0x240 [ 190.706483][ T7540] f2fs_sync_dirty_inodes+0x31f/0x830 [ 190.706516][ T7540] f2fs_write_checkpoint+0x95a/0x1df0 [ 190.706559][ T7540] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 190.706615][ T7540] ? try_to_wake_up+0x7e5/0x1290 [ 190.706640][ T7540] ? kill_f2fs_super+0x298/0x6c0 [ 190.706663][ T7540] kill_f2fs_super+0x2c3/0x6c0 [ 190.706686][ T7540] ? __pfx_kill_f2fs_super+0x10/0x10 [ 190.706701][ T7540] ? radix_tree_delete_item+0x2b6/0x400 [ 190.706728][ T7540] ? shrinker_free+0x2ce/0x3e0 [ 190.706750][ T7540] deactivate_locked_super+0xbc/0x130 [ 190.706774][ T7540] cleanup_mnt+0x425/0x4c0 [ 190.706793][ T7540] ? lockdep_hardirqs_on+0x9c/0x150 [ 190.706816][ T7540] task_work_run+0x1d4/0x260 [ 190.706838][ T7540] ? __pfx_task_work_run+0x10/0x10 [ 190.706854][ T7540] ? __x64_sys_umount+0x122/0x160 [ 190.706883][ T7540] ? exit_to_user_mode_loop+0x40/0x110 [ 190.706908][ T7540] exit_to_user_mode_loop+0xec/0x110 [ 190.706930][ T7540] do_syscall_64+0x2bd/0x3b0 [ 190.706948][ T7540] ? lockdep_hardirqs_on+0x9c/0x150 [ 190.706967][ T7540] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 190.706984][ T7540] ? clear_bhb_loop+0x60/0xb0 [ 190.707005][ T7540] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 190.707028][ T7540] RIP: 0033:0x7ff37578fc57 [ 190.707044][ T7540] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 190.707058][ T7540] RSP: 002b:00007fff4440c208 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 190.707077][ T7540] RAX: 0000000000000000 RBX: 00007ff375810925 RCX: 00007ff37578fc57 [ 190.707088][ T7540] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff4440c2c0 [ 190.707099][ T7540] RBP: 00007fff4440c2c0 R08: 0000000000000000 R09: 0000000000000000 [ 190.707109][ T7540] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff4440d350 [ 190.707120][ T7540] R13: 00007ff375810925 R14: 000000000002e88b R15: 00007fff4440d390 [ 190.707151][ T7540] [ 190.707157][ T7540] F2FS-fs (loop8): Stopped filesystem due to reason: 3 [ 190.712566][ T5838] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 191.989733][ T2959] team0 (unregistering): Port device team_slave_1 removed [ 192.056024][ T2959] team0 (unregistering): Port device team_slave_0 removed [ 192.349449][ T8334] loop8: detected capacity change from 0 to 512 [ 192.370159][ T8334] EXT4-fs (loop8): failed to initialize system zone (-117) [ 192.380010][ T8334] EXT4-fs (loop8): mount failed [ 192.583959][ T5843] Bluetooth: hci1: command tx timeout [ 193.006188][ T8254] chnl_net:caif_netlink_parms(): no params data found [ 193.477256][ T8254] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.514353][ T8254] bridge0: port 1(bridge_slave_0) entered disabled state [ 193.521545][ T8254] bridge_slave_0: entered allmulticast mode [ 193.567382][ T8254] bridge_slave_0: entered promiscuous mode [ 193.598293][ T8254] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.628936][ T8254] bridge0: port 2(bridge_slave_1) entered disabled state [ 193.643698][ T8254] bridge_slave_1: entered allmulticast mode [ 193.651298][ T8254] bridge_slave_1: entered promiscuous mode [ 193.824141][ T8254] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 193.842947][ T8379] loop1: detected capacity change from 0 to 2048 [ 193.845834][ T8375] loop8: detected capacity change from 0 to 2048 [ 193.882504][ T8254] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 193.942326][ T8379] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 194.002628][ T8375] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 194.079100][ T2959] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.193958][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.200279][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.292808][ T5844] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 194.307893][ T5844] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 194.320396][ T5844] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 194.332742][ T8254] team0: Port device team_slave_0 added [ 194.344778][ T5844] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 194.352785][ T5844] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 194.369483][ T8254] team0: Port device team_slave_1 added [ 194.518019][ T2959] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.663452][ T5844] Bluetooth: hci1: command tx timeout [ 194.721754][ T5838] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 194.791636][ T8378] loop9: detected capacity change from 0 to 32768 [ 194.817027][ T2959] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.843705][ T8378] JBD2: Ignoring recovery information on journal [ 194.914579][ T8378] ocfs2: Mounting device (7,9) on (node local, slot 0) with ordered data mode. [ 194.938886][ T8254] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 194.951109][ T8254] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 195.031271][ T8254] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 195.090510][ T8406] netlink: 'syz.8.553': attribute type 2 has an invalid length. [ 195.121080][ T7824] ocfs2: Unmounting device (7,9) on (node local) [ 195.128019][ T8406] netlink: 199836 bytes leftover after parsing attributes in process `syz.8.553'. [ 195.159082][ T8406] nbd: must specify a device to reconfigure [ 195.175110][ T2959] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 195.221275][ T8254] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 195.245806][ T8254] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 195.313398][ T8254] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 195.581603][ T8421] random: crng reseeded on system resumption [ 195.676205][ T8254] hsr_slave_0: entered promiscuous mode [ 195.704191][ T8254] hsr_slave_1: entered promiscuous mode [ 196.267569][ T5844] Bluetooth: hci4: command 0x0405 tx timeout [ 196.390977][ T2959] bridge_slave_1: left allmulticast mode [ 196.412605][ T2959] bridge_slave_1: left promiscuous mode [ 196.424006][ T5843] Bluetooth: hci3: command tx timeout [ 196.438975][ T2959] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.465045][ T2959] bridge_slave_0: left allmulticast mode [ 196.480644][ T2959] bridge_slave_0: left promiscuous mode [ 196.492821][ T2959] bridge0: port 1(bridge_slave_0) entered disabled state [ 196.633361][ T981] usb 10-1: new full-speed USB device number 2 using dummy_hcd [ 196.754155][ T5843] Bluetooth: hci1: command tx timeout [ 196.846644][ T981] usb 10-1: config 8 has an invalid interface number: 177 but max is 0 [ 196.884841][ T981] usb 10-1: config 8 has no interface number 0 [ 196.891055][ T981] usb 10-1: config 8 interface 177 altsetting 9 endpoint 0x2 has invalid maxpacket 1023, setting to 64 [ 196.932299][ T981] usb 10-1: config 8 interface 177 altsetting 9 endpoint 0x87 has invalid wMaxPacketSize 0 [ 196.951235][ T981] usb 10-1: config 8 interface 177 has no altsetting 0 [ 196.960387][ T981] usb 10-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1 [ 196.970009][ T981] usb 10-1: New USB device strings: Mfr=1, Product=0, SerialNumber=0 [ 196.988666][ T981] usb 10-1: Manufacturer: syz [ 197.019178][ T8453] input: syz1 as /devices/virtual/input/input10 [ 197.058643][ T8439] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22 [ 197.309877][ T981] ir_toy 10-1:8.177: required endpoints not found [ 197.340029][ T981] usb 10-1: USB disconnect, device number 2 [ 197.627764][ T2959] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 197.644914][ T2959] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 197.663865][ T2959] bond0 (unregistering): Released all slaves [ 198.504061][ T5843] Bluetooth: hci3: command tx timeout [ 198.660071][ T8385] chnl_net:caif_netlink_parms(): no params data found [ 198.763384][ T2959] hsr_slave_0: left promiscuous mode [ 198.790622][ T2959] hsr_slave_1: left promiscuous mode [ 198.794930][ T8465] loop1: detected capacity change from 0 to 32768 [ 198.803083][ T2959] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 198.822006][ T2959] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 198.857494][ T8465] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 198.870465][ T2959] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 198.904844][ T2959] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 198.966765][ T8498] loop9: detected capacity change from 0 to 512 [ 198.970796][ T2959] veth1_macvtap: left promiscuous mode [ 198.983735][ T2959] veth0_macvtap: left promiscuous mode [ 198.989397][ T2959] veth1_vlan: left promiscuous mode [ 198.994814][ T2959] veth0_vlan: left promiscuous mode [ 199.010670][ T8498] EXT4-fs: Ignoring removed orlov option [ 199.073930][ T8498] EXT4-fs error (device loop9): dx_probe:791: inode #2: comm syz.9.570: Attempting to read directory block (0) that is past i_size (256) [ 199.135326][ T8498] EXT4-fs (loop9): Remounting filesystem read-only [ 199.140078][ T5838] ocfs2: Unmounting device (7,1) on (node local) [ 199.154705][ T8498] EXT4-fs (loop9): Cannot turn on journaled quota: type 1: error -117 [ 199.171748][ T8505] input: syz0 as /devices/virtual/input/input11 [ 199.185393][ T8498] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 199.474382][ T8507] af_packet: tpacket_rcv: packet too big, clamped from 1 to 4294967272. macoff=96 [ 199.495350][ T7824] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 200.397145][ T2959] team0 (unregistering): Port device team_slave_1 removed [ 200.494995][ T2959] team0 (unregistering): Port device team_slave_0 removed [ 200.586443][ T5843] Bluetooth: hci3: command tx timeout [ 200.945452][ T8523] cgroup: fork rejected by pids controller in /syz8 [ 200.983736][ C1] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI [ 200.995653][ C1] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 201.004062][ C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted 6.16.0-rc3-next-20250623-syzkaller #0 PREEMPT(full) [ 201.015437][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 201.025495][ C1] RIP: 0010:pidfs_free_pid+0xaf/0x140 [ 201.030885][ C1] Code: f0 ff ff 73 e4 43 80 3c 3c 00 74 08 4c 89 f7 e8 a7 1b de ff 49 83 3e 00 0f 85 84 00 00 00 e8 08 f2 79 ff 48 89 d8 48 c1 e8 03 <42> 80 3c 38 00 74 08 48 89 df e8 82 1b de ff 4c 8b 33 4d 85 f6 74 [ 201.050494][ C1] RSP: 0018:ffffc900001d78b0 EFLAGS: 00010246 [ 201.056564][ C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff88801d685a00 [ 201.064523][ C1] RDX: 0000000000000100 RSI: 0000000000000001 RDI: ffff88807d0316f0 [ 201.072475][ C1] RBP: 0000000000000001 R08: ffff88807d031683 R09: 1ffff1100fa062d0 [ 201.080426][ C1] R10: dffffc0000000000 R11: ffffed100fa062d1 R12: 1ffff1100fa062dd [ 201.088382][ C1] R13: ffffffff81a83684 R14: ffff88807d0316e8 R15: dffffc0000000000 [ 201.096337][ C1] FS: 0000000000000000(0000) GS:ffff888125d25000(0000) knlGS:0000000000000000 [ 201.105245][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 201.111811][ C1] CR2: 00007f49f172b440 CR3: 000000007cd18000 CR4: 00000000003526f0 [ 201.119764][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 201.127714][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 201.135663][ C1] Call Trace: [ 201.138921][ C1] [ 201.141832][ C1] ? __pfx_delayed_put_pid+0x10/0x10 [ 201.147098][ C1] put_pid+0x9c/0x130 [ 201.151067][ C1] rcu_core+0xca5/0x1710 [ 201.155295][ C1] ? __lock_acquire+0xab9/0xd20 [ 201.160135][ C1] ? __pfx_rcu_core+0x10/0x10 [ 201.164793][ C1] ? kvm_sched_clock_read+0x11/0x20 [ 201.169972][ C1] ? sched_clock_cpu+0x74/0x430 [ 201.174807][ C1] ? rcu_is_watching+0x15/0xb0 [ 201.179559][ C1] ? trace_sched_exit_tp+0x38/0x120 [ 201.184740][ C1] ? __pfx_sched_clock_cpu+0x10/0x10 [ 201.190006][ C1] ? __local_bh_disable_ip+0xf1/0x190 [ 201.195360][ C1] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 201.201152][ C1] ? rcu_softirq_qs+0xf2/0x350 [ 201.205904][ C1] handle_softirqs+0x283/0x870 [ 201.210650][ C1] ? schedule+0x165/0x360 [ 201.214961][ C1] ? run_ksoftirqd+0x9b/0x100 [ 201.219628][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 201.224899][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 201.229912][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 201.234921][ C1] run_ksoftirqd+0x9b/0x100 [ 201.239409][ C1] ? __pfx_run_ksoftirqd+0x10/0x10 [ 201.244511][ C1] smpboot_thread_fn+0x542/0xa60 [ 201.249431][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 201.254441][ C1] kthread+0x711/0x8a0 [ 201.258488][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 201.263930][ C1] ? __pfx_kthread+0x10/0x10 [ 201.268497][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 201.273678][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 201.278855][ C1] ? __pfx_kthread+0x10/0x10 [ 201.283426][ C1] ret_from_fork+0x3fc/0x770 [ 201.288012][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 201.293111][ C1] ? __switch_to_asm+0x39/0x70 [ 201.297856][ C1] ? __switch_to_asm+0x33/0x70 [ 201.302596][ C1] ? __pfx_kthread+0x10/0x10 [ 201.307164][ C1] ret_from_fork_asm+0x1a/0x30 [ 201.311912][ C1] [ 201.314908][ C1] Modules linked in: [ 201.318834][ C1] vkms_vblank_simulate: vblank timer overrun [ 201.324847][ C1] ---[ end trace 0000000000000000 ]--- [ 201.330303][ C1] RIP: 0010:pidfs_free_pid+0xaf/0x140 [ 201.335709][ C1] Code: f0 ff ff 73 e4 43 80 3c 3c 00 74 08 4c 89 f7 e8 a7 1b de ff 49 83 3e 00 0f 85 84 00 00 00 e8 08 f2 79 ff 48 89 d8 48 c1 e8 03 <42> 80 3c 38 00 74 08 48 89 df e8 82 1b de ff 4c 8b 33 4d 85 f6 74 [ 201.355335][ C1] RSP: 0018:ffffc900001d78b0 EFLAGS: 00010246 [ 201.361402][ C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff88801d685a00 [ 201.369387][ C1] RDX: 0000000000000100 RSI: 0000000000000001 RDI: ffff88807d0316f0 [ 201.377380][ C1] RBP: 0000000000000001 R08: ffff88807d031683 R09: 1ffff1100fa062d0 [ 201.385379][ C1] R10: dffffc0000000000 R11: ffffed100fa062d1 R12: 1ffff1100fa062dd [ 201.393374][ C1] R13: ffffffff81a83684 R14: ffff88807d0316e8 R15: dffffc0000000000 [ 201.401353][ C1] FS: 0000000000000000(0000) GS:ffff888125d25000(0000) knlGS:0000000000000000 [ 201.410281][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 201.416886][ C1] CR2: 00007f49f172b440 CR3: 000000000df38000 CR4: 00000000003526f0 [ 201.424896][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 201.432872][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 201.440904][ C1] Kernel panic - not syncing: Fatal exception in interrupt [ 201.448319][ C1] Kernel Offset: disabled [ 201.452720][ C1] Rebooting in 86400 seconds..