last executing test programs: 32.608867741s ago: executing program 1 (id=727): syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe2$9p(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ffff"], 0x15) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="b0"], 0xb0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) chdir(&(0x7f0000000000)='./file0\x00') r3 = socket$unix(0x1, 0x5, 0x0) bind$unix(r3, &(0x7f0000000200)=@file={0x1, './file0\x00'}, 0x6e) lchown(&(0x7f0000004b40)='./file0\x00', 0x0, 0x0) 32.512582919s ago: executing program 1 (id=729): r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) mmap$binder(&(0x7f0000000000/0x4000)=nil, 0x1fffff, 0x1, 0x11, r0, 0x0) futex(&(0x7f000000cffc), 0x5, 0x0, 0x0, 0x0, 0x0) r1 = socket$igmp(0x2, 0x3, 0x2) ioctl$sock_inet_SIOCSIFNETMASK(r1, 0x891c, &(0x7f0000000140)={'ipvlan1\x00', {0x2, 0x0, @empty}}) ioctl$sock_netdev_private(r1, 0x89ff, &(0x7f0000000000)="31f3b7b331d09327d7e4d1ab71db7399b87d419f04db65daa4c7f768e18376a2994141c0b3ef1aecfba27eef6d1f6171459132a43fd5aa86d415b429f7a6ef8db025c5ee11f5e54c3e341d9a71e8349e219d98ef895e1f28a1c9b3efc7951ca9dce856f737d9e8a31f8938374480b3c7f4944b6e723ae229124cf68470eb637b456a99b8f0050847f257450672b63c1be934c2be5425e2a94228bed9ef3abc69c208e5a91f1058ccf3b4f10926eb4b25de0c4e712da78cc60de3c83b836b704f68efcfbc6713e01a40f9ed61e2cd4e28209ada5eff1f9a8bd286f9a96097ec266bac64cc21b392378e") 32.226482523s ago: executing program 1 (id=731): capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040)) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x2009, 0x408000) sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) syz_emit_ethernet(0x46, &(0x7f0000000000)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x3, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, @broadcast=0xac14140a, @multicast1}, "040022ebffffffff"}}}}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x103}, 0x20000c0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x16, 0x16, &(0x7f0000000240)=ANY=[@ANYRESOCT=r0], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) r4 = memfd_create(&(0x7f0000000680)='#}\x04\xe4\xfc\x1e\xff~\xb1\xe0\xa5\x9d\xc8\xca3\'\x12xY!\xa4\x9c\x97\xf1\xfc\xb0\xe8~\x91\xd5\x04i}\x03\x00@\x0e\xe6\x995b\x00\x00\x00\x00\x00\x00\x00\x8e\x96\xb7=\xb9OmILO\x8d\x00\x00\x00\x00\x00\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) setsockopt$inet_mtu(r3, 0x0, 0xa, &(0x7f0000000000)=0x3, 0x4) ftruncate(r4, 0x40001) syz_mount_image$udf(&(0x7f0000000000), &(0x7f0000000080)='./bus\x00', 0x8000, &(0x7f0000000040)=ANY=[@ANYBLOB='\x00'], 0x2, 0x597, &(0x7f0000000c00)="$eJzs3c1rXWkZAPDnPc1NbzrtzJ22ttaOckHBMmJJ006qpjjWyQSE4oRp04UrY5N2wtwmJelIOwzahejG/8HVbBRkQN0ILnTrQnciA67ErVEGBhWnck7P/Uw0qTc3ySW/H7Q599znvOc9hzbwvJ8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAER89dWr4xfSXtcCAAAAGKSvX399fKIn/x/bq8oAAAAAA3FD/z8AAAAAAAAADLsUWXw/Ujw4tp6OFp+fqF5bWn7rwdz0zOaXjaXiykNFfP6nemHi4qWXJi9/ofnzf1+/087Ea9dvXK2/snL33uri2triQn1ueenWysLitkvo9/peLxYvoH73zbcWbt9eq0+cv9j19YPaXw4/c6o29cVXT15rxs5Nz8xc74gZqfzfd9/ACA8AAICDbTSyuBQpbpz9aToWEVn0nwtv0XYwaGNRy/Pv4iHmpmeKB2kszS/fz7+cbSbCte6ceLSZI+9CLt6XWsTxvK6jMnoAAAC2rxJZfCpSnPloPT0bEYeaefDnioUBty6gtguV3MRIRJyIiHMxBDk7AAAA7LHDkcXrkeJXjVo8V+bVRf7/lYipva4cAAAAsCNGIovLkeKDqfVUK8YDRMSLc9Mz9Ws3619bvr3SETubyh71YZ8fsJuMTQAAAGAfqEYWx4oe//X0/FNf/Y/Hjx8PpFoAAADADhqLLP4ZKT778reLdeWiWJf+uakvHb0y07nC3Oktysljz0fE2W3Oya+Uaw3OptmUsg2lPdqRhwMAAAAK1ZTFnyPFh3+sFp/Plbl5GtnrmgEAAAA7JmXxvUjx5dn1lHr2pT/Usb9/y7DP/R9s/ceqr6zce7i6dOeN+5t+f6R69Vtr91fnb23+9ZO9C7uGQ2y1jyEAAABsQyVl8fdI8dvGe628s9wDoBwB0E40373Szk2rqefbot3g2aLdoDWH4JmJic7jTVPWp1gfr1be91D/jw0AAAAHSkpZjEaKz/zm4+Xe/0diQx90Gfe7SHFl5YUyLhvN45rTBGrF39XbS43F8Tx2OlL8vNGMjSL2cBl7oh17IY/9dV7ufHdstYw9WYRGHjuRx34UKd5Y3Tz2Y+1yL+axq5HiJz+qN2OP5LFHy9hT7djzt1YaC4N7wwAAALD3KimLX0SKH/6r3pry393/3+5tf/eddn//hgX6/kuff7/9/7WOc4/KdojDZXvFyBbtFa9FijPPv9B8nqKtoDms4MleB+32ir9FitVvdMeOlrHH27EXtv1iAQAAYB9pjv///c1ftobclzlw+XHz/P8TvesDDij/79yTML/n2sO335xvNBZXh+nguxHRdSbtk4o5eKqD/B/hPqjGzhyU/6ke7Zf69HvQ169BAAA4EPL8/2akePDB+63+7jL/L4fKt/P/D7/Tzv+negsaUP5/vOPcVLneQGUkonr/7r3K6Yjq2sO3P790d/7O4p3F5YuTL02OT05evjRRGW127reP+n5XAAAAMKzy/H88Uvz1Bz9uzc/fTv//kd6CBpT/n+g4l9+z3emXn/lTv48PAAAAB0Ke//8sUvzh7HutdfS68/+O9f/fac+zP/fpJ6MFWq0DA8r/T3acqxX3jRjboWcHAAAAAAAAAAAAAAAAAACA/aKSsvh3pHi/OpLKBf+3tf7fQm9BA5r/f6rj3ELszv5/fb9UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGFJZZLEUKT55ej29nJ/4ZsTRzp8AAADA0PtPAAAA//81ax1R") r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000004850000006d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r5}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10) sendfile(r3, r4, 0x0, 0xffe4) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r6 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r2, &(0x7f0000000240)={@val={0x0, 0x800}, @val={0x0, 0x3, 0x75, 0x1, 0x9, 0xfffa}, @mpls={[], @ipv4=@gre={{0x5, 0x4, 0x0, 0x0, 0x75, 0x0, 0x0, 0x0, 0x84, 0x0, @dev, @broadcast}, {{}, {}, {}, {}, {0x8, 0x22eb, 0x0, {{}, 0x2, {0x8}}}, {0x8, 0x6558, 0x0, "20e62929c11cb0549208c925145acbdc02d1fec745f9b654f2d97c9269"}}}}}, 0x83) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_MODE={0x5, 0x1, 0x6}, @IFLA_BOND_ACTIVE_SLAVE={0x8}]}}}]}, 0x44}}, 0x0) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000001c0)) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x1c080, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10) r8 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r8, 0x8922, &(0x7f0000000300)={'veth1_vlan\x00', 0x2}) 31.334203508s ago: executing program 1 (id=733): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000400e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000004000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"], 0xfc}}, 0x0) 31.207686199s ago: executing program 1 (id=734): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) add_key$fscrypt_provisioning(&(0x7f0000000280), 0x0, 0x0, 0x18, 0xffffffffffffffff) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$NL802154_CMD_GET_WPAN_PHY(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4044090}, 0x40000) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fe050000000000000000000095000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB="50000000020605000000000000000000000000000900020073797a30000000000500040000000000050101000600000016000300686173683aead54d725709fed720b28f6e65744d706f72742c6e65740000000500050002000000086e35dd98e7e42c7a76f574e04e0a6df9f6dec312888ac0e8abc3aa4864d45ee265ec9d71"], 0x50}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') execve(&(0x7f0000000c40)='./bus\x00', &(0x7f0000000e40)={[&(0x7f0000000c80)='GPL\x00', &(0x7f00000010c0)='W$)hs\x00\x8f\tG\xb3\xd4\xc4\xa5E%\x8ck\xc9#$\x85g\xab\x1f\x89\xd8\xda\x87\x1a0\xb9E\x83.k\\\x98M\xa7g\xc0\x84\xcb\xec\x14Dz\xca\x19\xb9\x15\xd3\xb7\xde\xcc\x06\x94\x18\xdb\xab\x13%\xb4\x99\xcf\xb6k\xb0\x93\xdf-\x05\x8bBIv\x85~\x91\xbc\xefe3\xe7x\x8f\x89\xdf\xf6k\xad\xbf\x9d\xc5y=\xdb\xba-\xfeh\xed\xdb\xc2\x1f\xdd\xe3\xf1\x0e\x87\x8d\f\xee\xb2E\xbci-\x17\x03\x012\xa7\n\xc5vu\xfc\xc5\xb5\x9f\xf0\x94\xf2\x99\x9b\xaf8\xed\xfd\xd7\xb0\xc1|\xf3\xbc\x91\xc4\xd9\xcb\x84\\\xe9B\xdfhU\xe26.\xe5B~\x17\xc7\xac\x1b\xbf\xbf\xbag8r+\nLm\xe6R_\xdcf5\xf7\'S\x98\xcc\b\xd1a\xdc\xe72\xda\x88;\xbe$\x80\x9e\x11\xae\xc5\x1fP\xc5\xccP4\x01\"\xc8\x01\x9d\xe64\x87t\xe8\xcb\x88\x17\xa6\xcd\xdc\x8d\\\xd9\x97sNN\xa7T\xfc\x10td\x9f L\xfb\x00\xa3\x02\x02*&\xff\xb1\xfeB', &(0x7f0000000d00)='*#\x00', &(0x7f0000000d40)='nilfs2\x00', &(0x7f0000000d80)=',-\x00', &(0x7f0000000dc0)='\x00', &(0x7f0000000e00)='*\x00']}, &(0x7f0000001040)={[&(0x7f0000000e80)='/\x00', &(0x7f0000000ec0)='\\\x00', &(0x7f0000000f00)='GPL\x00', &(0x7f0000000f40)='\x00', &(0x7f0000000f80)='autofs\x00', &(0x7f0000000fc0)='nilfs2\x00', &(0x7f0000001000)='\')!!\\\x00']}) r5 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) chdir(&(0x7f0000000cc0)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, 0x0) ioctl$AUTOFS_IOC_PROTOSUBVER(r5, 0x40049366, &(0x7f0000000180)) syz_mount_image$nilfs2(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x3200400, &(0x7f0000000140)=ANY=[@ANYRES8=0x0], 0x3, 0xa83, &(0x7f0000000180)="$eJzs3U2MG1cBAOBn73qTTVLilIQuSWgTftry091ms4SfCJqquRA1FbdKFZco3ZaIbUCkErSqRJITN1pV4QpFnMqhAoTUXlDUE5dKNBKXngoHDkRBVOIAhcRo7fe84xeb8f5kba+/T3r7/OaN572ZHY/HM/PeC8DYqjb/LizMVEK48tarJ/92/1+nl6c80p6j3vw7WUjVQgiVmJ7Mlvf+RCu++cFLZ7vFlTDf/JvS4Ykb7ffuDCFcDIfC1VAP+69ce+Wd+cdPXzp1+fC7rx+/fmfWHgAAxss3rx5f2PfnPx7Y8+Eb954I29rT0/l5PaZ3xfP+E/HEP53/V0NnulIIRVPZfJMxVLP5JrrMVyynls032aP8qWy5tXb+gY75tpWUP1GY1m29YZSl/bgeKtXZjnS1Ojvb+k0emr/rpyqz588tPXNhQBUFNtw/7wshHBJWGxqNxo+aG3AI6iIIaw2N3YM+AgG05PcLb3Mxv7KwPu2lTfZX/o1Hq93fDxtgs/d/5Y9W+b+85IjDxtmqe1Nar/Q52hXT+X2E/Pml1X7+0/Ly+xG1PuvZ6z7CqNxf6FXPiU2ux1r1qn++X2xVX4tx2g5fz/KLn5/8fzoq/2Ogu39t1vX/16YHfq1zORzqf97WF/0Q1HmkQm0I6iD0HRqDPgABQ2vlubmWRpTy8+f68vxtJfnbS/KnS/J3lOTvLMmHcfbb538SXq6s/M7Pf9Ov9npYus52V4w/ssr65NcjV1t+/tzvaq23/Px5Yhhmb555cvHLTz91rfX8f6W9/9+K+/uhmK7Hz9bVOEO6XphfV28/+1/vLKfaY767s/rcddv8jVaJezvnq+xdWU4oHGc6lr+8sJnO9+3uVd+DnfPVs/mmY9ie1Tc/P9mRvS+df6Tjatpek9n61rL1mMrqkY4re2Kc1wPWIu2PvZ7/T/vnTKhVnjm3tPhwTKf99A8TtW3L048UF/qrzak7sD79tv+ZCZ3tf3a1p9eqxePC7pXpleJxoZ5Nn28l27fJ0/SjMZ2+5749Md2cPnv2u0tPb/TKw5i78MKL3zmztLT4fS/Si2mbxQsvyo4cW/XJQRgfc88/9725Cy+8+NC55848u/js4vmjx44dnZ8/9pWjC3PN8/q54tk9sJWsfOkPuiYAAAAAAAAAAABAv35w6uS1P739pfda7f9X2v+l9v/pyd/U/v/HWfv/vJ18ahWQ2gHu6ZLfHHfvzc56TGXz1WL4aFbfvVk5+7L3fSzG7XH8Yvv/1N4+79c11eeebHref2+aL+tO4Lb+UqayPkja4wXGBvufjOnLMf5FgAGqTHefHOOy/q3Tvp76p9AvxWhK/7e0N6R+TFL77179OqXj/55NqCMbbzOaEw56HYHu/j70438WzsQHXpf/GxqNwddh/WFN27k2+HoLawqNhlE8gOEw6PE/03XPFJ///Te2L4c0241HO4+Xxf5L/7GhNWMcDfv4k8rfWuN/tse/6+v416V39Y5+nvsfXeHfP7v+XqHYsL/f42++/qkf6L3lZRZ9GMtP6/9A6K/8xmtZ+fkNoT79Jyt/R5/l37b+B9dW/n9j+WmzPfipfstv1bhS7axHft043f/LrxsnN7P1T317rnr91zhQ461YPoyz3uPM9juC7XAalfF/e8mfw/hiTKcDYXrOIf9GLq9/ZzI9X5G+B/Zly6+UfL+NyjjFvYz7+L9fjXHZ5yGN/5v2x3qXdLWQrnXZtqO+r8BW8/7Q3/8bsXBxCOogDGkYjjGwi6HRaAy0I2+9iA/WoLf/oO8+D7r8QW//Mvn4v/k5fD7+bzX7AZGP/5u/Px//N8/Px9fL8/Pxf/PtmY//m+ffky03v4I9U5L/8ZL8/SX5B1byp7vlHyx5/ydK8g+X5N9bkn9fSf7dJfkTJfmfLsn/TEn+/SX5D5bkf7Ykf6trtkcpfKjGbf1hnOXt83z+YXyk+z+9Pv97S/KB0fXTN4489tRvvlVvtf+fav9eS/fxTsR0Lf52/mFM5/e9QyG9nPd2TP8lyx/26x0wTvL+M/Lv9wdK8oHRlZ7z8vmGMVTp3mNPfr+tV79Vvc7zGS2fi/HnY/yFGD8U49kYz8X4SIznN6l+3BmP/fp3x1+urPze353l9/s8fN4eKO8n6mif9cmvD6z2efy8H7/VWm/5a2wOBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDDV5t+FhZlKCFfeevXkk6fPzS1PeaQ9R735d7KQqrXfF8LDMZ6I8c/ji5sfvHS2GN+KcSXMh0qotKeHJ260S9oZQrgYDoWroR72X7n2yjvzj5++dOry4XdfP379zm0BAAAA2Pr+FwAA///8rRvq") 30.308250345s ago: executing program 1 (id=738): syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe2$9p(0x0, 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ffff"], 0x15) r0 = dup(0xffffffffffffffff) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r0]) write$FUSE_BMAP(r0, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="b0"], 0xb0) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000180)) chdir(&(0x7f0000000000)='./file0\x00') r1 = socket$unix(0x1, 0x5, 0x0) bind$unix(r1, &(0x7f0000000200)=@file={0x1, './file0\x00'}, 0x6e) lchown(&(0x7f0000004b40)='./file0\x00', 0x0, 0x0) 11.871270379s ago: executing program 4 (id=803): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup(r2) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000140)=ANY=[@ANYBLOB="0200000018000000f1048340"]) 11.870603349s ago: executing program 2 (id=804): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0xbaa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r3}, 0x38) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r4, &(0x7f0000000700)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x44, 0x6, 0x3c8, 0x2e0, 0x218, 0x0, 0x180, 0x2e0, 0x448, 0x448, 0x448, 0x448, 0x448, 0x6, 0x0, {[{{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28}}, {{@uncond, 0x0, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@uncond, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@ip={@rand_addr, @dev, 0x0, 0x0, 'syzkaller0\x00', 'macvlan1\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x428) lsetxattr$security_ima(0x0, 0x0, 0x0, 0x0, 0x0) faccessat(0xffffffffffffffff, 0x0, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000040)={@cgroup=r6, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) 11.727989901s ago: executing program 4 (id=805): syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000005c0)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x1, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") creat(&(0x7f0000000040)='./bus\x00', 0x0) open(&(0x7f00000000c0)='./file0\x00', 0x81ff, 0x0) r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) mkdirat(r0, &(0x7f0000000440)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, 0x0, 0x0, 0x1000, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x14113e, 0x0) write$binfmt_script(r1, &(0x7f0000000080), 0x208e24b) r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) r3 = open(&(0x7f00000003c0)='.\x00', 0x0, 0x0) renameat2(r2, &(0x7f0000000000)='./file0\x00', r3, &(0x7f00000004c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', 0x2) 10.748612854s ago: executing program 2 (id=806): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000500), 0x0) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r0, 0x40505330, &(0x7f0000000540)={{}, {0xce}}) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./bus\x00') open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) socket(0x10, 0x803, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x2000, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000380), 0x4) syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[], 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) r4 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') r5 = syz_usb_connect(0x0, 0x4a, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582eb1000000001020009050276"], 0x0) syz_usb_control_io(r5, &(0x7f0000000080)={0x2c, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0003040000000403"], 0x0, 0x0, 0x0}, 0x0) syz_usb_ep_write$ath9k_ep1(r5, 0x82, 0x88, &(0x7f0000000240)=ANY=[@ANYBLOB="0466917de0f4d5a1d49b7a347fe2b84536a0e61b43d0e89c09fd5e51524fa3c5d890d0f2c0a3db833cb7994c15d429df553e653fcfb242cec4abd563e61bc66a400d472162832448d91904029330e9ea233915286e6e55a8670cc0195b8ffa98b9a4df353f47472c2ba6279449a5220c9f", @ANYRES64=r4]) 10.632380934s ago: executing program 0 (id=807): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) add_key$fscrypt_provisioning(&(0x7f0000000280), 0x0, 0x0, 0x18, 0xffffffffffffffff) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$NL802154_CMD_GET_WPAN_PHY(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4044090}, 0x40000) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fe050000000000000000000095000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB="50000000020605000000000000000000000000000900020073797a30000000000500040000000000050101000600000016000300686173683aead54d725709fed720b28f6e65744d706f72742c6e65740000000500050002000000086e35dd98e7e42c7a76f574e04e0a6df9f6dec312888ac0e8abc3aa4864d45ee265ec9d71"], 0x50}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') execve(&(0x7f0000000c40)='./bus\x00', &(0x7f0000000e40)={[&(0x7f0000000c80)='GPL\x00', &(0x7f00000010c0)='W$)hs\x00\x8f\tG\xb3\xd4\xc4\xa5E%\x8ck\xc9#$\x85g\xab\x1f\x89\xd8\xda\x87\x1a0\xb9E\x83.k\\\x98M\xa7g\xc0\x84\xcb\xec\x14Dz\xca\x19\xb9\x15\xd3\xb7\xde\xcc\x06\x94\x18\xdb\xab\x13%\xb4\x99\xcf\xb6k\xb0\x93\xdf-\x05\x8bBIv\x85~\x91\xbc\xefe3\xe7x\x8f\x89\xdf\xf6k\xad\xbf\x9d\xc5y=\xdb\xba-\xfeh\xed\xdb\xc2\x1f\xdd\xe3\xf1\x0e\x87\x8d\f\xee\xb2E\xbci-\x17\x03\x012\xa7\n\xc5vu\xfc\xc5\xb5\x9f\xf0\x94\xf2\x99\x9b\xaf8\xed\xfd\xd7\xb0\xc1|\xf3\xbc\x91\xc4\xd9\xcb\x84\\\xe9B\xdfhU\xe26.\xe5B~\x17\xc7\xac\x1b\xbf\xbf\xbag8r+\nLm\xe6R_\xdcf5\xf7\'S\x98\xcc\b\xd1a\xdc\xe72\xda\x88;\xbe$\x80\x9e\x11\xae\xc5\x1fP\xc5\xccP4\x01\"\xc8\x01\x9d\xe64\x87t\xe8\xcb\x88\x17\xa6\xcd\xdc\x8d\\\xd9\x97sNN\xa7T\xfc\x10td\x9f L\xfb\x00\xa3\x02\x02*&\xff\xb1\xfeB', &(0x7f0000000d00)='*#\x00', &(0x7f0000000d40)='nilfs2\x00', &(0x7f0000000d80)=',-\x00', &(0x7f0000000dc0)='\x00', &(0x7f0000000e00)='*\x00']}, &(0x7f0000001040)={[&(0x7f0000000e80)='/\x00', &(0x7f0000000ec0)='\\\x00', &(0x7f0000000f00)='GPL\x00', &(0x7f0000000f40)='\x00', &(0x7f0000000f80)='autofs\x00', &(0x7f0000000fc0)='nilfs2\x00', &(0x7f0000001000)='\')!!\\\x00']}) 10.220607998s ago: executing program 4 (id=808): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x0, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r0, 0x0, 0xfffffffffffffffd}, 0x18) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000014c0), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0186129b23a7fd1e22ff6514000008000300", @ANYRES32=r4], 0x2c}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, 0x0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r7 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r7, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) fsetxattr$system_posix_acl(0xffffffffffffffff, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="020000000100000000000000040000000000001010000000003ef23500"], 0x24, 0x0) r8 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r9 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00') r10 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) ioctl$TIOCSTI(r10, 0x5412, &(0x7f0000000380)=0x12) getdents64(r9, &(0x7f0000002f40)=""/4098, 0x1002) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000180)={0x1fd, 0x0, 0x4000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r11 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r11, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0) ioctl$KVM_RUN(r11, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r11, &(0x7f0000011000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) 9.316927065s ago: executing program 0 (id=809): r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat$loop(r0, &(0x7f0000001600)='./file1\x00', 0x400, 0x1) recvmmsg(r0, &(0x7f0000000540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000000)=""/31, 0x1f}, {&(0x7f0000000440)=""/239, 0xef}, {&(0x7f0000000200)=""/32, 0x20}], 0x3, &(0x7f0000000380)=""/35, 0x23}, 0x8000}], 0x1, 0x1, &(0x7f0000000580)) getsockopt$TIPC_CONN_TIMEOUT(r0, 0x10f, 0x82, &(0x7f0000000000), &(0x7f0000000040)=0x4) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0) r2 = syz_open_dev$video4linux(&(0x7f0000000080), 0x400, 0x181000) fcntl$F_SET_FILE_RW_HINT(r2, 0x40e, &(0x7f00000000c0)=0x2) openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./file0\x00', 0x21081e, &(0x7f0000000840), 0x1, 0x4e6, &(0x7f0000001400)="$eJzs3U1vW0sZAODXzpeTm3uTe+kCENBSCgVVdRK3jaouoKwQQpUQXYLUhsSNothxFDulCV2k/wGJSqxgyQ9g3RV7Ngh2bMoCiY8I1FRiYXSOT1I3tZvQfDiKn0c6OmdmHL8zdc9M/brxBNC3LkXEVkQMR8TDiJjI6nPZEXdbR/K4V9tP53e2n87notm8/89c2p7URdvPJD7KnrMQET/6XsRPc+/GrW9sLs9VKuW1rDzVqK5O1Tc2ry9V5xbLi+WVUml2Znb69o1bpWMb68XqcHb15Zd/2PrWz5NujWc17eM4Tq2hD+3FSQxGxA9OIlgPDGTjGe51R/gg+Yj4LCIup/f/RAykryYAcJ41mxPRnGgvAwDnXT7NgeXyxSwXMB75fLHYyuFdiLF8pVZvXHtUW19ZaOXKJmMo/2ipUp7OcoWTMZRLyjPp9ZtyaV/5RkR8GhG/GBlNy8X5WmWhl//wAYA+9tG+9f8/I631HwA45wq97gAAcOqs/wDQf6z/ANB/rP8A0H+s/wDQf6z/ANB/rP8A0Fd+eO9ecjR3su+/Xni8sb5ce3x9oVxfLlbX54vztbXV4mKttph+Z0/1oOer1GqrMzdj/cnkt1frjan6xuaDam19pfEg/V7vB+WhUxkVAPA+n1588edcRGzdGU2PaNvLwVoN51u+1x0Aemag1x0AesZuX9C/jvAeX3oAzokOW/S+pRARo/srm81m8+S6BJywq1+Q/4d+1Zb/97+Aoc/I/0P/kv+H/tVs5g67538c9oEAwNkmxw90+fz/s+z82+zDgZ8s7H/E85PsFQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJxtu/v/FrO9wMcjny8WIz6OiMkYyj1aqpSnI+KTiPjTyNBIUp7pcZ8BgKPK/y2X7f91deLK+P7W4dzrkfQcET/71f1fPplrNNb+mNT/a6++8TyrL/Wi/wDAQXbX6fTc9kb+1fbT+d3jNPvz9+9GRKEVf2d7OHb24g/GYHouxFBEjP07l5Vbcm25i6PYehYRn+80/lyMpzmQ1s6n++MnsT8+1fj5t+Ln07bWOfmz+Nwx9AX6zYtk/rnb6f7Lx6X03Pn+L6Qz1NFl81/yVPM76Rz4Jv7u/DfQZf67dNgYN3///dbV6LttzyK+OBixG3unbf7ZjZ/rEv/KIeP/5UtfudytrfnriKvROX57rKlGdXWqvrF5fak6t1heLK+USrMzs9O3b9wqTaU56qnuq8E/7lz7pFtbMv6xLvELB4z/64cc/2/++/DHX31P/G9+rVP8fFx4T/xkTfzGIePPjf2u0K0tib/QZfwHvf7XDhn/5V8339k2HADonfrG5vJcpVJec+Hi7F8kf2XPQDc6XnzntGINx//1U83mB8XqNmMcR9YNOAv2bvqIeN3rzgAAAAAAAAAAAAAAAB2dxm8s9XqMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnF//CwAA///77dI4") r3 = open(&(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r3, 0xc0185879, &(0x7f0000000680)={0x0, 0x1000, 0x2000, 0x0, 0x0, 0x0, 0x2401}) ioctl$FUSE_DEV_IOC_CLONE(r1, 0x8004e500, &(0x7f00000004c0)=r1) 8.972408464s ago: executing program 0 (id=810): syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe2$9p(0x0, 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ffff"], 0x15) r0 = dup(0xffffffffffffffff) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r0]) write$FUSE_BMAP(r0, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="b0"], 0xb0) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000180)) chdir(&(0x7f0000000000)='./file0\x00') r1 = socket$unix(0x1, 0x5, 0x0) bind$unix(r1, &(0x7f0000000200)=@file={0x1, './file0\x00'}, 0x6e) lchown(&(0x7f0000004b40)='./file0\x00', 0x0, 0x0) 8.934299927s ago: executing program 3 (id=811): setregid(0x0, 0xee01) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000000)={0x3, 0xfff, {}, {0xee01}, 0x9, 0x7fffffffffffffff}) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f0000002080)='./file0\x00', 0x0, &(0x7f00000020c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id', 0x3d, r1}}, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = dup(r3) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r4]) write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r4, &(0x7f0000000280)=ANY=[@ANYBLOB="b0"], 0xb0) write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) chdir(&(0x7f0000000000)='./file0\x00') r5 = socket$unix(0x1, 0x5, 0x0) bind$unix(r5, &(0x7f0000000200)=@file={0x1, './file0\x00'}, 0x6e) r6 = socket$inet_udplite(0x2, 0x2, 0x88) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r7) lchown(&(0x7f0000004b40)='./file0\x00', 0x0, 0x0) 8.630409953s ago: executing program 0 (id=812): bpf$MAP_CREATE(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB="00000000000000000400"], 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00'}, 0x10) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000010018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r1}, 0x18) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) sendto$packet(0xffffffffffffffff, &(0x7f00000014c0)="ea20a6e2ea142eb745e2083f5df3f4c8e7ca819f97359251d4c99d01b421a8873655a75d5c2c9dce8defe8b5f6411ec6fde85d8bbcd9dc488f20b5a409706a20f8ce15d1d02edc0a4d3684480b327b17d4d8c6184e50cb97da0d3a2bae3cecc664834431f86d0b4ebaeedbc518b41216eddd4b6c5b6ad5d2438c8dc458db8b3636a4b621007cd722699ab4b699649ab8c5143058b6a0d782f3724ee15d9e8814f14c407471de4800827b762d5d934567004b18e6e8d50e29bb316d84c1f92e0c7f83f22024e9444aa970b431d4e34a3e7343dbf57c7b581d9774488b4e8ad589f155117cdb08f725a55abf3a616d171d7aa9f369d41df17050a9f1bea86b616f10af32e74c7407e6a02999c6423f779dffc69c1e64634b0dfc5e72ddc877948fe16fc7407ee7b5ff50cd1ca08a16d70e44b355d4232652885140859a195a8d705b8128a2e7cbb7018fb0d7aa51ce78ef3e86342aad30d8679c5bcdcef6886f17f4661ff9668e2d52e92a9c7ed0cd6acfd0a946995c335e0a023d1be8a1c3321548a7ee61b871c5c58f1022cd9ddf79b15cdc19cfc54321626feab021d238553118f95a2ea67ea36f2fef29a19273e249aedba4dd9327f3baccfb79d28a578724f71106a6e144c0733c915f65b044aa99724ff457f6b037a511155a513af1b161b7ad4cc6262e5f5fe1b79443e1d301484cdc1fc676f063868ebed317ec3488c9ea14967ff68a5016bac23807b137dfc06c28db26eac0797905c9b315e46f3cdebf3cb11f4ca4903eaad1086dc66eafc9ca5d1cc257367e217ee0a43356b8502cbf6a13f11883afbe2a711913ee2f4ce3fa32374eac4901441824ced3ab08016210e5681f3edbe71e4aa59a2ac1eb5157e27505b72ff9e0021c872c51a07854a0257706a2c6fa02ebf9eaf3122abf8930fda533ab3a94b955e544b52b3d07ff727f72aee9fda14e6e98f432bc544d4f2909df11a87e72167e7c691bd7dd7e3a47ccf30c9d4a9e76aea9a7c092879c6e7401427e6210b71603ffc956b7413c7ae13e2870f5d3ced3a040c5ccf4b6d5aa7776e8060267feb152d23098f2e26ae8f3948d5090a5bef1e60104eb31aa319b881403fa7f5405b40c482746f900e0445f445f48ff0f2e0b22e9bafb88f92faeaf219b312e9ba4c127b3f35d57f89cf8a11edbd9f8cb4e5b237c3e1b05a16dd6cad5b2d4e70e0af4ff681b2fc17e4f9e5d922c1a84c2b330a26db1ea111223a60129ad04cc8289e9e47cbc8363a2567a33c7aab5849ee4f831cf3827b767778799547b4b29c81882532c7e850c6cb730e4b225481a76f1964905bcef06fab5f73ef8b39c5b19d609ebca66c22845c465449029d87837acc5ffa918e8eba5484d0af0138d68d0a8a879ebc5906255bab2b61cf0a337d3d67ca5142197f396bbedd7be57f83538f530438af1e79e2c0c06c370d016ac810b6de042fcd12a66c5b397ce396ae3b89879bee17bd775893255939a1ba9dcc31579f09da78df73dab7ab6ae39b63fb046d41c38430b367aaa91655d6d61585cfb04a3de47373e2bfae4457d3da24fe92fd5e9e14f5507392936c0df6c32cb715f21aec2a023e1f95e100b856d5204453c2c356b20c7cf804f01663ddacc507113c794b5852a49d1511f4490e36d0dba1d057712746c7d6fb8a44704686c64ad77d6acc54592743cb99b2a17ea74f4647836ae6dd3909a0ffb18072461d3da3601f5539065918414961b48ba96e0077118aee186d56a8864fae97381f7b55362d394a164dfd7ba22dfebaf5c4f9bdecc8d2b62e9c94dd5fb952d6c496c41f6d78764c937bcad3beb7c360fa28279951e9789e94a5dd3aea9a00c808adad6b5822e472365a20d5e12f7a756d5187dba94da1979baf45ecf33b88db8de1f2e8a0d84e614e20437c10b2521074d636fc8570e4ed6d3773a1aa813ed79d2cece470edb15d6eecd81ff38d5b24bc3d9eb87d1256b69d6089a23c13dbe556ace6d6133505e16ef67a9c0fe2fff22016f0867f4323b7b8713dd23e5c9f23e1f69db385b164081b52d7a0eeb46837afad84f7b6ea2773fc8f50611c4da162d57316e37a8941aa36058e4a2bdb6fd42b4282e566420e5721014c833da8ec9e2f2701a7eeb6a497e19ae8cd100ec933eefcd217e6be527c020eaeb437153c49dd5a46a12d062d6301fd9d0488af2d42620e5c75acce1722e2ffae5f3ff51c0c6397bfab141e4973202334979f7f7abfd931743a75e2aa832e8f6056319c4adc347794f519011802d9b51e7f58b20904b10d754677f3ec77105caa264ce11e892d86410f1d4c5ee90d2a4a2a0df5cabbbb23db286e08899f652c6430a328e684c666db6af9c4a15091164ffd8cf3cf36d8e200d1ea8076d975afb9d236b90945d8f63c86562f8d519c3bf52081eca0f707bc1b9c567300022d10a35b438210662e62ca4c1da8f5039e0ebd6006fd4e69c9baa36b373d4ca86c4272765f2be1c3b1d81789f692cb49bf73b5d9984fad25ac65f7dd59bf1e15bf2862bfc8aa43397a65b31cff54291ec06b35e27fd0d7edb884a98cf8a06104404af73df44a3faf888f4c0fe5cc1350293c07ef98a1b997a5c19836cc9efc51e076dbbad73e16a2df5486aa67bf2cc0c11bfb0284204740913e3571cdebc736af7e926e38bb88dd9b851cd2ceee407ff2eb3058ee004218b1452f92f885dae39eea6534b41ecdc359689f334b527abff995f255501d9e53e65e4274a89b5c4cffd6f3432915cf4d28cbdab1ba28e1c4f9b92bda9488c98e2c0ff2b1f74b0cea991fdd9fb1c0b43e13f4a09c7a07c07eef052096e8aea6dca3bd1b475e746f927427a0f983d2e29506a090b6904d2ebb9ed6de82694f1e11daa26e86cd2a4a73caed45f43637738f2c4a297d9ebdc7396896c9416420d1e2e70f5d79f716d815ae10dc42202133ad50df7824063a5a9719ce952319541e6af20b64a241f413346175cf4598854fe8beb77976ed6136ddfcc943ebc99061f59fa17c7d68ba2b3edf6fd03227b06a24aad7ef5277eb5ec9243c731b1d65fdfaebf80ac990d601337f914a705dfa1ca5a060e033a13208fb16c371f4b42ecea704dd931515f5d5993f59fc23e1aae9d2cb7b535b85b09e35f21e565bf5321a805a9e1242b59690022193ef78bba311e7046d1f1ffe46341a14d339eb857c7c7f61ff1d0e950397359b5335c3bfcf236d338f28150c0fc4f0a8c4253ded4319bb8717727b371716a45b48b9153b6294e7180738c4b65a7be6afb00dd7d0d72e7b4b47d67ff09ebff44a0be20cc38496f045b14b7b22fc2a76146b80d34f7e9afd68043aaf5152d2b6e98c34e44efb27c03309956b350d3dd2b8174f578545baec4eb684d3360b76f6065f891c960cd9ec5b52ce6bc181d8eb9a05525002ffae22a94464d802d8ff9f141b6a77555d15867a27f7f085b4263a7f7780d3121791c27748a7acd2ad83e971e28e5922cad19e0b9b880ac442c6a6b53a6c705438eb8b00f0ed11374ce73da4847c8f078e0fb6056770d130f60682ed61fccd78fdcbc33c240007a5d939c3047a17fdfa534fd5d7f12268510fb380cb9da895d15e2319cb85f3c0b0684cc4c7ac075e43ac90427751c92ca428ec105d87134dae04e0b0f70ac9300fc34514f67d4fbfa89505426febd45077b11daef97aa2caab7a614abd60f8a9ef828e9e9dc55514b62213a1ae08badafc801e719db81e9e336d1cf272a19062858f70f8b00e1b759ef8c4d72668341390fd34df8ccfa0fd3d67ffb0ebb8ccb572a9a7870c7657827146ad0ef211687b125d70096da93e73db63b80781eeca39e4a8f887a03ebd196861f05079f0bf950e198b80a2c5de47f994b0714f7808e0b4ef819616857c9430ce5d8662e05364fc96161b6a279f99f4f578fbae102111b74239762427d25ac795936c341c67a149aed45086767ecc2cb90a44a37b06486e36a8f2eab7b19a40cb20ee851ed189814eae4ee32df7fc806e2ceae089a48eb3442b0db44cffcee0bffbf52e162ac78633ed59e83058d53c250467418cea79540ee6b9023f3e6289dee7a4c9d58604a9b4833752c2f33257dfddaab91073f1f2132479ba46dd5a00c8442509bb6656bd016610b8cde5fc4ccd74102f0cd824b250f18eeb6edc7481d46845623723ffb19d1fcbe29d49a6f11c3415033cc0c9cde5145995a29d8d7ef333fb11274a0f37127bb0aeff96426f135e3f070ed3f590850f81e03bd27454c3810bc40dd3da729ddb2bab68e57f93dee106dad7b8564dec352a26d49ef4e70a7bf3139600b6c5ed8ca8fda50af46269581aa4dbc94a5edd88464304cfa186fe5705e02b75ca9b24dd5e2d473815c32c4621ef722018c6688c42c36fbd0f8a90143252516ae574c9d7186fa11a78bcac7328292e2dc090cff6e1d4003e43287bfadc6873e54b79078fb246aad51fb0bce8a32acda6367cf6895ad36a1146eef81254fc824d282ade2381f0dd847b5ef1894b3fc2eb662a02166c9df88d8e81521fd40c035d4fd5d00ffaf98e2987eee31f15b66ad11372403bbd8137a20fc914bde21dce17cd59ec66a211a440c0ea8bf5b69ca189df8eb81b2bceca75254b23fa84a73b2264e2c5548c5181291fdc44846cc490c356741a14d791f2fb56b640edd3184342cab3cde592c365587a68af120de1eddff55fce753ce7bace635662b9d20b6460d753da5e3b0c215cc936376f967de91c3aba1cbae3e3a9eb68d420b2b91232e71caedc73f67a62f9a1f5038bb25283631227ae3ffb30320be20e5018b74490cf676f65108d5842cc5b0c22c0ae576ebc5372120a7a7a084515eae19b7db20c4727751b356c78db56a1a50bd2f2eea101006c55ebd7cee0ac652b5ae6a7515a9a61aa075c0eacf6ddb9a395c95150e67ca15ecc89022a37f0b356c687d8fb3c6f7ac7f5779e708479f9dfa6bf66f291c009d08e5620e8fefe41993ea0ff61f30846d0f4c8c3f9a4b6c1f2bf4419818f6fd4b5e4444ffb3df5aae43489f693f88074f393d60764db99ec72fa55e11fe90d10bfd8277b4560e2c77d9c9a23352bed0707cb8f242c7dfd2d76b4a1c0d0df59f15c536c4e66ee95a18cb743339451b38ed88538565cc9197f47b5279d80da992508e3f6aacb1967d0ac7106af58533a390fb4573da04b367e4b667acd830ddb2e44f7bb638227e443595338a0c9dd3957785f7037b1a22e183231138affd2150d90016e08cc25dae131c94e3554498685ca336e4b88e9596911ae730fc58f1b3b2190e9300eeb49f635ae7221d54631e5b8ee8edfbcff47a1604f69b2a69162dc6141405af891cb58f1e20bbbf94fb9fae8040046fe7d6a5d331279e0c24d692248f76166cc772348140293401ceecf45a4b5df4dde24b5d49e035a3051750c02b53f41674f16db630120dc73af27a666fd268a392f8621cd53634326d4bf0b7bbf22f74dee91a33851613958fbf3444cc6b0efcdcf9ffe71e6112417c457b83798fd6cca59482fdfc025984fd0c3a55ce2ee86ca102383c07fbe8ee89d28489a0774e13ee86eae9ce0f5387631e3e53ef8a322c784eef12a8ab8f9a699e607e364334363d19d1af248f4ea25cdd6fec3ea1407d87bb5c7dfe4cd8b90b8b76bbe340a2eae8d94cb67b93a55b79094e68aa0421e4182cb364628f64cc9809199a407b358f8d7f20522830bcd1bbeedb8e7f796bdc9265f337064d4e4ea5d0a401640c3ebdf379ad295a829c9db3b5cbf0329a4f61e5d9a20d6dddd63f43699802e0", 0xff4, 0x4000004, &(0x7f0000000000)={0x11, 0xc, 0x0, 0x1, 0x5}, 0x14) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={0x54, 0x12, 0x301, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x7ffd, [], [0x17c1]}, 0xf0ffffff}, [@INET_DIAG_REQ_BYTECODE={0x8, 0x3, "11000000"}]}, 0x54}}, 0x0) 8.296944311s ago: executing program 4 (id=813): syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000080)='./bus\x00', 0x2000010, &(0x7f00000013c0)=ANY=[], 0xf, 0x694, &(0x7f0000000d00)="$eJzs3c1vXFfdB/DvHY8dO0+Vx2mTNkJFRIlUkCISv8gFsyEghLyoUFUWrK3EaaxMnMp2kVshcAHBColF/4CC5B0rJPZBYV123XpZCYlNxCJiY3Tv3LHHnnFsJ36Fzye6Pufec+65v/ndt3nJaAL8z5q5kebjFJm58c5KOb++NtlaX5s8Vze3kpT1RtJsFykWkuJJcrtsL7qmdJU9Pp2ffu+Lp+tftuea9VT1bzxvvT769F2tp1xNMlCXvQb3u4lt491J8kpPl6H9jrWtY5m063UJJ26jx+pBVj/IeQucMp27U9G+b/YYTc4nGa6fB6S+OjSOL8KjcaCrHAAAAJxRnz866QgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7Kl//7+op0Zd5mqKzu//D3WW1fUz7fFJBwAAAAAAAAAAh+Brz/IsK7nQmd8oqs/8r1Uzl/LvjeT/8mGWMpfF3MxKZrOc5SxmPMlo10BDK7PLy4vjm2uW+q850XfNieN6xAAAAAAAAADwX+mXmdn6/B8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE6DIhloF9V0qVMfTaOZdttQ2W81+XunfkYU/RY+Pv44AAAA4KUMv8A6//8sz7KSC535jaJ6zf969Xp5OB9mIcuZz3Jamcvd+jV0+aq/sb422Vpfm3xYTr3jfu+fBwqjGrF+f6H/lq9UPUZyL/PVkpu5UwVzN41qzdKVTjz94/qkjKn4bm2fkTXrtJYb+/1u7yIcioO+FTFaBpdsZmSsjq3MxsV2BorqjZpkZyb23DvNnVtKI4ObWxpPY/Odn0tHkPPzdVk+nt8cac4PajMTjVSZmOg6+l5/fiaSr//lTz+531p4cP/e0o3T85D2MLDL8p3HxGRXJt4405loHrD/WJWJy5vzM/lhfpwbuZp3s5j5/DSzWc5cNur22fp4Lv+OPj9Tt7fNvbtXJEP1fmnvs/3EdDU/qGqzuVateyHzKfIodzOXt6t/ExnPtzKVqUx37eHLu8ZdPbbqrG/sPOs7e/qvfYO//o26MpLkt3XZk4Mddjs6D0v72l/m9WJXXttH/dPNXhe7zoOxriy92snOYN/BX+Ta2PxKXSm38au6PB1G60yUJ1DnLtGJ7rV2JprVvaj3OP9DdW4stRYeLN6f/WCX8Vd3zL9Vl+VhtfbV/UbZf1ccrvJ4eTXD9ZVk+9FRtr22eZW5uO2uOlR/4tJua/S0Xa7aiqJzpv5o1zN1qH4O1zvSRNX2Rt+2yartSlfbtudbeZRW7h5D/gB4SaM5PzTyj5HPRz4b+fXI/ZF3hr9/7tvn3hzK4N8Gv9McG3ir8Wbx53yWn2+9/gcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF7c0kcfP5htteYW+1cauzftUdlr5B2Vov5Bnxfa1imsDCfZtmSwXHDsYYzsDKOnsvGL5Njz0/kRwf59fldWmtnPgLf36vPJiR8Jp70ykP4HwAlfmIAjd2v54Qe3lj76+JvzD2ffn3t/bmFwamp6bHrq7clb9+Zbc2PtvycdJXAUtm76Jx0JAAAAAAAAAAAAsF/9vhhw7ZW9vjSyr+94+J+FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKGYuZHm4xQZH7s5Vs6vr022yqlT3+rZTNJoJMXPkuJJcjvtKaNdwxX545Ns9NnOp/PT733xdP3LrbGa7f5Joy5fwmo95WqSgbo8rPHuvPR4xb86j7BM2PVO4uCk/ScAAP//kSr0rQ==") open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_BIND(r0, &(0x7f00000001c0)={0x14, 0x88, 0xfa00, {r1, 0x30, 0x0, @ib={0x1b, 0x0, 0x0, {}, 0x5, 0x1080000001}}}, 0x90) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8936, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x89}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) socket$tipc(0x1e, 0x2, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_mount_image$minix(&(0x7f0000000540), &(0x7f00000002c0)='./file1\x00', 0x8040, &(0x7f0000000c00)=ANY=[@ANYRES16=0x0], 0xfd, 0x1d0, &(0x7f0000000300)="$eJzs3O9uk1AYx/EftIXNP/H/G99qom8cdiYSXxi3O3Hp2Fxkaqxv2jSxxivxRrwVb6BN7A2IAVoKqBVRoK3fT7LsPPQczvM0oZzThArAf+uqJEOGOpKCIHj/4m5wpemcANQj0LegqKeLMQC2ROvrH3U3pHFluQCo0/SwZUY39bH0ZTbqTeZ/ndw6YTcTtZPW9DAefiBpkhpvFVx/TD8Y0f/b7ex4W9JOkfXLp3j8vcX8YWqzUS+Tb76Y/Pze5zhIzX+hcP5x/ffvZPO/KOmSpMthIfay/zVJ139S/3H2/bNvFZwf+BuG9vJx5oCpkzPfe5jEHZ1Y8rpJbEWv7+fiR0lsR/Fe77V/XFUJAEoyf7j+n5vpuKVwwb+8/tvR9dytL0EAlekPhi+PfN97W6ZhjIt1NspPQaOehrUeaZRohJu7NUgj1/ho/oPz7NSac7hzTh3JfVAU3dAD2BjOu/M3Tn8wfHB2fnTqnXqv9t0nrit1H7tOtPN3svv/2Iov1ABsjMXdf7fpRAAAAAAAAAAAAAAAQGk3JN1chgdN5gIAAACgWr97MEjzn/tZ+fDQs/nJftGn4RIBAAAAAAAAAAAAAAAAAACArfE9AAD//zpGOPg=") r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) getdents64(r7, &(0x7f0000000540)=""/239, 0xef) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_BIND(r2, &(0x7f00000001c0)={0x14, 0x88, 0xfa00, {r8, 0x30, 0x0, @ib={0x1b, 0x0, 0x0, {}, 0x5, 0x1080000001}}}, 0x90) 7.819217671s ago: executing program 3 (id=814): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_submit(0x0, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x2def, 0x4000, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff) r2 = socket$inet6(0xa, 0x1, 0x84) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f00000007c0)=ANY=[@ANYBLOB="020f00001500000000000000000000000800120000000100000000100000000006000000000000000000000000000000e00000020000000000000000000000002001000000000000000000000000000205000600000000000a00000000000000fe8000000000000000000000000000bb0000000000000000010018000000000005000500000000000a00000000000000ff02000000000000000000000000000100000000000000"], 0xa8}}, 0x0) bind$inet6(r2, 0x0, 0x0) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) connect$inet(r4, &(0x7f00000000c0)={0x2, 0x0, @empty}, 0x10) socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_emit_ethernet(0x3e, &(0x7f0000000000)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @loopback, @loopback=0x7f000002}}}}}}, 0x0) setsockopt$sock_linger(r2, 0x1, 0xd, &(0x7f0000000040)={0x1, 0xffffffff}, 0x8) sendto$inet6(r2, &(0x7f0000000100)="bc", 0x1, 0x0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) close(r2) r5 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r5, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r5, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r5) syz_genetlink_get_family_id$nl80211(&(0x7f0000000680), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) 6.466900655s ago: executing program 4 (id=815): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc000, &(0x7f00000006c0), 0x2, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0xfffffa84, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock_addr, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmmsg$unix(r3, &(0x7f00000011c0)=[{{&(0x7f00000000c0)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000000640)=[{&(0x7f0000000380)="1ef1d1b1cd576eedaa345578c65ea822bb0e32c2785e46d1a0f3b6b8f2589afb739c7c54f723d63adc09401b0065b740e01de10d75325e6f484addd5078d695ad3687e83dbcd3bb26869c7a223e8d8836f16c571a1babae56b", 0x59}, {&(0x7f0000000540)="4f01f283c7eb7fa43ff95d5001461cd7e6eb5201002152abb45615066b4291ff568b9fbf49b7d1e174b5537896cb17ede62c433e0a614c7bae65b4ff7980e9a798deb65e30752bb931444e48c9fc659edd1d6539e9074232c1f4a43289894036f45605dcd963eb6dc9251da98d86883b57673ad89412dc3307", 0x79}, {&(0x7f0000000280)="1c978056f255e04be574503b02", 0xd}, {&(0x7f00000005c0)="bf84d69efd23b31cfc569356c4d9530b200f77f0105dba9fdccd1e5990", 0x1d}], 0x4, &(0x7f0000001080)=[@cred={{0x1c, 0x1, 0x2, {r1}}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r6]}}, @cred={{0x1c, 0x1, 0x2, {r1}}}, @rights={{0x14, 0x1, 0x1, [r3]}}, @cred={{0x1c, 0x1, 0x2, {r1}}}, @rights={{0x18, 0x1, 0x1, [r3, r0]}}, @cred={{0x1c, 0x1, 0x2, {r1}}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r3, r5, 0xffffffffffffffff, r5, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [r0]}}], 0x118, 0x884}}], 0x1, 0x4080) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r7, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000001c0)={0x84, 0x0, 0x2, 0x401, 0x0, 0x0, {0xa}, [@CTA_EXPECT_MASTER={0x4}, @CTA_EXPECT_MASK={0x30, 0x3, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0}, {0x14, 0x4, @remote}}}]}, @CTA_EXPECT_TUPLE={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2}, {0x14, 0x4, @local}}}]}]}, 0x84}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, 0x0) r8 = socket$inet6(0xa, 0x2, 0x0) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f00000002c0), 0x2, 0x0) sendmmsg$inet6(r8, &(0x7f0000000e40)=[{{&(0x7f0000000000)={0xa, 0x4f23, 0x0, @local}, 0x1c, 0x0, 0x0, &(0x7f0000000240)=[@pktinfo={{0x24, 0x29, 0x2, {@mcast2={0xff, 0x5}}}}], 0x28, 0x7ffffff7}}], 0x1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10) r9 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4000000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="81ffffff00000000180012800e0001007769726567756172640000000400028008000a00bc", @ANYBLOB="6b7b6baa70df8119f6670b70b0933e8fd341928cb23be3a6806035d257bb83b850ef665250c3e5af73e147da37c140b609c97d9b10a3a464d02933ecf3cab07ab0c30529ca79388340ec19073b2f83419a1544a42839438aa8953bdcbdf21cae321c87bfaf77bd4b12da93c32269c5d466d437da7a3b22b20c8455ff963a2fbec35da4f37090691225809dfa4df45c6a85dafe4ce3cf31b6e26dcc64853409383833aadba1417cc741fa1f89d81875cfe69e16548a4e55a062ca8489841b124704b8d46fda1c2b01"], 0x40}}, 0x0) syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff) r10 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r10, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r12 = socket$netlink(0x10, 0x3, 0x0) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x2) sendmsg$nl_route_sched(r12, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000400)=@newqdisc={0xa4, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r11, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x74, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [], 0x0, [0x8, 0x4], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8, 0x5, 0x7}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0xcb2}]}]}]}}]}, 0xa4}}, 0x0) 6.208215417s ago: executing program 3 (id=816): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x414, &(0x7f0000000280)={[{@nogrpid}, {@jqfmt_vfsv0}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@debug}, {@nombcache}, {@quota}, {@nolazytime}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV") bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0xa, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1, 0x0, 0x8e}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r0 = creat(&(0x7f0000000040)='./file1\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086607, &(0x7f0000000180)) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x414, &(0x7f0000000280)={[{@nogrpid}, {@jqfmt_vfsv0}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@debug}, {@nombcache}, {@quota}, {@nolazytime}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV") (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0xa, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1, 0x0, 0x8e}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) (async) creat(&(0x7f0000000040)='./file1\x00', 0x0) (async) ioctl$FS_IOC_SETFLAGS(r0, 0x40086607, &(0x7f0000000180)) (async) 6.084712557s ago: executing program 0 (id=817): syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000005c0)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x1, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") creat(&(0x7f0000000040)='./bus\x00', 0x0) open(&(0x7f00000000c0)='./file0\x00', 0x81ff, 0x0) r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) mkdirat(r0, &(0x7f0000000440)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, 0x0, 0x0, 0x1000, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x14113e, 0x0) write$binfmt_script(r1, &(0x7f0000000080), 0x208e24b) r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) r3 = open(&(0x7f00000003c0)='.\x00', 0x0, 0x0) renameat2(r2, &(0x7f0000000000)='./file0\x00', r3, &(0x7f00000004c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', 0x2) 5.849702827s ago: executing program 3 (id=818): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) add_key$fscrypt_provisioning(&(0x7f0000000280), 0x0, 0x0, 0x18, 0xffffffffffffffff) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$NL802154_CMD_GET_WPAN_PHY(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4044090}, 0x40000) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fe050000000000000000000095000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB="50000000020605000000000000000000000000000900020073797a30000000000500040000000000050101000600000016000300686173683aead54d725709fed720b28f6e65744d706f72742c6e65740000000500050002000000086e35dd98e7e42c7a76f574e04e0a6df9f6dec312888ac0e8abc3aa4864d45ee265ec9d71"], 0x50}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') execve(&(0x7f0000000c40)='./bus\x00', &(0x7f0000000e40)={[&(0x7f0000000c80)='GPL\x00', &(0x7f00000010c0)='W$)hs\x00\x8f\tG\xb3\xd4\xc4\xa5E%\x8ck\xc9#$\x85g\xab\x1f\x89\xd8\xda\x87\x1a0\xb9E\x83.k\\\x98M\xa7g\xc0\x84\xcb\xec\x14Dz\xca\x19\xb9\x15\xd3\xb7\xde\xcc\x06\x94\x18\xdb\xab\x13%\xb4\x99\xcf\xb6k\xb0\x93\xdf-\x05\x8bBIv\x85~\x91\xbc\xefe3\xe7x\x8f\x89\xdf\xf6k\xad\xbf\x9d\xc5y=\xdb\xba-\xfeh\xed\xdb\xc2\x1f\xdd\xe3\xf1\x0e\x87\x8d\f\xee\xb2E\xbci-\x17\x03\x012\xa7\n\xc5vu\xfc\xc5\xb5\x9f\xf0\x94\xf2\x99\x9b\xaf8\xed\xfd\xd7\xb0\xc1|\xf3\xbc\x91\xc4\xd9\xcb\x84\\\xe9B\xdfhU\xe26.\xe5B~\x17\xc7\xac\x1b\xbf\xbf\xbag8r+\nLm\xe6R_\xdcf5\xf7\'S\x98\xcc\b\xd1a\xdc\xe72\xda\x88;\xbe$\x80\x9e\x11\xae\xc5\x1fP\xc5\xccP4\x01\"\xc8\x01\x9d\xe64\x87t\xe8\xcb\x88\x17\xa6\xcd\xdc\x8d\\\xd9\x97sNN\xa7T\xfc\x10td\x9f L\xfb\x00\xa3\x02\x02*&\xff\xb1\xfeB', &(0x7f0000000d00)='*#\x00', &(0x7f0000000d40)='nilfs2\x00', &(0x7f0000000d80)=',-\x00', &(0x7f0000000dc0)='\x00', &(0x7f0000000e00)='*\x00']}, &(0x7f0000001040)={[&(0x7f0000000e80)='/\x00', &(0x7f0000000ec0)='\\\x00', &(0x7f0000000f00)='GPL\x00', &(0x7f0000000f40)='\x00', &(0x7f0000000f80)='autofs\x00', &(0x7f0000000fc0)='nilfs2\x00', &(0x7f0000001000)='\')!!\\\x00']}) 5.837627378s ago: executing program 2 (id=819): r0 = socket$qrtr(0x2a, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) bind$inet(0xffffffffffffffff, 0x0, 0x0) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_INPUT(r4, 0xc0045627, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) connect$can_j1939(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) r5 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) bpf$LINK_DETACH(0x22, 0x0, 0x0) write$P9_RSTATu(r5, &(0x7f00000004c0)=ANY=[@ANYBLOB="320200007d00000005f1000081ff00"/28, @ANYRES32=0x0], 0x232) close_range(r0, 0xffffffffffffffff, 0x0) 4.846992862s ago: executing program 2 (id=820): openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x2402, 0x0) (async) syz_open_dev$usbmon(&(0x7f0000000140), 0x0, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) socket$inet6(0xa, 0x3, 0x4) (async) pselect6(0x40, &(0x7f00000045c0)={0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x4}, 0x0, &(0x7f0000004640)={0xf8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000}, 0x0, 0x0) (async) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000080)) (async) mmap$dsp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000b, 0x8012, r0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000a00)={0x3c, r2, 0x5, 0x70bd29, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_BG_SCAN_PERIOD={0x6}]}, 0x3c}}, 0x0) r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) (async) socket$igmp6(0xa, 0x3, 0x2) prctl$PR_SET_SECCOMP(0x37, 0x1, 0x0) (async) prlimit64(0x0, 0xe, 0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) syz_mount_image$jfs(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0xa00000, &(0x7f00000000c0)=ANY=[], 0x0, 0x627a, &(0x7f0000008200)="$eJzs3c1vHGcdB/DfvvqlNLV6qEqEkJuWl1KaxEkJgQJtD3Dg0gPKFSVy3SoiBZQElFYWceULB078BSAkjghxRBz4A3rgyo0TJyLZSKCeGDT28yTjzW7s1PHO2s/nIzkzv3lm1s/ku7Mv3pl9AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACI73/vByudiLj687RgKeIz0YvoRizU9XJELCwv5fX7EfF87DTHcxExmIuot9/555mI1yLi41MRW9vrq/XiCwfsx3f/+Pff/fCpt//2h8G5//7pdu/1SevdufOr//z57uH2GQAAAEpTVVXVSW/zT6f39922OwUATEV+/q+SvPzE17/+59t/maX+qNVqtVo9hbqpGu9us4iIjeY29WsGH8cDwDGzEZ+03QVaJP+i9SPiqbY7Acy0Ttsd4Ehsba+vdlK+nebzwfJuez4XZE/+G53713dMmu5n9ByTad2/NqMXz07oz8KU+jBLcv7d0fyv7rYP03pHnf+0TMp/uHvpU3Fy/r3R/EecnPy7Y/MvVc6//1j59+QPAAAAAAAzLP/9f6nlz3/nDr8rB/Koz3+Xp9QHAAAAAAAAAHjSDjv+333G/wMAAICZVb9Xr/3m1INlk76LrV5+pRPx9Mj6QGHSxTKLbfcDAAAAAAAAAAAAAErS3z2H90onYhARTy8uVlVV/zSN1o/rsNsfd6XvP5Ss7Qd5AADY9fGpkWv5OxHzEXElujvf9TdYXFysqvmFxWqxWpjLr2eHc/PVQuN9bZ7Wy+aGB3hB3B9W9Y3NN7Zr2u/98n7to7dX/65h1TtAx56QQfrfnNDcUtgAkOw+G215RjphquqZSS8+YA/H/wm0FEtt36+YfW3fTQEAAICjV1VV1Ulf5306je/XbbtTAMBU5Of/0c8FDlV3J7RHPJnbV6vVarVa/anqpmq8u80iIjaa29SvGQzHDwDHzEZ80nYXaJH8i9aPiOfb7gQw0zptd4AjsbW9vtpJ+XaazwdpfPd8Lsie/Dc6O9vl7cdN9zN6jsm07l+b0YtnJ/TnuSn1YZbk/Luj+V/dbR+m9Y46/2mZlP9w55K58uT8e6P5jzg5+XfH5l+qnH//sfLvyR8AAAAAAGZY/vv/ks9/8y4DAAAAAAAAwLGztb2+mq97zZ//f27Meq7/PJly/p3HzX8hzcv/WMv5d0fy//LIer3G/L23Hhz//95eX/397X99Nk8Pmv9cnumke1Yn3SM66Td1+ml6mL1ryHe4QW9Yzw463V4/nfNTDd6N63Ej1uL8Q5v097Sv7GmvezrY035hT3v/ofaLe9oH6XsHqoXcfjZW4ydxI97Zaa/b5vbZ//l92qt92nP+PY//Rcr59xs/df6Lqb0zMq3d+6j70HHfnI77PW9e//wvzx/97uxrM3r3962p3r8zLfRn5//kqWH87NbazbN3rt2+fXMl0mTP0guRJk9Yzn+w8zP34PH/xd32/LjfPF7vfTR87PxnxWb0J+b/YmO+3t+Xp9y3NuT8h+kn5/9Oah9//B/n/Ccf/6+00B8AAAAAAAAAAAAAAAB4lKqqdi4RfTMiLqXrf9q6NhMAmK78/F8leblarVar1eqTVzdV473RLCLir81t6tcMvxh3YwDALPtfRPyj7U7QGvkXLH/fXz19qe3OAFN164MPf3Ttxo21m7fa7gkAAAAAAAAA8Gnl8T+XG+M/vxQRSyPr7Rn/9a1YPuz4n/08c3+A0Sc10PejbXaHvW5juPEXYmd87rOTxv8+Ew+P/53HxO0192OCwT7tw33a5/Zpnx+79EFaYy/0aMj5v9AY77zO//TI8OsljP86OuZ9CXL+Zxr35zr/L42s18y/+u3M5b9x0BU3o7sn/3O33//puVsffPjq9fevvbf23tqPL66snL946dLly5fPvXv9xtr53X+PptczIOefx752HmhZcv45c/mXJef/hVTLvyw5/y+mWv5lyfnn13vyL0vOP7/3kX9Zcv4vp1r+Zcn5fyXV8i/L1vb6XJ3/K6mWf1ny8f/VVMu/LDn/V1Mt/7Lk/M+mWv5lyfmfS/UB8vf18CdIzj9/wuX4L0vOfyXV8i9Lzv9CquVflpz/xVTLvyw5/9dSLf+y5Py/lmr5lyXnfynV8i9Lzv/rqZZ/WXL+l1Mt/7Lk/L+RavmXJef/zVTLvyw5/9dTLf+y5Py/lWr5lyXn/+1Uy78sOf/vpFr+Zcn5v5Fq+Zflwff/mzFjxkyeafuRCQAAAAAAAAAAAAAYNY3TidveRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/7MDBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWFHTgQAAAAAADyf22EqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqKuzdXYxcZ30/8DP75rVDiIEQnPwNbBITQrJk13biF/5NMYEADVAKJBT6guN612bBsY3XLoEi2TS8RMKoqKJqetEWUNRGqiqsigtaUZqLqi9Xpb2gNxVVJaRGlUEBFamtaLaac57n2ZnZ2ZlZ73h99pzPR7J/uzPnzHnmzHPO7m93v3MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWt365vnPN7Isa/7L/9ueZS9qfrx1ant+2xuu9QgBAACA9frf/P/nb0g3HBpgpZZl/vZV//CNpaWlpewDo78z/uWlpXTHVJaNb8my/L7o0r99sNG6TPBENtkYafl8pM/mR/vcP9bn/vE+90/0uX9Ln/sn+9y/YgessLX4eUz+YLvyD7cXuzS7MRvP79vVZa0nGltGRuLPcnKNfJ2l8WPZQnYim89m25Yvlm3ky3/r1ua23p7FbY20bGtnc4b86FNH4xgaYR/vatvW8mNGP3hTNvXjH33q6B+dvXxzt9p3N7Q9XjHOO29rjvMz4ZZirI1sS9oncZwjLePc2eU1GW0bZyNfr/lx5zifH3Cco8vD3FCdr/lkNpJ//J18P421/lgv7aed4bb/uj3LsgvLw+5cZsW2spFsW9stI8uvz2QxI5uP0ZxKL83G1jRPbx1gnjbr3K72edp5TMTX/9aw3tgqY2h9mX7w6YkVr/ta52nUfNarHSudc3DYx0pZ5mCcF9/Jn/STXefgrvD8P3XH6nOw69zpMgfT826Zg7f1m4MjE6P5mNOL0MjXWZ6Du9uWH8231Mjrc3f0noMzZx87PbP4iU++fuGxI8fnj8+f3Lt79+zeffsOHDgwc2zhxPxs8f8V7u3y25aNpGPgtrDv4jHw2o5lW6fq0leHdxxO9jgOt3csO+zjcKzzyTU25oBcOaeLY+Ph5k6fvDiSrXKM5a/PXes/DtPzbjkOx1qOw65fU7och2MDHIfNZU7fNdj3LGMt/7qN4Wp9LdjeMgc7vx/pnIPD/n6kLHNwMsyLf7lr9a8FO8N4n5xe6/cjoyvmYHq64dzTvCV9vz95IC/d5uUtzTuum8jOLc6fuefxI2fPntmdhbIhXtYyVzrn67aW55StmK8ja56vhxZe9eQtXW7fHvbV5Oub/02u+lo1l7n3nt6vVf7Vrfv+bLt1TxbKkG30/uz21by5P1Mv2WN/Npf5zMz6vxdPfWnL+Xd8lfNv7PtfKLaXHuqJ0fGx4vgdTXtnvO183P5SjeXnrka+7ednBjsfj4d/G30+vrHH+XhHx7LDPh+Pdz65eD5u9Ptpx/p0vp6TYZ6cmO19Pm4us2PPWufkWM/z8e2hNsL+f13oFFJf1DJ3Vpu3aVtjY+PheY3FLbTP071ty4+H3qy5rWf2XNk8vfP24rFG07NbtlHzdKpj2WHP03S+Wm2eNvr99O3KdL6ek2Fe3Li39zxtLvPsves/d26NH7acOyf6zcHx0YnmmMfTJCzO90tb4xy8JzuancpOZHP5vRP5fGrk25q+b7A5OBH+bfS5ckePOXhnx7LDnoPp69hqc68xtvLJD0Hn6zkZ5sVT9/Weg81l3rJ/uN+73hluScu0fO/a+fO11X7mdUvHbrqaP/NqjvOv9/f+2WxzmRMH1tpn9t5Pd4dbruuynzqP39WOqblsY/bTjjDOywdW30/N8TSX+fLBAefToSzLzn/sgfznveH3K3927rvfaPu9S7ff6Zz/2AM/vP7Y36xl/ABsfi8UZVvxta7lN1OD/P4fAAAA2BRi3z8SaqL/BwAAgMqIfX/8q/BE/w8AAACVEfv+sVCTmvT/O95yeeGF81lK5i8F8f60Gx4qlosZ19nw+dTSsubtDzw9/5O/OD/YtkeyLPvpQ7/RdfkdD8VxFabCOC892H77yhXPD7T9Rx9ZXq41v/6V8Pjx+Qw6DbpFcGezLPvWDV/MtzP1wYt5ffahR/P63gtPPtFc5vmDxedx/edeViz/+yH8e+jYkbb1nwv74fuhzr6j+/6I63394ut27n//8vbieo3bXpw/7ac+VDxufJ+cLz1RLB/382rj/8svPPP15vKPv6b7+M+PdB//M+Fxn37w8kJzxv33K4vlW1+D5udxvc+G8cftPR3Wv+dr3+46/kufL5Y//dZiuUdDjdu/M3y+662XF1r31+ONI23PK3tbsVzc/ux3fyu/Pz5efPzO8U8evti2Pzrnx7P/VDzOTMfy8fa4nejPO7bffJzW+Rm3/8znHm3bz/22f+m9z72y+bid27+7Y7nRjvU737HpDz77xa7bi+M59Ken257PofeE4zhs/6kPhfkY7v+fS19s22706Hvazz9x+a9sP9/2fKK3/7jY/qU3Hs/rv0/95Peue9H1L77w6ua+y7LvvK94vH7bP/6Hp9rG/9Wb7spfj3h/zOh3bn81cftnPj598tTiuYW5lr2av3fOO4vxbJncuq053hvCubXz88Onzn54/szU7NRslk1V9y30rtjXQv1hUS6sdf27Hgmv5y2/+61td/zjF+Lt//xwcfvFdxRft14blvtSuH178fotNda5/aduvSk/vhvPFp+35diHYOeu/zgw0ILh+Xd+XxDn++mXfzjfD8378q8b8bhe5/i/N1c8zjfDfl0K78x8203L22tdPr43wsX3Fcf7uvdfOM3F1/WPw+v9ru8Xjx/HFZ/v98L3Md/e0X6+i/Pjm+dHOh8/fxePC+F8kl0o7o9Lxf198fmbug4vvg9JduHm/PPfTo9z85qe5moWP7E4c2Lh5LnHZ87OL56dWfzEJw8/durcybOH8/fyPPyRfusvn5+25eenufl992azW7MsO5XNbsAJ6+qMv/nRYOM//cjRuf2zd8zNHzty7tjZR07Pnzl+dHHx6Pzc4h1Hjh2b/3i/9Rfm7t+95+De/Xumjy/M3X/g4MG9B6cXTp5qDqMYVB/7Zj86ffLM4XyVxfvvPbj7vvvunZ1+7NTc/P37Z2enz/VbP//aNN1c+9enz8yfOHJ24bH56cWFT87fv/vgvn17+r4b4GOnjy1OzZw5d3Lm3OL8mZniuUydzW9ufu3rtz7VtPivxfeznRrFG/Fl7757X3p/1qanP73qQxWLdLyB6OXwXjR//5LTBwb5PPb946EmNen/AQAAoA5i3z8RaqL/BwAAgMqIff+WUBP9PwAAAFRG7PsnQ01q0v/L/8v/D5b/L+4fZv6/W34+k/8vVf7/9MeKXOlmz//H/Lz8fz1c4/z/urcv/y//X738/+D5+c0+fvl/+X9WKlv+P/b9W7Oslv0/AAAA1EHs+7eFmuj/AQAAoDJi339dqIn+HwAAACoj9v0vCjWpSf8v/z9Q/n9Pv8BV9fP/w7/+v/z/Nc3/T2R1yf/HF0f+vzbWnL9//8Ntn1Yj/995FC2T/+9D/l/+X/5f/p8hGl/1nmuV/499//WhJjXp/wEAAKAOYt//4lAT/T8AAABURuz7bwg1Gbz/X/2PGgAAAIBSiH3/9lCTmvz+X/7f9f/l/2uZ/3f9/0Hz/y2Dkf/fHFz/vzf5/z6uOP8/Kf+/GfP/48Mdf7nz/32HL//PVVG26//Hvv8loSY16f8BAACgDmLf/9JQE/0/AAAAVEbs+18WaqL/BwAAgMqIff+NoSY16f/l/+X/5f/l/+X/u2+///X/i4/k/8tF/r83+f8+XP+/Xvn/IY+/3Pn/YV//f/zBzvXl/+mmbPn/2Pe/PNSkJv0/AAAA1EHs+28KNdH/AwAAQGXEvv8VoSb6fwAAAKiM2PfvCDWpSf8v/y//L/+/sfn/z2Xy/9XJ/xfk/8tF/r83+f8+5P/l/+X/B8v/d/nmV/6fbsqW/499/82hJjXp/wEAAKAOYt9/S6iJ/h8AAAAqI/b9/y/URP8PAAAAlRH7/p2hJjXp/+X/5f/l/+t1/f+7J+T/5f+rTf6/N/n/PuT/5f/l/we8/v9Ka8n/b+n3YFRG2fL/se9/ZahJTfp/AAAAqIPY978q1ET/DwAAAJUR+/5Xh5ro/wEAAKAyYt8/FWpSk/5f/r9a+f8/+aunXp3J/8v/99l+RfP/cRrI/9ec/H9v8v99yP/L/8v/b0j+n/ooW/4/9v23hprUpP8HAACAOoh9/22hJvp/AAAAqIzY998earJK/7/mP+QDAAAArrnY9+8KNanJ7//l/6uV/4/k/+X/e22/ovn/RP6/3uT/u2g5SOX/+5D/l//f1Pn/Rrb+/H/87lf+n+EoW/4/9v2vCTWpSf8PAAAAdRD7/jtCTfT/AAAAUBmx739tqIn+HwAAACoj9v13hprUpP+X/5f/l/+X/5f/7759+f/NSf6/t7Xm/yfk/+X/5f83Uf7f9f8pn7Ll/2Pf/7pQk5r0/wAAAFAHse+/K9RE/w8AAACVEf9+s/i7V/0/AAAAVFHs+6dDTWrS/8v/y//XKf/fkP+X/5f/rzz5/95c/78P+X/5f/l/+X+Gqmz5/9j3vz7UpCb9PwAAANRB7PvvCTXR/wMAAEBlxL5/JtRE/w8AAACVEfv+2VCTmvT/8v/y/3XK/7v+v/y//H/1yf/3Jv/fh/y//P/mzP/nTUzX/H+Wyf9zTZUt/x/7/t2hJjXp/wEAAKAOYt+/J9RE/w8AAACVEfv+vaEm+n8AAACojNj33xtqUpP+v6T5/7FM/j8n/y//L/8v/y//vzby/73J//ch/y//vznz/znX/6eMypb/j33/faEmNen/AQAAoA5i378v1ET/DwAAAJUR+/79oSah/+/2d90AAADA5hL7/gOhJjX5/X9J8/+u/7/W/P9v/l3btuX/5f97bX84+f+t8v+hyv+XS0Xz/52HxRWT/+9D/v+q5eezkaEM8ZqNX/5f/p8rU7b8f+z7D4aa1KT/BwAAgDqIff8bQk30/wAAAFAZse///6Em+n8AAACojNj3/0yoSU36f/n/iuT/O8j/y//32r7r/8v/V1lF8/9DU6n8/4j8/2bK/7v+v/x/v/Wppquf/48fDZb/j33//aEmNen/AQAAoA5i3/+zoSb6fwAAAKiM2Pe/MdRE/w8AAACVEfv+Q6EmNen/5f/l/+X/5f+vTv7/jVmnMub/m5NH/r9aSpz/Hx9k+/L/rv8v/78h4+/8UjOU8cv/y/+zUtmu/x/7/jeFmtSk/wcAAIA6iH3/A6Em+n8AAACojNj3vznURP8PAAAAlRH7/reEmtSk/5f/l/+X/5f/d/3/7tuX/9+cSpz/H4j8v/y//P/mHb/8v/w/K5Ut/x/7/gdDTWrS/wMAAEAdxL7/raEm+n8AAACojNj3vy3URP8PAAAAlRH7/reHmtSk/5f/l/+X/5f/l//vvn35/81J/r83+f8+apD/39rjvmudn1+vaz1++X/5f1YqW/4/9v0/F2pSk/4fAAAA6iD2/Q+Fmuj/AQAAoDJi3/+OUBP9PwAAAFRG7PvfGWpSk/5f/l/+X/5f/l/+v/v25f83J/n/3uT/+yh7/n8ifOD6/6Ucv/y//D8rlS3/H/v+d4Wa1KT/BwAAgDqIff/Ph5ro/wEAAKAyYt//7lAT/T8AAABURuz7fyHUpCb9v/y//H+58v9L51vXk/+X/8+Glf9vriT/Xwvy/73J//fRJf+/pUz5/yFc/7+Xa52fL9P4H5b/l/9nKMqW/499/3tCTWrS/wMAAEAdxL7/vaEm+n8AAACojNj3vy/URP8PAAAAlRH7/odDTWrS/8v/1zL/n55y+fL/rv8v/+/6//L/6yP/35v8fx9lv/6//H+pxy//L//PSmXL/8e+/5FQk5r0/wAAAFAHse9/f6iJ/h8AAAAqI/b9vxhqov8HAACAyoh9/wdCTWrS/8v/1zL/X+Lr/1ct/z/WNj/qlP+fbHk907yU/5f/3wDy/73J//ch/y//X+b8f5jNW1dZX/6fMipb/j/2/R8MNalJ/w8AAAB1EPv+Xwo10f8DAABAZcS+/5dDTfT/AAAAUBmx7/+VUJOa9P8VzP9fyOT/5f9Lk/9vnx91yv+7/v9K8v8bQ/6/N/n/PuT/5f/LnP/vQ/6fMipb/j/2/b8aarJq4/fD/xzgaQIAAAAlEvv+D4Wa1OT3/wAAAFAHse8/HGqi/wcAAIDKiH3/o6EmNen/K5j/X+f1/+MVVeX/5f+Hnf8fkf+X/5f/3wDDy/+/4vosk/+X/5f/l/+X/5f/Zz3Klv+Pff+RUJOa9P8AAABQB7Hv/7VQE/0/AAAAVEbs+4+Gmuj/AQAAoDJi3z8XalKT/v8a5v/Hy5n/d/3/K83//1T+3/X/A/n/7uT/N4br//cm/9+H/L/8v/y//D9DVbb8f+z750NNatL/AwAAQIWlHwfHvv9YqIn+HwAAACoj9v3HQ030/wAAAFAZse//cKhJTfp/1/9vz5635u8y+f/yXP//fNXy/2Nty8v/F+T/5f+HQf6/N/n/PuT/5f/l/+X/Gaqy5f9j378QalKT/h8AAADqIPb9Hwk10f8DAABAZcS+/6OhJvp/AAAAqIzY958INalJ/y//7/r/myL/fxWv/9/Isguu/y//32378v+bk/x/b/L/fcj//x979/Ek2VXlcfyppXarmeVsJkLrWc0OWEl/Aisi2BHBWljhjVp4EE54b4T33jvhvfdeeG+FFUQ0oapzTldVZr2s6squfO/ez2dzRh3dVPaoEPzo+MbV/+v/9f+s1dT6/9z918Qtnex/AAAA6EHu/nvELfY/AAAANCN3/z3jFvsfAAAAmpG7/15xSyf7X/+v/++9/x828v7/7p+v/9+m/9f/r8NCf3/F8p+3XxS+b////3e89m76f/2//n/Upvv/ywf9v/6fqZla/5+7/95xSyf7HwAAAHqQu/8+cYv9DwAAAM3I3X/fuMX+BwAAgGbk7r82bulk/+v/9f/6f/3/rv7/Zv2//n/eDtPfX7Xkx7z/H2bU/+d/e9P/H93c+/9Nf379v/6fRVPr/3P33y9u6WT/AwAAQA9y998/brH/AQAAoBm5+x8Qt9j/AAAA0Izc/Q+MWzrZ//p//b/+fy79/ynv/+/5/ej/9f/LHLW/1/+HGfX/g/f/9f8T+fz6f/0/i6bW/+fuf1Dc0sn+BwAAgB7k7n9w3GL/AwAAQDNy9z8kbrH/AQAAoBm5+x8at3Sy//X/+n/9/1z6/2N6/1//r/+fuZuGC/9M0P8v0v+vsKL/Hwb9/5gD9/PLf3vz+fz70P/r/1k0tf4/d//D4parh+HUxf4mAQAAgEnJ3f/wuKWTP/8HAACAHuTuvy5usf8BAACgGbn7z8Utnex//b/+X/+v/9f/L//6+v958v7/uKP3///339fcvd/+3/v/47z/v+7+//bvDP0/8za1/j93//VxSyf7HwAAAHqQu/8RcYv9DwAAAM3I3f/IuMX+BwAAgGbk7n9U3NLJ/tf/t9b/X77r1+3o/7dqF/2//l//r/9vnf5/nPf/V9j6x9zZ+kv9v/7f+//6f45mav1/7v5Hxy2d7H8AAADoQe7+x8Qt9j8AAAA0I3f/Y+MW+x8AAACakbv/cXFLJ/tf/99a/7/713n/X/+/7Ovr//X/LdP/j9P/r9DK+/8X+V2z6X7+qDb9+fX/+n8WTa3/z93/+Lilk/0PAAAAPcjd/4S4xf4HAACAZuTuvyFusf8BAACgGbn7nxi3dLL/9f/6/3n0//kV9P/6/0vf/yf9/zzp/8fp/1dopf+/SJvu5+f++fX/+n8WTa3/z93/pLilk/0PAAAAPcjd/+S4xf4HAACAZuTuf0rcYv8DAABAM3L3PzVu6WT/99n/X67/n13/7/1//b/3//X/B6P/H6f/X2Fn/3/ZMJzT/+v/9f/6f45kav1/7v4b45ZO9j8AAAD0IHf/0+IW+x8AAACakbv/6XGL/Q8AAADNyN3/jLilk/3fZ//v/X/9v/5f/6//b5X+f5z+f4XO3/8fzun/9f/6f9ZrQv3/jl91Znhm3NLJ/gcAAIAe5O5/Vtxi/wMAAEAzcvc/O26x/wEAAKAZufufE7d0sv/1/5Pp/7dyvrb6/7PDMOj/h077/7M7/n7W96X+X/9/DPT/4/T/K3Te/2+6n5/759f/6/9ZNKH+f+uvc/c/N27pZP8DAABAD3L3Py9usf8BAACgGbn7nx+32P8AAADQjNz9L4hbOtn/+v/J9P9b2ur/vf+/9/ujp/7f+/+L9P/HY839/5X54/r/bfr/9vr/Uzv+703380e16c+v/9f/s2hq/X/u/hfGTadOXvRvEQAAAJiY3P0vils6+fN/AAAA6EHu/hfHLfY/AAAAzNSNCz+Su/8lcUsn+1//v97+f2dDp//faP9/Rv+//9fX/+v/W7be/n8Ybokf1/9v0/+31//vtOl+fu6fX/+v/2fR1Pr/3P0vjVs62f8AAADQg9z9N8Ut9j8AAAA0I3f/y+IW+x8AAACakbv/5XFLJ/tf/+/9/0b7f+//j3z9w/b/F55D1f/r/6dvze//35A/rv/fpv/X/4/R/x+5/z994f/U/9OGQ/T/58+fv+6S9/+5+18Rt3Sy/wEAAKAHuftfGbfY/wAAANCM3P2vilvsfwAAAGhG7v5Xxy2d7H/9f6f9f36rz6v/PzcM+n/v/+v/9f/j9P/j9P8r6P/1/97/1/+zVlN7/z93/2vilk72PwAAAPQgd/9r4xb7HwAAAJqRu/91cYv9DwAAAM3I3f/6uKWT/a//77T/9/6//l//f9z9/22D/v9YzKL/P7v/1596/3+9/v9/73CX/FT6/7266//vfKddf6n/1/+zaGr9f+7+N8Qtnex/AAAA6EHu/jfGLdv7/8L/wAsAAADMVu7+N8Ut/vwfAAAAmpG7/81x0xWd7H/9v/5f/6//1/8v//rH/P7/qWEY9P9rMIv+f8TU+//1vP+/99/lF8yj//f+/3666//30P/r/1k0tf4/d/9b4pZO9j8AAAD0IHf/W+MW+x8AAACakbv/bXGL/Q8AAADNyN3/9rilk/2v/9f/6//1/833/9fPov/3/v+a6P/HTaP/35/+X/8/58+v/9f/c3Cb6v9z978jbulk/wMAAEAPcve/M26x/wEAAKAZufvfFbfY/wAAANCM3P3vjls62f/6f/3/Yfr//Jz6/7b6/9OT6//P7PrX6+T9f/3/muj/x+n/V9D/6//1/zfq/1mnqb3/n7v/PXFLJ/sfAAAAepC7/71x63+6tf8BAACgGbn73xe32P8AAADQjNz9749bOtn/+n/9v/f/9f/Nv/+v/++K/n+c/n8F/f86+vlz+v9Z9//e/2etptb/5+7/QNzSyf4HAACAHuTu/2DcYv8DAABAM3L3fyhusf8BAACgGbn7b45bOtn/+n/9v/5f/6//3/57qP9vg/5/3PH0/2f1/+vs/3f819OZ9P+7+vnL4t8F+n/9/6pfT5um1v/n7v9w3NLJ/gcAAIAe5O7/SNxi/wMAAEAzcvd/NG6x/wEAAGCWrljyY7n7Pxa3dLL/9f/6f/2//l//v/zr6//naSP9f35T6P+9/x/6ef//yl1/ddR+/rg//97//NL/6/9Zv6n1/7n7Px63dLL/AQAAoAe5+z8Rt9j/AAAA0Izc/Z+MW+x/AAAAaEbu/k/FLTPf/6cO+PP0//p//b/+X/+//Ovr/+fJ+//j9P8r6P83+n7+3D+//l//z6Kp9f+5+z8dt8x8/wMAAAAX5O7/TNxi/wMAAEAzcvd/Nm6x/wEAAKAZW7s/47IO97/+f339/96fq//X/+/8/hj0//p//f+x0P+P0/+voP/X/+v/9f+s1dT6/89t/aozw+fjlk72PwAAAPQgd/8X4hb7HwAAAJqRu/+LcYv9DwAAAM3I3f+luKWT/f8/cc/p/7d4/3+q/f/58+ev0/9Pr/8/PUyj/79F/0/R/4/T/6+g/9f/6//1/6zV1Pr/3P1fjls62f8AAADQg9z9X4lb7H8AAABoRu7+r8Yt9j8AAAA0I3f/1+KWTva/9/8n0P+f0f97/3+u/b/3/4dL2f+f2P6Hsv7/cLb6+wv/ca7/30P/v0KL/f+Zg//2N93PH9WmP7/+X//Poqn1/7n7vx63dLL/AQAAoAe5+78Rt9j/AAAA0Izc/d+MW+x/AAAAaEbu/m/FLZ3sf/3/gfr/vTnygoP0/7f/i/Ty/v/ZYfnn1//r//X/3v+/1Lz/P07/v0KL/f8hbLqfn/vn1//r/1k0tf4/d/+345bd+//k4X6XAAAAwJTk7v9O3NLJn/8DAABAD3L3fzdusf8BAACgGbn7vxe3dLL/9f8TeP+/wf7f+//Lvz/0/5Pu/0/o/9ug/x+n/19B/7+snz87DIP+X/9/yP4/v5v1/72bWv+fu//7cUsn+x8AAAB6kLv/B3GL/Q8AAADNyN3/w7jF/gcAAIBm5O6/JW7Zsf+Xtd2t0P/r//X/+n/9//Kvr/+fJ/3/uIP2/6eHo/X/Sf/fRP/v/X/9v/f/uWhT6/9z9/8obvHn/wAAADA7J/f58dz9P45b7H8AAABoRu7+n8Qt9j8AAAA0I3f/T+OWW09s6iMdK/2//l//r//X/y//+vr/edL/j/P+/wr6/3X081fp/9vo/4dB/8/RTa3/z93/s7jFn/8DAABAM3L3/zxusf8BAACgGbn7fxG32P8AAADQjNz9v4xbOtn/+n/9/xH7/600U/+/Tf+/Tf+/nP7/eOj/x+n/V9D/e/9f/+/9f9Zqav1/7v5fxS2d7H8AAADoQe7+X8ct9j8AAAA0I3f/b+IW+x8AAACakbv/t3FLJ/t/Y/1//L9a/z/7/t/7//r/zfX/Jwf9v/5/gf5/nP5/Bf2//l//r/9nrabW/+fu/13c0sn+BwAAgB7k7v993GL/AwAAQDNy9/8hbrH/AQAAoBm5+/8Yt3Sy/73/r//X/+v/Z9v/e/9f/7+E/n+c/n+5+hul/9f/6//1/6zV1Pr/3P1/ils62f8AAADQg9z9f45b7H8AAABoRu7+W+MW+x8AAACakbv/L3FLJ/t/4/3/1fp//b/+X/+/Tf+v/18H/f+4Tfb/d/2v1V/W+/8b7//zI+j/9f/6f9Ziav1/7v6/xi2d7H8AAADoQe7+v8Ut9j8AAAA0I3f/3+MW+x8AAACakbv/H3FLJ/t/Rf9/un7i4fv/E6u+tvf/9f/6f/2//l//v276/3He/19B/+/9f/2//p+1mlr/n7v/n3FLJ/sfAAAAepC7/7a4xf4HAACAZuTu/1fcYv8DAABAM3L3/ztu6WT/b/z9f/3/Ifr/q/T/+n/9v/5f/7+C/n+c/n8F/b/+X/+v/2etptb/5+7/TwAAAP//10Q9fw==") chdir(&(0x7f0000000040)='./file0\x00') (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) (async) bpf$PROG_LOAD(0x5, &(0x7f000000d000)={0xf, 0x3, &(0x7f0000008000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0xf30}}, &(0x7f0000014ff5)='GPL\x00', 0x2, 0x1000, &(0x7f0000014000)=""/4096, 0x0, 0x40, '\x00', 0x0, @fallback, r4, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x3}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 4.445736525s ago: executing program 2 (id=821): syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe2$9p(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, 0x0, 0x15) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="b0"], 0xb0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) chdir(&(0x7f0000000000)='./file0\x00') r3 = socket$unix(0x1, 0x5, 0x0) bind$unix(r3, &(0x7f0000000200)=@file={0x1, './file0\x00'}, 0x6e) lchown(&(0x7f0000004b40)='./file0\x00', 0x0, 0x0) 4.443867595s ago: executing program 3 (id=822): syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe2$9p(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, 0x0, 0x15) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="b0"], 0xb0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) chdir(&(0x7f0000000000)='./file0\x00') r3 = socket$unix(0x1, 0x5, 0x0) bind$unix(r3, &(0x7f0000000200)=@file={0x1, './file0\x00'}, 0x6e) listxattr(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000240)=""/67, 0x43) 3.908007551s ago: executing program 0 (id=823): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket$packet(0x11, 0x3, 0x300) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0xf0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="4000000010003b15000000000000000000004888", @ANYRES32=0x0, @ANYBLOB="d530d995212cf95a2000128008000100687372001400028008000200", @ANYRES32=r2, @ANYBLOB="08000100", @ANYRES64=r1], 0x40}, 0x1, 0x0, 0x800000000000000}, 0x0) 2.516325358s ago: executing program 4 (id=824): syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000080)='./bus\x00', 0x2000010, &(0x7f00000013c0)=ANY=[], 0xf, 0x694, &(0x7f0000000d00)="$eJzs3c1vXFfdB/DvHY8dO0+Vx2mTNkJFRIlUkCISv8gFsyEghLyoUFUWrK3EaaxMnMp2kVshcAHBColF/4CC5B0rJPZBYV123XpZCYlNxCJiY3Tv3LHHnnFsJ36Fzye6Pufec+65v/ndt3nJaAL8z5q5kebjFJm58c5KOb++NtlaX5s8Vze3kpT1RtJsFykWkuJJcrtsL7qmdJU9Pp2ffu+Lp+tftuea9VT1bzxvvT769F2tp1xNMlCXvQb3u4lt491J8kpPl6H9jrWtY5m063UJJ26jx+pBVj/IeQucMp27U9G+b/YYTc4nGa6fB6S+OjSOL8KjcaCrHAAAAJxRnz866QgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7Kl//7+op0Zd5mqKzu//D3WW1fUz7fFJBwAAAAAAAAAAh+Brz/IsK7nQmd8oqs/8r1Uzl/LvjeT/8mGWMpfF3MxKZrOc5SxmPMlo10BDK7PLy4vjm2uW+q850XfNieN6xAAAAAAAAADwX+mXmdn6/B8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE6DIhloF9V0qVMfTaOZdttQ2W81+XunfkYU/RY+Pv44AAAA4KUMv8A6//8sz7KSC535jaJ6zf969Xp5OB9mIcuZz3Jamcvd+jV0+aq/sb422Vpfm3xYTr3jfu+fBwqjGrF+f6H/lq9UPUZyL/PVkpu5UwVzN41qzdKVTjz94/qkjKn4bm2fkTXrtJYb+/1u7yIcioO+FTFaBpdsZmSsjq3MxsV2BorqjZpkZyb23DvNnVtKI4ObWxpPY/Odn0tHkPPzdVk+nt8cac4PajMTjVSZmOg6+l5/fiaSr//lTz+531p4cP/e0o3T85D2MLDL8p3HxGRXJt4405loHrD/WJWJy5vzM/lhfpwbuZp3s5j5/DSzWc5cNur22fp4Lv+OPj9Tt7fNvbtXJEP1fmnvs/3EdDU/qGqzuVateyHzKfIodzOXt6t/ExnPtzKVqUx37eHLu8ZdPbbqrG/sPOs7e/qvfYO//o26MpLkt3XZk4Mddjs6D0v72l/m9WJXXttH/dPNXhe7zoOxriy92snOYN/BX+Ta2PxKXSm38au6PB1G60yUJ1DnLtGJ7rV2JprVvaj3OP9DdW4stRYeLN6f/WCX8Vd3zL9Vl+VhtfbV/UbZf1ccrvJ4eTXD9ZVk+9FRtr22eZW5uO2uOlR/4tJua/S0Xa7aiqJzpv5o1zN1qH4O1zvSRNX2Rt+2yartSlfbtudbeZRW7h5D/gB4SaM5PzTyj5HPRz4b+fXI/ZF3hr9/7tvn3hzK4N8Gv9McG3ir8Wbx53yWn2+9/gcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF7c0kcfP5htteYW+1cauzftUdlr5B2Vov5Bnxfa1imsDCfZtmSwXHDsYYzsDKOnsvGL5Njz0/kRwf59fldWmtnPgLf36vPJiR8Jp70ykP4HwAlfmIAjd2v54Qe3lj76+JvzD2ffn3t/bmFwamp6bHrq7clb9+Zbc2PtvycdJXAUtm76Jx0JAAAAAAAAAAAAsF/9vhhw7ZW9vjSyr+94+J+FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKGYuZHm4xQZH7s5Vs6vr022yqlT3+rZTNJoJMXPkuJJcjvtKaNdwxX545Ns9NnOp/PT733xdP3LrbGa7f5Joy5fwmo95WqSgbo8rPHuvPR4xb86j7BM2PVO4uCk/ScAAP//kSr0rQ==") open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_BIND(r0, &(0x7f00000001c0)={0x14, 0x88, 0xfa00, {r1, 0x30, 0x0, @ib={0x1b, 0x0, 0x0, {}, 0x5, 0x1080000001}}}, 0x90) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8936, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x89}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) socket$tipc(0x1e, 0x2, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_mount_image$minix(&(0x7f0000000540), &(0x7f00000002c0)='./file1\x00', 0x8040, &(0x7f0000000c00)=ANY=[@ANYRES16=0x0], 0xfd, 0x1d0, &(0x7f0000000300)="$eJzs3O9uk1AYx/EftIXNP/H/G99qom8cdiYSXxi3O3Hp2Fxkaqxv2jSxxivxRrwVb6BN7A2IAVoKqBVRoK3fT7LsPPQczvM0oZzThArAf+uqJEOGOpKCIHj/4m5wpemcANQj0LegqKeLMQC2ROvrH3U3pHFluQCo0/SwZUY39bH0ZTbqTeZ/ndw6YTcTtZPW9DAefiBpkhpvFVx/TD8Y0f/b7ex4W9JOkfXLp3j8vcX8YWqzUS+Tb76Y/Pze5zhIzX+hcP5x/ffvZPO/KOmSpMthIfay/zVJ139S/3H2/bNvFZwf+BuG9vJx5oCpkzPfe5jEHZ1Y8rpJbEWv7+fiR0lsR/Fe77V/XFUJAEoyf7j+n5vpuKVwwb+8/tvR9dytL0EAlekPhi+PfN97W6ZhjIt1NspPQaOehrUeaZRohJu7NUgj1/ho/oPz7NSac7hzTh3JfVAU3dAD2BjOu/M3Tn8wfHB2fnTqnXqv9t0nrit1H7tOtPN3svv/2Iov1ABsjMXdf7fpRAAAAAAAAAAAAAAAQGk3JN1chgdN5gIAAACgWr97MEjzn/tZ+fDQs/nJftGn4RIBAAAAAAAAAAAAAAAAAACArfE9AAD//zpGOPg=") r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) getdents64(r7, &(0x7f0000000540)=""/239, 0xef) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_BIND(r2, &(0x7f00000001c0)={0x14, 0x88, 0xfa00, {r8, 0x30, 0x0, @ib={0x1b, 0x0, 0x0, {}, 0x5, 0x1080000001}}}, 0x90) 7.174459ms ago: executing program 3 (id=825): syz_mount_image$nilfs2(&(0x7f0000000740), &(0x7f0000000100)='./file1\x00', 0x4800, &(0x7f0000000040)=ANY=[], 0x1, 0xda6, &(0x7f0000003c80)="$eJzs3ctvXFf9APBzx544r/7iNO4vJoTEJJSGR+wmtSg7XCksKqQKKX9BFdKS4pZHwqJVKiVZsCVS1T+AqmtY8MyiUtRVUDcg/oGqKzahqlQgQmqNbJ8zHn8zw51xbI/H8/lId87c+z33nnPmcefOfZ0EjKzGyuP8/HSV0tt33rrw4OT4v5ennGzlmFl5HM9jCymlZmu+lCbD8hYmVtPPPrl+qT39PKdVOp+qVLWmpxfut+Y9kFK6kWbS3TSZLn589PYrHzy/+N6Rm0cuvHnm3ta0HgAARsuD77370z8/9d3rh//zmxMLaaI1vWyfL+Txg3m7f6FaHc9J639A1ZZWbePFnpBvPA+NkG+sQ772cpoh33iX8veE5Ta75JuoKX+sbVqndsMwW/sfXzVm1403GrOzq//Jl304tqeafe3K4ktXB1RRYNN9ejLv4jMYDCM3LB0a9BoIYFU8bviQG3HPwqNpLW28t/LvP9foPD9sgu3+/Ct/uMp/96Y1Dptnt36aSrvK9+hgHo/HEcbDfP1+/8vy4vGIZo/17HYcYViOL3Sr59g212OjutU/fi52qy/ltLwOJ0K8/fsT39NheY+Bzh7Y/28wjOywNOgVELBjxfPmlrISj+f1xfhETXxvTXxfTXx/TfxATRxG2W+v/TLdrtb+58f/9P3uDyv72R7L6f/1WZ+4P7Lf8uN5v/161PLj+cSwo5351/FPf373L/H8/8/D+f+n82/pZF5BlP2Fcb9669z/cGFwo0u+x0N1HuuQf+X51Pp81dTaclLbeuahekyvn+9Qt3zH1+ebDPn2522RvaG+cftkf5ivbH+U9Wp5vcZDe5uhHXtCPco7czine0N7DndrV9iRvSfka+bhSGjXVGjXE2G+/w/tqqbXtyvuPy/1ORqmx+MkJV942x76XYrvRbwu41ROb+X0nZy+n9OPOpQ7isrnsdv5/+XzOZ2a1UtXFi8/ncfL5/TeWHNiefq5ba438Oh6vf5nOq2//udga3qz0b5eOLQ2vWpfL0yG6ee7TH8mj5ffsx+O7VuZPnvpx4s/2OzGw4i7+vobP3pxcfHyzzzxxBNPWk/+x0rj1zMXr23jOgrYGnPXXv3J3NXX3zh75dUXX7788uXXzj397W898+yz83MrW/Vz7dv2wO6y9qM/6JoAAAAAAAAAAAAAPav2dZ6c07r725brycv16fH6eIZDed/Kp6Hcx6Bc/9ntvi7l+s3D21BHNt92XE406DYCnf3D/X8NhpEdlpbcxR/YGQbd/1+572FJD5792+HloWS7/9z69WW8fyE8ip3e/5zyd1f/f63+r3pe/4UesyY3Vu7vHuz7a1ux6Viv5cf2l/vATvVX/u9z+aU1T6beyl/6VSg/3qi0R38I5e/vsfyH2n98Y+X/MZdfXrYzp3stf7XGVWN9PeJ+43IfwLjfuPhTaH+5t18/7T91a+Mdtd3J5cMoG5Z+Jvs1LP1/dlOWW9aDefXcOk5X7r8d+zvot/7lvt/ld+CJsPyq5vdN/5/Dra7/z/L5m9P/J+w6Hzr+ZzCM7LC0tDTQrk9Gtd+VnWLQr/+gtyEHXf6gX/86sf/P+H8p9v8Z47H/zxiP/X/GeOxfK8Zj/5/x9Yz9f8b40bDc2D/odE38CzXxYzXxL9bEj9fE4/+3GJ+piZ+oiZ+siT9eEz9VEz9dE/9KTfzJmvhTNfEzNfHd7ss5HdX2wyiL/Ub6/sPoKMd/un3/p2riwPCK/TrH7/dXa+LA8Crnefh+wwiqOt+xI+5vL/txb+X0nZy+n9OPtqyCbIev5fTrOf1GTr+Z07M5nc3pXE71DTncfvH3YyduV2vn+R0K8V7PJ43XA8T7xJzrsT7x+Fy/57Me7bGcrSp/g5eDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyNxsrj/Px0ldLbd9668M+p73x/ecrJVo6ZlcfxPLaQUmqmlKo8Ph6Wd2NiNf3sk+uXOqVVOr/yWMbTC/db8x5Ynj/NpLtpMl38+OjtVz54fvG9IzePXHjzzL2taT0AAACMhv8GAAD//5Cp5/o=") r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7ffffffc, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000140)={0x1e, 0x2, 0x0, "4bc46729173b668be6a25f3e4f018b1166ae91f347f81b7a0000000000000002"}) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r0, 0x80489439, &(0x7f0000000480)) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x56a, 0x30a, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x8, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x200}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io(r1, &(0x7f0000000400)={0x2c, &(0x7f0000000280)={0x0, 0x21, 0x7, {0x7, 0x0, "3d7da32915"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x1c, 0x1, 0x4, 0x101, 0x0, 0x0, {}, [@NFULA_CFG_CMD={0x5, 0x1, 0x1}]}, 0x1c}}, 0x0) sendmsg$NFULNL_MSG_CONFIG(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x24, 0x1, 0x4, 0x101, 0x0, 0x0, {}, [@NFULA_CFG_CMD={0x5, 0x1, 0x1}, @NFULA_CFG_FLAGS={0x6}]}, 0x24}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)=@updpolicy={0xb8, 0x19, 0xfd3649826d894c67, 0x0, 0x0, {{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}}, 0xb8}, 0x1, 0x0, 0x0, 0x20004010}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="c40000001900674c0000000000000000ff01098817c5d2d2353cd8d1f31a5656176e0000000000000010"], 0xc4}}, 0x0) sendmsg$nl_xfrm(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="b80000001900674c0000000000000000ff013000000000000000000000000001e000000100000000000000000000000000000000000000000a00000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e2ffffffffffffff000000000000000000000000000000000000000000000300000000000000000040"], 0xb8}}, 0x0) 0s ago: executing program 2 (id=826): syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000005c0)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x1, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") creat(&(0x7f0000000040)='./bus\x00', 0x0) open(&(0x7f00000000c0)='./file0\x00', 0x81ff, 0x0) r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) mkdirat(r0, &(0x7f0000000440)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r1 = open(0x0, 0x14113e, 0x0) write$binfmt_script(r1, &(0x7f0000000080), 0x208e24b) r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) r3 = open(&(0x7f00000003c0)='.\x00', 0x0, 0x0) renameat2(r2, &(0x7f0000000000)='./file0\x00', r3, &(0x7f00000004c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', 0x2) kernel console output (not intermixed with test programs): 9: 0000000000000000 [ 221.961860][ T6068] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 221.969855][ T6068] R13: 0000000000000000 R14: 00007f955dee9f80 R15: 00007ffefdc3ffe8 [ 221.977868][ T6068] [ 221.988940][ T5817] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 222.010028][ T5817] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.020349][ T5817] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 222.031203][ T5817] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.041385][ T5817] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 222.052204][ T5817] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.062859][ T5817] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 222.073799][ T5817] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.086593][ T5817] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 222.096253][ T3666] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 222.115445][ T3666] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 222.146516][ T3666] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 222.183586][ T5817] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.207520][ T5817] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.225141][ T5817] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.257033][ T5817] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.869090][ T3873] Bluetooth: hci4: command 0x0419 tx timeout [ 224.406492][ T5928] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 224.468770][ T5928] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 224.508291][ T5928] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 224.564195][ T5928] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 224.654834][ T3666] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 224.688784][ T3666] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 224.788111][ T4099] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 224.832569][ T4099] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 224.874257][ T4099] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 224.910799][ T3666] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 224.963744][ T5928] 8021q: adding VLAN 0 to HW filter on device bond0 [ 225.027636][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 225.049097][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 225.072510][ T5928] 8021q: adding VLAN 0 to HW filter on device team0 [ 225.121118][ T1192] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 225.161939][ T1192] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 225.198454][ T1192] bridge0: port 1(bridge_slave_0) entered blocking state [ 225.205835][ T1192] bridge0: port 1(bridge_slave_0) entered forwarding state [ 225.225776][ T6097] loop3: detected capacity change from 0 to 2048 [ 225.226127][ T1192] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 225.265053][ T1192] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 225.299333][ T1192] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 225.328236][ T1192] bridge0: port 2(bridge_slave_1) entered blocking state [ 225.335493][ T1192] bridge0: port 2(bridge_slave_1) entered forwarding state [ 225.450327][ T6099] loop2: detected capacity change from 0 to 512 [ 225.561840][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 225.587983][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 225.619481][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 225.688820][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 225.729868][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 225.740168][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 225.750243][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 225.760378][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 225.769884][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 225.778816][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 225.788035][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 225.844110][ T6099] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 225.867085][ T6099] ext4 filesystem being mounted at /13/file0 supports timestamps until 2038 (0x7fffffff) [ 226.004632][ T6113] loop0: detected capacity change from 0 to 256 [ 226.165856][ T6113] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 226.192382][ T26] audit: type=1326 audit(1728930341.676:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6095 comm="syz.3.497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf3a3dbff9 code=0x7ffc0000 [ 226.260916][ T5928] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 226.278263][ T1192] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 226.279227][ T6121] loop1: detected capacity change from 0 to 1024 [ 226.296088][ T1192] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 226.298991][ T26] audit: type=1326 audit(1728930341.676:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6095 comm="syz.3.497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fbf3a3dbff9 code=0x7ffc0000 [ 226.403371][ T6121] EXT4-fs (loop1): INFO: recovery required on readonly filesystem [ 226.430597][ T6121] EXT4-fs (loop1): write access will be enabled during recovery [ 226.440661][ T26] audit: type=1326 audit(1728930341.676:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6095 comm="syz.3.497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf3a3dbff9 code=0x7ffc0000 [ 226.480875][ T6121] JBD2: no valid journal superblock found [ 226.481908][ T6113] netlink: 16 bytes leftover after parsing attributes in process `syz.0.500'. [ 226.496162][ T6121] EXT4-fs (loop1): error loading journal [ 226.548297][ T26] audit: type=1326 audit(1728930341.676:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6095 comm="syz.3.497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=327 compat=0 ip=0x7fbf3a3dbff9 code=0x7ffc0000 [ 226.558076][ T6113] netlink: 16 bytes leftover after parsing attributes in process `syz.0.500'. [ 226.584278][ T6113] netlink: 24 bytes leftover after parsing attributes in process `syz.0.500'. [ 226.671238][ T26] audit: type=1326 audit(1728930341.676:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6095 comm="syz.3.497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf3a3dbff9 code=0x7ffc0000 [ 226.700896][ T2989] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 226.732515][ T26] audit: type=1326 audit(1728930341.676:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6095 comm="syz.3.497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7fbf3a3dbff9 code=0x7ffc0000 [ 226.783192][ T26] audit: type=1326 audit(1728930341.676:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6095 comm="syz.3.497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf3a3dbff9 code=0x7ffc0000 [ 226.860826][ T26] audit: type=1326 audit(1728930341.676:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6095 comm="syz.3.497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fbf3a3da990 code=0x7ffc0000 [ 226.948093][ T6134] loop3: detected capacity change from 0 to 512 [ 226.983915][ T26] audit: type=1326 audit(1728930341.676:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6095 comm="syz.3.497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf3a3dbff9 code=0x7ffc0000 [ 227.092815][ T26] audit: type=1326 audit(1728930341.686:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6095 comm="syz.3.497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7fbf3a3dbff9 code=0x7ffc0000 [ 227.094002][ T3836] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 227.131600][ T3836] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 227.140810][ T2989] usb 3-1: Using ep0 maxpacket: 16 [ 227.196027][ T6144] netlink: 12 bytes leftover after parsing attributes in process `syz.0.505'. [ 229.839544][ T4099] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 229.849010][ T4099] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 229.874218][ T2989] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 229.875713][ T4099] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 229.910526][ T2989] usb 3-1: can't read configurations, error -71 [ 229.923503][ T6149] loop3: detected capacity change from 0 to 1024 [ 229.941328][ T4099] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 229.996170][ T5928] device veth0_vlan entered promiscuous mode [ 230.067494][ T5928] device veth1_vlan entered promiscuous mode [ 230.149959][ T6152] loop2: detected capacity change from 0 to 4096 [ 230.178546][ T4099] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 230.192933][ T4099] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 230.213823][ T5928] device veth0_macvtap entered promiscuous mode [ 230.284562][ T5928] device veth1_macvtap entered promiscuous mode [ 230.408988][ T6159] loop0: detected capacity change from 0 to 512 [ 230.434804][ T5928] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 230.467832][ T5928] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 230.510022][ T5928] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 230.524715][ T5928] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 230.536584][ T5928] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 230.560088][ T5928] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 230.583284][ T5928] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 230.608946][ T5928] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 230.632147][ T5928] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 230.654709][ T6161] loop2: detected capacity change from 0 to 4096 [ 230.662119][ T5928] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 230.675408][ T5928] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 230.709112][ T3666] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 230.719956][ T3666] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 230.730553][ T3666] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 230.741995][ T3666] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 230.765714][ T5928] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 230.776858][ T5928] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 230.784487][ T6159] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 230.788213][ T5928] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 230.810040][ T5928] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 230.813419][ T6161] ntfs: volume version 3.1. [ 230.822922][ T5928] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 230.835854][ T5928] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 230.845917][ T5928] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 230.856718][ T5928] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 230.869030][ T5928] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 230.879699][ T5928] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 230.891589][ T5928] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 230.903472][ T6159] ext4 filesystem being mounted at /52/file0 supports timestamps until 2038 (0x7fffffff) [ 230.953762][ T5928] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 230.990588][ T5928] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 231.009735][ T5928] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 231.032736][ T5928] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 231.048883][ T4099] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 231.081532][ T4099] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 231.089901][ T6171] loop3: detected capacity change from 0 to 512 [ 231.113694][ T6166] netlink: 100 bytes leftover after parsing attributes in process `syz.1.515'. [ 231.285148][ T6177] loop2: detected capacity change from 0 to 2048 [ 231.349431][ T6177] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 231.437205][ T6182] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 231.832148][ T1203] device hsr_slave_0 left promiscuous mode [ 231.901224][ T1203] device hsr_slave_1 left promiscuous mode [ 231.918412][ T1203] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 232.032439][ T1203] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 232.093106][ T1203] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 232.115391][ T1203] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 232.181037][ T1203] device bridge_slave_1 left promiscuous mode [ 232.190794][ T1203] bridge0: port 2(bridge_slave_1) entered disabled state [ 232.194092][ T6191] loop0: detected capacity change from 0 to 8192 [ 232.248777][ T1203] device bridge_slave_0 left promiscuous mode [ 234.228495][ T1203] bridge0: port 1(bridge_slave_0) entered disabled state [ 234.272268][ T6191] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 234.295594][ T1203] device veth1_macvtap left promiscuous mode [ 234.300865][ T6191] REISERFS (device loop0): using ordered data mode [ 234.303558][ T1203] device veth0_macvtap left promiscuous mode [ 234.308180][ T6191] reiserfs: using flush barriers [ 234.315614][ T1203] device veth1_vlan left promiscuous mode [ 234.325484][ T1203] device veth0_vlan left promiscuous mode [ 234.360724][ T6191] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 234.405337][ T6191] REISERFS (device loop0): checking transaction log (loop0) [ 234.419296][ T6191] REISERFS (device loop0): Using r5 hash to sort names [ 234.428983][ T6191] REISERFS (device loop0): using 3.5.x disk format [ 234.441720][ T6191] REISERFS warning (device loop0): jdm-13090 reiserfs_new_inode: ACLs aren't enabled in the fs, but vfs thinks they are! [ 234.457747][ T6191] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 234.743695][ T1203] team0 (unregistering): Port device team_slave_1 removed [ 234.767138][ T1203] team0 (unregistering): Port device team_slave_0 removed [ 234.787970][ T1203] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 234.835138][ T1203] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 234.982906][ T1203] bond0 (unregistering): Released all slaves [ 235.064874][ T6209] loop0: detected capacity change from 0 to 4096 [ 235.067483][ T6205] tipc: Started in network mode [ 235.083782][ T3666] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 235.092030][ T6205] tipc: Node identity 2, cluster identity 2544 [ 235.099492][ T6205] tipc: Node number set to 2 [ 235.105148][ T3666] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 235.106799][ T6205] tipc: Cannot configure node identity twice [ 235.131225][ T6209] ntfs3: Unknown parameter 'hide_dot_files' [ 235.142847][ T6206] device geneve2 entered promiscuous mode [ 235.186409][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 235.315282][ T4099] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 235.380037][ T4099] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 235.396504][ T6216] devtmpfs: Unknown parameter '' [ 235.410455][ T3611] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 235.589617][ T6224] FAULT_INJECTION: forcing a failure. [ 235.589617][ T6224] name failslab, interval 1, probability 0, space 0, times 0 [ 235.680872][ T6227] loop4: detected capacity change from 0 to 1024 [ 235.720597][ T6224] CPU: 1 PID: 6224 Comm: syz.2.532 Not tainted 5.15.167-syzkaller #0 [ 235.728720][ T6224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 235.738796][ T6224] Call Trace: [ 235.742090][ T6224] [ 235.745034][ T6224] dump_stack_lvl+0x1e3/0x2d0 [ 235.749739][ T6224] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 235.755392][ T6224] ? panic+0x860/0x860 [ 235.759486][ T6224] ? __might_sleep+0xc0/0xc0 [ 235.764200][ T6224] should_fail+0x38a/0x4c0 [ 235.768644][ T6224] should_failslab+0x5/0x20 [ 235.773170][ T6224] slab_pre_alloc_hook+0x53/0xc0 [ 235.778131][ T6224] kmem_cache_alloc_trace+0x49/0x290 [ 235.783528][ T6224] ? snd_timer_instance_new+0x4d/0x210 [ 235.789018][ T6224] snd_timer_instance_new+0x4d/0x210 [ 235.794325][ T6224] snd_seq_timer_open+0x218/0x6d0 [ 235.799403][ T6224] ? _raw_spin_lock_irqsave+0xac/0x120 [ 235.804888][ T6224] ? snd_seq_timer_set_skew+0xc0/0xc0 [ 235.810282][ T6224] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 235.816219][ T6224] ? _raw_spin_unlock+0x40/0x40 [ 235.821092][ T6224] ? snd_seq_timer_defaults+0x32/0x550 [ 235.826573][ T6224] snd_seq_queue_alloc+0x442/0x760 [ 235.831731][ T6224] snd_seq_ioctl_create_queue+0x7f/0x350 [ 235.837400][ T6224] snd_seq_oss_open+0x687/0x1010 [ 235.842392][ T6224] ? snd_seq_oss_delete_client+0x50/0x50 [ 235.848376][ T6224] ? read_lock_is_recursive+0x10/0x10 [ 235.853837][ T6224] ? __lock_acquire+0x1ff0/0x1ff0 [ 235.858896][ T6224] ? mutex_lock_io_nested+0x60/0x60 [ 235.864136][ T6224] ? snd_seq_oss_process_event+0x29e0/0x29e0 [ 235.870177][ T6224] ? async_call_lookup_ports+0x10/0x10 [ 235.875718][ T6224] odev_open+0x5f/0x90 [ 235.879807][ T6224] chrdev_open+0x54a/0x630 [ 235.884363][ T6224] ? cd_forget+0x160/0x160 [ 235.888812][ T6224] ? do_raw_spin_unlock+0x137/0x8b0 [ 235.894034][ T6224] ? fsnotify_perm+0x47b/0x590 [ 235.898927][ T6224] ? cd_forget+0x160/0x160 [ 235.903372][ T6224] do_dentry_open+0x807/0xfb0 [ 235.908211][ T6224] path_openat+0x2705/0x2f20 [ 235.912861][ T6224] ? do_filp_open+0x460/0x460 [ 235.917609][ T6224] do_filp_open+0x21c/0x460 [ 235.922146][ T6224] ? vfs_tmpfile+0x2e0/0x2e0 [ 235.926779][ T6224] ? _raw_spin_unlock+0x24/0x40 [ 235.931657][ T6224] ? alloc_fd+0x598/0x630 [ 235.936018][ T6224] do_sys_openat2+0x13b/0x4f0 [ 235.940718][ T6224] ? do_sys_open+0x220/0x220 [ 235.945339][ T6224] __x64_sys_openat+0x243/0x290 [ 235.950212][ T6224] ? __ia32_sys_open+0x270/0x270 [ 235.955174][ T6224] ? syscall_enter_from_user_mode+0x2e/0x240 [ 235.961186][ T6224] ? lockdep_hardirqs_on+0x94/0x130 [ 235.966427][ T6224] ? syscall_enter_from_user_mode+0x2e/0x240 [ 235.972449][ T6224] do_syscall_64+0x3b/0xb0 [ 235.976894][ T6224] ? clear_bhb_loop+0x15/0x70 [ 235.981593][ T6224] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 235.987514][ T6224] RIP: 0033:0x7fb5cc898ff9 [ 235.991947][ T6224] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 236.000014][ T6233] loop1: detected capacity change from 0 to 8192 [ 236.011569][ T6224] RSP: 002b:00007fb5cad11038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 236.011599][ T6224] RAX: ffffffffffffffda RBX: 00007fb5cca50f80 RCX: 00007fb5cc898ff9 [ 236.011617][ T6224] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: ffffffffffffff9c [ 236.011632][ T6224] RBP: 00007fb5cad11090 R08: 0000000000000000 R09: 0000000000000000 [ 236.050277][ T6224] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 236.058272][ T6224] R13: 0000000000000000 R14: 00007fb5cca50f80 R15: 00007ffd37864368 [ 236.066287][ T6224] [ 236.069446][ C1] vkms_vblank_simulate: vblank timer overrun [ 236.104873][ T6233] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal [ 236.126372][ T6233] REISERFS (device loop1): using ordered data mode [ 236.145959][ T6227] EXT4-fs (loop4): Ignoring removed orlov option [ 236.178689][ T6227] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option [ 236.214442][ T6233] reiserfs: using flush barriers [ 236.269983][ T6244] loop0: detected capacity change from 0 to 512 [ 236.274218][ T6233] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 237.412053][ T6233] REISERFS (device loop1): checking transaction log (loop1) [ 238.420462][ T6227] EXT4-fs (loop4): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 238.446190][ T6244] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 238.500575][ T6244] ext4 filesystem being mounted at /56/file0 supports timestamps until 2038 (0x7fffffff) [ 238.588622][ T6252] EXT4-fs error (device loop4): ext4_map_blocks:628: inode #2: block 16: comm syz.4.464: lblock 0 mapped to illegal pblock 16 (length 1) [ 238.679411][ T6233] REISERFS (device loop1): Using tea hash to sort names [ 238.721672][ T6233] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 238.899059][ T5928] EXT4-fs error (device loop4): ext4_map_blocks:628: inode #2: block 16: comm syz-executor: lblock 0 mapped to illegal pblock 16 (length 1) [ 238.933716][ T5928] EXT4-fs error (device loop4): __ext4_get_inode_loc:4320: comm syz-executor: Invalid inode table block 0 in block_group 0 [ 238.967668][ T5928] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5803: Corrupt filesystem [ 239.017128][ T5928] EXT4-fs error (device loop4): ext4_dirty_inode:6007: inode #2: comm syz-executor: mark_inode_dirty error [ 239.113701][ T3836] EXT4-fs error (device loop4): __ext4_get_inode_loc:4320: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 239.183447][ T3836] EXT4-fs error (device loop4): __ext4_get_inode_loc:4320: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 239.234568][ T3836] EXT4-fs error (device loop4): __ext4_get_inode_loc:4320: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 239.303385][ T6256] netlink: 60 bytes leftover after parsing attributes in process `syz.1.542'. [ 239.559805][ T6266] loop1: detected capacity change from 0 to 512 [ 239.704839][ T6268] loop2: detected capacity change from 0 to 1024 [ 239.727843][ T6266] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 239.799948][ T6266] ext4 filesystem being mounted at /138/file0 supports timestamps until 2038 (0x7fffffff) [ 239.805212][ T6268] EXT4-fs (loop2): Project quota feature not enabled. Cannot enable project quota enforcement. [ 239.904324][ T6268] overlayfs: failed to resolve './file1': -2 [ 240.077104][ T6275] loop1: detected capacity change from 0 to 64 [ 240.234391][ T6278] netlink: 32 bytes leftover after parsing attributes in process `syz.2.549'. [ 240.661680][ T6284] loop3: detected capacity change from 0 to 4096 [ 241.083546][ T6285] chnl_net:caif_netlink_parms(): no params data found [ 241.443020][ T6285] bridge0: port 1(bridge_slave_0) entered blocking state [ 241.470737][ T6285] bridge0: port 1(bridge_slave_0) entered disabled state [ 241.476144][ T6288] loop1: detected capacity change from 0 to 32768 [ 241.496836][ T6285] device bridge_slave_0 entered promiscuous mode [ 241.518650][ T6285] bridge0: port 2(bridge_slave_1) entered blocking state [ 243.448889][ T3874] Bluetooth: hci4: command 0x0409 tx timeout [ 243.467196][ T6285] bridge0: port 2(bridge_slave_1) entered disabled state [ 243.569890][ T6285] device bridge_slave_1 entered promiscuous mode [ 243.713098][ T6285] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 243.750486][ T6285] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 243.925551][ T6291] loop3: detected capacity change from 0 to 32768 [ 243.967357][ T6285] team0: Port device team_slave_0 added [ 243.978636][ T6285] team0: Port device team_slave_1 added [ 244.062938][ T6285] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 244.131550][ T6285] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 244.211174][ T6307] loop1: detected capacity change from 0 to 512 [ 244.234679][ T6285] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 244.323491][ T6285] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 244.334202][ T6307] EXT4-fs error (device loop1): ext4_orphan_get:1397: inode #15: comm syz.1.555: iget: bad extended attribute block 1 [ 244.348405][ T6285] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 244.429765][ T6307] EXT4-fs error (device loop1): ext4_orphan_get:1402: comm syz.1.555: couldn't read orphan inode 15 (err -117) [ 244.442838][ T6313] netlink: 68 bytes leftover after parsing attributes in process `syz.3.558'. [ 244.488588][ T6307] EXT4-fs (loop1): mounted filesystem without journal. Opts: barrier,resgid=0x000000000000ee00,auto_da_alloc=0x0000000000000003,noload,nobarrier,nodiscard,,errors=continue. Quota mode: none. [ 244.623062][ T6285] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 244.893087][ T6285] device hsr_slave_0 entered promiscuous mode [ 244.938040][ T6285] device hsr_slave_1 entered promiscuous mode [ 244.971365][ T6285] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 245.019401][ T6285] Cannot create hsr debugfs directory [ 245.341287][ T6339] FAULT_INJECTION: forcing a failure. [ 245.341287][ T6339] name failslab, interval 1, probability 0, space 0, times 0 [ 245.418449][ T6339] CPU: 0 PID: 6339 Comm: syz.1.567 Not tainted 5.15.167-syzkaller #0 [ 245.426623][ T6339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 245.436705][ T6339] Call Trace: [ 245.440007][ T6339] [ 245.443349][ T6339] dump_stack_lvl+0x1e3/0x2d0 [ 245.448063][ T6339] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 245.453741][ T6339] ? panic+0x860/0x860 [ 245.457855][ T6339] ? __might_sleep+0xc0/0xc0 [ 245.462474][ T6339] should_fail+0x38a/0x4c0 [ 245.466928][ T6339] ? snd_timer_instance_new+0x66/0x210 [ 245.472432][ T6339] should_failslab+0x5/0x20 [ 245.476961][ T6339] slab_pre_alloc_hook+0x53/0xc0 [ 245.481928][ T6339] ? snd_timer_instance_new+0x66/0x210 [ 245.487414][ T6339] __kmalloc_track_caller+0x6c/0x300 [ 245.492721][ T6339] ? snd_timer_instance_new+0x66/0x210 [ 245.498823][ T6339] kstrdup+0x31/0x70 [ 245.502746][ T6339] snd_timer_instance_new+0x66/0x210 [ 245.508055][ T6339] snd_seq_timer_open+0x218/0x6d0 [ 245.513101][ T6339] ? _raw_spin_lock_irqsave+0xac/0x120 [ 245.518677][ T6339] ? snd_seq_timer_set_skew+0xc0/0xc0 [ 245.518897][ T4914] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 245.524070][ T6339] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 245.537592][ T6339] ? _raw_spin_unlock+0x40/0x40 [ 245.542484][ T6339] ? snd_seq_timer_defaults+0x32/0x550 [ 245.548001][ T6339] snd_seq_queue_alloc+0x442/0x760 [ 245.553158][ T6339] snd_seq_ioctl_create_queue+0x7f/0x350 [ 245.558841][ T6339] snd_seq_oss_open+0x687/0x1010 [ 245.563913][ T6339] ? snd_seq_oss_delete_client+0x50/0x50 [ 245.569595][ T6339] ? read_lock_is_recursive+0x10/0x10 [ 245.575206][ T6339] ? __lock_acquire+0x1ff0/0x1ff0 [ 245.580259][ T6339] ? mutex_lock_io_nested+0x60/0x60 [ 245.585497][ T6339] ? snd_seq_oss_process_event+0x29e0/0x29e0 [ 245.591506][ T6339] ? async_call_lookup_ports+0x10/0x10 [ 245.596999][ T6339] odev_open+0x5f/0x90 [ 245.601092][ T6339] chrdev_open+0x54a/0x630 [ 245.605541][ T6339] ? cd_forget+0x160/0x160 [ 245.610066][ T6339] ? do_raw_spin_unlock+0x137/0x8b0 [ 245.615290][ T6339] ? fsnotify_perm+0x47b/0x590 [ 245.620076][ T6339] ? cd_forget+0x160/0x160 [ 245.624511][ T6339] do_dentry_open+0x807/0xfb0 [ 245.629218][ T6339] path_openat+0x2705/0x2f20 [ 245.633853][ T6339] ? do_filp_open+0x460/0x460 [ 245.638598][ T6339] do_filp_open+0x21c/0x460 [ 245.643177][ T6339] ? vfs_tmpfile+0x2e0/0x2e0 [ 245.647819][ T6339] ? _raw_spin_unlock+0x24/0x40 [ 245.652693][ T6339] ? alloc_fd+0x598/0x630 [ 245.657058][ T6339] do_sys_openat2+0x13b/0x4f0 [ 245.661764][ T6339] ? do_sys_open+0x220/0x220 [ 245.666405][ T6339] __x64_sys_openat+0x243/0x290 [ 245.671282][ T6339] ? __ia32_sys_open+0x270/0x270 [ 245.676355][ T6339] ? syscall_enter_from_user_mode+0x2e/0x240 [ 245.682354][ T6339] ? lockdep_hardirqs_on+0x94/0x130 [ 245.687582][ T6339] ? syscall_enter_from_user_mode+0x2e/0x240 [ 245.693601][ T6339] do_syscall_64+0x3b/0xb0 [ 245.698049][ T6339] ? clear_bhb_loop+0x15/0x70 [ 245.702757][ T6339] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 245.708690][ T6339] RIP: 0033:0x7f31d0c54ff9 [ 245.713129][ T6339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 245.732796][ T6339] RSP: 002b:00007f31cf0cd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 245.741248][ T6339] RAX: ffffffffffffffda RBX: 00007f31d0e0cf80 RCX: 00007f31d0c54ff9 [ 245.749252][ T6339] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: ffffffffffffff9c [ 245.757254][ T6339] RBP: 00007f31cf0cd090 R08: 0000000000000000 R09: 0000000000000000 [ 245.765354][ T6339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 245.773477][ T6339] R13: 0000000000000000 R14: 00007f31d0e0cf80 R15: 00007ffd1ebeadc8 [ 245.781582][ T6339] [ 245.788564][ T2989] Bluetooth: hci4: command 0x041b tx timeout [ 245.805560][ T6285] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 246.049038][ T4914] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 247.432777][ T4914] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 247.460308][ T4914] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 247.842967][ T3874] Bluetooth: hci4: command 0x040f tx timeout [ 247.864687][ T4914] usb 1-1: config 0 descriptor?? [ 247.921418][ T4914] pwc: Askey VC010 type 2 USB webcam detected. [ 247.984099][ T6285] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 248.058035][ T6340] loop2: detected capacity change from 0 to 32768 [ 248.100784][ T6285] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 248.167268][ T6285] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 248.200578][ T6340] XFS (loop2): Mounting V5 Filesystem [ 248.403637][ T6285] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 248.421965][ T6340] XFS (loop2): Ending clean mount [ 248.434757][ T6340] XFS (loop2): Quotacheck needed: Please wait. [ 248.458036][ T6285] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 248.487117][ T6285] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 248.525621][ T6340] XFS (loop2): Quotacheck: Done. [ 248.546166][ T6285] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 248.573329][ T5671] XFS (loop2): Unmounting Filesystem [ 248.608882][ T4914] pwc: recv_control_msg error -71 req 02 val 2700 [ 248.639024][ T4914] pwc: recv_control_msg error -71 req 02 val 2c00 [ 248.658750][ T4914] pwc: recv_control_msg error -71 req 04 val 1000 [ 248.692923][ T4914] pwc: recv_control_msg error -71 req 04 val 1300 [ 248.729367][ T4914] pwc: recv_control_msg error -71 req 04 val 1400 [ 248.758979][ T4914] pwc: recv_control_msg error -71 req 02 val 2000 [ 248.788888][ T4914] pwc: recv_control_msg error -71 req 02 val 2100 [ 248.808988][ T4914] pwc: recv_control_msg error -71 req 04 val 1500 [ 248.823041][ T6285] 8021q: adding VLAN 0 to HW filter on device bond0 [ 248.838640][ T4914] pwc: recv_control_msg error -71 req 02 val 2500 [ 248.847032][ T4100] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 248.857401][ T4100] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 248.860227][ T4914] pwc: recv_control_msg error -71 req 02 val 2400 [ 248.963273][ T4914] pwc: recv_control_msg error -71 req 02 val 2600 [ 248.981651][ T6285] 8021q: adding VLAN 0 to HW filter on device team0 [ 248.995731][ T4914] pwc: recv_control_msg error -71 req 02 val 2900 [ 249.007868][ T6345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 249.030617][ T6345] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 249.050642][ T4914] pwc: recv_control_msg error -71 req 02 val 2800 [ 249.060445][ T6345] bridge0: port 1(bridge_slave_0) entered blocking state [ 249.067583][ T6345] bridge0: port 1(bridge_slave_0) entered forwarding state [ 249.080545][ T4914] pwc: recv_control_msg error -71 req 04 val 1100 [ 249.113817][ T6345] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 249.121910][ T4914] pwc: recv_control_msg error -71 req 04 val 1200 [ 249.143770][ T4914] pwc: Registered as video71. [ 249.172211][ T4914] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input23 [ 249.212533][ T4914] usb 1-1: USB disconnect, device number 11 [ 249.262630][ T6371] loop0: detected capacity change from 0 to 128 [ 249.292183][ T4100] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 249.306326][ T4100] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 249.348121][ T6375] 9pnet: Insufficient options for proto=fd [ 249.408920][ T4100] bridge0: port 2(bridge_slave_1) entered blocking state [ 249.416095][ T4100] bridge0: port 2(bridge_slave_1) entered forwarding state [ 249.528531][ T4100] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 249.557539][ T4100] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 249.578596][ T3644] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 249.848574][ T3644] usb 4-1: Using ep0 maxpacket: 16 [ 249.979834][ T3644] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 250.152870][ T3644] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 250.272113][ T3644] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 250.333638][ T3874] Bluetooth: hci4: command 0x0419 tx timeout [ 250.389920][ T3644] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 250.394678][ T6285] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 250.417209][ T6285] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 250.422017][ T3644] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 250.437816][ T4139] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 250.469981][ T4139] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 251.460425][ T3644] usb 4-1: config 0 descriptor?? [ 252.458459][ T3644] usb 4-1: can't set config #0, error -71 [ 252.532698][ T4139] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 252.543067][ T3644] usb 4-1: USB disconnect, device number 13 [ 252.569150][ T4139] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 252.594025][ T4139] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 252.614842][ T4139] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 252.629417][ T4139] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 252.639251][ T4139] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 252.647923][ T4139] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 252.656156][ T4139] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 252.773044][ T6400] loop1: detected capacity change from 0 to 64 [ 252.921966][ T6398] loop3: detected capacity change from 0 to 4096 [ 253.012215][ T1203] device hsr_slave_0 left promiscuous mode [ 253.052852][ T6398] __ntfs_warning: 34 callbacks suppressed [ 253.052873][ T6398] ntfs: (device loop3): is_boot_sector_ntfs(): Invalid end of sector marker. [ 253.088557][ T1203] device hsr_slave_1 left promiscuous mode [ 253.108565][ T1203] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 253.116313][ T1203] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 253.135293][ T1203] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 253.146683][ T6398] ntfs: (device loop3): map_mft_record_page(): Mft record 0x0 is corrupt. Run chkdsk. [ 253.176464][ T6398] ntfs: (device loop3): map_mft_record(): Failed with error code 5. [ 253.186123][ T1203] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 253.196053][ T6402] loop2: detected capacity change from 0 to 8192 [ 253.224403][ T6398] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0x0 as bad. Run chkdsk. [ 253.239538][ T1203] device bridge_slave_1 left promiscuous mode [ 253.278561][ T1203] bridge0: port 2(bridge_slave_1) entered disabled state [ 253.298383][ T6398] ntfs: (device loop3): ntfs_read_inode_mount(): ntfs_read_inode() of $MFT failed. BUG or corrupt $MFT. Run chkdsk and if no errors are found, please report you saw this message to linux-ntfs-dev@lists.sourceforge.net [ 253.328095][ T1203] device bridge_slave_0 left promiscuous mode [ 253.335484][ T1203] bridge0: port 1(bridge_slave_0) entered disabled state [ 253.351287][ T1203] device veth1_macvtap left promiscuous mode [ 253.357406][ T1203] device veth0_macvtap left promiscuous mode [ 253.363896][ T1203] device veth1_vlan left promiscuous mode [ 253.370098][ T1203] device veth0_vlan left promiscuous mode [ 253.372955][ T6402] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal [ 253.790430][ T6398] ntfs: (device loop3): ntfs_fill_super(): Failed to load essential metadata. [ 253.807751][ T6402] REISERFS (device loop2): using ordered data mode [ 253.817919][ T6402] reiserfs: using flush barriers [ 253.849350][ T6402] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 253.876135][ T6402] REISERFS (device loop2): checking transaction log (loop2) [ 253.885918][ T6402] REISERFS (device loop2): Using r5 hash to sort names [ 253.901107][ T6402] REISERFS (device loop2): using 3.5.x disk format [ 253.908368][ T6402] REISERFS warning (device loop2): jdm-13090 reiserfs_new_inode: ACLs aren't enabled in the fs, but vfs thinks they are! [ 253.942991][ T6402] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 254.089181][ T6416] 9pnet: Insufficient options for proto=fd [ 254.565614][ T1203] team0 (unregistering): Port device team_slave_1 removed [ 254.612953][ T1203] team0 (unregistering): Port device team_slave_0 removed [ 254.684132][ T6425] loop2: detected capacity change from 0 to 40427 [ 254.692471][ T1203] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 254.737887][ T6425] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 254.745705][ T6425] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 254.763673][ T6425] F2FS-fs (loop2): invalid crc value [ 254.785916][ T6428] ALSA: mixer_oss: invalid OSS volume '—ˆ†åÉY¢' [ 254.790067][ T1203] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 254.802618][ T6425] F2FS-fs (loop2): Found nat_bits in checkpoint [ 254.890873][ T6425] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 254.898029][ T6425] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 255.234487][ T1391] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.244211][ T1391] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.432295][ T1203] bond0 (unregistering): Released all slaves [ 255.599934][ T6285] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 255.736013][ T4100] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 255.744301][ T4100] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 255.989869][ T6438] bridge0: port 3(gretap0) entered blocking state [ 256.025229][ T6438] bridge0: port 3(gretap0) entered disabled state [ 256.051401][ T6438] device gretap0 entered promiscuous mode [ 256.067669][ T6438] bridge0: port 3(gretap0) entered blocking state [ 256.074233][ T6438] bridge0: port 3(gretap0) entered forwarding state [ 256.092820][ T6445] device gretap0 left promiscuous mode [ 256.103692][ T6445] bridge0: port 3(gretap0) entered disabled state [ 256.120427][ T6463] tipc: Enabled bearer , priority 0 [ 256.195460][ T4139] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 256.216625][ T4139] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 256.320337][ T1192] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 257.417868][ T3617] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 258.368976][ T1192] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 258.386561][ T6285] device veth0_vlan entered promiscuous mode [ 258.412792][ T1192] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 258.438814][ T1192] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 258.466531][ T6285] device veth1_vlan entered promiscuous mode [ 258.473983][ T6473] sctp: [Deprecated]: syz.2.599 (pid 6473) Use of struct sctp_assoc_value in delayed_ack socket option. [ 258.473983][ T6473] Use struct sctp_sack_info instead [ 258.525068][ T6474] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 258.551851][ T3789] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 258.579629][ T3789] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 258.626127][ T6285] device veth0_macvtap entered promiscuous mode [ 258.664582][ T6285] device veth1_macvtap entered promiscuous mode [ 258.734187][ T6285] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 258.783476][ T6285] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 258.794387][ T6285] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 258.806011][ T6285] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 258.823427][ T6285] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 258.834611][ T6285] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 258.855909][ T6285] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 258.879917][ T6285] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 258.899704][ T3617] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 258.900497][ T6285] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 258.920214][ T3617] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 258.923592][ T3789] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 258.945204][ T3789] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 258.949847][ T3617] usb 2-1: Product: syz [ 258.968008][ T3789] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 258.970097][ T6485] loop2: detected capacity change from 0 to 4096 [ 258.984312][ T3789] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 258.985954][ T3617] usb 2-1: Manufacturer: syz [ 258.998360][ T6285] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 259.010685][ T3617] usb 2-1: SerialNumber: syz [ 259.021160][ T6285] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 259.038324][ T6285] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 259.072832][ T6285] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 259.088267][ T3617] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 259.099870][ T6285] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 259.135965][ T6285] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 259.147993][ T6285] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 259.160880][ T6285] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 259.173713][ T6285] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 259.191723][ T3874] usb 2-1: USB disconnect, device number 21 [ 259.198489][ T3617] usb 2-1: ath9k_htc: Firmware - ath9k_htc/htc_9271-1.4.0.fw download failed [ 259.226341][ T6485] ntfs: (device loop2): is_boot_sector_ntfs(): Invalid end of sector marker. [ 259.242628][ T3789] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 259.254251][ T3874] usb 2-1: ath9k_htc: USB layer deinitialized [ 259.258267][ T3789] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 259.276357][ T6485] ntfs: (device loop2): map_mft_record_page(): Mft record 0x1 is corrupt. Run chkdsk. [ 259.314200][ T6485] ntfs: (device loop2): map_mft_record(): Failed with error code 5. [ 259.348572][ T6489] netlink: 'syz.1.609': attribute type 3 has an invalid length. [ 259.366727][ T6485] ntfs: (device loop2): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 259.406795][ T6485] ntfs: (device loop2): load_system_files(): Failed to load $MFTMirr. Will not be able to remount read-write. Run ntfsfix and/or chkdsk. [ 259.426509][ T6285] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 259.435690][ T6285] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 259.501652][ T6485] ntfs: volume version 3.1. [ 259.631891][ T6285] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 259.649617][ T6489] loop1: detected capacity change from 0 to 8192 [ 259.675721][ T6285] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 259.808315][ T6500] qrtr: Invalid version 47 [ 259.894414][ T6489] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal [ 259.910196][ T6489] REISERFS (device loop1): using ordered data mode [ 259.918232][ T6489] reiserfs: using flush barriers [ 259.924705][ T6489] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 259.941924][ T6489] REISERFS (device loop1): checking transaction log (loop1) [ 259.993554][ T6489] REISERFS (device loop1): Using r5 hash to sort names [ 260.033361][ T6489] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 260.148872][ T1192] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 260.180779][ T1192] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 260.243609][ T6508] loop0: detected capacity change from 0 to 1764 [ 260.265364][ T6345] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 260.332768][ T4139] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 260.366513][ T4139] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 260.382414][ T6512] loop2: detected capacity change from 0 to 512 [ 260.402301][ T1192] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 260.578236][ T6512] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 260.785546][ T6512] ext4 filesystem being mounted at /41/file0 supports timestamps until 2038 (0x7fffffff) [ 262.132712][ T6489] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 265.028655][ T6541] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 265.036753][ T6541] IPv6: NLM_F_CREATE should be set when creating new route [ 265.044015][ T6541] IPv6: NLM_F_CREATE should be set when creating new route [ 265.143500][ T6542] 9pnet: Insufficient options for proto=fd [ 265.621451][ T6535] loop4: detected capacity change from 0 to 32768 [ 265.845508][ T3644] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 266.275827][ T3644] usb 1-1: Using ep0 maxpacket: 16 [ 266.399138][ T3644] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 266.456352][ T3644] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 266.525538][ T3644] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 266.571880][ T6557] loop3: detected capacity change from 0 to 512 [ 266.588800][ T3644] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 266.638960][ T3644] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 266.759912][ T6558] loop1: detected capacity change from 0 to 512 [ 266.861939][ T6558] EXT4-fs (loop1): can't mount with journal_async_commit, fs mounted w/o journal [ 266.905624][ T3644] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 267.053278][ T3644] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 267.235589][ T3644] usb 1-1: Manufacturer: syz [ 267.432532][ T3644] usb 1-1: config 0 descriptor?? [ 267.825314][ T3644] rc_core: IR keymap rc-hauppauge not found [ 267.831267][ T3644] Registered IR keymap rc-empty [ 267.849071][ T3644] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 267.861631][ T6565] loop2: detected capacity change from 0 to 256 [ 267.877843][ T6562] loop3: detected capacity change from 0 to 4096 [ 267.897505][ T3644] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 267.938503][ T6565] FAT-fs (loop2): Unrecognized mount option "nfs=nostale_rouni_xlate=1" or missing value [ 267.949353][ T3644] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 267.955783][ T6562] ntfs: (device loop3): is_boot_sector_ntfs(): Invalid end of sector marker. [ 268.002094][ T6562] ntfs: (device loop3): map_mft_record_page(): Mft record 0x0 is corrupt. Run chkdsk. [ 268.003268][ T3644] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input24 [ 268.022343][ T6562] ntfs: (device loop3): map_mft_record(): Failed with error code 5. [ 268.049953][ T6569] fuse: Bad value for 'fd' [ 268.066876][ T6562] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0x0 as bad. Run chkdsk. [ 268.091816][ T6562] ntfs: (device loop3): ntfs_read_inode_mount(): ntfs_read_inode() of $MFT failed. BUG or corrupt $MFT. Run chkdsk and if no errors are found, please report you saw this message to linux-ntfs-dev@lists.sourceforge.net [ 268.102225][ T3644] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 268.152663][ T6562] ntfs: (device loop3): ntfs_fill_super(): Failed to load essential metadata. [ 268.215190][ T3644] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 268.259866][ T6567] loop4: detected capacity change from 0 to 8192 [ 268.267730][ T6574] loop2: detected capacity change from 0 to 512 [ 268.267824][ T3644] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 268.321950][ T3644] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 268.346058][ T6567] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal [ 268.375628][ T6567] REISERFS (device loop4): using ordered data mode [ 268.385534][ T3644] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 268.455167][ T3644] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 268.462480][ T6567] reiserfs: using flush barriers [ 268.525813][ T3644] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 268.535458][ T6574] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 268.549646][ T6567] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 268.575165][ T3644] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 268.605537][ T6574] ext4 filesystem being mounted at /46/file0 supports timestamps until 2038 (0x7fffffff) [ 268.616658][ T3644] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 268.655194][ T3644] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 268.671223][ T6567] REISERFS (device loop4): checking transaction log (loop4) [ 268.686668][ T3644] mceusb 1-1:0.0: Registered with mce emulator interface version 1 [ 268.706131][ T3644] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 268.729877][ T6567] REISERFS (device loop4): Using r5 hash to sort names [ 268.731464][ T3644] usb 1-1: USB disconnect, device number 12 [ 268.765788][ T6567] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 268.986246][ T6587] 9pnet: Insufficient options for proto=fd [ 269.009818][ T6587] 9pnet: Insufficient options for proto=fd [ 269.244499][ T6586] loop2: detected capacity change from 0 to 8192 [ 269.323421][ T6586] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal [ 269.365017][ T6586] REISERFS (device loop2): using ordered data mode [ 269.392840][ T6586] reiserfs: using flush barriers [ 269.416785][ T6586] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 269.440908][ T6577] loop3: detected capacity change from 0 to 40427 [ 269.489491][ T6589] loop0: detected capacity change from 0 to 8192 [ 269.541703][ T6586] REISERFS (device loop2): checking transaction log (loop2) [ 269.681445][ T6586] REISERFS (device loop2): Using r5 hash to sort names [ 269.797336][ T6586] REISERFS (device loop2): using 3.5.x disk format [ 270.180060][ T6586] REISERFS warning (device loop2): jdm-13090 reiserfs_new_inode: ACLs aren't enabled in the fs, but vfs thinks they are! [ 270.408059][ T6586] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 270.480437][ T6589] REISERFS warning (device loop0): reiserfs_fill_super: Cannot allocate commit workqueue [ 270.705585][ T6607] netlink: 36 bytes leftover after parsing attributes in process `syz.1.642'. [ 271.145853][ T6619] loop2: detected capacity change from 0 to 512 [ 271.210822][ T6624] 9pnet: Insufficient options for proto=fd [ 271.232525][ T6624] 9pnet: Insufficient options for proto=fd [ 271.333533][ T6619] EXT4-fs (loop2): mounted filesystem without journal. Opts: user_xattr,,errors=continue. Quota mode: writeback. [ 271.412041][ T6619] ext4 filesystem being mounted at /49/file0 supports timestamps until 2038 (0x7fffffff) [ 271.433967][ T6628] mmap: syz.4.649 (6628) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 272.412943][ T6643] loop3: detected capacity change from 0 to 8192 [ 272.706651][ T3615] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 273.782559][ T6643] loop3: detected capacity change from 0 to 512 [ 273.815762][ T3615] usb 2-1: Using ep0 maxpacket: 32 [ 273.913699][ T6666] loop0: detected capacity change from 0 to 1024 [ 273.939340][ T3615] usb 2-1: device descriptor read/all, error -71 [ 274.019106][ T6666] hfsplus: request for non-existent node 3 in B*Tree [ 274.044465][ T6666] hfsplus: request for non-existent node 3 in B*Tree [ 274.399216][ T6677] loop1: detected capacity change from 0 to 1024 [ 274.484178][ T3617] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 274.606217][ T6685] loop2: detected capacity change from 0 to 128 [ 274.722466][ T6685] VFS: Found a Xenix FS (block size = 1024) on device loop2 [ 274.752306][ T6685] attempt to access beyond end of device [ 274.752306][ T6685] loop2: rw=0, want=6491538, limit=128 [ 274.766460][ T6685] Buffer I/O error on dev loop2, logical block 3245768, async page read [ 274.842708][ T5671] sysv_free_block: flc_count > flc_size [ 274.873187][ T5671] sysv_free_block: flc_count > flc_size [ 274.879748][ T3617] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 274.914021][ T5671] sysv_free_block: flc_count > flc_size [ 274.914068][ T3617] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 274.919610][ T5671] sysv_free_block: flc_count > flc_size [ 275.010154][ T3617] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 275.014761][ T5671] sysv_free_block: flc_count > flc_size [ 275.049705][ T6690] Cannot find del_set index 2 as target [ 275.055626][ T3617] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 275.071434][ T5671] sysv_free_block: flc_count > flc_size [ 275.089722][ T5671] sysv_free_block: flc_count > flc_size [ 275.110023][ T3617] usb 4-1: config 0 descriptor?? [ 275.176004][ T5671] sysv_free_block: flc_count > flc_size [ 275.182607][ T5671] sysv_free_block: flc_count > flc_size [ 275.210688][ T5671] sysv_free_block: flc_count > flc_size [ 275.248253][ T5671] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 275.644512][ T6704] net_ratelimit: 10 callbacks suppressed [ 275.644567][ T6704] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 275.679292][ T3617] usbhid 4-1:0.0: can't add hid device: -71 [ 275.695808][ T3617] usbhid: probe of 4-1:0.0 failed with error -71 [ 275.718002][ T3617] usb 4-1: USB disconnect, device number 14 [ 276.889732][ T6708] loop1: detected capacity change from 0 to 8192 [ 277.053927][ T6708] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal [ 277.114161][ T6708] REISERFS (device loop1): using ordered data mode [ 277.121350][ T6708] reiserfs: using flush barriers [ 277.149063][ T6708] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 277.207390][ T6708] REISERFS (device loop1): checking transaction log (loop1) [ 277.302644][ T6708] REISERFS (device loop1): Using r5 hash to sort names [ 277.330117][ T6708] REISERFS (device loop1): using 3.5.x disk format [ 277.354196][ T6708] REISERFS warning (device loop1): jdm-13090 reiserfs_new_inode: ACLs aren't enabled in the fs, but vfs thinks they are! [ 277.623125][ T6708] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 277.733451][ T3617] Bluetooth: hci0: command 0x0406 tx timeout [ 277.901868][ T6730] loop3: detected capacity change from 0 to 1024 [ 278.257365][ T6732] loop4: detected capacity change from 0 to 2048 [ 278.842970][ T6732] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 279.516734][ T6760] loop0: detected capacity change from 0 to 1024 [ 279.527402][ T6762] loop1: detected capacity change from 0 to 1024 [ 279.610849][ T6762] EXT4-fs (loop1): Quota format mount options ignored when QUOTA feature is enabled [ 279.669719][ T6760] hfsplus: request for non-existent node 3 in B*Tree [ 279.686370][ T6760] hfsplus: request for non-existent node 3 in B*Tree [ 279.709830][ T6756] loop2: detected capacity change from 0 to 8192 [ 279.749199][ T6762] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,debug_want_extra_isize=0x0000000000000084,resuid=0x0000000000000000,max_batch_time=0x0000000000000003,lazytime,jqfmt=vfsold,usrquota,data_err=abort,,errors=continue. Quota mode: writeback. [ 280.007960][ T6756] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal [ 280.066761][ T6756] REISERFS (device loop2): using ordered data mode [ 280.144154][ T6756] reiserfs: using flush barriers [ 280.179908][ T6756] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 280.274162][ T6756] REISERFS (device loop2): checking transaction log (loop2) [ 280.337723][ T6756] REISERFS (device loop2): Using r5 hash to sort names [ 280.363763][ T6756] REISERFS (device loop2): using 3.5.x disk format [ 280.370681][ T6756] REISERFS warning (device loop2): jdm-13090 reiserfs_new_inode: ACLs aren't enabled in the fs, but vfs thinks they are! [ 280.463403][ T6756] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 280.793280][ T3644] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 281.065893][ T6778] loop2: detected capacity change from 0 to 512 [ 281.163111][ T3644] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 281.183753][ T3644] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 281.199388][ T3644] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 281.220159][ T3644] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 281.230358][ T3644] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 281.244818][ T3789] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 281.246982][ T6778] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 281.257182][ T3644] usb 4-1: config 0 descriptor?? [ 281.284616][ T6771] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 281.285165][ T6772] chnl_net:caif_netlink_parms(): no params data found [ 281.323498][ T6778] ext4 filesystem being mounted at /64/file0 supports timestamps until 2038 (0x7fffffff) [ 281.393548][ T3789] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 281.470624][ T6772] bridge0: port 1(bridge_slave_0) entered blocking state [ 281.493117][ T6772] bridge0: port 1(bridge_slave_0) entered disabled state [ 281.501384][ T6772] device bridge_slave_0 entered promiscuous mode [ 281.526864][ T3789] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 281.603104][ T6772] bridge0: port 2(bridge_slave_1) entered blocking state [ 281.610215][ T6772] bridge0: port 2(bridge_slave_1) entered disabled state [ 281.630771][ T6787] loop2: detected capacity change from 0 to 512 [ 281.645231][ T6772] device bridge_slave_1 entered promiscuous mode [ 281.701357][ T3789] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 281.736683][ T6787] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 281.764913][ T3644] plantronics 0003:047F:FFFF.0006: unknown main item tag 0xd [ 281.775662][ T3644] plantronics 0003:047F:FFFF.0006: No inputs registered, leaving [ 281.788324][ T6787] ext4 filesystem being mounted at /65/file0 supports timestamps until 2038 (0x7fffffff) [ 281.822893][ T3644] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 281.965685][ T6772] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 281.982070][ T6772] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 282.050531][ T6772] team0: Port device team_slave_0 added [ 282.089548][ T6772] team0: Port device team_slave_1 added [ 282.251216][ T6772] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 282.267532][ T6798] loop0: detected capacity change from 0 to 512 [ 282.288856][ T6772] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 282.390331][ T6772] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 282.411870][ T6798] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 282.418721][ T6802] loop1: detected capacity change from 0 to 128 [ 282.432197][ T6798] EXT4-fs (loop0): group descriptors corrupted! [ 282.469205][ T6772] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 282.497667][ T6772] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 282.516727][ T6802] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 282.551352][ T6772] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 282.692921][ T3617] Bluetooth: hci4: command 0x0409 tx timeout [ 282.745506][ T6800] netlink: 12 bytes leftover after parsing attributes in process `syz.3.697'. [ 282.779615][ T3874] usb 4-1: USB disconnect, device number 15 [ 282.820605][ T6805] loop0: detected capacity change from 0 to 8192 [ 282.915573][ T6805] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 282.937460][ T6805] REISERFS (device loop0): using ordered data mode [ 283.018354][ T6805] reiserfs: using flush barriers [ 283.029686][ T6772] device hsr_slave_0 entered promiscuous mode [ 283.072144][ T6805] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 283.103035][ T6805] REISERFS (device loop0): checking transaction log (loop0) [ 283.111777][ T6772] device hsr_slave_1 entered promiscuous mode [ 283.113610][ T6805] REISERFS (device loop0): Using r5 hash to sort names [ 283.134746][ T6805] REISERFS (device loop0): using 3.5.x disk format [ 283.141844][ T6805] REISERFS warning (device loop0): jdm-13090 reiserfs_new_inode: ACLs aren't enabled in the fs, but vfs thinks they are! [ 283.162685][ T6805] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 283.205357][ T6805] FAULT_INJECTION: forcing a failure. [ 283.205357][ T6805] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 283.225983][ T6805] CPU: 0 PID: 6805 Comm: syz.0.705 Not tainted 5.15.167-syzkaller #0 [ 283.234100][ T6805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 283.244176][ T6805] Call Trace: [ 283.247469][ T6805] [ 283.250411][ T6805] dump_stack_lvl+0x1e3/0x2d0 [ 283.255118][ T6805] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 283.260774][ T6805] ? panic+0x860/0x860 [ 283.264865][ T6805] ? __lock_acquire+0x1ff0/0x1ff0 [ 283.269914][ T6805] should_fail+0x38a/0x4c0 [ 283.274451][ T6805] strncpy_from_user+0x32/0x370 [ 283.279329][ T6805] getname_flags+0xf5/0x4e0 [ 283.283854][ T6805] user_path_at_empty+0x2a/0x180 [ 283.288927][ T6805] __se_sys_mount+0x296/0x3c0 [ 283.293632][ T6805] ? __x64_sys_mount+0xc0/0xc0 [ 283.298427][ T6805] ? syscall_enter_from_user_mode+0x2e/0x240 [ 283.304461][ T6805] ? lockdep_hardirqs_on+0x94/0x130 [ 283.309848][ T6805] ? __x64_sys_mount+0x1c/0xc0 [ 283.314902][ T6805] do_syscall_64+0x3b/0xb0 [ 283.319339][ T6805] ? clear_bhb_loop+0x15/0x70 [ 283.324133][ T6805] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 283.330049][ T6805] RIP: 0033:0x7f955dd3379a [ 283.334487][ T6805] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 283.354662][ T6805] RSP: 002b:00007f955c1a9e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 283.363187][ T6805] RAX: ffffffffffffffda RBX: 00007f955c1a9ef0 RCX: 00007f955dd3379a [ 283.371175][ T6805] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 283.379365][ T6805] RBP: 0000000020000180 R08: 00007f955c1a9ef0 R09: 00000000000000e1 [ 283.387358][ T6805] R10: 00000000000000e1 R11: 0000000000000246 R12: 0000000020000100 [ 283.395349][ T6805] R13: 00007f955c1a9eb0 R14: 0000000000000000 R15: 0000000020000140 [ 283.403354][ T6805] [ 283.430042][ T6772] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 283.462538][ T6772] Cannot create hsr debugfs directory [ 283.577477][ T6816] loop3: detected capacity change from 0 to 512 [ 283.946265][ T6816] loop3: detected capacity change from 0 to 512 [ 284.020946][ T6816] EXT4-fs (loop3): error: journal path ./file0 is not a block device [ 284.030084][ T6824] loop1: detected capacity change from 0 to 1024 [ 284.574623][ T6824] hfsplus: request for non-existent node 3 in B*Tree [ 284.781644][ T6824] hfsplus: request for non-existent node 3 in B*Tree [ 284.788969][ T13] Bluetooth: hci4: command 0x041b tx timeout [ 285.634544][ T6856] loop2: detected capacity change from 0 to 64 [ 286.465614][ T6851] loop0: detected capacity change from 0 to 4096 [ 286.475168][ T6772] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 286.525871][ T6856] MINIX-fs: bad superblock [ 286.555751][ T6851] ntfs: (device loop0): is_boot_sector_ntfs(): Invalid end of sector marker. [ 286.575820][ T6865] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 286.577200][ T6772] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 286.613478][ T6851] ntfs: (device loop0): map_mft_record_page(): Mft record 0x1 is corrupt. Run chkdsk. [ 286.662139][ T6851] ntfs: (device loop0): map_mft_record(): Failed with error code 5. [ 286.691020][ T6851] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 286.778283][ T6772] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 286.792095][ T6851] ntfs: (device loop0): load_system_files(): Failed to load $MFTMirr. Will not be able to remount read-write. Run ntfsfix and/or chkdsk. [ 286.830049][ T6772] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 286.893881][ T6851] ntfs: volume version 3.1. [ 286.942024][ T3874] Bluetooth: hci4: command 0x040f tx timeout [ 286.959476][ T6873] loop3: detected capacity change from 0 to 1764 [ 286.980325][ T3789] device hsr_slave_0 left promiscuous mode [ 286.991253][ T3789] device hsr_slave_1 left promiscuous mode [ 287.046234][ T3789] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 287.062621][ T3789] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 287.085811][ T3789] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 287.104746][ T3789] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 287.151284][ T3789] device bridge_slave_1 left promiscuous mode [ 287.167850][ T3789] bridge0: port 2(bridge_slave_1) entered disabled state [ 287.334931][ T3789] device bridge_slave_0 left promiscuous mode [ 287.357473][ T3789] bridge0: port 1(bridge_slave_0) entered disabled state [ 287.372481][ T3789] device veth1_macvtap left promiscuous mode [ 287.378832][ T3789] device veth0_macvtap left promiscuous mode [ 287.385058][ T3789] device veth1_vlan left promiscuous mode [ 287.390902][ T3789] device veth0_vlan left promiscuous mode [ 288.037292][ T3874] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 288.270221][ T3789] team0 (unregistering): Port device team_slave_1 removed [ 288.300298][ T3789] team0 (unregistering): Port device team_slave_0 removed [ 288.315521][ T3789] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 288.334552][ T3789] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 288.462798][ T3789] bond0 (unregistering): Released all slaves [ 288.609428][ T6902] capability: warning: `syz.1.731' uses 32-bit capabilities (legacy support in use) [ 288.659571][ T6900] loop2: detected capacity change from 0 to 1024 [ 288.666338][ T3644] usb 4-1: new full-speed USB device number 16 using dummy_hcd [ 288.682245][ T3874] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 288.688050][ T6902] loop1: detected capacity change from 0 to 512 [ 288.707246][ T3874] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 288.743327][ T3874] usb 1-1: Product: syz [ 288.752235][ T6900] EXT4-fs (loop2): Ignoring removed nobh option [ 288.759100][ T6900] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 288.766534][ T3874] usb 1-1: Manufacturer: syz [ 288.785116][ T3874] usb 1-1: SerialNumber: syz [ 288.795593][ T6772] 8021q: adding VLAN 0 to HW filter on device bond0 [ 288.825920][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 288.826665][ T6900] EXT4-fs (loop2): mounted filesystem without journal. Opts: bsddf,noblock_validity,resuid=0x0000000000000000,nobh,lazytime,usrquota,mblk_io_submit,data_err=abort,,errors=continue. Quota mode: writeback. [ 288.834899][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 288.862329][ T3874] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 288.889520][ T6772] 8021q: adding VLAN 0 to HW filter on device team0 [ 288.929837][ T6772] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 288.941539][ T6772] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 288.954726][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 288.990536][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 289.012152][ T3615] Bluetooth: hci4: command 0x0419 tx timeout [ 289.019563][ T3835] bridge0: port 1(bridge_slave_0) entered blocking state [ 289.026748][ T3835] bridge0: port 1(bridge_slave_0) entered forwarding state [ 289.058758][ T6913] netlink: 8 bytes leftover after parsing attributes in process `syz.2.730'. [ 289.083676][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 289.102913][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 289.128276][ T3835] bridge0: port 2(bridge_slave_1) entered blocking state [ 289.135594][ T3835] bridge0: port 2(bridge_slave_1) entered forwarding state [ 289.161946][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 289.182541][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 289.207379][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 289.219057][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 289.232140][ T3644] usb 4-1: New USB device found, idVendor=0cf2, idProduct=6250, bcdDevice=56.a0 [ 289.242338][ T3644] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 289.250760][ T3644] usb 4-1: Product: syz [ 289.256878][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 289.266788][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 289.275235][ T3644] usb 4-1: Manufacturer: syz [ 289.282174][ T3644] usb 4-1: SerialNumber: syz [ 289.288161][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 289.300673][ T3644] usb 4-1: config 0 descriptor?? [ 289.307995][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 289.317251][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 289.326854][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 289.337048][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 289.346022][ T3644] ums_eneub6250 4-1:0.0: USB Mass Storage device detected [ 289.354282][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 289.364873][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 289.521537][ T3874] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 289.529358][ T6934] netlink: 68 bytes leftover after parsing attributes in process `syz.1.733'. [ 289.586304][ T3615] usb 4-1: USB disconnect, device number 16 [ 289.830166][ T4099] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 289.849816][ T4099] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 289.954612][ T6943] netlink: 40 bytes leftover after parsing attributes in process `syz.1.734'. [ 290.190338][ T4914] usb 1-1: USB disconnect, device number 13 [ 290.197797][ T6772] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 290.565839][ T6950] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 19971 - 0 [ 290.575454][ T6950] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 19971 - 0 [ 290.585261][ T6950] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 19971 - 0 [ 290.594591][ T6950] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 19971 - 0 [ 290.607500][ T6950] device geneve3 entered promiscuous mode [ 290.686917][ T4099] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 290.727717][ T4099] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 290.781496][ T3874] usb 1-1: Service connection timeout for: 256 [ 290.787875][ T3874] ath9k_htc 1-1:1.0: ath9k_htc: Unable to initialize HTC services [ 290.804071][ T4099] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 290.814289][ T4099] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 290.823069][ T3874] ath9k_htc: Failed to initialize the device [ 290.831404][ T1203] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 290.845001][ T1203] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 290.854107][ T4914] usb 1-1: ath9k_htc: USB layer deinitialized [ 290.875566][ T6772] device veth0_vlan entered promiscuous mode [ 290.924732][ T6772] device veth1_vlan entered promiscuous mode [ 290.987802][ T6942] loop2: detected capacity change from 0 to 32768 [ 291.038117][ T4100] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 291.052655][ T6942] (syz.2.736,6942,0):ocfs2_parse_options:1447 ERROR: Unrecognized mount option "heartbeat=" or missing value [ 291.083286][ T6942] (syz.2.736,6942,0):ocfs2_fill_super:1177 ERROR: status = -22 [ 291.109159][ T4100] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 291.144017][ T6772] device veth0_macvtap entered promiscuous mode [ 291.179574][ T6772] device veth1_macvtap entered promiscuous mode [ 291.181322][ T4921] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 291.300905][ T6963] team0: Port device team_slave_0 removed [ 291.324409][ T4099] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 291.342424][ T4099] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 291.364456][ T6772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 291.385391][ T6772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 291.404949][ T6772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 291.433138][ T6772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 291.445808][ T4921] usb 4-1: Using ep0 maxpacket: 16 [ 291.453431][ T6772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 291.474428][ T6772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 291.511094][ T6772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 291.543237][ T6772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 291.562507][ T6772] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 291.571342][ T4921] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 291.594422][ T4100] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 291.609541][ T4921] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 291.633939][ T4100] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 291.668664][ T4921] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 291.685418][ T4921] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 291.685743][ T6772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 291.712457][ T4921] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 291.725694][ T6772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 291.725723][ T6772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 291.725741][ T6772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 291.725760][ T6772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 291.812778][ T6772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 291.834353][ T6772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 291.836853][ T6942] loop2: detected capacity change from 0 to 32768 [ 291.853512][ T4921] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 291.857428][ T6772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 291.867691][ T4921] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 291.887479][ T4921] usb 4-1: Manufacturer: syz [ 291.894192][ T4921] usb 4-1: config 0 descriptor?? [ 291.894826][ T6772] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 291.926316][ T6966] netlink: 'syz.0.743': attribute type 10 has an invalid length. [ 291.976550][ T6966] batman_adv: batadv0: Adding interface: team0 [ 291.991084][ T6966] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 292.043083][ T6966] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 292.081076][ T6967] netlink: 'syz.0.743': attribute type 10 has an invalid length. [ 292.115466][ T6967] netlink: 2 bytes leftover after parsing attributes in process `syz.0.743'. [ 292.146326][ T6967] device team0 entered promiscuous mode [ 292.166460][ T6967] device team_slave_1 entered promiscuous mode [ 292.195608][ T6967] 8021q: adding VLAN 0 to HW filter on device team0 [ 292.217933][ T6967] batman_adv: batadv0: Interface activated: team0 [ 292.227892][ T6967] batman_adv: batadv0: Interface deactivated: team0 [ 292.239599][ T4921] rc_core: IR keymap rc-hauppauge not found [ 292.253202][ T6967] batman_adv: batadv0: Removing interface: team0 [ 292.253571][ T6942] loop2: detected capacity change from 0 to 512 [ 292.270005][ T4921] Registered IR keymap rc-empty [ 292.271366][ T6967] bridge0: port 3(team0) entered blocking state [ 292.277881][ T4921] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 292.290565][ T6967] bridge0: port 3(team0) entered disabled state [ 292.300800][ T6967] bridge0: port 3(team0) entered blocking state [ 292.308006][ T6967] bridge0: port 3(team0) entered forwarding state [ 292.316738][ T4921] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 292.330292][ T1203] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 292.339905][ T1203] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 292.352237][ T6772] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 292.359288][ T4921] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 292.378472][ T6942] EXT4-fs (loop2): Test dummy encryption mode enabled [ 292.395434][ T4921] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input26 [ 292.405219][ T6772] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 292.452326][ T4921] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 292.460605][ T6942] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #17: comm syz.2.736: iget: bogus i_mode (0) [ 292.473802][ T6772] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 292.491895][ T6942] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz.2.736: couldn't read orphan inode 17 (err -117) [ 292.504152][ T6772] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 292.511550][ T4921] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 292.521375][ T6973] loop0: detected capacity change from 0 to 4096 [ 292.528189][ T6942] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,barrier,journal_dev=0x0000000000000003,test_dummy_encryption,journal_dev=0x0000000000006000,,errors=continue. Quota mode: none. [ 292.541009][ T4921] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 292.629742][ T6976] EXT4-fs (loop2): shut down requested (2) [ 292.665359][ T4921] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 292.673865][ T6977] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 292.714983][ T6976] EXT4-fs warning (device loop2): ext4_resize_begin:73: won't resize using backup superblock at 1 [ 292.752317][ T4921] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 292.777898][ T6942] fscrypt: AES-256-XTS using implementation "xts-aes-aesni" [ 292.801169][ T4921] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 292.841414][ T4921] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 292.871472][ T4921] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 292.898338][ T6345] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 292.970975][ T4921] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 292.981761][ T6345] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 293.008139][ T4921] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 293.048089][ T4468] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 293.092407][ T4921] mceusb 4-1:0.0: Registered with mce emulator interface version 1 [ 293.118695][ T4468] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 293.139484][ T4921] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 293.201583][ T4468] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 293.252716][ T4921] usb 4-1: USB disconnect, device number 17 [ 293.314395][ T4468] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 293.678282][ T6988] loop3: detected capacity change from 0 to 512 [ 293.784116][ T6990] tipc: Started in network mode [ 293.789113][ T6990] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711 [ 293.856658][ T6990] tipc: Enabled bearer , priority 0 [ 293.876527][ T6993] loop2: detected capacity change from 0 to 256 [ 293.900755][ T3615] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 294.145974][ T7002] udc-core: couldn't find an available UDC or it's busy [ 294.162025][ T3615] usb 5-1: Using ep0 maxpacket: 8 [ 294.189849][ T7002] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 294.379652][ T6997] loop0: detected capacity change from 0 to 8192 [ 294.490682][ T3615] usb 5-1: unable to get BOS descriptor or descriptor too short [ 294.517631][ T6997] REISERFS warning (device loop0): super-6502 reiserfs_getopt: unknown mount option "cgroup.stat" [ 294.600766][ T3615] usb 5-1: config 8 has an invalid interface number: 255 but max is 0 [ 294.609877][ T3615] usb 5-1: config 8 has no interface number 0 [ 294.622158][ T7012] netlink: 'syz.3.752': attribute type 10 has an invalid length. [ 294.630097][ T3615] usb 5-1: config 8 interface 255 has no altsetting 0 [ 294.704829][ T7014] loop3: detected capacity change from 0 to 256 [ 294.820004][ T7012] bridge0: port 2(bridge_slave_1) entered disabled state [ 294.829597][ T7012] bridge0: port 1(bridge_slave_0) entered disabled state [ 294.847970][ T13] tipc: Node number set to 11578026 [ 294.889546][ T7012] bridge0: port 2(bridge_slave_1) entered blocking state [ 294.893285][ T3615] usb 5-1: New USB device found, idVendor=0423, idProduct=000c, bcdDevice=2e.bf [ 294.896771][ T7012] bridge0: port 2(bridge_slave_1) entered forwarding state [ 294.898575][ T7012] bridge0: port 1(bridge_slave_0) entered blocking state [ 294.916592][ T3615] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 294.920477][ T7012] bridge0: port 1(bridge_slave_0) entered forwarding state [ 294.936773][ T3615] usb 5-1: Product: syz [ 294.944626][ T3615] usb 5-1: Manufacturer: syz [ 294.949785][ T3615] usb 5-1: SerialNumber: syz [ 295.701462][ T7012] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 295.941343][ T3615] catc 5-1:8.255: Can't set altsetting 1. [ 295.947246][ T3615] catc: probe of 5-1:8.255 failed with error -5 [ 296.000727][ T3615] usb 5-1: USB disconnect, device number 11 [ 296.063042][ T4152] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 296.090249][ T7037] loop0: detected capacity change from 0 to 1024 [ 296.229911][ T7037] hfsplus: unable to find HFS+ superblock [ 296.349724][ T7048] fuse: Bad value for 'fd' [ 296.360648][ T4152] usb 3-1: Using ep0 maxpacket: 16 [ 296.409337][ T7042] loop4: detected capacity change from 0 to 4096 [ 296.451695][ T7042] ntfs3: Unknown parameter './file0' [ 296.643999][ T4152] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 296.654810][ T4152] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 296.666554][ T4152] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 296.676892][ T4152] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 296.687517][ T4152] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 297.443286][ T7042] loop4: detected capacity change from 0 to 4096 [ 297.532002][ T7042] ntfs3: loop4: Different NTFS' sector size (1024) and media sector size (512) [ 297.580656][ T4152] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 297.589829][ T4152] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 297.604384][ T4152] usb 3-1: Manufacturer: syz [ 297.613671][ T4152] usb 3-1: config 0 descriptor?? [ 297.657262][ T7054] loop0: detected capacity change from 0 to 1024 [ 297.698327][ T7057] x_tables: duplicate underflow at hook 3 [ 298.000610][ T4152] rc_core: IR keymap rc-hauppauge not found [ 298.006665][ T4152] Registered IR keymap rc-empty [ 298.036883][ T4152] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 298.218299][ T4152] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 298.388417][ T4152] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 298.563833][ T4152] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input27 [ 298.638153][ T4152] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 298.680489][ T4152] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 298.720487][ T4152] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 298.790549][ T4152] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 298.838728][ T4152] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 298.900488][ T4152] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 298.929458][ T7079] FAULT_INJECTION: forcing a failure. [ 298.929458][ T7079] name failslab, interval 1, probability 0, space 0, times 0 [ 298.933784][ T7080] loop3: detected capacity change from 0 to 512 [ 298.949274][ T4152] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 298.952718][ T7079] CPU: 1 PID: 7079 Comm: syz.4.769 Not tainted 5.15.167-syzkaller #0 [ 298.964481][ T7079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 298.974645][ T7079] Call Trace: [ 298.977934][ T7079] [ 298.980874][ T7079] dump_stack_lvl+0x1e3/0x2d0 [ 298.985593][ T7079] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 298.991242][ T7079] ? panic+0x860/0x860 [ 298.995326][ T7079] ? __might_sleep+0xc0/0xc0 [ 299.000003][ T7079] ? memset+0x1f/0x40 [ 299.004051][ T7079] should_fail+0x38a/0x4c0 [ 299.007126][ T4152] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 299.008515][ T7079] should_failslab+0x5/0x20 [ 299.020121][ T7079] slab_pre_alloc_hook+0x53/0xc0 [ 299.025090][ T7079] kmem_cache_alloc_trace+0x49/0x290 [ 299.030385][ T7079] ? snd_seq_oss_timer_new+0x4d/0x230 [ 299.035775][ T7079] ? __raw_spin_lock_init+0x41/0x100 [ 299.041079][ T7079] snd_seq_oss_timer_new+0x4d/0x230 [ 299.046300][ T7079] snd_seq_oss_open+0x8ba/0x1010 [ 299.050487][ T4152] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 299.051278][ T7079] ? snd_seq_oss_delete_client+0x50/0x50 [ 299.051326][ T7079] ? read_lock_is_recursive+0x10/0x10 [ 299.069575][ T7079] ? __lock_acquire+0x1ff0/0x1ff0 [ 299.074719][ T7079] ? mutex_lock_io_nested+0x60/0x60 [ 299.079931][ T7079] ? snd_seq_oss_process_event+0x29e0/0x29e0 [ 299.085922][ T7079] ? async_call_lookup_ports+0x10/0x10 [ 299.091410][ T7079] odev_open+0x5f/0x90 [ 299.095484][ T7079] chrdev_open+0x54a/0x630 [ 299.099910][ T7079] ? cd_forget+0x160/0x160 [ 299.100548][ T4152] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 299.104334][ T7079] ? do_raw_spin_unlock+0x137/0x8b0 [ 299.104367][ T7079] ? fsnotify_perm+0x47b/0x590 [ 299.121667][ T7079] ? cd_forget+0x160/0x160 [ 299.126130][ T7079] do_dentry_open+0x807/0xfb0 [ 299.130823][ T7079] path_openat+0x2705/0x2f20 [ 299.135473][ T7079] ? do_filp_open+0x460/0x460 [ 299.140172][ T7079] do_filp_open+0x21c/0x460 [ 299.144692][ T7079] ? vfs_tmpfile+0x2e0/0x2e0 [ 299.149310][ T7079] ? _raw_spin_unlock+0x24/0x40 [ 299.154173][ T7079] ? alloc_fd+0x598/0x630 [ 299.154406][ T4152] mceusb 3-1:0.0: Registered with mce emulator interface version 1 [ 299.158532][ T7079] do_sys_openat2+0x13b/0x4f0 [ 299.158568][ T7079] ? do_sys_open+0x220/0x220 [ 299.166819][ T4152] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 299.171225][ T7079] __x64_sys_openat+0x243/0x290 [ 299.171260][ T7079] ? __ia32_sys_open+0x270/0x270 [ 299.171287][ T7079] ? syscall_enter_from_user_mode+0x2e/0x240 [ 299.181554][ T4152] usb 3-1: USB disconnect, device number 12 [ 299.184168][ T7079] ? lockdep_hardirqs_on+0x94/0x130 [ 299.184203][ T7079] ? syscall_enter_from_user_mode+0x2e/0x240 [ 299.216969][ T7079] do_syscall_64+0x3b/0xb0 [ 299.221396][ T7079] ? clear_bhb_loop+0x15/0x70 [ 299.226080][ T7079] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 299.231993][ T7079] RIP: 0033:0x7f6171d22ff9 [ 299.236404][ T7079] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 299.256106][ T7079] RSP: 002b:00007f617019b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 299.264522][ T7079] RAX: ffffffffffffffda RBX: 00007f6171edaf80 RCX: 00007f6171d22ff9 [ 299.272503][ T7079] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: ffffffffffffff9c [ 299.280481][ T7079] RBP: 00007f617019b090 R08: 0000000000000000 R09: 0000000000000000 [ 299.288554][ T7079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 299.296539][ T7079] R13: 0000000000000000 R14: 00007f6171edaf80 R15: 00007fffe11762b8 [ 299.304525][ T7079] [ 299.312702][ T7079] ALSA: seq_oss: can't alloc timer [ 299.359268][ T7083] fuse: Bad value for 'fd' [ 299.551653][ T7088] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 300.030689][ T7088] loop4: detected capacity change from 0 to 4096 [ 301.063997][ T7088] ntfs: volume version 3.1. [ 301.669609][ T7100] loop2: detected capacity change from 0 to 8192 [ 301.705032][ T7091] loop3: detected capacity change from 0 to 32768 [ 301.709253][ T7111] loop4: detected capacity change from 0 to 256 [ 301.793945][ T7100] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal [ 301.830190][ T7100] REISERFS (device loop2): using ordered data mode [ 301.860025][ T7091] /dev/loop3: Can't open blockdev [ 301.865784][ T7100] reiserfs: using flush barriers [ 301.872696][ T7100] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 301.893199][ T7100] REISERFS (device loop2): checking transaction log (loop2) [ 301.911635][ T7100] REISERFS (device loop2): Using r5 hash to sort names [ 301.914137][ T7103] loop0: detected capacity change from 0 to 40427 [ 301.925552][ T7100] REISERFS (device loop2): using 3.5.x disk format [ 301.932681][ T7100] REISERFS warning (device loop2): jdm-13090 reiserfs_new_inode: ACLs aren't enabled in the fs, but vfs thinks they are! [ 301.945619][ T7100] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 301.976732][ T7103] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 301.990160][ T7103] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 302.119888][ T7103] F2FS-fs (loop0): invalid crc value [ 302.152236][ T3789] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 302.217170][ T3789] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 19971 - 0 [ 302.231942][ T7103] F2FS-fs (loop0): Found nat_bits in checkpoint [ 302.395194][ T3789] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 302.454650][ T3789] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 19971 - 0 [ 302.526207][ T7106] chnl_net:caif_netlink_parms(): no params data found [ 302.558473][ T7103] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 302.588321][ T3789] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 302.605088][ T7103] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 302.618857][ T4152] libceph: connect (1)[c::]:6789 error -101 [ 302.640950][ T4152] libceph: mon0 (1)[c::]:6789 connect error [ 302.659431][ T3789] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 19971 - 0 [ 303.427915][ T3874] Bluetooth: hci5: command 0x0409 tx timeout [ 303.580030][ T3789] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 303.639947][ T3789] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 19971 - 0 [ 303.654197][ T4152] libceph: connect (1)[c::]:6789 error -101 [ 303.660477][ T4152] libceph: mon0 (1)[c::]:6789 connect error [ 303.716160][ T7145] netlink: 20 bytes leftover after parsing attributes in process `syz.2.787'. [ 303.866973][ T7136] loop3: detected capacity change from 0 to 32768 [ 303.879755][ T4921] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 303.893022][ T7106] bridge0: port 1(bridge_slave_0) entered blocking state [ 303.909891][ T7106] bridge0: port 1(bridge_slave_0) entered disabled state [ 303.921501][ T7136] XFS: ikeep mount option is deprecated. [ 303.922238][ T7106] device bridge_slave_0 entered promiscuous mode [ 303.962655][ T7106] bridge0: port 2(bridge_slave_1) entered blocking state [ 304.009262][ T7106] bridge0: port 2(bridge_slave_1) entered disabled state [ 304.009918][ T7136] /dev/loop3: Can't open blockdev [ 304.028354][ T7106] device bridge_slave_1 entered promiscuous mode [ 304.119896][ T4921] usb 5-1: Using ep0 maxpacket: 16 [ 304.158092][ T3789] tipc: Disabling bearer [ 304.167381][ T3789] tipc: Left network mode [ 304.175250][ T7106] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 304.186803][ T3874] libceph: connect (1)[c::]:6789 error -101 [ 304.193049][ T3615] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 304.215349][ T3874] libceph: mon0 (1)[c::]:6789 connect error [ 304.227058][ T7106] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 304.239901][ T4921] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 304.267222][ T4921] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 304.296946][ T4921] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 304.321811][ T4921] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 304.331994][ T4921] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 304.420706][ T4921] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 304.436229][ T4921] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 304.444814][ T4921] usb 5-1: Manufacturer: syz [ 304.460783][ T4921] usb 5-1: config 0 descriptor?? [ 304.514938][ T7106] team0: Port device team_slave_0 added [ 304.558787][ T7127] ceph: No mds server is up or the cluster is laggy [ 304.562523][ T7106] team0: Port device team_slave_1 added [ 304.706966][ T7106] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 304.729676][ T7106] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 304.785712][ T7106] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 304.837037][ T3615] usb 3-1: New USB device found, idVendor=2770, idProduct=9052, bcdDevice=15.f5 [ 304.849612][ T3615] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 304.869396][ T3615] usb 3-1: Product: syz [ 304.874277][ T3615] usb 3-1: Manufacturer: syz [ 304.884703][ T3615] usb 3-1: SerialNumber: syz [ 304.897595][ T3615] usb 3-1: config 0 descriptor?? [ 304.900008][ T4921] rc_core: IR keymap rc-hauppauge not found [ 304.908867][ T4921] Registered IR keymap rc-empty [ 304.917883][ T4921] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 304.953850][ T7106] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 304.962109][ T3615] gspca_main: sq905c-2.14.0 probing 2770:9052 [ 304.968614][ T4921] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 304.976040][ T7168] loop0: detected capacity change from 0 to 8192 [ 304.977188][ T7106] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 305.012361][ T7106] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 305.040286][ T4921] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0 [ 305.080276][ T7168] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 305.092796][ T7168] REISERFS (device loop0): using journaled data mode [ 305.097789][ T4921] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input28 [ 305.109585][ T7168] reiserfs: using flush barriers [ 305.135172][ T7168] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 305.152382][ T7168] REISERFS (device loop0): checking transaction log (loop0) [ 305.177068][ T7176] loop3: detected capacity change from 0 to 4096 [ 305.181414][ T4921] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 305.198573][ T7168] REISERFS (device loop0): Using r5 hash to sort names [ 305.206459][ T7168] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 305.220884][ T7168] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 305.225009][ T4921] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 305.241599][ T7176] ntfs: (device loop3): is_boot_sector_ntfs(): Invalid end of sector marker. [ 305.299345][ T7176] ntfs: (device loop3): map_mft_record_page(): Mft record 0x1 is corrupt. Run chkdsk. [ 305.300848][ T7106] device hsr_slave_0 entered promiscuous mode [ 305.316844][ T4921] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 305.325509][ T7176] ntfs: (device loop3): map_mft_record(): Failed with error code 5. [ 305.336160][ T7106] device hsr_slave_1 entered promiscuous mode [ 305.343912][ T7176] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 305.357151][ T7106] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 305.365680][ T4921] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 305.374532][ T7106] Cannot create hsr debugfs directory [ 305.376614][ T7176] ntfs: (device loop3): load_system_files(): Failed to load $MFTMirr. Will not be able to remount read-write. Run ntfsfix and/or chkdsk. [ 305.389797][ T3615] gspca_sq905c: sq905c_read: usb_control_msg failed (-71) [ 305.400598][ T4921] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 305.413296][ T3615] sq905c 3-1:0.0: Reading version command failed [ 305.425074][ T3615] sq905c: probe of 3-1:0.0 failed with error -71 [ 305.449084][ T7176] ntfs: volume version 3.1. [ 305.452472][ T3615] usb 3-1: USB disconnect, device number 13 [ 305.453933][ T4921] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 305.485697][ T3789] device erspan0 left promiscuous mode [ 305.497745][ T3617] Bluetooth: hci5: command 0x041b tx timeout [ 305.500006][ T4921] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 305.555314][ T4921] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 305.620135][ T4921] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 305.648193][ T3789] device gretap0 left promiscuous mode [ 305.661309][ T4921] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 305.700636][ T4921] mceusb 5-1:0.0: Registered with mce emulator interface version 1 [ 305.724432][ T4921] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 305.740031][ T3874] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 305.791917][ T4921] usb 5-1: USB disconnect, device number 12 [ 306.069663][ T3615] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 306.243268][ T7204] netlink: 68 bytes leftover after parsing attributes in process `syz.2.798'. [ 306.279772][ T3615] usb 4-1: device descriptor read/64, error -71 [ 306.320501][ T3789] device hsr_slave_0 left promiscuous mode [ 306.342442][ T3874] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 306.352136][ T3789] device hsr_slave_1 left promiscuous mode [ 306.365478][ T3874] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 306.371830][ T3789] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 306.384644][ T7208] loop2: detected capacity change from 0 to 1024 [ 306.387795][ T3874] usb 1-1: Product: syz [ 306.400715][ T3874] usb 1-1: Manufacturer: syz [ 306.404478][ T3789] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 306.405348][ T3874] usb 1-1: SerialNumber: syz [ 306.434446][ T3789] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 306.442085][ T3789] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 306.471230][ T3874] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 306.473987][ T3789] device bridge_slave_1 left promiscuous mode [ 306.480675][ T7208] hfsplus: request for non-existent node 3 in B*Tree [ 306.515072][ T3789] bridge0: port 2(bridge_slave_1) entered disabled state [ 306.522290][ T7208] hfsplus: request for non-existent node 3 in B*Tree [ 306.587851][ T3789] device bridge_slave_0 left promiscuous mode [ 306.722207][ T3615] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 306.740915][ T3789] bridge0: port 1(bridge_slave_0) entered disabled state [ 306.766413][ T3789] device veth1_macvtap left promiscuous mode [ 306.847691][ T3789] device veth0_macvtap left promiscuous mode [ 308.550798][ T4152] Bluetooth: hci5: command 0x040f tx timeout [ 308.591359][ T3789] device veth1_vlan left promiscuous mode [ 308.597213][ T3789] device veth0_vlan left promiscuous mode [ 308.639412][ T3615] usb 4-1: device descriptor read/64, error -71 [ 308.681835][ T7168] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 308.721413][ T7168] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 308.745299][ T7168] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 308.769479][ T3615] usb usb4-port1: attempt power cycle [ 309.045797][ T7224] loop3: detected capacity change from 0 to 2048 [ 309.079521][ T13] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 309.198263][ T7228] loop4: detected capacity change from 0 to 1024 [ 309.255582][ T7228] EXT4-fs (loop4): Ignoring removed orlov option [ 309.265690][ T7228] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option [ 309.290470][ T4152] usb 1-1: USB disconnect, device number 14 [ 310.087958][ T3789] team0 (unregistering): Port device veth3 removed [ 310.139060][ T13] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 310.146675][ T13] ath9k_htc: Failed to initialize the device [ 310.154188][ T4152] usb 1-1: ath9k_htc: USB layer deinitialized [ 310.193744][ T7228] EXT4-fs (loop4): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 310.606077][ T3789] team0 (unregistering): Port device team_slave_1 removed [ 310.614098][ T13] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 310.630273][ T2989] Bluetooth: hci5: command 0x0419 tx timeout [ 310.645190][ T3789] team0 (unregistering): Port device team_slave_0 removed [ 310.675452][ T3789] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 310.696139][ T3789] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 310.802673][ T7245] netlink: 40 bytes leftover after parsing attributes in process `syz.0.807'. [ 311.413288][ T3789] bond0 (unregistering): Released all slaves [ 311.535238][ T7247] netlink: 16 bytes leftover after parsing attributes in process `syz.4.808'. [ 311.558630][ T7249] loop0: detected capacity change from 0 to 512 [ 311.630003][ T7249] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 311.658902][ T13] usb 3-1: Using ep0 maxpacket: 16 [ 311.709095][ T7249] ext4 filesystem being mounted at /116/file0 supports timestamps until 2038 (0x7fffffff) [ 311.808995][ T13] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 311.845485][ T13] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 311.877291][ T13] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 311.900311][ T13] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 311.948805][ T13] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 311.985576][ T7106] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 312.017085][ T7106] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 312.042743][ T7259] 9pnet: Insufficient options for proto=fd [ 312.067640][ T7106] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 312.094814][ T7264] 9pnet: Insufficient options for proto=fd [ 312.126950][ T7106] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 312.139620][ T13] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 312.168007][ T13] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 312.196878][ T13] usb 3-1: Manufacturer: syz [ 312.237063][ T13] usb 3-1: config 0 descriptor?? [ 312.458501][ T7106] 8021q: adding VLAN 0 to HW filter on device bond0 [ 312.550041][ T7106] 8021q: adding VLAN 0 to HW filter on device team0 [ 312.557373][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 312.575160][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 312.633816][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 312.671721][ T7277] loop4: detected capacity change from 0 to 1024 [ 312.679100][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 312.699475][ T13] rc_core: IR keymap rc-hauppauge not found [ 312.706721][ T13] Registered IR keymap rc-empty [ 312.718131][ T3835] bridge0: port 1(bridge_slave_0) entered blocking state [ 312.725319][ T3835] bridge0: port 1(bridge_slave_0) entered forwarding state [ 312.740928][ T13] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 312.763027][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 312.785803][ T7277] hfsplus: request for non-existent node 3 in B*Tree [ 312.792854][ T13] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 312.809827][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 312.812645][ T7277] hfsplus: request for non-existent node 3 in B*Tree [ 312.830202][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 312.839887][ T13] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 312.864959][ T154] bridge0: port 2(bridge_slave_1) entered blocking state [ 312.872129][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 312.883689][ T13] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input29 [ 312.948132][ T13] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 312.998855][ T13] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 313.067649][ T13] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 313.088183][ T7106] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 313.145177][ T7106] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 313.158650][ T13] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 313.182795][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 313.197467][ T13] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 313.210811][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 314.377648][ T13] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 314.426406][ T13] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 314.435805][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 314.458720][ T13] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 314.498491][ T13] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 314.519790][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 314.547056][ T7291] loop4: detected capacity change from 0 to 128 [ 314.558451][ T13] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 314.574159][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 314.586735][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 314.608050][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 314.618498][ T13] mceusb 3-1:0.0: Registered with mce emulator interface version 1 [ 314.635082][ T13] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 314.655306][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 314.672929][ T7295] loop3: detected capacity change from 0 to 512 [ 314.683949][ T13] usb 3-1: USB disconnect, device number 14 [ 314.697299][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 314.725319][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 314.767728][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 314.776918][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 314.784816][ T7291] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 314.819682][ T7291] ext4 filesystem being mounted at /18/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 314.973236][ T7301] loop0: detected capacity change from 0 to 1024 [ 315.075398][ T7301] EXT4-fs (loop0): Ignoring removed orlov option [ 315.094319][ T7301] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 315.862298][ T7324] netlink: 40 bytes leftover after parsing attributes in process `syz.3.818'. [ 316.326280][ T7301] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 316.461555][ C1] hrtimer: interrupt took 3471319 ns [ 316.693951][ T1391] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.700397][ T1391] ieee802154 phy1 wpan1: encryption failed: -22 [ 316.965490][ T7106] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 316.999560][ T7106] device veth0_vlan entered promiscuous mode [ 317.012260][ T7106] device veth1_vlan entered promiscuous mode [ 318.447006][ T7106] device veth0_macvtap entered promiscuous mode [ 318.457573][ T7106] device veth1_macvtap entered promiscuous mode [ 318.498204][ T7106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 318.528844][ T7106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 318.548346][ T7106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 318.580361][ T7106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 318.600673][ T7106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 318.632315][ T7106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 318.665265][ T7106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 318.676134][ T7106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 318.688195][ T7106] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 318.698966][ T7106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 318.715955][ T7106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 318.726313][ T7106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 318.737097][ T7106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 318.747257][ T7106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 318.767845][ T7106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 318.778165][ T7106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 318.788962][ T7106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 318.800672][ T7106] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 318.819063][ T7106] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 318.828068][ T7106] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 318.836776][ T7106] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 320.761944][ T7106] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 320.773233][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 320.784649][ T2989] Bluetooth: hci1: command 0x0406 tx timeout [ 320.801760][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 320.847414][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 320.944906][ T7358] loop3: detected capacity change from 0 to 4096 [ 324.427315][ T2989] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 324.540245][ T7364] loop4: detected capacity change from 0 to 1024 [ 324.585283][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 324.595437][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 324.604551][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 324.614220][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 324.623027][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 324.640097][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 324.649837][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 324.659202][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 324.667842][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 324.676854][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 324.694780][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 324.704326][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 324.715664][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 324.724317][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 324.742097][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 324.763405][ T7366] loop2: detected capacity change from 0 to 1024 [ 329.476783][ T2989] usb 4-1: device descriptor read/all, error -71 [ 344.073598][ T4152] Bluetooth: hci3: command 0x0406 tx timeout [ 344.096481][ T1077] Bluetooth: hci2: command 0x0409 tx timeout [ 353.998387][ T13] Bluetooth: hci7: command 0x0409 tx timeout [ 354.049244][ T13] Bluetooth: hci8: command 0x0409 tx timeout [ 354.075575][ T13] Bluetooth: hci6: command 0x0409 tx timeout [ 382.162478][ T2989] Bluetooth: hci2: command 0x041b tx timeout [ 382.171447][ T1391] ieee802154 phy0 wpan0: encryption failed: -22 [ 382.177769][ T1391] ieee802154 phy1 wpan1: encryption failed: -22 [ 382.310386][ T2989] Bluetooth: hci6: command 0x041b tx timeout [ 382.350576][ T2989] Bluetooth: hci8: command 0x041b tx timeout [ 382.356949][ T2989] Bluetooth: hci7: command 0x041b tx timeout [ 382.380349][ T2989] Bluetooth: hci9: command 0x0409 tx timeout [ 382.938137][ T7376] chnl_net:caif_netlink_parms(): no params data found [ 382.985919][ T7372] chnl_net:caif_netlink_parms(): no params data found [ 383.031718][ T7375] chnl_net:caif_netlink_parms(): no params data found [ 383.042425][ T7374] chnl_net:caif_netlink_parms(): no params data found [ 384.400381][ T3871] Bluetooth: hci7: command 0x040f tx timeout [ 384.406535][ T3871] Bluetooth: hci8: command 0x040f tx timeout [ 384.422211][ T3871] Bluetooth: hci6: command 0x040f tx timeout [ 384.428324][ T3871] Bluetooth: hci2: command 0x040f tx timeout [ 386.450697][ T3874] Bluetooth: hci2: command 0x0419 tx timeout [ 386.460315][ T3874] Bluetooth: hci6: command 0x0419 tx timeout [ 386.472064][ T3874] Bluetooth: hci8: command 0x0419 tx timeout [ 386.478132][ T3874] Bluetooth: hci7: command 0x0419 tx timeout [ 392.399359][ T3874] Bluetooth: hci10: command 0x0409 tx timeout [ 398.618637][ T3871] Bluetooth: hci11: command 0x0409 tx timeout [ 398.718461][ T3871] Bluetooth: hci12: command 0x0409 tx timeout [ 400.748478][ T7415] chnl_net:caif_netlink_parms(): no params data found [ 402.368365][ T3615] Bluetooth: hci9: command 0x041b tx timeout [ 402.375379][ T3615] Bluetooth: hci12: command 0x041b tx timeout [ 402.397108][ T3615] Bluetooth: hci13: command 0x0409 tx timeout [ 404.470225][ T3871] Bluetooth: hci13: command 0x041b tx timeout [ 404.487519][ T3871] Bluetooth: hci12: command 0x040f tx timeout [ 404.493756][ T3871] Bluetooth: hci9: command 0x040f tx timeout [ 406.518438][ T3871] Bluetooth: hci9: command 0x0419 tx timeout [ 406.530280][ T3871] Bluetooth: hci12: command 0x0419 tx timeout [ 406.545935][ T3871] Bluetooth: hci13: command 0x040f tx timeout [ 408.608085][ T3615] Bluetooth: hci13: command 0x0419 tx timeout [ 448.299272][ T1391] ieee802154 phy0 wpan0: encryption failed: -22 [ 448.306115][ T1391] ieee802154 phy1 wpan1: encryption failed: -22 [ 478.049491][ T3612] kworker/dying (3612) used greatest stack depth: 18560 bytes left [ 478.082949][ T4152] Bluetooth: hci5: command 0x0406 tx timeout [ 478.118392][ T4152] Bluetooth: hci0: command 0x0409 tx timeout [ 512.347913][ T3873] Bluetooth: hci14: command 0x0409 tx timeout [ 512.354041][ T3873] Bluetooth: hci16: command 0x0409 tx timeout [ 512.374877][ T7389] chnl_net:caif_netlink_parms(): no params data found [ 512.385581][ T1391] ieee802154 phy0 wpan0: encryption failed: -22 [ 512.391906][ T1391] ieee802154 phy1 wpan1: encryption failed: -22 [ 512.516817][ T3873] Bluetooth: hci15: command 0x0409 tx timeout [ 552.126633][ T27] INFO: task kworker/u5:3:3576 blocked for more than 144 seconds. [ 552.164557][ T27] Not tainted 5.15.167-syzkaller #0 [ 552.218732][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 552.304353][ T27] task:kworker/u5:3 state:D stack:26368 pid: 3576 ppid: 2 flags:0x00004000 [ 552.400165][ T27] Workqueue: hci10 hci_rx_work [ 552.440153][ T27] Call Trace: [ 552.443493][ T27] [ 552.446439][ T27] __schedule+0x12c4/0x45b0 [ 552.504433][ T27] ? release_firmware_map_entry+0x190/0x190 [ 552.540133][ T27] ? __mutex_trylock_common+0x8d/0x2e0 [ 552.545660][ T27] ? kthread_data+0x4e/0xc0 [ 552.590142][ T27] ? wq_worker_sleeping+0x5d/0x200 [ 552.595317][ T27] schedule+0x11b/0x1f0 [ 552.599494][ T27] schedule_preempt_disabled+0xf/0x20 [ 552.650133][ T27] __mutex_lock_common+0xe34/0x25a0 [ 552.655399][ T27] ? le_conn_complete_evt+0xc9a/0x1500 [ 552.691306][ T27] ? mutex_lock_io_nested+0x60/0x60 [ 552.696582][ T27] mutex_lock_nested+0x17/0x20 [ 552.709237][ T27] le_conn_complete_evt+0xc9a/0x1500 [ 552.730166][ T27] ? cs_le_create_conn+0x5f0/0x5f0 [ 552.735354][ T27] hci_le_meta_evt+0x28c/0x3f50 [ 552.750119][ T27] ? __lock_acquire+0x1ff0/0x1ff0 [ 552.755189][ T27] ? __mutex_lock_common+0x444/0x25a0 [ 552.796440][ T27] ? hci_remote_host_features_evt+0x280/0x280 [ 552.854490][ T27] ? __mutex_unlock_slowpath+0x218/0x750 [ 552.864505][ T27] ? hci_event_packet+0x3b4/0x1550 [ 552.870033][ T27] ? mutex_unlock+0x10/0x10 [ 552.884622][ T27] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 552.893247][ T27] ? print_irqtrace_events+0x210/0x210 [ 552.898780][ T27] hci_event_packet+0xc41/0x1550 [ 552.904157][ T27] ? rcu_lock_release+0x20/0x20 [ 552.909048][ T27] ? hci_send_to_monitor+0x99/0x4d0 [ 552.915239][ T27] hci_rx_work+0x232/0x990 [ 552.919790][ T27] process_one_work+0x8a1/0x10c0 [ 552.937137][ T27] ? worker_detach_from_pool+0x260/0x260 [ 552.943166][ T27] ? _raw_spin_lock_irqsave+0x120/0x120 [ 552.948827][ T27] ? kthread_data+0x4e/0xc0 [ 552.953721][ T27] ? wq_worker_running+0x97/0x170 [ 552.958774][ T27] worker_thread+0xaca/0x1280 [ 552.963845][ T27] kthread+0x3f6/0x4f0 [ 552.967935][ T27] ? rcu_lock_release+0x20/0x20 [ 552.980313][ T27] ? kthread_blkcg+0xd0/0xd0 [ 552.984985][ T27] ret_from_fork+0x1f/0x30 [ 552.989439][ T27] [ 552.998409][ T27] INFO: task kworker/u5:8:3585 blocked for more than 145 seconds. [ 553.006617][ T27] Not tainted 5.15.167-syzkaller #0 [ 553.012665][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 553.030266][ T27] task:kworker/u5:8 state:D stack:25600 pid: 3585 ppid: 2 flags:0x00004000 [ 553.039522][ T27] Workqueue: hci11 hci_rx_work [ 553.049408][ T27] Call Trace: [ 553.053056][ T27] [ 553.056116][ T27] __schedule+0x12c4/0x45b0 [ 553.061199][ T27] ? release_firmware_map_entry+0x190/0x190 [ 553.067126][ T27] ? __mutex_trylock_common+0x8d/0x2e0 [ 553.080299][ T27] ? kthread_data+0x4e/0xc0 [ 553.084938][ T27] ? wq_worker_sleeping+0x5d/0x200 [ 553.095899][ T27] schedule+0x11b/0x1f0 [ 553.100390][ T27] schedule_preempt_disabled+0xf/0x20 [ 553.105783][ T27] __mutex_lock_common+0xe34/0x25a0 [ 553.111435][ T27] ? le_conn_complete_evt+0xc9a/0x1500 [ 553.116923][ T27] ? mutex_lock_io_nested+0x60/0x60 [ 553.135772][ T27] mutex_lock_nested+0x17/0x20 [ 553.140910][ T27] le_conn_complete_evt+0xc9a/0x1500 [ 553.146236][ T27] ? cs_le_create_conn+0x5f0/0x5f0 [ 553.151817][ T27] hci_le_meta_evt+0x28c/0x3f50 [ 553.156700][ T27] ? __lock_acquire+0x1ff0/0x1ff0 [ 553.162114][ T27] ? __mutex_lock_common+0x444/0x25a0 [ 553.167518][ T27] ? hci_remote_host_features_evt+0x280/0x280 [ 553.186436][ T27] ? __mutex_unlock_slowpath+0x218/0x750 [ 553.192436][ T27] ? hci_event_packet+0x3b4/0x1550 [ 553.197584][ T27] ? mutex_unlock+0x10/0x10 [ 553.202476][ T27] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 553.208523][ T27] ? print_irqtrace_events+0x210/0x210 [ 553.214416][ T27] hci_event_packet+0xc41/0x1550 [ 553.219391][ T27] ? rcu_lock_release+0x20/0x20 [ 553.237206][ T27] ? hci_send_to_monitor+0x99/0x4d0 [ 553.242815][ T27] hci_rx_work+0x232/0x990 [ 553.247283][ T27] process_one_work+0x8a1/0x10c0 [ 553.252634][ T27] ? worker_detach_from_pool+0x260/0x260 [ 553.258293][ T27] ? _raw_spin_lock_irqsave+0x120/0x120 [ 553.264209][ T27] ? kthread_data+0x4e/0xc0 [ 553.268735][ T27] ? wq_worker_running+0x97/0x170 [ 553.287137][ T27] worker_thread+0xaca/0x1280 [ 553.292197][ T27] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 553.298141][ T27] kthread+0x3f6/0x4f0 [ 553.302602][ T27] ? rcu_lock_release+0x20/0x20 [ 553.307483][ T27] ? kthread_blkcg+0xd0/0xd0 [ 553.312543][ T27] ret_from_fork+0x1f/0x30 [ 553.317087][ T27] [ 553.330075][ T27] INFO: task syz-executor:7106 blocked for more than 145 seconds. [ 553.338005][ T27] Not tainted 5.15.167-syzkaller #0 [ 553.347572][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 553.356558][ T27] task:syz-executor state:D stack:20896 pid: 7106 ppid: 1 flags:0x00004006 [ 553.368640][ T27] Call Trace: [ 553.380549][ T27] [ 553.383532][ T27] __schedule+0x12c4/0x45b0 [ 553.388086][ T27] ? release_firmware_map_entry+0x190/0x190 [ 553.398724][ T27] ? __mutex_trylock_common+0x8d/0x2e0 [ 553.404645][ T27] ? do_raw_spin_unlock+0x137/0x8b0 [ 553.409905][ T27] schedule+0x11b/0x1f0 [ 553.414441][ T27] schedule_preempt_disabled+0xf/0x20 [ 553.419838][ T27] __mutex_lock_common+0xe34/0x25a0 [ 553.438270][ T27] ? hci_conn_hash_flush+0xb8/0x220 [ 553.443873][ T27] ? mutex_lock_io_nested+0x60/0x60 [ 553.449095][ T27] ? __mutex_unlock_slowpath+0x218/0x750 [ 553.455112][ T27] ? mutex_lock_io_nested+0x60/0x60 [ 553.460578][ T27] ? _raw_spin_unlock_irq+0x1f/0x40 [ 553.465796][ T27] ? lockdep_hardirqs_on+0x94/0x130 [ 553.480210][ T27] mutex_lock_nested+0x17/0x20 [ 553.488519][ T27] hci_conn_hash_flush+0xb8/0x220 [ 553.493974][ T27] hci_dev_do_close+0x9f6/0x1070 [ 553.498950][ T27] hci_unregister_dev+0x2d7/0x580 [ 553.504423][ T27] vhci_release+0x73/0xc0 [ 553.508782][ T27] ? vhci_open+0x290/0x290 [ 553.513563][ T27] __fput+0x3fe/0x8e0 [ 553.517581][ T27] task_work_run+0x129/0x1a0 [ 553.536185][ T27] do_exit+0x6a3/0x2480 [ 553.540713][ T27] ? put_task_struct+0x80/0x80 [ 553.545534][ T27] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 553.551952][ T27] do_group_exit+0x144/0x310 [ 553.556574][ T27] ? lockdep_hardirqs_on+0x94/0x130 [ 553.562176][ T27] get_signal+0xc66/0x14e0 [ 553.566635][ T27] arch_do_signal_or_restart+0xc3/0x1890 [ 553.580191][ T27] ? netlink_getsockopt+0x5b0/0x5b0 [ 553.590867][ T27] ? __sys_sendto+0x5a2/0x720 [ 553.595673][ T27] ? __ia32_sys_getpeername+0x80/0x80 [ 553.601433][ T27] ? get_sigframe_size+0x10/0x10 [ 553.606416][ T27] ? print_irqtrace_events+0x210/0x210 [ 553.612269][ T27] ? exit_to_user_mode_loop+0x39/0x130 [ 553.617755][ T27] exit_to_user_mode_loop+0x97/0x130 [ 553.640021][ T27] exit_to_user_mode_prepare+0xb1/0x140 [ 553.645629][ T27] syscall_exit_to_user_mode+0x5d/0x240 [ 553.656834][ T27] do_syscall_64+0x47/0xb0 [ 553.661640][ T27] ? clear_bhb_loop+0x15/0x70 [ 553.666434][ T27] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 553.680188][ T27] RIP: 0033:0x7ff5e557ee8c [ 553.684636][ T27] RSP: 002b:00007fffee7a9730 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 553.699028][ T27] RAX: 0000000000000020 RBX: 00007ff5e6263620 RCX: 00007ff5e557ee8c [ 553.707333][ T27] RDX: 0000000000000020 RSI: 00007ff5e6263670 RDI: 0000000000000003 [ 553.715578][ T27] RBP: 0000000000000000 R08: 00007fffee7a9784 R09: 000000000000000c [ 553.733009][ T27] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 553.748125][ T27] R13: 0000000000000000 R14: 00007ff5e6263670 R15: 0000000000000000 [ 553.756511][ T27] [ 553.759595][ T27] INFO: task syz.4.824:7364 blocked for more than 146 seconds. [ 553.767558][ T27] Not tainted 5.15.167-syzkaller #0 [ 553.780109][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 553.788794][ T27] task:syz.4.824 state:D stack:25528 pid: 7364 ppid: 6772 flags:0x00004006 [ 553.804790][ T27] Call Trace: [ 553.808096][ T27] [ 553.811462][ T27] __schedule+0x12c4/0x45b0 [ 553.816015][ T27] ? release_firmware_map_entry+0x190/0x190 [ 553.830239][ T27] ? __mutex_trylock_common+0x8d/0x2e0 [ 553.841460][ T27] ? do_raw_spin_unlock+0x137/0x8b0 [ 553.846714][ T27] schedule+0x11b/0x1f0 [ 553.851323][ T27] schedule_preempt_disabled+0xf/0x20 [ 553.856815][ T27] __mutex_lock_common+0xe34/0x25a0 [ 553.862452][ T27] ? hci_conn_hash_flush+0xb8/0x220 [ 553.868024][ T27] ? mutex_lock_io_nested+0x60/0x60 [ 553.880168][ T27] ? kobject_put+0x429/0x460 [ 553.884804][ T27] ? kobject_put+0x422/0x460 [ 553.889647][ T27] ? hci_conn_cleanup+0x4dc/0x670 [ 553.901272][ T27] mutex_lock_nested+0x17/0x20 [ 553.906113][ T27] hci_conn_hash_flush+0xb8/0x220 [ 553.911618][ T27] hci_dev_do_close+0x9f6/0x1070 [ 553.916615][ T27] hci_unregister_dev+0x2d7/0x580 [ 553.930183][ T27] vhci_release+0x73/0xc0 [ 553.934554][ T27] ? vhci_open+0x290/0x290 [ 553.943842][ T27] __fput+0x3fe/0x8e0 [ 553.948000][ T27] task_work_run+0x129/0x1a0 [ 553.953283][ T27] do_exit+0x6a3/0x2480 [ 553.957565][ T27] ? put_task_struct+0x80/0x80 [ 553.962837][ T27] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 553.968858][ T27] do_group_exit+0x144/0x310 [ 553.985841][ T27] ? lockdep_hardirqs_on+0x94/0x130 [ 553.991416][ T27] get_signal+0xc66/0x14e0 [ 553.996233][ T27] arch_do_signal_or_restart+0xc3/0x1890 [ 554.002364][ T27] ? print_irqtrace_events+0x210/0x210 [ 554.007848][ T27] ? cpu_online+0x40/0x40 [ 554.012615][ T27] ? get_sigframe_size+0x10/0x10 [ 554.017786][ T27] ? __might_sleep+0xc0/0xc0 [ 554.030203][ T27] ? exit_to_user_mode_loop+0x39/0x130 [ 554.035713][ T27] exit_to_user_mode_loop+0x97/0x130 [ 554.047390][ T27] exit_to_user_mode_prepare+0xb1/0x140 [ 554.053319][ T27] syscall_exit_to_user_mode+0x5d/0x240 [ 554.059031][ T27] do_syscall_64+0x47/0xb0 [ 554.063985][ T27] ? clear_bhb_loop+0x15/0x70 [ 554.068689][ T27] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 554.087337][ T27] RIP: 0033:0x7f6171d21c8a [ 554.092123][ T27] RSP: 002b:00007f617019ae50 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 554.101232][ T27] RAX: 0000000000000000 RBX: 00007f617019aef0 RCX: 00007f6171d21c8a [ 554.109225][ T27] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 554.117622][ T27] RBP: 0000000020000000 R08: 0000000000000000 R09: 000000000000068e [ 554.137912][ T27] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000020000080 [ 554.146997][ T27] R13: 00007f617019aeb0 R14: 0000000000000694 R15: 00000000200013c0 [ 554.155315][ T27] [ 554.158391][ T27] [ 554.158391][ T27] Showing all locks held in the system: [ 554.166570][ T27] 3 locks held by kworker/0:1/13: [ 554.180094][ T27] #0: ffff888017070938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 554.194660][ T27] #1: ffffc90000d27d20 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 554.205765][ T27] #2: ffffffff8da31d88 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xa/0x20 [ 554.216541][ T27] 1 lock held by khungtaskd/27: [ 554.230104][ T27] #0: ffffffff8c91fc60 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30 [ 554.239488][ T27] 3 locks held by kworker/u4:2/154: [ 554.249988][ T27] #0: ffff8880b903a318 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x26/0x140 [ 554.260363][ T27] #1: ffff8880b9027848 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x53d/0x810 [ 554.280075][ T27] #2: ffff8880b903a318 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x26/0x140 [ 554.295465][ T27] 4 locks held by kworker/0:3/2989: [ 554.301001][ T27] 2 locks held by getty/3334: [ 554.306053][ T27] #0: ffff8880297e6098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 [ 554.316260][ T27] #1: ffffc9000248e2e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6af/0x1db0 [ 554.338944][ T27] 4 locks held by kworker/u5:2/3575: [ 554.344629][ T27] #0: ffff88807d877938 ((wq_completion)hci15#2){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 554.356156][ T27] #1: ffffc90002e07d20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 554.367960][ T27] #2: ffff88807c1a0078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0xb3/0xb50 [ 554.390068][ T27] #3: ffffffff8db7b128 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x52f/0xb50 [ 554.401119][ T27] 4 locks held by kworker/u5:3/3576: [ 554.406815][ T27] #0: ffff888024047938 ((wq_completion)hci10#2){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 554.417764][ T27] #1: ffffc90002e17d20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 554.440065][ T27] #2: ffff88807da4c078 (&hdev->lock){+.+.}-{3:3}, at: le_conn_complete_evt+0xb0/0x1500 [ 554.452325][ T27] #3: ffffffff8db7b128 (hci_cb_list_lock){+.+.}-{3:3}, at: le_conn_complete_evt+0xc9a/0x1500 [ 554.462975][ T27] 4 locks held by kworker/u5:6/3583: [ 554.468281][ T27] #0: ffff88807d870938 ((wq_completion)hci14#2){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 554.490108][ T27] #1: ffffc90002eb7d20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 554.503026][ T27] #2: ffff88801b3fc078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0xb3/0xb50 [ 554.513720][ T27] #3: ffffffff8db7b128 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x52f/0xb50 [ 554.537649][ T27] 4 locks held by kworker/u5:8/3585: [ 554.543352][ T27] #0: ffff8880241d2138 ((wq_completion)hci11#2){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 554.554758][ T27] #1: ffffc90002ed7d20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 554.566580][ T27] #2: ffff88807da48078 (&hdev->lock){+.+.}-{3:3}, at: le_conn_complete_evt+0xb0/0x1500 [ 554.588980][ T27] #3: ffffffff8db7b128 (hci_cb_list_lock){+.+.}-{3:3}, at: le_conn_complete_evt+0xc9a/0x1500 [ 554.599695][ T27] 2 locks held by kworker/1:7/3644: [ 554.605149][ T27] 4 locks held by kworker/1:13/3785: [ 554.611049][ T27] 4 locks held by kworker/u4:7/3789: [ 554.616344][ T27] #0: ffff8880171d5938 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 554.639043][ T27] #1: ffffc90002da7d20 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 554.649397][ T27] #2: ffffffff8da261d0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0xf1/0xb60 [ 554.659623][ T27] #3: ffffffff8da31d88 (rtnl_mutex){+.+.}-{3:3}, at: ip_mc_drop_socket+0x75/0x270 [ 554.669277][ T27] 3 locks held by kworker/0:8/3871: [ 554.689915][ T27] #0: ffff88814ae50138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 554.707325][ T27] #1: ffffc900040e7d20 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 554.730043][ T27] #2: ffffffff8da31d88 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xcc/0x1720 [ 554.739519][ T27] 2 locks held by kworker/0:11/3874: [ 554.747580][ T27] #0: ffff888017070938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 554.758909][ T27] #1: ffffc90003577d20 (free_ipc_work){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 554.768912][ T27] 3 locks held by kworker/1:16/4915: [ 554.789874][ T27] #0: ffff88814ae50138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 554.802009][ T27] #1: ffffc90003207d20 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 554.814869][ T27] #2: ffffffff8da31d88 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xcc/0x1720 [ 554.836918][ T27] 3 locks held by kworker/1:17/4921: [ 554.842537][ T27] #0: ffff888017070938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 554.853348][ T27] #1: ffffc9000139fd20 ((work_completion)(&data->fib_event_work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 554.866406][ T27] #2: ffff88801f8fd240 (&data->fib_lock){+.+.}-{3:3}, at: nsim_fib_event_work+0x2cd/0x4120 [ 554.888939][ T27] 3 locks held by syz-executor/5817: [ 554.894580][ T27] #0: ffff888064774ff0 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x63/0x1070 [ 554.904730][ T27] #1: ffff888064774078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_do_close+0x431/0x1070 [ 554.914766][ T27] #2: ffffffff8db7b128 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xb8/0x220 [ 554.937518][ T27] 3 locks held by syz-executor/7106: [ 554.943218][ T27] #0: ffff88801ff3cff0 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x63/0x1070 [ 554.953353][ T27] #1: ffff88801ff3c078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_do_close+0x431/0x1070 [ 554.963702][ T27] #2: ffffffff8db7b128 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xb8/0x220 [ 554.986102][ T27] 3 locks held by syz.2.826/7359: [ 554.991443][ T27] #0: ffff88801eeecff0 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x63/0x1070 [ 555.001497][ T27] #1: ffff88801eeec078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_do_close+0x431/0x1070 [ 555.011714][ T27] #2: ffffffff8db7b128 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xb8/0x220 [ 555.030023][ T27] 1 lock held by syz.0.823/7361: [ 555.035030][ T27] #0: ffffffff8da31d88 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3a/0x1b0 [ 555.049602][ T27] 3 locks held by syz.4.824/7364: [ 555.055032][ T27] #0: ffff88807a15cff0 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x63/0x1070 [ 555.065714][ T27] #1: ffff88807a15c078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_do_close+0x431/0x1070 [ 555.088133][ T27] #2: ffffffff8db7b128 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xb8/0x220 [ 555.098522][ T27] 3 locks held by syz-executor/7372: [ 555.104074][ T27] #0: ffff88801f620ff0 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x63/0x1070 [ 555.114135][ T27] #1: ffff88801f620078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_do_close+0x431/0x1070 [ 555.136343][ T27] #2: ffffffff8db7b128 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xb8/0x220 [ 555.146944][ T27] 1 lock held by syz-executor/7374: [ 555.152409][ T27] 3 locks held by syz-executor/7375: [ 555.157763][ T27] #0: ffff88801dea8ff0 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x63/0x1070 [ 555.168565][ T27] #1: ffff88801dea8078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_do_close+0x431/0x1070 [ 555.189977][ T27] #2: ffffffff8c924228 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x350/0x740 [ 555.201778][ T27] 3 locks held by syz-executor/7376: [ 555.207164][ T27] #0: ffff88807d708ff0 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x63/0x1070 [ 555.217410][ T27] #1: ffff88807d708078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_do_close+0x431/0x1070 [ 555.239472][ T27] #2: ffffffff8db7b128 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xb8/0x220 [ 555.249905][ T27] 1 lock held by syz-executor/7389: [ 555.255113][ T27] #0: ffffffff8c924228 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x350/0x740 [ 555.266422][ T27] 2 locks held by syz-executor/7402: [ 555.279979][ T27] #0: ffffffff8da261d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x378/0x5d0 [ 555.289474][ T27] #1: ffffffff8da31d88 (rtnl_mutex){+.+.}-{3:3}, at: ip_tunnel_init_net+0x20f/0x700 [ 555.304667][ T27] 2 locks held by syz-executor/7409: [ 555.310274][ T27] #0: ffffffff8da261d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x378/0x5d0 [ 555.319715][ T27] #1: ffffffff8da31d88 (rtnl_mutex){+.+.}-{3:3}, at: ip_tunnel_init_net+0x20f/0x700 [ 555.339310][ T27] 2 locks held by syz-executor/7410: [ 555.348467][ T27] #0: ffffffff8da261d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x378/0x5d0 [ 555.358275][ T27] #1: ffffffff8da31d88 (rtnl_mutex){+.+.}-{3:3}, at: ip_tunnel_init_net+0x20f/0x700 [ 555.368055][ T27] 1 lock held by syz-executor/7415: [ 555.386051][ T27] #0: ffffffff8da31d88 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 [ 555.395842][ T27] 4 locks held by kworker/u5:1/7416: [ 555.401361][ T27] #0: ffff88807a1df938 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 555.412201][ T27] #1: ffffc900032a7d20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 555.436345][ T27] #2: ffff888073eb0078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0xb3/0xb50 [ 555.446670][ T27] #3: ffffffff8db7b128 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x52f/0xb50 [ 555.457444][ T27] 1 lock held by syz-executor/7428: [ 555.462971][ T27] #0: ffffffff8da31d88 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 [ 555.479976][ T27] 1 lock held by syz-executor/7436: [ 555.485325][ T27] #0: ffffffff8da31d88 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 [ 555.500521][ T27] 1 lock held by syz-executor/7437: [ 555.505740][ T27] #0: ffffffff8da31d88 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 [ 555.515591][ T27] 1 lock held by syz-executor/7443: [ 555.530244][ T27] #0: ffffffff8da31d88 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 [ 555.544105][ T27] 1 lock held by syz-executor/7444: [ 555.549447][ T27] #0: ffffffff8da31d88 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 [ 555.559840][ T27] 4 locks held by kworker/u5:5/7445: [ 555.565155][ T27] #0: ffff88802241e138 ((wq_completion)hci16#2){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 555.589111][ T27] #1: ffffc900033ffd20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 555.600922][ T27] #2: ffff88807c1a4078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0xb3/0xb50 [ 555.611196][ T27] #3: ffffffff8db7b128 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x52f/0xb50 [ 555.621949][ T27] 4 locks held by kworker/u5:7/7447: [ 555.627273][ T27] #0: ffff888074a87138 ((wq_completion)hci17#2){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 555.650007][ T27] #1: ffffc90003467d20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 555.662352][ T27] #2: ffff888073e88078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0xb3/0xb50 [ 555.672620][ T27] #3: ffffffff8db7b128 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x52f/0xb50 [ 555.695977][ T27] 1 lock held by dhcpcd/7449: [ 555.701062][ T27] #0: ffff888074364120 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xd50 [ 555.711110][ T27] 1 lock held by dhcpcd/7450: [ 555.715810][ T27] #0: ffff888074360120 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xd50 [ 555.725897][ T27] 1 lock held by dhcpcd/7451: [ 555.739782][ T27] #0: ffff8880242e8120 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xd50 [ 555.749521][ T27] 1 lock held by dhcpcd/7452: [ 555.767451][ T27] #0: ffff888024d56120 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xd50 [ 555.777539][ T27] 1 lock held by dhcpcd/7453: [ 555.789940][ T27] #0: ffff8880796cc120 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xd50 [ 555.799672][ T27] 1 lock held by dhcpcd/7454: [ 555.810328][ T27] #0: ffff888078f90120 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xd50 [ 555.820357][ T27] 1 lock held by syz-executor/7460: [ 555.825599][ T27] #0: ffffffff8da31d88 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 [ 555.848323][ T27] 4 locks held by kworker/u5:9/7462: [ 555.853970][ T27] #0: ffff88806629d938 ((wq_completion)hci18#2){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 555.876184][ T27] #1: ffffc900034b7d20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 555.900001][ T27] #2: ffff888073e8c078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0xb3/0xb50 [ 555.914190][ T27] #3: ffffffff8db7b128 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x52f/0xb50 [ 555.925031][ T27] [ 555.927366][ T27] ============================================= [ 555.927366][ T27] [ 555.948755][ T27] NMI backtrace for cpu 0 [ 555.953124][ T27] CPU: 0 PID: 27 Comm: khungtaskd Not tainted 5.15.167-syzkaller #0 [ 555.961122][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 555.971190][ T27] Call Trace: [ 555.974475][ T27] [ 555.977510][ T27] dump_stack_lvl+0x1e3/0x2d0 [ 555.982202][ T27] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 555.987845][ T27] ? panic+0x860/0x860 [ 555.991932][ T27] ? nmi_cpu_backtrace+0x23b/0x4a0 [ 555.997057][ T27] nmi_cpu_backtrace+0x46a/0x4a0 [ 556.002005][ T27] ? __wake_up_klogd+0xd5/0x100 [ 556.006873][ T27] ? nmi_trigger_cpumask_backtrace+0x2a0/0x2a0 [ 556.013038][ T27] ? _printk+0xd1/0x120 [ 556.017206][ T27] ? panic+0x860/0x860 [ 556.021286][ T27] ? __wake_up_klogd+0xcc/0x100 [ 556.026159][ T27] ? panic+0x860/0x860 [ 556.030242][ T27] ? __rcu_read_unlock+0x92/0x100 [ 556.035278][ T27] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 556.041354][ T27] nmi_trigger_cpumask_backtrace+0x181/0x2a0 [ 556.047351][ T27] watchdog+0xe72/0xeb0 [ 556.051529][ T27] kthread+0x3f6/0x4f0 [ 556.055605][ T27] ? hungtask_pm_notify+0x50/0x50 [ 556.060639][ T27] ? kthread_blkcg+0xd0/0xd0 [ 556.065254][ T27] ret_from_fork+0x1f/0x30 [ 556.069721][ T27] [ 556.073137][ T27] Sending NMI from CPU 0 to CPUs 1: [ 556.078360][ C1] NMI backtrace for cpu 1 [ 556.078372][ C1] CPU: 1 PID: 3785 Comm: kworker/1:13 Not tainted 5.15.167-syzkaller #0 [ 556.078390][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 556.078403][ C1] Workqueue: events_power_efficient gc_worker [ 556.078423][ C1] RIP: 0010:preempt_count_add+0x32/0x180 [ 556.078445][ C1] Code: c7 c0 c0 8f 86 96 48 c1 e8 03 49 bf 00 00 00 00 00 fc ff df 42 0f b6 04 38 84 c0 0f 85 e2 00 00 00 83 3d d0 23 2f 15 00 75 07 <65> 8b 05 cf 03 ab 7e 65 01 1d c8 03 ab 7e 48 c7 c0 c0 8f 86 96 48 [ 556.078459][ C1] RSP: 0018:ffffc90000dd0c00 EFLAGS: 00000046 [ 556.078472][ C1] RAX: 0000000000000004 RBX: 0000000000000001 RCX: ffffffff96868f03 [ 556.078484][ C1] RDX: 0000000000010000 RSI: ffffffff8a8cbd20 RDI: 0000000000000001 [ 556.078495][ C1] RBP: ffffc90000dd0cb8 R08: ffffffff816f6a9f R09: 0000000000000003 [ 556.078507][ C1] R10: ffffffffffffffff R11: dffffc0000000001 R12: 0000000000000046 [ 556.078519][ C1] R13: 1ffff920001ba184 R14: ffffffff96a39fe0 R15: dffffc0000000000 [ 556.078532][ C1] FS: 0000000000000000(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000 [ 556.078546][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 556.078557][ C1] CR2: 0000555578f89808 CR3: 000000000c68e000 CR4: 00000000003506e0 [ 556.078573][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 556.078583][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 556.078593][ C1] Call Trace: [ 556.078598][ C1] [ 556.078604][ C1] ? nmi_cpu_backtrace+0x39f/0x4a0 [ 556.078624][ C1] ? read_lock_is_recursive+0x10/0x10 [ 556.078643][ C1] ? nmi_trigger_cpumask_backtrace+0x2a0/0x2a0 [ 556.078662][ C1] ? unknown_nmi_error+0xd0/0xd0 [ 556.078688][ C1] ? nmi_cpu_backtrace_handler+0x8/0x10 [ 556.078705][ C1] ? nmi_handle+0xf7/0x370 [ 556.078723][ C1] ? preempt_count_add+0x32/0x180 [ 556.078741][ C1] ? default_do_nmi+0x62/0x150 [ 556.078760][ C1] ? exc_nmi+0xa8/0x100 [ 556.078777][ C1] ? end_repeat_nmi+0x16/0x31 [ 556.078796][ C1] ? __hrtimer_run_queues+0x69f/0xcf0 [ 556.078814][ C1] ? preempt_count_add+0x32/0x180 [ 556.078833][ C1] ? preempt_count_add+0x32/0x180 [ 556.078852][ C1] ? preempt_count_add+0x32/0x180 [ 556.078870][ C1] [ 556.078875][ C1] [ 556.078881][ C1] _raw_spin_lock_irqsave+0xb6/0x120 [ 556.078900][ C1] ? _raw_spin_lock+0x40/0x40 [ 556.078917][ C1] ? do_raw_spin_unlock+0x137/0x8b0 [ 556.078940][ C1] debug_object_activate+0x63/0x4e0 [ 556.078956][ C1] ? _raw_spin_lock_irqsave+0x120/0x120 [ 556.078977][ C1] enqueue_hrtimer+0x30/0x390 [ 556.078995][ C1] __hrtimer_run_queues+0x6b6/0xcf0 [ 556.079021][ C1] ? hrtimer_interrupt+0x980/0x980 [ 556.079043][ C1] hrtimer_interrupt+0x392/0x980 [ 556.079071][ C1] __sysvec_apic_timer_interrupt+0x139/0x470 [ 556.079093][ C1] sysvec_apic_timer_interrupt+0x8c/0xb0 [ 556.079113][ C1] [ 556.079118][ C1] [ 556.079123][ C1] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 556.079143][ C1] RIP: 0010:lock_acquire+0x252/0x4f0 [ 556.079165][ C1] Code: 2b 00 74 08 4c 89 f7 e8 0c 75 67 00 f6 44 24 61 02 0f 85 84 01 00 00 41 f7 c7 00 02 00 00 74 01 fb 48 c7 44 24 40 0e 36 e0 45 <4b> c7 44 25 00 00 00 00 00 43 c7 44 25 09 00 00 00 00 43 c7 44 25 [ 556.079179][ C1] RSP: 0018:ffffc900034f7980 EFLAGS: 00000206 [ 556.079192][ C1] RAX: 0000000000000001 RBX: 1ffff9200069ef3c RCX: 1ffff9200069eedc [ 556.079204][ C1] RDX: dffffc0000000000 RSI: ffffffff8a8b3da0 RDI: ffffffff8ad904c0 [ 556.079217][ C1] RBP: ffffc900034f7ae0 R08: dffffc0000000000 R09: fffffbfff20e2419 [ 556.079229][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff9200069ef38 [ 556.079241][ C1] R13: dffffc0000000000 R14: ffffc900034f79e0 R15: 0000000000000246 [ 556.079266][ C1] ? read_lock_is_recursive+0x10/0x10 [ 556.079287][ C1] ? __might_sleep+0xc0/0xc0 [ 556.079302][ C1] ? seqcount_lockdep_reader_access+0x1d3/0x220 [ 556.079332][ C1] rcu_lock_acquire+0x2a/0x30 [ 556.079347][ C1] ? rcu_lock_acquire+0x5/0x30 [ 556.079361][ C1] gc_worker+0x289/0x14b0 [ 556.079382][ C1] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 556.079403][ C1] ? init_conntrack+0x1740/0x1740 [ 556.079418][ C1] ? do_raw_spin_unlock+0x137/0x8b0 [ 556.079440][ C1] process_one_work+0x8a1/0x10c0 [ 556.079468][ C1] ? worker_detach_from_pool+0x260/0x260 [ 556.079489][ C1] ? _raw_spin_lock_irqsave+0x120/0x120 [ 556.079508][ C1] ? kthread_data+0x4e/0xc0 [ 556.079524][ C1] ? wq_worker_running+0x97/0x170 [ 556.079542][ C1] worker_thread+0xaca/0x1280 [ 556.079574][ C1] kthread+0x3f6/0x4f0 [ 556.079589][ C1] ? rcu_lock_release+0x20/0x20 [ 556.079606][ C1] ? kthread_blkcg+0xd0/0xd0 [ 556.079622][ C1] ret_from_fork+0x1f/0x30 [ 556.079648][ C1] [ 556.565002][ T27] Kernel panic - not syncing: hung_task: blocked tasks [ 556.571880][ T27] CPU: 0 PID: 27 Comm: khungtaskd Not tainted 5.15.167-syzkaller #0 [ 556.579868][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 556.590013][ T27] Call Trace: [ 556.593300][ T27] [ 556.596237][ T27] dump_stack_lvl+0x1e3/0x2d0 [ 556.600930][ T27] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 556.606575][ T27] ? panic+0x860/0x860 [ 556.610667][ T27] panic+0x318/0x860 [ 556.614575][ T27] ? schedule_preempt_disabled+0x20/0x20 [ 556.620226][ T27] ? nmi_trigger_cpumask_backtrace+0x221/0x2a0 [ 556.626394][ T27] ? fb_is_primary_device+0xd0/0xd0 [ 556.631611][ T27] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 556.637695][ T27] ? nmi_trigger_cpumask_backtrace+0x221/0x2a0 [ 556.643864][ T27] ? nmi_trigger_cpumask_backtrace+0x281/0x2a0 [ 556.650034][ T27] ? nmi_trigger_cpumask_backtrace+0x286/0x2a0 [ 556.656326][ T27] watchdog+0xeb0/0xeb0 [ 556.660505][ T27] kthread+0x3f6/0x4f0 [ 556.664584][ T27] ? hungtask_pm_notify+0x50/0x50 [ 556.669619][ T27] ? kthread_blkcg+0xd0/0xd0 [ 556.674221][ T27] ret_from_fork+0x1f/0x30 [ 556.678688][ T27] [ 557.825305][ T27] Shutting down cpus with NMI [ 557.830454][ T27] Kernel Offset: disabled [ 557.834790][ T27] Rebooting in 86400 seconds..